Implementation Guide
Page 2
... right to its accuracy or use of the technical documentation or the information contained therein is a registered trademark of Foundry Networks. Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton AntiVirus are trademarks and FireWall-1 is a registered trademark of Check Point Software Technologies, Ltd. iButton is a registered trademark of Intel Corporation. ...
... right to its accuracy or use of the technical documentation or the information contained therein is a registered trademark of Foundry Networks. Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton AntiVirus are trademarks and FireWall-1 is a registered trademark of Check Point Software Technologies, Ltd. iButton is a registered trademark of Intel Corporation. ...
Implementation Guide
Page 3
... on Support Programs. The specific features available may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. 3 Technical support As part of support purchased and the specific product that you are implementing requires registration and...support agreement may vary based on product feature/ function, installation, and configuration, as well as Symantec Security Response to author content for virus outbreaks and security alerts. Contacting Technical Support Customers with Product Engineering as well as to provide Alerting Services and ...
... on Support Programs. The specific features available may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. 3 Technical support As part of support purchased and the specific product that you are implementing requires registration and...support agreement may vary based on product feature/ function, installation, and configuration, as well as Symantec Security Response to author content for virus outbreaks and security alerts. Contacting Technical Support Customers with Product Engineering as well as to provide Alerting Services and ...
Implementation Guide
Page 5
... end of the Appliance; has been repaired except by this warranty will be that is corrupted or becomes unusable; SYMANTEC NETWORK SECURITY APPLIANCE (7100 SERIES) LICENSE AND WARRANTY AGREEMENT SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES ("SYMANTEC") IS WILLING TO LICENSE THE SOFTWARE INCLUDED WITH THE APPLIANCE YOU HAVE PURCHASED TO YOU AS AN INDIVIDUAL, THE...
... end of the Appliance; has been repaired except by this warranty will be that is corrupted or becomes unusable; SYMANTEC NETWORK SECURITY APPLIANCE (7100 SERIES) LICENSE AND WARRANTY AGREEMENT SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES ("SYMANTEC") IS WILLING TO LICENSE THE SOFTWARE INCLUDED WITH THE APPLIANCE YOU HAVE PURCHASED TO YOU AS AN INDIVIDUAL, THE...
Implementation Guide
Page 6
...uninterrupted or that operation of the Appliance will be returned to Symantec, securely and properly packaged, freight and insurance prepaid, with the RMA number prominently displayed on liability shall survive termination. Symantec does not warrant that the Appliance will meet the conditions for..., installation or electrical supply, improper maintenance, or any other relevant sections of the Code of Federal Regulations, as applicable, Symantec's computer software and computer software documentation are commercial in North America or Latin America, this Agreement, or if You desire ...
...uninterrupted or that operation of the Appliance will be returned to Symantec, securely and properly packaged, freight and insurance prepaid, with the RMA number prominently displayed on liability shall survive termination. Symantec does not warrant that the Appliance will meet the conditions for..., installation or electrical supply, improper maintenance, or any other relevant sections of the Code of Federal Regulations, as applicable, Symantec's computer software and computer software documentation are commercial in North America or Latin America, this Agreement, or if You desire ...
Implementation Guide
Page 9
Contents Chapter 1 Chapter 2 Chapter 3 Introduction About the Symantec Network Security 7100 Series 9 About the core software 10 About the detection architecture 10 About the management system 10 About the 7100 Series models 11 About this ... materials 14 Introducing the 7100 Series components About the 7100 Series components 17 About 7100 Series models 17 Model 7120 ...18 Model 7160 ...19 Model 7161 ...20 About core components 21 LCD panel ...22 LED lights ...24 Serial port ...25 USB ports ...25 Compact flash adapter 25 About additional components 27...
Contents Chapter 1 Chapter 2 Chapter 3 Introduction About the Symantec Network Security 7100 Series 9 About the core software 10 About the detection architecture 10 About the management system 10 About the 7100 Series models 11 About this ... materials 14 Introducing the 7100 Series components About the 7100 Series components 17 About 7100 Series models 17 Model 7120 ...18 Model 7160 ...19 Model 7161 ...20 About core components 21 LCD panel ...22 LED lights ...24 Serial port ...25 USB ports ...25 Compact flash adapter 25 About additional components 27...
Implementation Guide
Page 10
... the bypass unit 39 Rear panel LEDs on the bypass unit 40 Clustering ...41 External IDS products 42 Network Security console accessibility 42 SESA server accessibility 42 Symantec LiveUpdate accessibility 43 Installing the 7100 Series About installing the 7100 Series 45 Rack mounting ...46 Mounting the ... unit for fail-open 57 Powering the 7160 on or off 62 Cabling for model 7161 62 Connecting the management, reset, and serial ports 63 Cabling for passive mode monitoring 64 Cabling for in-line mode monitoring 64 Powering the 7161 on or off 66 Initializing Symantec Network Security
... the bypass unit 39 Rear panel LEDs on the bypass unit 40 Clustering ...41 External IDS products 42 Network Security console accessibility 42 SESA server accessibility 42 Symantec LiveUpdate accessibility 43 Installing the 7100 Series About installing the 7100 Series 45 Rack mounting ...46 Mounting the ... unit for fail-open 57 Powering the 7160 on or off 62 Cabling for model 7161 62 Connecting the management, reset, and serial ports 63 Cabling for passive mode monitoring 64 Cabling for in-line mode monitoring 64 Powering the 7161 on or off 66 Initializing Symantec Network Security
Implementation Guide
Page 11
Contents 3 Chapter 6 Chapter 7 About initializing Symantec Network Security 67 LCD panel initial configuration 68 Using the LCD panel to configure a master node 69 Using the LCD panel to configure a slave node...console 77 Configuring a slave node using the serial console 80 Compact flash initial configuration 83 Default login accounts 84 Starting the Network Security console About the Network Security console 85 Network Security console requirements 85 Console requirements on Windows 86 Console requirements on Linux 86 Installing the console 86 Installing the Java Runtime ...
Contents 3 Chapter 6 Chapter 7 About initializing Symantec Network Security 67 LCD panel initial configuration 68 Using the LCD panel to configure a master node 69 Using the LCD panel to configure a slave node...console 77 Configuring a slave node using the serial console 80 Compact flash initial configuration 83 Default login accounts 84 Starting the Network Security console About the Network Security console 85 Network Security console requirements 85 Console requirements on Windows 86 Console requirements on Linux 86 Installing the console 86 Installing the Java Runtime ...
Implementation Guide
Page 13
... Restarting, rebooting, and powering off 148 Stopping, starting, and restarting Symantec Network Security ........148 Stopping Network Security from the LCD 149 Stopping Network Security from the serial console 149 Starting Network Security from the LCD 150 Starting Network Security from the serial console 150 Restarting Network Security from the Network Security console 150 Restarting Network Security from the serial console 151 Rebooting the appliance 151 Rebooting the...
... Restarting, rebooting, and powering off 148 Stopping, starting, and restarting Symantec Network Security ........148 Stopping Network Security from the LCD 149 Stopping Network Security from the serial console 149 Starting Network Security from the LCD 150 Starting Network Security from the serial console 150 Restarting Network Security from the Network Security console 150 Restarting Network Security from the serial console 151 Rebooting the appliance 151 Rebooting the...
Implementation Guide
Page 14
...the SESA agent manually 165 Stopping the SESA agent manually 165 Re-imaging and unconfiguring About re-imaging and unconfiguring 167 Unconfiguring Symantec Network Security 168 Running Unconfigure in the Network Security console 168 Running Unconfig SNS on the LCD 169 Running unconfigure on the serial console 170 Preparing for re-imaging 170 ... to the appliance 176 Connecting the Imaging Server to a 7120 177 Connecting the Imaging Server to a 7160 177 Connecting the Imaging Server to a 7161 178 Re-imaging the appliance 178 Upgrading the console application 181 About migration 181
...the SESA agent manually 165 Stopping the SESA agent manually 165 Re-imaging and unconfiguring About re-imaging and unconfiguring 167 Unconfiguring Symantec Network Security 168 Running Unconfigure in the Network Security console 168 Running Unconfig SNS on the LCD 169 Running unconfigure on the serial console 170 Preparing for re-imaging 170 ... to the appliance 176 Connecting the Imaging Server to a 7120 177 Connecting the Imaging Server to a 7160 177 Connecting the Imaging Server to a 7161 178 Re-imaging the appliance 178 Upgrading the console application 181 About migration 181
Implementation Guide
Page 17
... Introduction This chapter includes the following topics: ■ About the Symantec Network Security 7100 Series ■ About this guide ■ About the documentation set ■ About the Web sites ■ Verifying the materials About the Symantec Network Security 7100 Series Symantec Network Security 7100 Series appliances provide real-time network intrusion prevention and detection to protect critical enterprise assets from...
... Introduction This chapter includes the following topics: ■ About the Symantec Network Security 7100 Series ■ About this guide ■ About the documentation set ■ About the Web sites ■ Verifying the materials About the Symantec Network Security 7100 Series Symantec Network Security 7100 Series appliances provide real-time network intrusion prevention and detection to protect critical enterprise assets from...
Implementation Guide
Page 18
...; Backdoors ■ Buffer overflow attempts ■ Blended threats like MS Blaster and SQL Slammer About the management system Symantec Network Security 7100 Series appliances are centrally managed via the Symantec Network Security 4.0 Management Console, a powerful and scalable security management system. In addition to both. About the detection architecture The 7100 Series appliances employ the new and innovative...
...; Backdoors ■ Buffer overflow attempts ■ Blended threats like MS Blaster and SQL Slammer About the management system Symantec Network Security 7100 Series appliances are centrally managed via the Symantec Network Security 4.0 Management Console, a powerful and scalable security management system. In addition to both. About the detection architecture The 7100 Series appliances employ the new and innovative...
Implementation Guide
Page 19
...; The 7161: ■ Monitors up to four 1000 Base-SX fiber optic network segments ■ Monitors up to four 10/100/1000 Base-T network segments ■ Provides a maximum bandwidth license of 2 Gbps ■ Provides in-line mode maximum bandwidth of 1 Gbps About this guide The Network Security Management System automates the process of the Symantec Network Security 7100...
...; The 7161: ■ Monitors up to four 1000 Base-SX fiber optic network segments ■ Monitors up to four 10/100/1000 Base-T network segments ■ Provides a maximum bandwidth license of 2 Gbps ■ Provides in-line mode maximum bandwidth of 1 Gbps About this guide The Network Security Management System automates the process of the Symantec Network Security 7100...
Implementation Guide
Page 20
... and how to a license. Chapter 8 Configuring nodes and interfaces Describes how to the Symantec Network Security 7100 Series. Discusses migration from an existing Symantec supported IDS platform to add and edit 7100 Series nodes and interfaces, including in-line pairs...the appliance. Chapter 9 Configuring detection and response Describes how to install and launch the console Symantec Network Security console. Chapter 6 Starting the Network Security Describes how to start sensors by configuring and applying protection policies. Chapter 11 Maintaining and administering...
... and how to a license. Chapter 8 Configuring nodes and interfaces Describes how to the Symantec Network Security 7100 Series. Discusses migration from an existing Symantec supported IDS platform to add and edit 7100 Series nodes and interfaces, including in-line pairs...the appliance. Chapter 9 Configuring detection and response Describes how to install and launch the console Symantec Network Security console. Chapter 6 Starting the Network Security Describes how to start sensors by configuring and applying protection policies. Chapter 11 Maintaining and administering...
Implementation Guide
Page 21
...; Depending on your appliance model, one of the following: ■ Symantec Network Security 7100 Series: Model 7120 Getting Started Card ■ Symantec Network Security 7100 Series: Models 7160 and 7161 Getting Started Card This card provides the minimum procedures necessary for the Symantec Network Security 7100 Series includes: ■ Symantec Network Security 7100 Series Implementation Guide (printed and PDF). Lists topics covered in...
...; Depending on your appliance model, one of the following: ■ Symantec Network Security 7100 Series: Model 7120 Getting Started Card ■ Symantec Network Security 7100 Series: Models 7160 and 7161 Getting Started Card This card provides the minimum procedures necessary for the Symantec Network Security 7100 Series includes: ■ Symantec Network Security 7100 Series Implementation Guide (printed and PDF). Lists topics covered in...
Implementation Guide
Page 22
... Symantec Network Security software. ■ Symantec Network Security 7100 Series Readme (on the Symantec Network Security Web site. To access the patch site, open http://www.symantec.com/techsupp/ enterprise/select_product_manuals.html, and click Intrusion Detection > Symantec Network Security 4.0. ■ The Knowledge Base provides a constantly updated reference of three models: ■ 7120 ■ 7160 ■ 7161 Verifying the materials Once you have unpacked your Symantec Network Security...
... Symantec Network Security software. ■ Symantec Network Security 7100 Series Readme (on the Symantec Network Security Web site. To access the patch site, open http://www.symantec.com/techsupp/ enterprise/select_product_manuals.html, and click Intrusion Detection > Symantec Network Security 4.0. ■ The Knowledge Base provides a constantly updated reference of three models: ■ 7120 ■ 7160 ■ 7161 Verifying the materials Once you have unpacked your Symantec Network Security...
Implementation Guide
Page 23
...Table 1-2 Materials list Part Description Management Console CD Contains: ■ Symantec Network Security management console software for Windows and Linux platforms ■ SESA SIPI ...7161 For use when installing the appliance on a shelf or other flat surface ■ Symantec Network Security Version 4.0 Administration Guide ■ Symantec Network Security 7100 Series Implementation Guide ■ Symantec Network Security 7100 Series Getting Started Card ■ Symantec Network Security 7100 Series Product Specifications and Safety Information ■ Symantec Network Security...
...Table 1-2 Materials list Part Description Management Console CD Contains: ■ Symantec Network Security management console software for Windows and Linux platforms ■ SESA SIPI ...7161 For use when installing the appliance on a shelf or other flat surface ■ Symantec Network Security Version 4.0 Administration Guide ■ Symantec Network Security 7100 Series Implementation Guide ■ Symantec Network Security 7100 Series Getting Started Card ■ Symantec Network Security 7100 Series Product Specifications and Safety Information ■ Symantec Network Security...
Implementation Guide
Page 25
About 7100 Series models The Symantec Network Security 7100 Series appliance is described in three models. Additionally, the LCD subsystem, compact flash, removable hard drive, and serial port make administration ...the 7100 Series components ■ About 7100 Series models ■ About core components ■ About additional components About the 7100 Series components The Symantec Network Security 7100 Series combines high speed networking interfaces, multi-gigahertz CPUs, and plenty of memory with a number of convenience features into a fast, simple, and reliable appliance. 2 Chapter...
About 7100 Series models The Symantec Network Security 7100 Series appliance is described in three models. Additionally, the LCD subsystem, compact flash, removable hard drive, and serial port make administration ...the 7100 Series components ■ About 7100 Series models ■ About core components ■ About additional components About the 7100 Series components The Symantec Network Security 7100 Series combines high speed networking interfaces, multi-gigahertz CPUs, and plenty of memory with a number of convenience features into a fast, simple, and reliable appliance. 2 Chapter...
Implementation Guide
Page 26
.../100Base-T 10 eth5 Management interface; 10/100Base-T 11 Compact flash Read/write drive for compact flash cards of up to the USB port of the Symantec Network Security 7100 Series. It has six 10/100Base-T monitoring interfaces, and comes in Table 2-1. standard power supply 2 Master power Switch that turns the appliance on the...
.../100Base-T 10 eth5 Management interface; 10/100Base-T 11 Compact flash Read/write drive for compact flash cards of up to the USB port of the Symantec Network Security 7100 Series. It has six 10/100Base-T monitoring interfaces, and comes in Table 2-1. standard power supply 2 Master power Switch that turns the appliance on the...
Implementation Guide
Page 27
... re1000g4 Monitoring interface; 10/100/1000Base-T Introducing the 7100 Series components 19 About 7100 Series models Model 7160 The 7160 is the all gigabit copper Symantec Network Security 7100 Series model. also the Imaging Server connection for the AC power cords; Figure 2-2 shows the back panel components described in a 2U configuration for a 19...
... re1000g4 Monitoring interface; 10/100/1000Base-T Introducing the 7100 Series components 19 About 7100 Series models Model 7160 The 7160 is the all gigabit copper Symantec Network Security 7100 Series model. also the Imaging Server connection for the AC power cords; Figure 2-2 shows the back panel components described in a 2U configuration for a 19...
Implementation Guide
Page 30
Figure 2-4 7160 core components LCD Panel Compact Flash adapter LED Lights USB Ports Serial Port LCD panel The LCD panel includes the LCD screen and six push buttons. 22 Introducing the 7100 Series components About core components See the following sections for more information: ■ LCD panel ■ LED lights ■ Serial port ■ USB ports ■ Compact flash adapter Figure 2-4 shows these components on the front bezel of a 7160. These components are located on the front and back panels of the Symantec Network Security 7100 Series
Figure 2-4 7160 core components LCD Panel Compact Flash adapter LED Lights USB Ports Serial Port LCD panel The LCD panel includes the LCD screen and six push buttons. 22 Introducing the 7100 Series components About core components See the following sections for more information: ■ LCD panel ■ LED lights ■ Serial port ■ USB ports ■ Compact flash adapter Figure 2-4 shows these components on the front bezel of a 7160. These components are located on the front and back panels of the Symantec Network Security 7100 Series