Installation Guide
Page 3
...22 Set up the next boot option 22 Upgrade the products 23 Apply a hotfix 23 Convert an installation to another DLP product 24 Restoring the drives 24 4 Installing or upgrading software on model 1650 and 3650 appliances 25 Download and expand the legacy archive 25 Install the products on legacy servers 26 Upgrade to 9.2.0 on legacy appliances 27 5 Configuring McAfee DLP appliances and adding servers 29 Configure McAfee DLP appliances using Setup Wizard 29 Configure McAfee DLP appliances after installation 35 Add McAfee DLP products to McAfee DLP Manager 35 McAfee Data...
...22 Set up the next boot option 22 Upgrade the products 23 Apply a hotfix 23 Convert an installation to another DLP product 24 Restoring the drives 24 4 Installing or upgrading software on model 1650 and 3650 appliances 25 Download and expand the legacy archive 25 Install the products on legacy servers 26 Upgrade to 9.2.0 on legacy appliances 27 5 Configuring McAfee DLP appliances and adding servers 29 Configure McAfee DLP appliances using Setup Wizard 29 Configure McAfee DLP appliances after installation 35 Add McAfee DLP products to McAfee DLP Manager 35 McAfee Data...
Installation Guide
Page 8
... address https://. Mozilla Firefox 3.0.x and Microsoft Internet Explorer 7 browsers are managed through the same workflow as the other products in ePolicy Orchestrator, log on a Linux appliance, McAfee DLP Manager is used as a virtual appliance, use the VMware vSphere Client to log on McAfee DLP Manager or McAfee® ePolicy Orchestrator dashboards. Endpoint rules and events are supported. • If McAfee DLP is run as the management console. 1 Introduction to McAfee Total Protection for DLP 9.2.0 Management options • McAfee DLP Discover monitors file...
... address https://. Mozilla Firefox 3.0.x and Microsoft Internet Explorer 7 browsers are managed through the same workflow as the other products in ePolicy Orchestrator, log on a Linux appliance, McAfee DLP Manager is used as a virtual appliance, use the VMware vSphere Client to log on McAfee DLP Manager or McAfee® ePolicy Orchestrator dashboards. Endpoint rules and events are supported. • If McAfee DLP is run as the management console. 1 Introduction to McAfee Total Protection for DLP 9.2.0 Management options • McAfee DLP Discover monitors file...
Installation Guide
Page 11
... capture network traffic, so it requires additional configuration steps. After you might add McAfee DLP Discover or McAfee DLP Prevent, which require additional configuration. Check the shipment Each product ships with all of the appliances, go to the System tab on McAfee DLP Manager to add the products to be managed and the servers needed to complete the system. Contents Adding devices and servers Check the shipment Plan your installation Rack mount the appliances Connect a management console Configure McAfee DLP Manager Select an integration mode for McAfee DLP...
... capture network traffic, so it requires additional configuration steps. After you might add McAfee DLP Discover or McAfee DLP Prevent, which require additional configuration. Check the shipment Each product ships with all of the appliances, go to the System tab on McAfee DLP Manager to add the products to be managed and the servers needed to complete the system. Contents Adding devices and servers Check the shipment Plan your installation Rack mount the appliances Connect a management console Configure McAfee DLP Manager Select an integration mode for McAfee DLP...
Installation Guide
Page 14
... network configuration is complete, the appliance will be completed only on the same subnet, so it can convey this step is completed. The default logon is different, but on the McAfee DLP Manager appliance. 8 Click Submit, then Exit Wizard. Assign the laptop an IP address that is admin/mcafee. 2 Setting up the hardware Configure McAfee DLP Manager You must connect a laptop to the management port so you can access the management port. for example, 192.168.1.10. 3 Open a web...
... network configuration is complete, the appliance will be completed only on the same subnet, so it can convey this step is completed. The default logon is different, but on the McAfee DLP Manager appliance. 8 Click Submit, then Exit Wizard. Assign the laptop an IP address that is admin/mcafee. 2 Setting up the hardware Configure McAfee DLP Manager You must connect a laptop to the management port so you can access the management port. for example, 192.168.1.10. 3 Open a web...
Installation Guide
Page 16
.... 2 Setting up the hardware Select an integration mode for McAfee DLP Monitor Select an integration mode for McAfee DLP Monitor McAfee DLP Monitor must be used. If two capture ports are two integration modes: use of a "remote SPAN", or "RSPAN" capability, which allows ports from source ports to the destination port to the LAN switch, and the port used by the WAN router. 2 Apply the appropriate SPAN port configuration. 16 McAfee Data Loss Prevention 9.2.0 Installation Guide Certain switch models permit the use of...
.... 2 Setting up the hardware Select an integration mode for McAfee DLP Monitor Select an integration mode for McAfee DLP Monitor McAfee DLP Monitor must be used. If two capture ports are two integration modes: use of a "remote SPAN", or "RSPAN" capability, which allows ports from source ports to the destination port to the LAN switch, and the port used by the WAN router. 2 Apply the appropriate SPAN port configuration. 16 McAfee Data Loss Prevention 9.2.0 Installation Guide Certain switch models permit the use of...
Installation Guide
Page 17
... the LAN switch and WAN router through two network ports. Traffic from the WAN router, the network tap should be connected to interface "GigabitEthernet1/0/1". The DLP appliance would be installed between two network devices (generally the LAN switch and the WAN router) using additional cabling, then connecting the tap to McAfee DLP Monitor. Switch: configure terminal Switch(config)# interface GigabitEthernet1/0/2 Switch(config-if)# port monitor GigabitEthernet1/0/1 Switch(config-if)# end Switch# show commands on the switch, verify that is configured on a Cisco switch, the WAN...
... the LAN switch and WAN router through two network ports. Traffic from the WAN router, the network tap should be connected to interface "GigabitEthernet1/0/1". The DLP appliance would be installed between two network devices (generally the LAN switch and the WAN router) using additional cabling, then connecting the tap to McAfee DLP Monitor. Switch: configure terminal Switch(config)# interface GigabitEthernet1/0/2 Switch(config-if)# port monitor GigabitEthernet1/0/1 Switch(config-if)# end Switch# show commands on the switch, verify that is configured on a Cisco switch, the WAN...
Installation Guide
Page 18
... to a port on McAfee DLP Monitor. 4 Connect Network Port A of the network tap to a router inside the firewall. 5 Connect Network Port B of the packets to verify the current time. 5 Click Update. Integrate the appliance using a network tap Task 1 Disconnect the cable between your WAN router and your LAN switch. 2 Connect Monitor Port A of the network tap to Capture Port 0 on McAfee DLP Monitor. 3 Connect Monitor Port B of network cables, so it now. 18 McAfee Data Loss Prevention 9.2.0 Installation Guide 2 Setting up the hardware Complete the setup This method...
... to a port on McAfee DLP Monitor. 4 Connect Network Port A of the network tap to a router inside the firewall. 5 Connect Network Port B of the packets to verify the current time. 5 Click Update. Integrate the appliance using a network tap Task 1 Disconnect the cable between your WAN router and your LAN switch. 2 Connect Monitor Port A of the network tap to Capture Port 0 on McAfee DLP Monitor. 3 Connect Monitor Port B of network cables, so it now. 18 McAfee Data Loss Prevention 9.2.0 Installation Guide 2 Setting up the hardware Complete the setup This method...
Installation Guide
Page 19
... McAfee Network DLP product and version. Task 1 Open the McAfee Service Portal by "i", although the product names have changed. When the system is expanded, the installation scripts become available. The system automatically boots from the Service Portal and copy it to another DLP product Restoring the drives Download and expand the archive To prepare for the kernal) and DLP software. Downloadable archives all have legacy names preceded by typing support.mcafee.com into the address...
... McAfee Network DLP product and version. Task 1 Open the McAfee Service Portal by "i", although the product names have changed. When the system is expanded, the installation scripts become available. The system automatically boots from the Service Portal and copy it to another DLP product Restoring the drives Download and expand the archive To prepare for the kernal) and DLP software. Downloadable archives all have legacy names preceded by typing support.mcafee.com into the address...
Installation Guide
Page 22
... boot next. 5 Reboot the system. Set up the next boot option After you have a specific need that assignment by the current configuration. Using this step only if you install an image, the system automatically assigns the next boot to the appliance, and expand it into a product directory under /data. Take this command has the same effect as changing the boot option using the Grub menu. 3 Installing or upgrading the software...
... boot next. 5 Reboot the system. Set up the next boot option After you have a specific need that assignment by the current configuration. Using this step only if you install an image, the system automatically assigns the next boot to the appliance, and expand it into a product directory under /data. Take this command has the same effect as changing the boot option using the Grub menu. 3 Installing or upgrading the software...
Installation Guide
Page 25
... the hardware used by typing support.mcafee.com into the address bar of its managed devices (McAfee DLP Discover, McAfee DLP Monitor, and McAfee DLP Prevent) are no longer distributed on the model 1650 and 3650 appliances contains the software for installation, download the software from the Service Portal and copy it is installed or upgraded by "cdrom_ i", although the product names have legacy names preceded by running two installation scripts. 4 Installing or upgrading software on model 1650 and 3650 appliances A McAfee DLP installation on media. Downloadable...
... the hardware used by typing support.mcafee.com into the address bar of its managed devices (McAfee DLP Discover, McAfee DLP Monitor, and McAfee DLP Prevent) are no longer distributed on the model 1650 and 3650 appliances contains the software for installation, download the software from the Service Portal and copy it is installed or upgraded by "cdrom_ i", although the product names have legacy names preceded by running two installation scripts. 4 Installing or upgrading software on model 1650 and 3650 appliances A McAfee DLP installation on media. Downloadable...
Installation Guide
Page 27
... the appliance. Call McAfee support and submit an installation log file. Upgrade to 9.2.0 on legacy appliances You can upgrade to any existing hotfixes. When that is complete. If the patch installation fails, do not install it again. McAfee Data Loss Prevention 9.2.0 Installation Guide 27 Installing or upgrading software on model 1650 and 3650 appliances Upgrade to 9.2.0 on legacy appliances 4 6 Restart the system. # reboot 7 Log on to the McAfee DLP device as root. 2 Check the current version. # cat /data/stingray/etc/version 3 Make...
... the appliance. Call McAfee support and submit an installation log file. Upgrade to 9.2.0 on legacy appliances You can upgrade to any existing hotfixes. When that is complete. If the patch installation fails, do not install it again. McAfee Data Loss Prevention 9.2.0 Installation Guide 27 Installing or upgrading software on model 1650 and 3650 appliances Upgrade to 9.2.0 on legacy appliances 4 6 Restart the system. # reboot 7 Log on to the McAfee DLP device as root. 2 Check the current version. # cat /data/stingray/etc/version 3 Make...
Installation Guide
Page 29
... to McAfee DLP Manager and managed from the Configure link on the appliance. After installation of specific users. Task 1 Open a web browser and start the Setup Wizard from that would ordinarily be added during the installation process. Most McAfee DLP enterprise configurations have LDAP servers configured, and McAfee® Logon Collector is complete, you can be installed on the System page if you begin The software for more information. After installation is often used in...
... to McAfee DLP Manager and managed from the Configure link on the appliance. After installation of specific users. Task 1 Open a web browser and start the Setup Wizard from that would ordinarily be added during the installation process. Most McAfee DLP enterprise configurations have LDAP servers configured, and McAfee® Logon Collector is complete, you can be installed on the System page if you begin The software for more information. After installation is often used in...
Installation Guide
Page 30
Figure 5-1 Network configuration You must enter a fully-qualified domain name into the Hostname field. 30 McAfee Data Loss Prevention 9.2.0 Installation Guide admin/mcafee 3 On the End User License Agreement page, select the checkbox and click I Accept. 4 On the Network Configuration page, assign the hostname, domain and IP addresses of the gateway and DNS servers, then click Next. 5 Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using Setup Wizard 2 At the logon prompt, type the default user name and password.
Figure 5-1 Network configuration You must enter a fully-qualified domain name into the Hostname field. 30 McAfee Data Loss Prevention 9.2.0 Installation Guide admin/mcafee 3 On the End User License Agreement page, select the checkbox and click I Accept. 4 On the Network Configuration page, assign the hostname, domain and IP addresses of the gateway and DNS servers, then click Next. 5 Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using Setup Wizard 2 At the logon prompt, type the default user name and password.
Installation Guide
Page 41
... address bar, and log on. 15 Select Menu | Configuration | Trusted CA. 16 Click New Authority. 17 Browse to the netdlp_certificate.cer file you saved to identify a time server during the initial installation of the McAfee Logon Collector into the box. McAfee Data Loss Prevention 9.2.0 Installation Guide 41 When the server comes up, the SSL connection between McAfee DLP appliances, servers, and the network, but you can use syslog servers to manually reset...
... address bar, and log on. 15 Select Menu | Configuration | Trusted CA. 16 Click New Authority. 17 Browse to the netdlp_certificate.cer file you saved to identify a time server during the initial installation of the McAfee Logon Collector into the box. McAfee Data Loss Prevention 9.2.0 Installation Guide 41 When the server comes up, the SSL connection between McAfee DLP appliances, servers, and the network, but you can use syslog servers to manually reset...
Installation Guide
Page 45
... Installation Guide and release notes to familiarize yourself with all updates. 4 Disable Microsoft Internet Explorer's Enhanced Security Configuration Window Component. • In Windows 2003, open the Windows Control Panel then select Add/Remove Windows Components. • In Windows 2008, open the Server Manager then select Configure IE ESC in McAfee ePolicy Orchestrator 4.5 or 4.6. In secure systems, this folder. We recommend completing all software installations before installation, then reconfigure it after installation if it is installed. 6 Set the server to a static IP address...
... Installation Guide and release notes to familiarize yourself with all updates. 4 Disable Microsoft Internet Explorer's Enhanced Security Configuration Window Component. • In Windows 2003, open the Windows Control Panel then select Add/Remove Windows Components. • In Windows 2008, open the Server Manager then select Configure IE ESC in McAfee ePolicy Orchestrator 4.5 or 4.6. In secure systems, this folder. We recommend completing all software installations before installation, then reconfigure it after installation if it is installed. 6 Set the server to a static IP address...
Installation Guide
Page 46
... installation fails. Install McAfee ePolicy Orchestrator McAfee Data Loss Prevention Endpoint software version 9.2 Patch 2 can also be used. 2 During the installation, you should be locked down the recommended additions to the Microsoft Internet Explorer trusted sites list before resetting the permissions. 46 McAfee Data Loss Prevention 9.2.0 Installation Guide This is to install the software, the SQL installation continues without user input. After verification that case, you must install it . Another configuration...
... installation fails. Install McAfee ePolicy Orchestrator McAfee Data Loss Prevention Endpoint software version 9.2 Patch 2 can also be used. 2 During the installation, you should be locked down the recommended additions to the Microsoft Internet Explorer trusted sites list before resetting the permissions. 46 McAfee Data Loss Prevention 9.2.0 Installation Guide This is to install the software, the SQL installation continues without user input. After verification that case, you must install it . Another configuration...
Installation Guide
Page 47
... Open LDAP with the names of users authorized to log on a separate server (remote installation). Write down the recommended additions to create an ePolicy Orchestrator instance on a separate server, is the preferred option when installing on the WCF service installation wizard. Where McAfee ePolicy Orchestrator is selected on Windows 2008 Server. Installing McAfee DLP Endpoint Installing McAfee DLP WCF service 6 Pay attention to the following points when installing ePolicy Orchestrator: 1 In the McAfee ePO installation wizard, use Windows authentication...
... Open LDAP with the names of users authorized to log on a separate server (remote installation). Write down the recommended additions to create an ePolicy Orchestrator instance on a separate server, is the preferred option when installing on the WCF service installation wizard. Where McAfee ePolicy Orchestrator is selected on Windows 2008 Server. Installing McAfee DLP Endpoint Installing McAfee DLP WCF service 6 Pay attention to the following points when installing ePolicy Orchestrator: 1 In the McAfee ePO installation wizard, use Windows authentication...
Installation Guide
Page 53
... the installation wizard (WCF Service Settings), do this , the new version checks the client and server versions and displays an error message if they don't match. When installing or upgrading McAfee DLP Endpoint software, you plan to the latest version. b Select Windows Authentication or SQL Authentication and fill in WCF installation options. Before you are installing. 2 In step 4 of the installation wizard (Microsoft SQL Database), do not need to be configured appropriately. If you must change the default Web Access...
... the installation wizard (WCF Service Settings), do this , the new version checks the client and server versions and displays an error message if they don't match. When installing or upgrading McAfee DLP Endpoint software, you plan to the latest version. b Select Windows Authentication or SQL Authentication and fill in WCF installation options. Before you are installing. 2 In step 4 of the installation wizard (Microsoft SQL Database), do not need to be configured appropriately. If you must change the default Web Access...
Installation Guide
Page 54
... created and configured before running the installer. Creating and configuring repository folders McAfee Data Loss Prevention Endpoint software requires certain repository folders on Windows 2003 Server requires specific security settings. Modify Share name to be added as disclaimers or copyright. Both folder are placed in advance, a place to not include sensitive content. McAfee DLP Endpoint software saves time by the DLP Endpoint are configured in the...
... created and configured before running the installer. Creating and configuring repository folders McAfee Data Loss Prevention Endpoint software requires certain repository folders on Windows 2003 Server requires specific security settings. Modify Share name to be added as disclaimers or copyright. Both folder are placed in advance, a place to not include sensitive content. McAfee DLP Endpoint software saves time by the DLP Endpoint are configured in the...
Installation Guide
Page 68
7 Integrating McAfee DLP Endpoint into a unified policy system Connecting McAfee DLP Manager and the ePolicy Orchestrator server • Hostname - \\ • IP Address - • Username -
7 Integrating McAfee DLP Endpoint into a unified policy system Connecting McAfee DLP Manager and the ePolicy Orchestrator server • Hostname - \\ • IP Address - • Username -