Product Guide
Page 2
... owners. Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others . * Software developed by Tim J. English A copy of McAfee, Inc. Issued DECEMBER 2008 / IntruShield Sensor 3000 Product Guide 700-1548-00/ 6.0 - COPYRIGHT Copyright ® 2001 - 2008 McAfee, Inc. All other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access...
... owners. Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others . * Software developed by Tim J. English A copy of McAfee, Inc. Issued DECEMBER 2008 / IntruShield Sensor 3000 Product Guide 700-1548-00/ 6.0 - COPYRIGHT Copyright ® 2001 - 2008 McAfee, Inc. All other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access...
Product Guide
Page 3
... a power supply...15 Installing SFP modules ...16 Installing a SFP module...17 Removing a SFP module...18 Connecting copper SFP for 10/100 Fast Ethernet ports 18 Cabling the sensor...20 Powering on the I-3000 ...20 Powering off the sensor...20 Chapter 4 Attaching cables to the I-3000 Sensor 21 Cabling the Console port ...21 Cabling the Auxiliary port...21 Cabling the Response ports ...22 Cabling the Fail-Open Control ports 22 Cabling the Management port...23 Cabling the I-3000 Monitoring ports 23 Default Monitoring port speed settings for I-3000 24 Cable types for routers, switches, hubs...
... a power supply...15 Installing SFP modules ...16 Installing a SFP module...17 Removing a SFP module...18 Connecting copper SFP for 10/100 Fast Ethernet ports 18 Cabling the sensor...20 Powering on the I-3000 ...20 Powering off the sensor...20 Chapter 4 Attaching cables to the I-3000 Sensor 21 Cabling the Console port ...21 Cabling the Auxiliary port...21 Cabling the Response ports ...22 Cabling the Fail-Open Control ports 22 Cabling the Management port...23 Cabling the I-3000 Monitoring ports 23 Default Monitoring port speed settings for I-3000 24 Cable types for routers, switches, hubs...
Product Guide
Page 5
... You Install (on page 6) contains system specifications, and the safety and usage requirements for the sensors. • Chapter 3: Setting up an I-3000 Sensor (on page 1) describes the features and port configurations of the I -3000 sensor. Introducing McAfee IntruShield IPS McAfee IntruShield delivers the most comprehensive and effective network IPS in your requirements. About this guide and how to contact McAfee Technical Support. Contents of this guide This guide is organized. IntruShield combines real-time...
... You Install (on page 6) contains system specifications, and the safety and usage requirements for the sensors. • Chapter 3: Setting up an I-3000 Sensor (on page 1) describes the features and port configurations of the I -3000 sensor. Introducing McAfee IntruShield IPS McAfee IntruShield delivers the most comprehensive and effective network IPS in your requirements. About this guide and how to contact McAfee Technical Support. Contents of this guide This guide is organized. IntruShield combines real-time...
Product Guide
Page 6
... the Configuration tab, click Backup. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Preface Audience • Chapter 4: Attaching Cables to the I-3000 Sensor (on the keyboard Press ENTER. Procedures are denoted using Courier New font. are presented as syntax, keywords, and values that identify fields, buttons, The Service field on your specific situation or environment is intended to be used in various operating modes. Conventions used by network technicians...
... the Configuration tab, click Backup. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Preface Audience • Chapter 4: Attaching Cables to the I-3000 Sensor (on the keyboard Press ENTER. Procedures are denoted using Courier New font. are presented as syntax, keywords, and values that identify fields, buttons, The Service field on your specific situation or environment is intended to be used in various operating modes. Conventions used by network technicians...
Product Guide
Page 11
... mode. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide An introduction to IntruShield sensors What is an IntruShield sensor? 1 One 10/100 Management port, which is used to control optional fail-open hardware as described in the Gigabit Optical Fail-Open Bypass Kit Guide. This port has an assigned IP address. 2 One RS-232C Console port, which is used to set up and configure the sensor. 3 One RS-232C Auxiliary port, which may be used in In-line Mode fail closed, meaning that if the sensor fails...
... mode. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide An introduction to IntruShield sensors What is an IntruShield sensor? 1 One 10/100 Management port, which is used to control optional fail-open hardware as described in the Gigabit Optical Fail-Open Bypass Kit Guide. This port has an assigned IP address. 2 One RS-232C Console port, which is used to set up and configure the sensor. 3 One RS-232C Auxiliary port, which may be used in In-line Mode fail closed, meaning that if the sensor fails...
Product Guide
Page 15
... (3050 m) Throughput 1 Gbps Cabling Specifications: Note the following cabling specifications for the sensor: • Category 5 Enhanced (Cat 5e) cable is required for I-3000 sensor The following table lists the sensor limitations by category: Maximum Type I-3000 Concurrent connections Connections established per Physical Port Customized attacks Alert filters Default number of SSL keys that can be used. Note: Throughout this guide, cabling specifications will be stored on the sensor Virtual Interfaces (VIDS) VLANS / CIDR Blocks VLANS / CIDR Blocks per sec.
... (3050 m) Throughput 1 Gbps Cabling Specifications: Note the following cabling specifications for the sensor: • Category 5 Enhanced (Cat 5e) cable is required for I-3000 sensor The following table lists the sensor limitations by category: Maximum Type I-3000 Concurrent connections Connections established per Physical Port Customized attacks Alert filters Default number of SSL keys that can be used. Note: Throughout this guide, cabling specifications will be stored on the sensor Virtual Interfaces (VIDS) VLANS / CIDR Blocks VLANS / CIDR Blocks per sec.
Product Guide
Page 17
... the equipment is LC-Duplex compatible • Fiber-optic ports (for example, FDDI, OC-3, OC-12, OC-48, ATM, GBIC, and 100BaseFX) are in a commercial environment. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Before you connect the system to its power source. • To remove all power from the I -3000 sensor uses fiber-optic connectors for its 12 Monitoring ports. Use caution when connecting cables. • This equipment has...
... the equipment is LC-Duplex compatible • Fiber-optic ports (for example, FDDI, OC-3, OC-12, OC-48, ATM, GBIC, and 100BaseFX) are in a commercial environment. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Before you connect the system to its power source. • To remove all power from the I -3000 sensor uses fiber-optic connectors for its 12 Monitoring ports. Use caution when connecting cables. • This equipment has...
Product Guide
Page 23
... using the mounting screw on the left side of the faceplate. Removing a power supply ► To remove a power supply from the I-3000 (Optional-the power supplies are replacing. 15 Figure 4: Installing a power supply 4 Slide in the power supply until it out. 5 Use faceplate panels to protect unused slots from the power supply. 2 Put on an antistatic wrist or ankle strap. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing the I-3000 redundant power supply 3 Place the power supply...
... using the mounting screw on the left side of the faceplate. Removing a power supply ► To remove a power supply from the I-3000 (Optional-the power supplies are replacing. 15 Figure 4: Installing a power supply 4 Slide in the power supply until it out. 5 Use faceplate panels to protect unused slots from the power supply. 2 Put on an antistatic wrist or ankle strap. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing the I-3000 redundant power supply 3 Place the power supply...
Product Guide
Page 24
McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing SFP modules Installing SFP modules The Small Form-factor Pluggable (SFP) module is powered down and before placing it is a hot-swappable input/output device that uses a bail clasp for more details. For a list of installation, insert the SFP GBIC module in the sensor while it in the sensor. https://mysupport.mcafee.com These installation instructions provide information for installing an...
McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing SFP modules Installing SFP modules The Small Form-factor Pluggable (SFP) module is powered down and before placing it is a hot-swappable input/output device that uses a bail clasp for more details. For a list of installation, insert the SFP GBIC module in the sensor while it in the sensor. https://mysupport.mcafee.com These installation instructions provide information for installing an...
Product Guide
Page 25
Note: If you choose not to use . McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up into sensor Monitoring ports 1A/B, 2A/2B, 3A/3B, 4A/4B, 5A/5B, or 6A/6B. When you are keyed to attach the network interface cable, remove the plug from its protective packaging. 2 Ensure the SFP module is the correct model for future use the port, McAfee still recommends that you hear a click indicating...
Note: If you choose not to use . McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up into sensor Monitoring ports 1A/B, 2A/2B, 3A/3B, 4A/4B, 5A/5B, or 6A/6B. When you are keyed to attach the network interface cable, remove the plug from its protective packaging. 2 Ensure the SFP module is the correct model for future use the port, McAfee still recommends that you hear a click indicating...
Product Guide
Page 26
... a fiber SFP is used the speed can be set to 1 Gbps speed. Figure 6: Copper SFP Note: McAfee recommends you are set to 1 Gbps or 1 Gbpsauto. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing SFP modules Removing a SFP module ► If you to use McAfee branded SFPs with a bail clasp, follow these steps: 1 Disconnect the network fiber-optic cable from the SFP module. 2 Release the module from the slot...
... a fiber SFP is used the speed can be set to 1 Gbps speed. Figure 6: Copper SFP Note: McAfee recommends you are set to 1 Gbps or 1 Gbpsauto. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up the I-3000 sensor prior to configuration Installing SFP modules Removing a SFP module ► If you to use McAfee branded SFPs with a bail clasp, follow these steps: 1 Disconnect the network fiber-optic cable from the SFP module. 2 Release the module from the slot...
Product Guide
Page 27
... restore the configuration settings. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up into place. 8 Connect the network cable in the port. 9 In ISM, go to Sensor > Sensors > Configure ports. 10 Select the port where the SFP has been connected. 11 Change the speed and port settings to 10/100/10-auto/100-auto. Figure 7: Connecting Copper SFP 7 Lock the SFP module by pushing the bail clasp up the I-3000 sensor prior to configuration Installing SFP modules To connect a copper SFP 1 Remove...
... restore the configuration settings. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting up into place. 8 Connect the network cable in the port. 9 In ISM, go to Sensor > Sensors > Configure ports. 10 Select the port where the SFP has been connected. 11 Change the speed and port settings to 10/100/10-auto/100-auto. Figure 7: Connecting Copper SFP 7 Lock the SFP module by pushing the bail clasp up the I-3000 sensor prior to configuration Installing SFP modules To connect a copper SFP 1 Remove...
Product Guide
Page 28
... on CLI commands, see Sensor Configuration Guide-using CLI. 20 Cabling the sensor Follow the steps outlined in Attaching Cables to the I-3000 Sensor (on page 21) to connect cables to the monitoring, response, console, and management ports on as soon as described in a rack, made all necessary network connections, and connected the power cable to the power supply. 1 Connect the power cable to the sensor power supply. 2 Connect the power cable to a power source. The sensor powers on your sensor. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting...
... on CLI commands, see Sensor Configuration Guide-using CLI. 20 Cabling the sensor Follow the steps outlined in Attaching Cables to the I-3000 Sensor (on page 21) to connect cables to the monitoring, response, console, and management ports on as soon as described in a rack, made all necessary network connections, and connected the power cable to the power supply. 1 Connect the power cable to the sensor power supply. 2 Connect the power cable to a power source. The sensor powers on your sensor. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Setting...
Product Guide
Page 29
... Flow Control 3 Power on your sensor. You must connect directly to configure the sensor (for example, a PC running correctly configured Windows HyperTerminal software). Required settings for the Aux port are : Name Setting Baud rate Number of the PC or terminal server you configure a sensor. 1 For modem connections, plug a straight-through modem cable into the Console port (labeled Console on the sensor front panel). 2 Connect a modem to the Aux port. 3 Connect a telephone line to the sensor for setup and configuration. You cannot use a modem the first time...
... Flow Control 3 Power on your sensor. You must connect directly to configure the sensor (for example, a PC running correctly configured Windows HyperTerminal software). Required settings for the Aux port are : Name Setting Baud rate Number of the PC or terminal server you configure a sensor. 1 For modem connections, plug a straight-through modem cable into the Console port (labeled Console on the sensor front panel). 2 Connect a modem to the Aux port. 3 Connect a telephone line to the sensor for setup and configuration. You cannot use a modem the first time...
Product Guide
Page 30
... Copper Fail Open Kit Guide. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling the Response ports Name Baud rate Number of the cable to the network device (for example, hub, switch, router) through which you want to respond to attacks. Installation and troubleshooting instructions for the Kit can use the copper Bypass Kit. Cabling the Fail-Open Control ports Fail-open functionality for the modem are: • 9600 bps port speed • Answer after 1 ring • Save the configuration...
... Copper Fail Open Kit Guide. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling the Response ports Name Baud rate Number of the cable to the network device (for example, hub, switch, router) through which you want to respond to attacks. Installation and troubleshooting instructions for the Kit can use the copper Bypass Kit. Cabling the Fail-Open Control ports Fail-open functionality for the modem are: • 9600 bps port speed • Answer after 1 ring • Save the configuration...
Product Guide
Page 31
... SPAN or hub mode Failover Cabling I-3000 sensors for failover Using peer ports for the sensor Monitoring ports are wired in turn connects to the ISM server. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling the Management port Cabling the Management port The Management (Mgmt) port is used together: 23 In-line mode (fail-closed) In-line mode (fail-open hardware (on page 28) External tap mode (GBIC ports) Cabling I-3000 SFP ports in external Tap mode (on the sensor. Cabling the I-3000 to interconnect the...
... SPAN or hub mode Failover Cabling I-3000 sensors for failover Using peer ports for the sensor Monitoring ports are wired in turn connects to the ISM server. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling the Management port Cabling the Management port The Management (Mgmt) port is used together: 23 In-line mode (fail-closed) In-line mode (fail-open hardware (on page 28) External tap mode (GBIC ports) Cabling I-3000 SFP ports in external Tap mode (on the sensor. Cabling the I-3000 to interconnect the...
Product Guide
Page 33
...® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling for in-line mode Cable types for routers, switches, hubs, and PCs The cabling instructions in this chapter: • Use a crossover Ethernet RJ45 cable to connect a router port to 10/100 Monitoring ports. • Use a straight-through Ethernet RJ45 cable to connect a switch/hub port to 10/100 Monitoring ports. • Use a crossover Ethernet RJ45 cable to connect a router port to PC to the router.) 25 The I-3000's GBICs ports fail open, meaning they allow traffic to...
...® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I-3000 Sensor Cabling for in-line mode Cable types for routers, switches, hubs, and PCs The cabling instructions in this chapter: • Use a crossover Ethernet RJ45 cable to connect a router port to 10/100 Monitoring ports. • Use a straight-through Ethernet RJ45 cable to connect a switch/hub port to 10/100 Monitoring ports. • Use a crossover Ethernet RJ45 cable to connect a router port to PC to the router.) 25 The I-3000's GBICs ports fail open, meaning they allow traffic to...
Product Guide
Page 34
... Cable types for routers, switches, hubs, and PCs (on -line KnowledgeBase, Mcafee Support Site https://mysupport.mcafee.com. ► To connect the sensor to the devices you do not need to use a port pair. Cabling for SPAN mode Cabling the I-3000 sensor to monitor in SPAN or hub mode When you monitor in SPAN or Hub mode, you want to monitor to monitor in -line mode. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Cabling for Tap mode Attaching cables to the I-3000 Sensor Cabling...
... Cable types for routers, switches, hubs, and PCs (on -line KnowledgeBase, Mcafee Support Site https://mysupport.mcafee.com. ► To connect the sensor to the devices you do not need to use a port pair. Cabling for SPAN mode Cabling the I-3000 sensor to monitor in SPAN or hub mode When you monitor in SPAN or Hub mode, you want to monitor to monitor in -line mode. McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Cabling for Tap mode Attaching cables to the I-3000 Sensor Cabling...
Product Guide
Page 35
... nonInline (TAP/SPAN) mode is provided. For example, in an I -3000 Sensor Cabling for Failover 27 McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I -3000, you may have port pairs as 1A-1B, 2A-2B, 3A-3B and 4A4B configured in in-line mode and ports 5A, 5B configured in SPAN mode. When 6A-6B interconnection ports are the interconnection ports on the I -3000 sensors for SPAN mode fail-over pair even...
... nonInline (TAP/SPAN) mode is provided. For example, in an I -3000 Sensor Cabling for Failover 27 McAfee® IntruShield® IPS 4.1 IntruShield Sensor 3000 Product Guide Attaching cables to the I -3000, you may have port pairs as 1A-1B, 2A-2B, 3A-3B and 4A4B configured in in-line mode and ports 5A, 5B configured in SPAN mode. When 6A-6B interconnection ports are the interconnection ports on the I -3000 sensors for SPAN mode fail-over pair even...
Product Guide
Page 37
... cabling SFP ports 26 cabling the auxiliary port 21 cabling the console port 21 cabling the sensors for failover 27 chasis 12 Compact Flash port 2 connecting to sensor 23 console port 2 D describing an IntruShield sensor 1 dongles 26 F fail-closed dongle 2 failing closed 2 failing open 2 fail-open functionality 27 failover 27 fan LED 3 fiber optics 10 flash LED 3 front panel LEDs 3 H heat requirements 6 I in-line mode deployment 25 installing SFPs 16, 17 L LED description 3 link LED 3 M mounting the sensor 13 P peer ports on I-3000 24 ports on the I-3000 2 power LED...
... cabling SFP ports 26 cabling the auxiliary port 21 cabling the console port 21 cabling the sensors for failover 27 chasis 12 Compact Flash port 2 connecting to sensor 23 console port 2 D describing an IntruShield sensor 1 dongles 26 F fail-closed dongle 2 failing closed 2 failing open 2 fail-open functionality 27 failover 27 fan LED 3 fiber optics 10 flash LED 3 front panel LEDs 3 H heat requirements 6 I in-line mode deployment 25 installing SFPs 16, 17 L LED description 3 link LED 3 M mounting the sensor 13 P peer ports on I-3000 24 ports on the I-3000 2 power LED...