Network Security Platform M-8000 Sensor Quick Start Guide

Network Security Platform M-8000 Sensor Quick Start Guide
M-8000 Sensor Quick Start Guide
Revision B
McAfee® Network Security Platform
This Quick Start Guide explains how to quickly set up and activate your McAfee® Network
Security Platform [formerly McAfee® IntruShield®] M-8000 Sensor in in-line mode.
If you are setting up your Sensor in SPAN or Tap mode, see the M-8000 Product
Guide for cabling instructions.
All product documentation referenced in this Quick Start Guide is found on the McAfee
Service Portal.
The Sensor front panel
Power supply A (2-included)
XFP 10 Gigabit Ethernet Monitoring ports (12)
Power supply B (2-optional; sold separately)
Compact Flash port (2)
RS-232C Control port (2)
RJ-45 Response port (1)
RS-232C Auxiliary port (2)
10/100/1000 Management port (1)
RJ-11 Fail-Open Control ports (14)
Interconnect ports (2)
SFP 1 Gigabit Ethernet Monitoring ports (16)
Cabling the Sensor's XFP (10 Gigabit Small Form-factor Pluggable) and SFP (Small
Form-factor Pluggable) Gigabit Ethernet Monitoring ports for in-line mode enables you to
configure the Sensor to drop attacks before they reach their target.
Sensor setup overview
This section explains how to position and cable the various ports of your Sensor. This section also briefly
explains how to install the Manager and then add the Sensor to the Manager, and verify that you have
successfully established communication between the Sensor and the Manager.
Position the Sensor
Details on all of the tasks in Step 1 are available in the M-8000 Sensor Product Guide for your Sensor
model. Also see M-series Slide Rail Assembly Procedure.
Release the rails and attach inner rails (of a three-in-one set) to the chassis by fastening it with
the screws provided.
Attach L-shape and external rails to the rack frame.
Install the primary Sensor into a rack and mount ears. You can also mid-mount the Sensor
Install the redundant power supply (optional).
Install modules in the Sensor's Monitoring ports.
Repeat Steps a through e for the secondary Sensor.
Cable the Management and Console ports
Before you begin
Ensure the Sensor is powered OFF before attaching cables.
Plug a Category 5e Ethernet cable in the
(Management) Mgmt port of M-8000 P.
Plug the other end of the cable into the
network device connected to your
Manager server.
Plug the DB9 Console cable supplied in
the Sensor box into the Console port
(labeled Console on the Sensor front
panel) of M-8000 P.
You can use the Console port
on the secondary Sensor,
M-8000 S, for a flash recovery
process or to troubleshoot.
Connect the other end of the Console
port cable directly to a COM port of the PC or terminal server you will be using to configure the
Sensor (for example, a PC running correctly configured Windows Hyperterminal software). You
must connect directly to the console for initial configuration; you cannot configure the Sensor
The required settings for Hyperterminal are:
Baud rate: 38400
Stop Bits: 1
Number of Bits: 8
Control Flow: None
Parity: None
Plug the female end of a power cable into the power inlet and plug the other end into a power
source. The Sensor ships with standard US power and international cables.
The M-8000 does not have a power switch; you need to only plug the power cable into
a power source.
Cable the Monitoring ports
This procedure describes how to cable a Sensor to run in In-line mode.
Plug the cable appropriate for use with
your XFP or SFP module into one of the
Monitoring ports labeled xA (for
example, 1A).
McAfee supports only those
SFP/XFP modules purchased
through McAfee or from a
McAfee-approved vendor.
Do not use XC ports. These
ports are reserved for
interconnection between the
primary (M-8000 P) and
secondary (M-8000 S) Sensors.
Plug another cable into the peer of the port used in Step 1. This port will be labeled xB (for
example, 1B).
Connect the other end of each cable to the network devices that you want to monitor. (For
example, if you plan to monitor traffic between a switch and a router, connect the cable
connected to 1A to the router and the one connected to 1B to the switch.)
For instructions on how to cable the Sensor to run in other operating modes, see the
M-8000 Sensor Product Guide for your Sensor model.
Cable the interconnect ports
This procedure describes how to connect the primary Sensor to the secondary Sensor.
Plug the supplied Ethernet cable into the
XC1 port of the primary Sensor.
Connect the other end of the Ethernet
cable used in Step 1 into the XC4 port of
the secondary Sensor.
Insert the supplied XFP modules into the
XC2, XC3, XC5, and XC6 ports on the
primary and secondary Sensors.
McAfee supports only those XFP modules purchased through McAfee or from a
McAfee-approved vendor.
Plug one end of an LC-LC fiber-optic cable into the XC2 port of the primary Sensor and connect
the other the cable to the XC5 port of the secondary Sensor.
Plug one end of an LC-LC fiber-optic cable into the XC3 port of the primary Sensor and connect
the other the cable to the XC6 port of the secondary Sensor.
Install the Manager Software
For detailed instructions, refer to McAfee Network Security Platform Installation Guide.
You must have administrator privileges on the target Windows server to install the Manager
A MySQL database is included with the Manager and is installed (embedded) automatically
on your target Windows server during this process.
Following steps briefly explain the Manager installation:
Prepare the system according to the requirements outlined in McAfee Network Security Platform
Installation Guide and the Network Security Platform Release Notes.
Close all open applications.
Go to McAfee Update Server and log on, using the grant number and password.
Go to Manager Software Updates folder and select the latest Manager software version available.
Download the zip file to the target Windows server and extract the setup file.
Double-click Manager_<version>_setup.exe and follow the on screen prompts.
Start the Manager
Click Start | Programs | McAfee | Network Security Manager | Network Security Manager.
You do not require a license file for using Manager/Central Manager version or
above, and 6.0.7.x or above.
Adding the Sensor to the Manager
The Manager displays the Login ID page.
Log on to the Manager. The default Login ID is admin and the default Password is admin123.
Click Configure.
An add-on license is required to enable NAC on M-series Sensors. To import and assign an
add-on license, go to Device List | Add-On Licenses page. For more information, see McAfee Network
Security Platform Installation Guide.
You do not require a license file to enable IPS on M-series Sensors.
To add a Sensor in the Manager, click Device List | Devices, and then click New.
The Add New Device page is displayed.
Enter information in the appropriate fields and click Save.
Remember the Shared Secret value entered at this step. This value is used while you
configure the Sensor.
For more information on the fields in Add New Device page, see McAfee Network Security
Platform Installation Guide.
Configure Sensor information
Configure the Sensor with the network information, a name, and the shared secret key that the
Sensor uses to establish secure communication with the Manager. Use the name and key values you
set in Step 2.
The first time you configure a Sensor, you must have physical access to the Sensor.
You configure the M-8000 Sensor using the CLI of the primary Sensor (M-8000 P).
At any time during configuration, you can type a question mark (?) to get help on the Sensor CLI
commands. For a list of all commands, type commands.
Log on to the primary Sensor using the terminal connected to the Console port.
At the prompt, log on using the default Sensor username (admin) and password (admin123).
Optional, but recommended. Change the Sensor password. At the prompt, type: passwd.The
Sensor prompts you to enter the new password and prompts you for the old password.
A password must contain between 8 to 25 characters, is case-sensitive, and can consist
of any alphanumeric character or symbol.
Set the name of the Sensor:
You can enter the setup command at the prompt and this will automatically prompt you
to provide the information shown in items 4 through 7 and item 10. Or, you use the set
command instead. If you use the set command, you must manually enter the complete
command syntax as shown in items 4 through 7 and item 10.
At the prompt, type: set sensor name <word>.
Example: set sensor name HR_sensor1
The Sensor name is a case-sensitive character string up to 25 characters. The string
can include hyphens, underscores, and periods, and must begin with a letter.
If the Sensor is not on the same network as the Manager, set the address of the default
gateway. At the prompt, type: set sensor gateway <A.B.C.D>
Example: set sensor gateway
Set the IP address of the Manager server. At the prompt, type: set manager ip <A.B.C.D>.
Example: set manager ip
Set the IP address and subnet mask of the Sensor. At the prompt, type: set sensor ip
<A.B.C.D> <E.F.G.H>.
Example: set sensor ip
Specify an IP address using four octets separated by periods: X.X.X.X, where X is a
number between 0 and 255, followed by a subnet mask in the same format.
If prompted, reboot the Sensor. Type: reboot
The Sensor can take up to five minutes to complete its reboot.
Ping the Manager from the Sensor to determine if your configuration settings to this point have
successfully established the Sensor on the network. At the prompt, type: ping <manager IP
If the ping is successful, continue with the following steps. If not, type show to verify your
configuration settings and check that the information is correct.
Set the shared secret key value for the Sensor. At the prompt, type: set sensor
The Sensor then prompts you to enter and, subsequently, confirm the shared secret key value.
This value is used to establish a trust relationship between the Sensor and the
Manager. The secret key value can be between 8 and 25 characters of any ASCII text.
The shared key value is case-sensitive. Make sure the value matches the shared secret
key value you provided in the Manager interface.
To verify the configuration information, type show. Check that all information is correct.
To exit the session, type exit.
Verify successful installation
A handshake process begins between the Sensor and the Manager. The devices will take a few
seconds to establish communication.
Perform the following steps to verify successful communication between the Sensor and the Manager.
In the Sensor CLI, type: status.
The status report appears
Return to the Manager. In the Manager Home page, view the Manager status in the System Health
Manager status should be up and Sensor status should be active.
From the Manager Home page, click Configure to open the Configuration page.
Select your added Sensor: Device List | Sensor_Name. The ports for this Sensor appear under the
Sensor_Name node.
"Device_Name" indicates the name of the Sensor you added.
A policy named Default Inline IPS is active upon Sensor addition. To view this policy, select IPS
Settings | Policies | IPS Policy Editor. Now select Default Inline IPS from the list and click View / Edit.
The Default Inline IPS policy contains attacks already configured with a "blocking"
Sensor response action; if any attack in the policy is triggered, the Sensor
automatically blocks the attack. To tune this or any other McAfee-provided policies, you
can clone the policy and then customize it as described in the McAfee Network Security
Platform IPS Administration Guide.
Click Device List | Device_Name | Port Settings.
For more information on port settings, see Configuration Sensor monitoring and
response ports, McAfee Network Security Platform IPS Administration Guide.
Click the button representing the ports on the Sensor that you cabled. Ensure that your port
settings match the cabling (for example, In-line mode).
10 You're up and running!
Your Sensor is actively monitoring connected segments and communicating with the Manager for
administration and management operations.
Read McAfee Network Security Platform Quick Tour for an overview of the system. For detailed
usage instructions, see McAfee Network Security Platform Installation Guide and McAfee Network
Security Platform IPS Administration Guide, or click the Detailed Help buttons in the upper-right
corner of each window in the Manager.
Launch the Threat Analyzer from the Home page to view alert statistics as attacks are detected.
These will display in the Unacknowledged Alert Summary area of the Manager Home page.
Having problems? Check McAfee Network Security Platform Troubleshooting Guide for
troubleshooting information.
Note that most deployment problems stem from configuration mismatches between the Sensor
and the network devices to which it is connected. Check your duplex and auto-negotiation
settings on both devices to ensure they are synchronized.
If you need to contact Technical Support, go to
Copyright © 2014 McAfee, Inc.
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF