Network Security Platform NS9300XC Sensor Quick Start

Network Security Platform NS9300XC Sensor Quick Start
NS9300XC Sensor Quick Start Guide
Revision A
McAfee Network Security Platform
This Quick Start Guide explains how to quickly set up and activate your McAfee® Network Security
Platform NS9300XC Sensor to be load balanced by McAfee® Network Security Platform XC-640 Load
Balancer Appliance. Cabling the Sensor’s QSFP+ (Quad Small Form-factor Pluggable) Monitoring ports into
the XC-640 enables you to load balance the Sensor traffic.
To upgrade an existing NS9300 Sensor to NS9300XC, contact the McAfee Technical Support.
For more information on the XC-640 Load Balancer Appliance, see the McAfee Network Security
Platform XC-640 Load Balancer Appliance Quick Start Guide.
All product documentation referenced in this Quick Start Guide is found on the McAfee Service Portal.
Figure 1 Sensor front panel
1
The NS9300XC Sensor consists of a Primary Sensor, NS9300XC-P, and a Secondary Sensor,
NS9300XC-S.
1
Console ports on the NS9300XC-P and NS9300XC-S Sensors (2)
2
QSFP+ 40 Gigabit Ethernet Interconnect ports (4). G0/1 and G0/2 on NS9300XC-P Sensor and G4/1
and G4/2 on NS9300XC-S Sensor.
3
Four slots for I/O modules (Any combination of the interface modules can be used)
4
•
QSFP+ 40 Gigabit Ethernet ports (4)
•
QSFP+ 40 Gigabit Ethernet ports (2)
•
SFP/SFP+ 1/10 Gigabit Ethernet Monitoring ports (8)
•
RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (6)
RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (16)
The supported transceiver modules are QSFP+, SFP+ (MM and SM), Fiber SFP (MM and SM) and Copper
SFP.
Figure 2 Sensor rear panel
1
USB ports (4)
2
Power supply A (Pwr A)
3
Power supply B (Pwr B)
4
RJ‑45 100/1000/10000 Management port (Mgmt) (2).
Mgmt on NS9300XC-S Sensor is used as an interconnect port.
2
5
RJ‑45 100/1000/10000 Response port (R1) (2).
R1 on NS9300XC-P Sensor is used as an interconnect port.
6
1
RJ‑45 Auxiliary ports (Aux) (2)
Verify the contents in the box
The following accessories are shipped in the NS-series Sensor crate:
2
•
Sensor
•
Power supply
•
Power cords. McAfee provides a standard and international power cables.
•
Set of rack mounting rails
•
Printed Quick Start Guide
•
40G Direct Attach cable
Verify the hardware and software requirements
The following hardware requirements are to be met. For more information, see the Installation
Guide.
The following are the system requirements for a Manager server.
3
Operating
system
Minimum required
Recommended
Any of the following:
Same as the minimum
required.
•
Windows Server 2008 R2 Standard or Enterprise
Edition, English operating system, SP1 (64-bit) (Full
Installation)
•
Windows Server 2008 R2 Standard or Enterprise
Edition, Japanese operating system, SP1 (64-bit) (Full
Installation)
•
Windows Server 2012 Standard Edition (Server with a
GUI) English operating system
•
Windows Server 2012 Standard Edition (Server with a
GUI) Japanese operating system
•
Windows Server 2012 R2 Standard Edition (Server
with a GUI) English operating system
•
Windows Server 2012 R2 Standard Edition (Server
with a GUI) Japanese operating system
•
Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) English operating system
•
Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) Japanese operating system
Only x64 architecture is supported.
Memory
8 GB
8 GB or more
CPU
Server model processor such as Intel Xeon
Same
Disk space
100 GB
300 GB or more
Network
100 Mbps card
1000 Mbps card
Monitor
32-bit color, 1440 x 900 display setting
1440 x 900 (or above)
The following are the system requirements for client systems connecting to the Manager application.
Minimum
Operating
system
•
Windows 7 English or Japanese
•
Windows 8 English or Japanese
•
Windows 8.1 English or Japanese
Recommended
The display language of the Manager client must
be same as that of the Manager server operating
system.
RAM
4
2 GB
4 GB
Minimum
Recommended
CPU
1.5 GHz processor
1.5 GHz or faster
Browser
•
Internet Explorer 9, 10 or 11
•
Internet Explorer 11
•
Mozilla Firefox
•
Mozilla Firefox 20.0
or above
Google Chrome in not supported since the NPAPI
plug-in is disabled by default and will not be
supported by Google going forward. This means
that Java applet support is also disabled by
default.
The following software are to be installed.
3
•
Sensor image
•
Manager image
•
Signature set
Install the slide rails
Follow this procedure to assemble the slide rails and position the Sensor on it.
a
Rack installation - Remove inner member from slides
a
front bracket
d
inner member
b
outer member
e
safety locking pin
c
rear bracket
f
release button
Pull the release button to remove inner member from slides.
5
b
Rack installation - Install slides to rack
Align brackets to desired vertical position on the rack and insert the fasteners. Move the ball
retainer to the front of slides.
Do not handle the NS-series appliance by the mounting brackets
c
6
Chassis installation - Install inner member to chassis
Align inner member key holes to standoffs on chassis, move inner member following the
direction the picture.
d
Chassis installation - Install chassis to fixed slides
Pull the release button in the inner member to release the lock and allow the chassis to close.
e
Chassis removal - Extend slides
Fully extend the slides until it is in the locked position, pull the release button to release lock and
disconnect inner member from slides.
7
f
Chassis removal - Remove inner member from chassis
Press safety locking pin to release inner member from chassis.
While installing NS9300XC, this procedure is to be followed for both the primary and
the secondary Sensors.
4
Install the interface modules
You can purchase the following interface modules and insert them into the relevant slots on your
NS-series Sensor.
8
•
2-port QSFP+ 40 Gigabit interface module
•
4-port QSFP+ 40 Gigabit interface module
•
4-port SFP/SFP+ 10/1 Gigabit 8.5 µm (SM) interface module with internal fail-open
•
4-port SFP/SFP+ 10/1 Gigabit 50 µm (MM) interface module with internal fail-open
•
4-port SFP/SFP+ 10/1 Gigabit 62.5 µm (MM) interface module with internal fail-open
5
•
8-port SFP/SFP+ 1/10 Gigabit interface module
•
6-port RJ-45 10/100/1000 Mbps Ethernet interface module
a
Remove the module from its protective packaging.
b
Grip the sides of the module with your thumb and fore-finger and insert the module into the
slot.
c
Drive in the screws fixed on the sides of the module to attach it to the Sensor.
Cable the Management and Console ports
a
Plug a Category 5e Ethernet cable in the Management port (labeled Mgmt)on the rear panel of
the NS9300XC-P Sensor.
b
Plug the other end of the cable into the
network device connected to your
Manager server.
c
Plug the DB9 Console cable(s) into the
Console port (labeled Console)on the
front panel of the NS9300XC-P and
NS9300XC-S Sensors.
d
Connect the other end of the Console
port cable directly to a COM port of the
PC or terminal server you will be using
to configure the Sensor (for example, a
PC running correctly configured
Windows Hyperterminal software). You
must connect directly to the console for
initial configuration; you cannot
configure the Sensor remotely.
Terminal servers are provided for
console access.
9
The required settings for Hyperterminal are:
e
•
Baud rate: 115200
•
Stop Bits: 1
•
Number of Bits: 8
•
Control Flow: None
•
Parity: None
Plug one end of the power cable into the power inlet and plug the other end into a power source.
The Sensor ships with standard US power and international cables.
The NS-series Sensor does not have a power switch; you need to only plug the power
cable into a power source.
6
Cable the Monitoring ports
This procedure describes how to cable a Sensor to connect it to the XC-640 Load Balancer Appliance.
a
Plug the cable appropriate for use with your QSFP module into port G1/1.
McAfee supports only those QSFP
modules purchased through McAfee or
from a McAfee-approved vendor.
Do not use XC ports. These ports are
reserved for interconnection between
the primary (NS9300XC-P) and
secondary (NS9300XC-S) Sensors.
b
Connect the other end of the cable to a Sensor port on the XC-640 Load Balancer Appliance.
For instructions on using the XC-640 Load Balancer Appliance, see the McAfee Network
Security Platform XC Cluster Administration Guide.
10
7
Cable the interconnect ports
This procedure describes how to connect the NS9300XC-P Sensor to the NS9300XC-S Sensor.
a
Plug the supplied 40G Direct Attach cable into port G0/1 of the NS9300XC-P Sensor and connect
the other end of the cable into port G4/1 of the NS9300XC-S Sensor.
b
Plug the supplied 40G Direct Attach cable into port G0/2 of the NS9300XC-P Sensor and connect
the other end of the cable into port G4/2 of the NS9300XC-S Sensor.
c
Plug the supplied cable into the Response port (R1) of NS9300XC-P Sensor and connect the
other end of the cable into the Management port (Mgmt) port of the NS9300XC-S Sensor.
11
8
Add the Sensor to the Manager
The Manager displays the Login ID page.
a
Log on to the Manager. The default Login ID is admin and the default Password is admin123.
b
Click Configure.
You do not require a license file to enable IPS on NS9300XC Sensors.
c
To add a Sensor in the Manager, select Devices | <Admin Domain> | Global | Add and Remove Devices, and
then click New.
The Add New Device page is displayed.
a
Enter the Device Name.
The Sensor name must begin with a letter. The maximum length of the name is 25
characters.
b
Enter the Device Type, Load Balancer-XC-640.
c
Enter the Shared Secret. Re-enter to confirm.
The shared secret must be a minimum of 8 characters and maximum of 25 characters in
length. The key cannot start with an exclamation mark nor can have any spaces. The
parameters that you can use to define the key are:
•
26 alphabets: upper and lower case (a,b,c,...z and A, B, C,...Z)
•
10 digits: 0 1 2 3 4 5 6 7 8 9
•
32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] { } \ | ; : " ' , . <? /
The Sensor name and shared secret key that you enter in the Manager must
be identical to the shared secret that you will later enter during physical
installation/initialization of the Sensor (using CLI). If not, the Sensor will not
be able to register itself with Manager.
d
Select the Updating Mode, either Online or Offline.
Selecting Offline enables Offline Sensor update.Online is the default mode.
12
e
Enter Contact Information and Location (optional)
f
Click Save.
g
An information box confirms successful addition of Sensor.
h
Click Next.
i
The new Sensor is listed in the Sensors page.
You can select the Sensor and click Edit to edit the Sensor settings.
9
Configure Sensor information
Configure the Sensor with the network information, a name, and the shared secret key that the
Sensor uses to establish secure communication with the Manager. Use the name and key values you
set in step 5d.
The first time you configure a Sensor, you must have physical access to the Sensor.
You configure the NS9300XC Sensor using the CLI of the primary Sensor (NS9300XC-P).
At any time during configuration, you can type a question mark (?) to get help on the Sensor CLI
commands. For a list of all commands, type commands.
a
Log on to the primary Sensor using the terminal connected to the Console port.
b
At the prompt, log on using the default Sensor username (admin) and password (admin123).
c
[Optional, but recommended].
Change the Sensor password. At the
prompt, type: passwd.The Sensor
prompts you to enter the new
password and prompts you for the
old password.
A password must contain
between 8 to 25 characters,
is case-sensitive, and can
consist of any alphanumeric
character or symbol.
d
Set the name of the Sensor:
You can enter the setup command at the prompt and this will automatically prompt you
to provide the information shown in items 4 through 7 and item 10. Or, you use the set
command instead. If you use the set command, you must manually enter the complete
command syntax as shown in items 4 through 7 and item 10.
13
At the prompt, type: set sensor name <word>.
Example: set sensor name HR_sensor1
The Sensor name is a case-sensitive character string up to 25 characters. The string
can include hyphens, underscores, and periods, and must begin with a letter.
e
If the Sensor is not on the same network as the Manager, set the address of the default
gateway. At the prompt, type: set sensor gateway <A.B.C.D>
Example: set sensor gateway 192.168.3.68
f
Set the IP address of the Manager server. At the prompt, type: set manager ip <A.B.C.D>.
Example: set manager ip 192.168.2.8
g
Set the IP address and subnet mask of the Sensor. At the prompt, type: set sensor ip
<A.B.C.D> <E.F.G.H>.
Example: set sensor ip 192.168.2.12 255.255.255.0
Specify an IP address using four octets separated by periods: X.X.X.X, where X is a
number between 0 and 255, followed by a subnet mask in the same format.
h
If prompted, reboot the Sensor. Type: reboot
The Sensor can take up to five minutes to complete its reboot.
i
Ping the Manager from the Sensor to determine if your configuration settings to this point have
successfully established the Sensor on the network. At the prompt, type: ping <manager IP
address>.
If the ping is successful, continue with the following steps. If not, type show to verify your
configuration settings and check that the information is correct.
j
Set the shared secret key value for the Sensor. At the prompt, type: set sensor
sharedsecretkey.
The Sensor then prompts you to enter and, subsequently, confirm the shared secret key value.
This value is used to establish a trust relationship between the Sensor and the
Manager. The secret key value can be between 8 and 25 characters of any ASCII text.
The shared key value is case-sensitive. Make sure the value matches the shared secret
key value you provided in the Manager interface.
k
To verify the configuration information, type show. Check that all information is correct.
l
To exit the session, type exit.
10 Verify successful installation
A handshake process begins between the Sensor and the Manager. The devices will take a few
seconds to establish communication.
14
Perform the following steps to verify successful communication between the Sensor and the Manager.
a
In the Sensor CLI, type: status.
The status report appears.
The Sensor parameter System Initialized should be yes, and for Manager communication
Trust Established should be yes.
b
Return to the Manager. In the Manager Home page, view the Manager status in the System Health
section.
The Manager status should be up and the Sensor status should be active.
c
From the Manager Home page, click Devices to open the Devices page.
d
Select your added Sensor from the Devices tab. The ports for this Sensor appear under the Devices
| <Admin Domain Name> | Devices | <Device_Name> | Setup | Physical Ports.
<Device_Name> indicates the name of the Sensor you added.
e
Click the button representing the ports on the Sensor that you cabled. Ensure that your port
settings match the cabling.
11 You're up and running!
Your Sensor is actively monitoring connected segments and communicating with the Manager for
administration and management operations.
a
Read McAfee Network Security Platform Quick Tour for an overview of the system. For detailed
usage instructions, see McAfee Network Security Platform Installation Guide and McAfee Network
Security Platform IPS Administration Guide, or click the Detailed Help buttons in the upper-right
corner of each window in the Manager.
b
Launch the Threat Analyzer from the Home page to view alert statistics as attacks are detected.
These will display in the Unacknowledged Alert Summary area of the Manager Home page.
c
Having problems? Check McAfee Network Security Platform Troubleshooting Guide for
troubleshooting information.
d
Note that most deployment problems stem from configuration mismatches between the Sensor
and the network devices to which it is connected. Check your duplex and auto-negotiation
settings on both devices to ensure they are synchronized.
If you need to contact Technical Support, go to https://mysupport.mcafee.com.
15
Copyright © 2015 McAfee, Inc. www.intelsecurity.com
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
16
700-4519A00
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement