Network Security Platform NS3x00 Quick Start Guide

Network Security Platform NS3x00 Quick Start Guide
NS3x00 Quick Start Guide
Revision A
McAfee Network Security Platform
®
This quick start guide explains how to quickly set up and activate your McAfee Network Security Platform
NS3100 and NS3200 Sensors in inline mode. These models have a throughput of 100 Mbps and 200 Mbps
respectively.
All product documentation referenced in this quick start guide is found on the McAfee Service Portal.
The NS3100/NS3200 Sensor model
Figure 1 Sensor front panel
1
Console port (1)
2
RJ-45 10/100/1000 Management port (MGMT) (1)
3
RJ-45 10/100/1000 Response port (R1) (1)
4
USB ports (1)
5
RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (8)
Figure 2 Sensor rear panel
1
1
Power supply inlet (1)
2
Fan units (3)
1
Verify the contents in the box
The following accessories are shipped in the NS3x00 Sensor crate:
2
•
Sensor
•
Power cords (McAfee provides standard and international power cables)
•
Printed Quick Start Guide
Verify the hardware and software requirements
Make sure to meet the following hardware requirements. For more information, see the McAfee
Network Security Platform Installation Guide.
The following are the system requirements for a Manager server.
Operating
system
Minimum required
Recommended
Any of the following:
Same as the minimum
required.
•
Windows Server 2008 R2 Standard or Enterprise
Edition, English operating system, SP1 (64-bit) (Full
Installation)
•
Windows Server 2008 R2 Standard or Enterprise
Edition, Japanese operating system, SP1 (64-bit) (Full
Installation)
•
Windows Server 2012 Standard Edition (Server with a
GUI) English operating system
•
Windows Server 2012 Standard Edition (Server with a
GUI) Japanese operating system
•
Windows Server 2012 R2 Standard Edition (Server
with a GUI) English operating system
•
Windows Server 2012 R2 Standard Edition (Server
with a GUI) Japanese operating system
•
Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) English operating system
•
Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) Japanese operating system
Only x64 architecture is supported.
2
Memory
8 GB
8 GB or more
CPU
Server model processor such as Intel Xeon
Same
Disk space
100 GB
300 GB or more
Minimum required
Recommended
Network
100 Mbps card
1000 Mbps card
Monitor
32-bit color, 1440 x 900 display setting
1440 x 900 (or above)
The following are the system requirements for client systems connecting to the Manager application.
Minimum
Operating
system
•
Windows 7 English or Japanese
•
Windows 8 English or Japanese
•
Windows 8.1 English or Japanese
•
Windows 10 English or Japnese
Recommended
The display language of the Manager client must
be same as that of the Manager server operating
system.
RAM
2 GB
4 GB
CPU
1.5 GHz processor
1.5 GHz or faster
Browser
•
Internet Explorer 9, 10 or 11
•
Internet Explorer 11
•
Mozilla Firefox
•
Mozilla Firefox
41.0.2 or above
Google Chrome in not supported since the NPAPI
plug-in is disabled by default and will not be
supported by Google going forward. This means
that Java applet support is also disabled by
default.
Install the following software:
3
•
Sensor image
•
Manager image
•
Signature set
Install the Sensor
The mounting ears are pre-attached to the Sensor. Install the Sensor into the rack.
3
4
4
Connect the Management and Console ports
a
On the front panel of the NS3x00 Sensors, plug a Category 5e Ethernet cable in the
Management port (labeled MGMT).
b
Plug the other end of the cable into the network device connected to your Manager server.
c
On the front panel of the NS3x00 Sensors, plug the DB9 Console cables into the Console port
(labeled Console).
d
Connect the other end of the Console port cable directly to a COM port of the PC or terminal
server you are using to configure the Sensor (for example, a PC running correctly configured
Windows Hyperterminal software). You must directly connect to the console for initial
configuration, you cannot configure the Sensor remotely.
Terminal servers are provided for console access.
The required settings for Hyperterminal are:
e
•
Baud rate: 115200
•
Stop Bits: 1
•
Number of Bits: 8
•
Control Flow: None
•
Parity: None
Plug one end of the power cable into the power inlet and plug the other end into a power source.
The Sensor ships with standard US power and international cables.
The NS-series Sensor does not have a power switch. You can directly plug the power
cable into a power source.
5
Connect the monitoring ports
This procedure describes how to connect cables to a Sensor that runs in inline mode.
6
a
Plug the cable appropriate for use with your transceiver module into one of the monitoring ports
labeled x (for example, 1).
b
Plug the cable appropriate for use with your transceiver module into one of the monitoring ports
labeled y (for example, 2).
c
Connect the other end of each cable to the network devices that you want to monitor. For
example, if you plan to monitor traffic between a switch and a router, connect the cable
connected to 1 to the router and the one connected to 2 to the switch.
Install the Manager software
For detailed instructions, see the McAfee Network Security Platform Installation Guide.
You must have administrator rights on the target Windows Server to install the Manager
software.
A MySQL database is included with the Manager and is installed (embedded) automatically
on your target Windows Server during this process.
5
The following steps briefly explain the Manager installation:
7
a
Prepare the system according to the requirements outlined in McAfee Network Security Platform
Installation Guide and the McAfee Network Security Platform Release Notes.
b
Close all open applications.
c
Go to the McAfee Update Server (https://menshen1.intruvert.com/) and log on, using the grant
number and password.
d
Go to the Manager Software Updates folder and select the latest Manager software version available.
e
Download the .zip file to the target Windows Server and extract the setup file.
f
Double-click Manager _<version>_setup.exe and follow the on-screen prompts.
Start the Manager
From the Start menu, select Programs | McAfee | Network Security Manager | Network Security Manager.
8
Add the Sensor to the Manager
The Manager displays the Logon page.
a
Log on to the Manager using the default user name (admin) and password (admin123).
b
Click the Devices tab.
c
Select the admin domain from the Domain drop-down. To add a Sensor in the Manager, select
Global | Add and Remove Devices, then click New.
You do not require a license file to enable IPS on NS-series Sensors.
The Add and Remove Devices page is displayed. We recommend using the Add Device wizard to add a
device.
6
d
Enter the following mandatory information in the appropriate fields.
1)
Device Name — The Sensor name must begin with a letter. The maximum length of the name
is 25 characters.
2)
Device Type — Specifies the type of device to be added. Select IPS Sensor.
3)
Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25
characters in length. The key cannot start with an exclamation mark nor can have any
spaces. The parameters that you can use to define the key are:
•
26 alphabets: Uppercase and
lowercase (A, B, C,...Z and a,b,c,...z)
•
10 digits: 0 1 2 3 4 5 6 7 8 9
•
32 symbols: ~ ` ! @ # $ % ^ & * ( )
_ + ‑ = [ ] { } \ | ; : " ' , . <? /
Retype the password in Confirm Shared Secret.
The Sensor name and shared secret key that you enter in the Manager must be
identical to the shared secret that you will later enter during physical installation or
initialization of the Sensor (using CLI interface) in Step 9 - Configure Sensor
information. If not, the Sensor will not be able to register itself with the Manager.
4)
Updating Mode — Select Online or Offline.
Selecting Offline enables Offline Sensor update. Online is the default mode.
e
9
5)
Contact Information — (Optional) Type the contact information.
6)
Location — (Optional) Type the location.
Click Save. The added Sensor is displayed on the Add and Remove Devices page.
Configure Sensor information
Configure the Sensor with the network information, a name, and the shared secret key that the
Sensor uses to establish secure communication with the Manager. Use the name and key values you
set in Step 8- Add the Sensor to the Manager.
The first time you configure a Sensor, you must have physical access to the Sensor.
7
At any time during configuration, you can type a question mark (?) to get help on the Sensor CLI
commands. For a list of all commands, type commands.
a
Log on to the Sensor using the terminal connected to the Console port.
b
At the prompt, log on using the default Sensor user name (admin) and password (admin123).
c
Optional, but recommended. Change the Sensor password. At the prompt, type: passwd.The
Sensor prompts you to enter the new password and prompts you for the old password.
A password must contain between 8–25 characters, is case sensitive, and can consist of
any alphanumeric character or symbol.
d
Set the name of the Sensor:
You can enter the setup command at the prompt. This automatically prompts you to
provide the information shown in items d through g and item j. Alternatively, you can
use the set command. If you use the set command, manually enter the complete
command syntax as shown in items d through g and item j.
At the prompt, type: set sensor name <word>.
Example: set sensor name HR_sensor1
The Sensor name is a case-sensitive character string up to 25 characters. The string
can include hyphens, underscores, and periods, and must begin with a letter.
e
If the Sensor is not on the same network as the Manager, set the address of the default
Gateway. At the prompt, type: set sensor gateway <A.B.C.D>
Example: set sensor gateway 192.1.1.1
f
Set the IP address of the Manager server. At the prompt, type: set manager ip <A.B.C.D>.
Example: set manager ip 192.2.2.2
g
8
Set the IP address and subnet mask of the Sensor. At the prompt, type: set sensor ip
<A.B.C.D> <E.F.G.H>.
Example: set sensor ip 192.3.3.3 255.255.255.0
Specify an IP address using four octets separated by periods: X.X.X.X, where X is a
number between 0 and 255, followed by a subnet mask in the same format.
h
If prompted, reboot the Sensor. Type: reboot
The Sensor can take up to five minutes to complete its reboot.
i
Ping the Manager from the Sensor to determine if your configuration settings to this point have
successfully established the Sensor on the network. At the prompt, type:
ping <manager IP address>.
If the ping is successful, continue with the following steps. If not, type show to verify your
configuration settings and check that the information is correct.
j
Set the shared secret key value for the Sensor. At the prompt, type:
set sensor sharedsecretkey
The Sensor then prompts you to enter and then confirm the shared secret key value.
This value is used to establish a trust relationship between the Sensor and the
Manager. The secret key value can be between 8 and 25 characters of any ASCII text.
The shared key value is case-sensitive. Make sure that the value matches the shared
secret key value you provided in the Manager interface in Step 8- Add the Sensor to
the Manager.
k
To verify the configuration information, type show. Check that all information is correct.
l
To exit the session, type exit.
9
10 Verify successful installation
a
In the Sensor CLI, type: status. The status report is displayed.
The Sensor parameter System Initialized must be yes, and for Manager communication
Trust Established must be yes.
b
10
From the Manager Dashboard, view the Manager status in the System Health monitor.
The Manager status displays as Up and Sensor status is Active.
c
From the Manager, select Devices | <Admin Domain Name> | Devices | <Device Name> | Setup | Physical Ports
to open the ports page.
<Device Name> indicates the name of the Sensor you added.
d
A policy named Default Inline IPS is active upon Sensor addition. To view this policy, select Policy
| <Admin Domain Name> | Intrusion Prevention | IPS Policies. Select Default Inline IPS from the list and click
View / Edit.
The Default Inline IPS policy contains attacks already configured with a "blocking"
Sensor response action. If any attack in the policy is triggered, the Sensor
automatically blocks the attack. To tune this or any other McAfee-provided policies, you
can clone the policy and then customize it as described in the McAfee Network Security
Platform IPS Administration Guide.
11
e
Select Devices | <Admin Domain Name> | Devices | <Device Name> | Setup | Physical Ports.
f
Select the port on the Sensor that you cabled to view port settings. Make sure that your port
settings match the cabling, for example, if port 1 is cabled for inline mode, then the Operating Mode
in the port setting must be inline mode.
For more information on port settings, see Configuring the monitoring and response
ports of a Sensor chapter in the McAfee Network Security Platform IPS Administration
Guide.
11 You're up and running!
Your Sensor is actively monitoring connected segments and communicating with the Manager for
administration and management operations.
a
For detailed usage instructions, see the McAfee Network Security Platform IPS Administration
Guide, or click the Detailed Help buttons in the upper-right corner of each window in the Manager.
b
Start the Analysis | Threat Analyzer to view alert statistics as attacks are detected. A summary of
alerts is displayed in the Unacknowledged Alert Summary area of the Manager Dashboard page.
c
Having problems? See the McAfee Network Security Platform Troubleshooting Guide for
troubleshooting information.
d
Most deployment problems stem from configuration mismatches between the Sensor and the
network devices to which it is connected. Check the duplex and auto-negotiation settings on
both devices to ensure that they are synchronized.
To contact technical support, go to https://support.mcafee.com.
Copyright © 2016 McAfee, Inc. www.intelsecurity.com
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
12
700-4498A00
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement