Firewall Enterprise Control Center 5.3.2 Installation

Firewall Enterprise Control Center 5.3.2 Installation
Installation and Migration Guide
Revision B
McAfee Firewall Enterprise Control
Center
version 5.3.2
COPYRIGHT
Copyright © 2014 McAfee, Inc. Do not copy without permission.
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy
Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource,
VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other
names and brands may be claimed as the property of others.
Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Contents
Preface
7
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing and upgrading Control Center . . . . . . . . . . . . . . . . . . . . . .
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
7
7
8
8
Decide to install or upgrade
1
Make your choice
11
2
Documentation requirements
13
Prepare to install Control Center on a hardware appliance
3
Hardware appliance requirements
4
Plan your Control Center installation
17
19
Understanding the Control Center Management Server environment
Complete the Control Center setup checklist . . . . . . . . . .
Complete the integration schedule checklist . . . . . . . . . .
Port configurations for network communication . . . . . . . . .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
19
. 21
. 22
. 23
Prepare to install Control Center, Virtual Appliance
5
Virtual Appliance requirements
27
Sizing guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Virtual appliance requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6
Prepare the ESX server
29
About ESX virtual networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a new isolated port group . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modify your virtual network configuration . . . . . . . . . . . . . . . . . . . . . . . .
Configure the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
Set up Control Center, Virtual Appliance
Download the Control Center, Virtual Appliance software .
Install the Control Center, Virtual Appliance . . . . . .
Configure Control Center, Virtual Appliance . . . . . .
Configure network mappings . . . . . . . . .
Perform the initial configuration . . . . . . . .
McAfee Firewall Enterprise Control Center
version 5.3.2
29
30
30
31
33
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
33
33
34
34
35
Installation and Migration Guide
3
Contents
Install the Control Center Client application
8
Install the Client application
39
Configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Install Control Center software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Create the initial configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Install the Control Center Management Server
9
Install the Management Server
45
Manually configure the Management Server . . . . . . . . . . . . . . . . . . . . . . . 45
Apply the configuration file to the Management Server . . . . . . . . . . . . . . . . . . . 47
Upgrade from 5.3.1 to 5.3.2
10
Download the Control Center 5.3.2 software
51
11
Upgrade the Management Server
53
Load the 5.3.2 upgrade package . . . . . . . . . . . . . . . . . . . . . . . . . . .
53
Apply the 5.3.2 upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
12
Upgrade the Client application
55
Post–installation and upgrade tasks
13
Connect to the Management Server
59
14
Post-installation tasks
61
15
Perform post-upgrade tasks
63
16
Add firewalls to the Control Center
65
Add multiple firewalls at one time . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add a single firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add an HA cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
66
67
Navigate the Control Center Client application
17
Navigate the Control Center user interface
71
Working with Management Servers . . . . . . . . . . . . . . . . . . . . . . . . . .
Log on to the Management Server . . . . . . . . . . . . . . . . . . . . . . . .
Add a backup (standby) Management Server . . . . . . . . . . . . . . . . . . .
Remove Management Servers . . . . . . . . . . . . . . . . . . . . . . . . .
User interface overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Title bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server-related information . . . . . . . . . . . . . . . . . . . . . . . . . . .
Title bar icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Navigation bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bread crumb trail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Object area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auto Hide button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tree tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Work area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
McAfee Firewall Enterprise Control Center
version 5.3.2
71
71
72
72
73
73
73
74
74
75
75
75
75
75
76
76
Installation and Migration Guide
Contents
Status bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional navigational aids . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Search for objects in the Control Center Client application . . . . . . . . . . . . . . . . .
Client application icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index
McAfee Firewall Enterprise Control Center
version 5.3.2
76
76
76
77
81
Installation and Migration Guide
5
Contents
6
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Preface
Contents
About this guide
Find product documentation
About this guide
This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
•
Administrators — People who implement and enforce the company's security program.
•
Users — People who use the computer where the software is running and can access some or all of
its features.
Conventions
This guide uses these typographical conventions and icons.
Book title, term,
emphasis
Title of a book, chapter, or topic; a new term; emphasis.
Bold
Text that is strongly emphasized.
User input, code,
message
Commands and other text that the user types; a code sample; a displayed
message.
Interface text
Words from the product interface like options, menus, buttons, and dialog
boxes.
Hypertext blue
A link to a topic or to an external website.
Note: Additional information, like an alternate method of accessing an
option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
7
Preface
Find product documentation
Installing and upgrading Control Center
The McAfee Firewall Enterprise Control Center Installation and Migration Guide describes the
installation and configuration for a Control Center standard appliance and McAfee® Firewall Enterprise
Control Center, Virtual Appliance (hereinafter Control Center, Virtual Appliance). This document
provides you procedures to upgrade from Control Center version 5.3.1 to 5.3.2 for hardware and
virtual appliances.
Find product documentation
After a product is released, information about the product is entered into the McAfee online Knowledge
Center.
Task
8
1
Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.
2
Enter a product name, select a version, then click Search to display a list of documents.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Decide to install or upgrade
You can freshly install Control Center 5.3.2 on a standard appliance, virtual
appliance, or upgrade from an existing 5.3.1 system to version 5.3.2.
Chapter 1
Chapter 2
Make your choice
Documentation requirements
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
9
Decide to install or upgrade
10
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
1
Make your choice
You can choose to install McAfee® Firewall Enterprise Control Center 5.3.2 on a physical or virtual
appliance. If you have a 5.3.1 system, use these high-level steps to upgrade to 5.3.2.
Installing Control Center on a hardware appliance
Follow these sections to install on a standard Control Center appliance.
1
Prepare to install Control Center on a hardware appliance
2
Install the Control Center Client application
3
Install the Control Center Management Server
4
Post-installation and upgrade tasks
5
Navigate the Control Center Client application
Installing Control Center, Virtual Appliance
Follow these sections to install a McAfee® Firewall Enterprise Control Center, Virtual Appliance (Control
Center, Virtual Appliance).
1
Prepare to install a Control Center, Virtual Appliance
2
Install the Control Center Client application
3
Install the Control Center Management Server
4
Post-installation and upgrade tasks
5
Navigate the Control Center Client application
Upgrading from 5.2.x or 5.3.x to 5.3.2
Refer to these guides to upgrade to 5.3.1.
•
If you are using a 5.2.x system, follow the McAfee Firewall Enterprise Control Center Installation
and Migration Guide, 5.3.0 to migrate to version 5.3.0.
•
If you are using a 5.3.0 system, follow the McAfee Firewall Enterprise Control Center Installation
and Migration Guide, 5.3.1 to upgrade to version 5.3.1.
After that use the following section to upgrade to 5.3.2.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
11
1
Make your choice
Upgrading from 5.3.1 to 5.3.2
If you are using a 5.3.1 system, follow these sections to upgrade to version 5.3.2.
12
1
Upgrade from Control Center 5.3.1 to 5.3.2 and then install the 532P02 patch
2
Post-installation and upgrade tasks
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
2
Documentation requirements
You need to download these documents.
Table 2-1 Required documents
Source
Documents
McAfee Firewall Enterprise
Control Center
• McAfee Firewall Enterprise Control Center Release Notes, version
5.3.2
• McAfee Firewall Enterprise Control Center Product Guide, version
5.3.2
McAfee Firewall Enterprise
• McAfee Firewall Enterprise Product Guide, version 8.3.2
Links
• http://www.mcafee.com/us/downloads
• http://support.mcafee.com
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
13
2
Documentation requirements
14
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Prepare to install Control Center
on a hardware appliance
For a new installation, prepare to install and configure the Control Center
Management Server and Client application on a hardware appliance.
Chapter 3
Chapter 4
Hardware appliance requirements
Plan your Control Center installation
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
15
Prepare to install Control Center on a hardware appliance
16
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
3
Hardware appliance requirements
Before you install 5.3.2, make sure the Control Center Client application and Management Server
requirements are met.
Client application requirements
The computer that hosts the Control Center Client application must meet these requirements.
Table 3-1 Client application minimum requirements
Component
Requirements
Operating
system
One of the following Microsoft operating systems:
Web browser
• Windows Server 2008
• Windows 8 Professional
• Windows Server 2003
• Windows Vista
• Windows 7
• Windows XP Professional with SP2
or later
One of the following:
• Microsoft Internet Explorer, version 6 or later
• Mozilla Firefox, version 1.0 or later
Hardware
• 3.0 GHz Intel Pentium 4 processor or higher
• System memory
• Windows Server or Windows XP — 3 GB (2 GB minimum)
• Windows Vista, Windows 7, or Windows 8 — 4 GB (3 GB minimum)
• 150 MB of available disk space
• CD drive
• Network card (with access to network hosting the Management Server)
• USB port (for USB drive)
• USB drive formatted in MS-DOS (hereinafter configuration USB drive)
You must provide a configuration USB drive; the USB drive provided by McAfee
cannot be used to store the configuration file.
• 1280 x 1024 display (1024 x 768 minimum)
• Keyboard and mouse
• Network cables
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
17
3
Hardware appliance requirements
Management Server requirements
Control Center 5.3.0 and later use the McAfee® Linux Operating System 2.1.0 64-bit version
(hereinafter MLOS).
Table 3-2 Management Server minimum requirements
Component
Requirements
Hardware
• Examples:
• C1015
• C2050
18
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
4
Plan your Control Center installation
Understand options for deploying your Control Center and managed firewalls. Plan your network
configuration and develop an integration schedule.
Contents
Understanding the Control Center Management Server environment
Complete the Control Center setup checklist
Complete the integration schedule checklist
Port configurations for network communication
Understanding the Control Center Management Server
environment
The Control Center Management Server is an enterprise-class management tool that is used to create
and apply security policies across multiple firewalls.
It centrally manages policy, software updates, and reports, and monitors the firewalls in your
organization. You can use the Control Center Management Server to manage hundreds of firewalls.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
19
4
Plan your Control Center installation
Understanding the Control Center Management Server environment
The Control Center uses a Windows workstation that is installed with the Control Center Client
application to present a graphical user interface to enterprise administrators. The installation USB
drive provides the programs to prepare the initial configuration and to manage your Management
Server and its registered firewalls.
Figure 4-1 Basic Control Center Management Server environment
You can also implement Management Servers in a High Availability (HA) Management Server
configuration, where one Management Server actively manages the registered firewalls while another
Management Server acts as a standby. Use this configuration to manually switch management
responsibilities to another Management Server if the active Management Server fails.
Figure 4-2 Control Center High Availability configuration
20
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
4
Plan your Control Center installation
Complete the Control Center setup checklist
Complete the Control Center setup checklist
Use this checklist to set up your Control Center so that it is registered and fully operational. Mark off
each step as you complete it.
Setup checklist
1. Plan your configuration
Read the latest release notes for up-to-date information. Release notes are available at: http://
go.mcafee.com/goto/updates.
Plan your integration schedule.
2. Set up the Client application
Make sure that you have a Windows-based computer that meets the minimum requirements.
Install the Client application software on the Windows-based computer by using the installation USB
drive or the Client CD. See the McAfee Firewall Enterprise Control Center Product Guide to set up the
Control Center users and roles.
Use the Control Center Initialization Tool to create your initial configuration file (ccinit.txt) and save it
to your configuration USB drive.
Load the 5.3.1 ccinit file to the 5.3.2 initialization tool. Modify the file and create a new USB installation
configuration file.
3. Set up the Management server
Set up the hardware.
1 Make sure that the Control Center Management Server is properly situated in your network.
2 Connect the power cord and the network cable.
3 Insert the configuration USB drive into the appropriate port.
4 Turn on the Control Center Management Server.
5 After the Control Center Management Server has been configured, remove the configuration USB
drive that contains the ccinit.txt file.
6 From your Client application computer, ping the IP address of the Control Center Management
Server to verify connectivity. If the ping fails, perform network troubleshooting before continuing
with the setup process.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
21
4
Plan your Control Center installation
Complete the integration schedule checklist
Setup checklist
4. Start managing your firewalls
Log on to your Control Center Management Server.
Use the appropriate Control Center, or Admin Console, or Firewall Enterprise Quick Start Wizard to
register the firewall with the Control Center Management Server.
If you need to upgrade a firewall to a version compatible with Control Center, you must use the Control
Center to register the firewall.
You can do this on a firewall-by-firewall basis or you can use the multiple firewall option.
Use the Control Center Client application to retrieve objects from the registered firewalls.
Validate the current policy.
Apply the current policy to the registered firewalls.
Complete the post-setup tasks required by your environment. Example tasks include:
• Update the Management Server and the managed firewalls to the latest version.
• Create Control Center users.
• Set up configuration domains.
• Set up any alerts and reports required by your security policy.
Complete the integration schedule checklist
This sample checklist can help prepare and schedule your Control Center integration tasks. Adequate
preparation greatly reduces the disruption to your production network.
Support staff and materials considerations
• Schedule network experts who are familiar with your existing network components to be
available during installation.
• Schedule firewall experts who will interact with the Control Center Management Server to be
available during installation.
• Locate any manuals or documentation that can be useful if problems are encountered.
Network services considerations
• Develop a test plan to verify that all key services are functioning as desired.
• Schedule an appropriate amount of time for the installation. Include time for preparation,
the physical installation of the Management Server, and for testing critical features and services.
An experienced Control Center installer requires approximately one full workday to complete the
installation, configuration, and testing of a basic installation. Adjust this amount accordingly, based on
your experience level and the complexity of your security policy and test plan.
• Determine whether the managed firewalls need to be upgraded. If the managed firewalls
require a software upgrade to reach a version that is compatible with the Control Center version,
your network will experience a brief disruption.
Only 7.0.1.0.3 and higher firewalls can be managed by Control Center 5.3.2.
• Tell your users and help desk the times when the network will be unavailable. Also advise your
users about any new access controls that might affect their use of the network.
22
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Plan your Control Center installation
Port configurations for network communication
4
Port configurations for network communication
The following ports are required for proper communication between the Control Center Management
Server and Client application and also between registered firewalls and a standalone Management
Server.
These ports must be configured before any communication is attempted between any firewall and the
Control Center Management Server.
Table 4-1 TCP port configurations that are required for network communication
Port
Description
Control Center Management Server to firewall
Port 9005
Firewall SSL port for the Control Center
Firewall to Control Center Management Server
Port 7080
Control Center Management Server HTTP port
Port 9005
Control Center Management Server HTTPS/SSL port
Control Center Client to Control Center Management Server
Port 9005
Control Center Management Server HTTPS/SSL port
Port 5432
Control Center Management Server database
Additionally, the following ports are optional, but must be configured for the specified features.
Table 4-2 Feature-specific optional TCP port configurations for network communication
Port
Description
Control Center Management Server to firewall TCP ports
Port 22
Required for SSH communication for firewall registration by using the Add New Firewall
Wizard
Firewall to Control Center Management Server
Port 22
SCP transfers of scheduled firewall configuration backups
Port 9006 Control Center utt_server (program for receiving Secure Alerts)
Port 9009 Control Center utt_server (program for receiving real-time audit from firewalls)
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
23
4
Plan your Control Center installation
Port configurations for network communication
24
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Prepare to install Control Center,
Virtual Appliance
Follow these sections to prepare to install on a Control Center, Virtual
Appliance. Collect the required components, ESX server, and set up Control
Center.
Chapter 5
Chapter 6
Chapter 7
Virtual Appliance requirements
Prepare the ESX server
Set up Control Center, Virtual Appliance
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
25
Prepare to install Control Center, Virtual Appliance
26
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
5
Virtual Appliance requirements
Before you set up your appliance, understand your Control Center, Virtual Appliance and make sure all
requirements are met.
Contents
Sizing guidelines
Virtual appliance requirements
Sizing guidelines
Use the following table to determine the number of Control Center, Virtual Appliances to download and
install.
These guidelines are based on average policy configuration, and might need to be adjusted for your
network depending on the number of rules, rule groups, and application objects in your policy.
Table 5-1 Sizing guidelines
Number of managed firewalls
Number of Control Center, Virtual Appliances
0–60
1
61–120
2
121–180
3
181–240
4
241–300
5
301–360
6
361–420
7
421–480
8
481–540
9
541–600
10
601–660
11
661–720
12
721–780
13
781–840
14
841–900
15
901–960
16
961–1000
17
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
27
5
Virtual Appliance requirements
Virtual appliance requirements
Virtual appliance requirements
The McAfee® Firewall Enterprise Control Center, Virtual Appliance runs on the VMware ESX 4.1 update
2 or later hypervisor operating system, providing flexible security for your virtual environment.
To run Control Center, Virtual Appliance, the following requirements must be met.
Table 5-2 System requirements
Component
Requirements
Control Center, Virtual Appliance
VMware server
VMware ESX version 4.1 update 2 or later
Make sure that VT (Virtual Technology) is enabled in your computer BIOS.
Hardware
• Any server-class type hardware. Examples:
• Dell R910
• Dell R610
CPU
One virtual processor
Memory
1 GB minimum (Recommended 2 GB)
Drives
150 GB of available disk space
Hard drive space is thin provisioned. 150 GB is the maximum amount of
disk space the virtual machine requires. A minimal installation uses
approximately 5 GB of disk space and increase as needed.
For a VMDK installation, we recommend that you select thin provisioning.
Control Center Client application
Operating system
One of the following Microsoft operating systems:
• Windows XP Professional
• Windows Vista
• Windows Server 2003
• Windows 7
• Windows Server 2008
• Windows 8 Professional
Monitor
1024 x 768 or higher
Network interface
card
Access to the network hosting your Control Center, Virtual Appliance
Browser
• Microsoft Internet Explorer, version 6 or later
• Mozilla Firefox, version 1.0 or later
28
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
6
Prepare the ESX server
Prepare the virtual network for McAfee Firewall Enterprise Control Center.
Contents
About ESX virtual networking
Create a new isolated port group
Modify your virtual network configuration
Configure the system clock
About ESX virtual networking
Use the Add Network Wizard to configure virtual networking on these virtual machine networking
objects.
•
•
Virtual switch (vSwitch) — A network object in ESX that connects virtual machines to each other
like a physical switch
•
If the virtual machines connected to the vSwitch need to communicate with hosts on a physical
network, you can join the vSwitch to the physical network by connecting it to an appropriate
physical Ethernet adapter (also known as an uplink adapter).
•
If the virtual machines connected to the vSwitch need to communicate only with each other, you
do not need to connect the vSwitch to a physical Ethernet adapter.
Port group — A group of ports that provides a labeled, stable anchor point for virtual machines to
connect to a vSwitch
Port groups include common parameters like VLAN tagging and bandwidth shaping. Multiple port
groups can be assigned to a single vSwitch.
The Add Network Wizard always creates a new port group, but creating a new vSwitch depends on your
choices.
The Control Center, Virtual Appliance has two network interfaces. Each interface must be connected to
an ESX vSwitch by mapping it to a port group. Note the following networking requirements:
•
Interface assignments cannot overlap; each interface must be assigned to a unique vSwitch.
•
One vSwitch must be connected to a physical adapter on your ESX server that provides access to
the internet.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
29
6
Prepare the ESX server
Create a new isolated port group
Create a new isolated port group
Create a new port group that is not connected to a physical interface. This port group will be
referenced by the unconfigured virtual firewall.
Task
1
Connect to your ESX server using the VMware vSphere Client.
2
Click Configuration | Networking.
The Networking area appears in the right pane.
3
Click Add Networking.
The Add Network Wizard Connection Type window appears.
4
Select Virtual Machine | Next.
The Network Access window appears.
5
Create a virtual switch that is not connected to any physical network adapters.
a
Select Create a virtual switch.
b
Deselect the check boxes next to the physical network adapters (vmnics).
c
Click Next.
The Connection Settings window appears.
6
In the Network Label field, type Unconfigured, then click Next.
The Summary window appears.
The port group must be named Unconfigured because it is referenced by the Control Center, Virtual
Appliance during import.
7
Click Finish.
The Add Network Wizard closes.
A port group named Unconfigured is added.
Modify your virtual network configuration
Prepare ESX virtual networking for the deployment of Control Center, Virtual Appliance.
Task
1
In the VMware vSphere Client, click Configuration | Networking.
The Networking area appears in the right pane.
2
Click Add Networking.
The Add Network Wizard window appears.
3
Select Virtual Machine | Next.
The Network Access window appears.
30
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Prepare the ESX server
Configure the system clock
4
6
Select the virtual switch that will handle network traffic for this connection, then click Next.
•
If you need to create a new vSwitch, select Create a virtual switch. Enable or disable physical
Ethernet adapters for this vSwitch as necessary.
•
To assign this connection to an existing vSwitch, select it from the list.
The Connection Settings window appears.
5
In the Port Group Properties area, configure the following items, then click Next.
•
Network Label — Enter a name for this port group.
•
VLAN ID — [Optional] To configure this port group to participate in VLAN tagging, enter a VLAN ID
between 1 and 4095.
The Summary window appears.
6
To Examine the Preview.
•
To confirm your changes, click Finish.
•
To modify your changes, click Back.
The new connection configuration is complete.
To modify a vSwitch after it has been created, click Properties next to it.
Configure the system clock
Configure your ESX server system clock.
McAfee recommends the following:
•
Synchronize your system clock with a time server using the Network Time Protocol (NTP).
•
Because system clocks can drift from the ESX system clock, configure NTP on your ESX server.
To configure NTP on your ESX server:
Task
1
In the VMware Infrastructure Client, click Configuration | Time Configuration.
The Time Configuration area appears in the right pane.
2
Click Properties.
The Time Configuration window appears.
3
Click Options.
The NTP Daemon (ntpd) Options window appears.
4
In the Service Commands area, click Start.
The status changes to Running.
5
In the left pane, click NTP settings.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
31
6
Prepare the ESX server
Configure the system clock
6
Add an NTP server.
a
Click Add. The Add NTP Server window appears.
b
Specify the host name or IP address of an NTP server, then click OK.
The Add NTP Server window closes and the server is added to the list of NTP servers.
To add additional NTP servers, repeat this step.
7
Select Restart NTP service to apply changes, then click OK.
The NTP Daemon (ntpd) Options window closes.
8
Click OK to close the Time Configuration window.
NTP is now configured on your ESX server.
32
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
7
Set up Control Center, Virtual Appliance
Install and configure Firewall Enterprise Control Center, Virtual Appliance and the Control Center Client
application.
Contents
Download the Control Center, Virtual Appliance software
Install the Control Center, Virtual Appliance
Configure Control Center, Virtual Appliance
Download the Control Center, Virtual Appliance software
Download the Control Center, Virtual Appliance software from the McAfee website.
Task
1
In a web browser, navigate to www.mcafee.com/us/downloads.
2
Enter your Grant ID. Click Go.
3
Download the Control Center, Virtual Appliance installation files:
•
Management Tools — Download the Control Center, Virtual Appliance Client application
executable (.exe) file.
•
Version 5.3.2 Virtual Appliance — Download the Control Center, Virtual Appliance (.zip) file.
Install the Control Center, Virtual Appliance
Install the downloaded Control Center, Virtual Appliance on your ESX server.
Refer to the sizing guidelines to determine the number of Control Center, Virtual Appliances to
download.
Task
1
Unzip the Control Center, Virtual Appliance file onto the hard drive of your Windows-based client
computer.
2
Load the Control Center, Virtual Appliance onto an ESX server.
a
Connect to your ESX server by using the VMware vSphere Client.
b
From the File menu, select Deploy OVF Template.
The Deploy OVF Template wizard appears.
c
The Source window is displayed. A text message deploy from file or URL is displayed.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
33
7
Set up Control Center, Virtual Appliance
Configure Control Center, Virtual Appliance
3
Click Browse to select the .ovf Control Center, Virtual Appliance file you extracted in Step 1, then
click Next.
The OVF Template Details window appears.
4
Click Next. The Name and Location window appears.
If you have multiple datastores, the Datastore window appears post this window.
5
Specify a name for the Control Center, Virtual Appliance, then click Next.
The Disk Format window appears.
6
Select a format for the virtual machine disk, then click Next.
The Network Mapping window appears.
7
[For ESX 4.1 update 2], the Ready to Complete window appears.
Network mapping – unconfigured to VM Network message is displayed.
8
[For ESX 5.0], from the drop-down list, select unconfigured and click Next.
The Ready to Complete window appears.
9
Review the summary.
•
If you are satisfied the summary is correct, click Finish.
•
To make changes, click Back.
When you click Finish, the Control Center, Virtual Appliance is uploaded to your ESX server.
Configure Control Center, Virtual Appliance
Configure network mappings and administrator settings for the Control Center, Virtual Appliance.
Tasks
•
Configure network mappings on page 34
Configure the network mappings and administrator settings for the Control Center, Virtual
Appliance.
•
Perform the initial configuration on page 35
Configure basic networking and administrator settings for Control Center, Virtual Appliance.
Configure network mappings
Configure the network mappings and administrator settings for the Control Center, Virtual Appliance.
Task
1
In the VMware vSphere Client, select the Control Center, Virtual Appliance.
2
Click Getting Started | Edit virtual machine settings.
The Virtual Machine Properties window appears.
34
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Set up Control Center, Virtual Appliance
Configure Control Center, Virtual Appliance
3
7
Map one of the Control Center, Virtual Appliance network adapters to the appropriate virtual
network.
a
Refer to the following table and select the network adapter that you want to configure.
Table 7-1 Network adapters
Virtual machine hardware device
Control Center, Virtual Appliance NIC
Network Adapter 1
eth0
Network Adapter 2
eth1
b
Make sure Connected and Connect at power on are selected.
c
From the Network label drop-down list, select the appropriate port group.
The port group you select for Network Adapter 1 must provide Internet connectivity to allow the
Control Center, Virtual Appliance to maintain a current license.
4
Click OK.
Perform the initial configuration
Configure basic networking and administrator settings for Control Center, Virtual Appliance.
Task
1
In the vSphere Client, select the Control Center, Virtual Appliance.
2
On the Getting Started tab, click Power on this virtual machine.
The Control Center, Virtual Appliance starts.
3
Click Console.
After startup is complete, a Searching for configuration message appears.
Follow the Install the Control Center Management Server section to complete the Management Server
installation and configuration.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
35
7
Set up Control Center, Virtual Appliance
Configure Control Center, Virtual Appliance
36
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Install the Control Center Client
application
Chapter 8
Install the Client application
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
37
Install the Control Center Client application
38
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
8
Install the Client application
Install the Control Center Client application and prepare the configuration data for the Control Center
Management Server to manage the firewalls in your network.
Contents
Configuration overview
Install Control Center software
Create the initial configuration file
Configuration overview
Setting up Control Center includes installing software, configuring the Control Center Management
Server, and registering firewalls.
The high-level steps for configuring your Control Center are:
1
Install the Control Center Client application and the Control Center Initialization tool.
Use the Client application to administer the Control Center Management Server. Use the
Initialization Tool to create the initial configuration file.
2
Create and save an initial configuration file.
The Management Server uses this file to obtain basic networking and administrator account
information.
3
Turn on the Control Center Management Server and apply the initial configuration.
4
Connect to the Management Server from the Client application.
5
Add firewalls to the Control Center.
Install Control Center software
You can install the Control Center Client application and Initialization Tool on a Windows-based
computer.
As of the version 5.0.0 release of the Control Center Client application, you can install multiple
versions of these applications on the same computer. If you have a previous version of these
applications already installed, you have the following choices when you go through the installation:
•
You can upgrade the previously installed version to this version.
•
You can keep your old version and install this version to another location on your computer.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
39
8
Install the Client application
Create the initial configuration file
Task
1
Log on to the Windows-based computer as an administrator.
2
Insert the installation USB drive into a USB port. The Welcome window is displayed.
Alternatively, you can use the Client CD instead of the installation USB drive.
If the installation program does not automatically start, use Windows Explorer to view the contents
of the CD or USB drive, then go to the client folder and double-click the executable (.exe) file.
3
Follow the on-screen instructions.
For option descriptions, press F1.
•
If you have already installed another version of the Control Center Client application or
Initialization Tool on this computer, make a decision about whether you want to overwrite your
old versions or install the new versions at a different location. Make your selections and click
Next.
•
Accept the default settings when possible and click Next until the wizard is complete.
The Client application and Initialization Tool are now installed.
4
®
[Conditional] If you do not have the correct version of Microsoft .NET Framework installed, you
must install it before you access the Client application. You have the following choices:
•
If you are a new customer, this application is located on the Client CD in the Microsoft .NET
folder.
•
If you are an upgrade customer, see KnowledgeBase article KB68967 for instructions on
obtaining this version of Microsoft .NET Framework.
Create the initial configuration file
You can create the initial configuration file with the Initialization Tool.
You can install and use the Control Center Initialization tool to create a ccinit.txt configuration file for use
during the Management Server installation. Instead you can manually configure or use a ccinit.txt
from an earlier installation like 5.3.1 to install and configure the Management Server.
Task
1
Insert your USB drive into one of the USB ports on the computer that contains the Client
application.
Use a different USB drive than the installation USB Drive that was included with your Control Center
Management Server.
2
From the Start menu, select the following path:
All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | <version> | Control Center Initialization Tool
The Control Center Initialization Tool is displayed.
40
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Install the Client application
Create the initial configuration file
3
8
Use the Initialization Tool to specify configuration information for your Control Center Management
Server.
On each window, complete the required fields. When all of the required fields on a window have
been completed, click Next to advance to the next window.
For option descriptions, press F1.
Initial configuration allows you to set up only one interface. You can add or edit the interface
selection and configuration from the Client application.
4
On the Complete window, click Save As and save the file to the USB drive. Name the file ccinit.txt.
The configuration file must be in .txt format. In the Save as type field, select Text File (*.txt).
5
Close the Control Center Initialization Tool.
6
Remove the USB drive.
You are now ready to configure the Management Server.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
41
8
Install the Client application
Create the initial configuration file
42
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Install the Control Center
Management Server
Prepare to install and configure manually the Management Server or apply
the initial configuration file to the Management Server. You can choose either
of these options to install the Management Server.
Chapter 9
Install the Management Server
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
43
Install the Control Center Management Server
44
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
9
Install the Management Server
Install the Management Server using one of these options.
Contents
Manually configure the Management Server
Apply the configuration file to the Management Server
Manually configure the Management Server
For a new installation perform a manual configuration for the Control Center Management Server.
Before you begin
Understand the user and roles that you will set up during the Management Server
installation. All user accounts are mandatory.
These user roles also hold good for creating the ccinit.txt file for server installation. For
more details, see Install the Control Center Client Application.
For every user name and password that you create, follow these rules:
•
The user name must not exceed eight characters.
•
The password must be at least eight characters.
•
All passwords (except Administrator Client user account) cannot contain any of the
following characters: backslash (\), less-than sign (<), dollar sign ($), single quotation
mark ('), double quotation mark ("), or leading dash (-).
Table 9-1 User accounts
Option
Definition
Root or Super user account
root password
Specifies the super user password, who has full access to the Management Server.
This is the password for the root account.
Make sure the password is strong and has printable ASCII characters.
Password (verify) Re-enter the password for confirmation.
Administrative user account
Account Name
Specifies the logon account name for the Control Center administrator. This is the
same as mgradmin user in 5.2.x versions.
Password
Specifies the password to associate with the user that you typed in the Admin user name
field.
Password (verify) Re-enter the password for confirmation.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
45
9
Install the Management Server
Manually configure the Management Server
Table 9-1 User accounts (continued)
Option
Definition
Client application user account
Account Name
Specifies the logon ID for the Management Server administrator (for example,
ccadmin).
Use this user name whenever you log on to the Management Server in the Client
application logon window. By default, the administrator role is automatically assigned
to this user, which provides full access, including access to all managed firewalls. You
can change these settings after you finish configuring the Management Server.
Password
Specifies the password to associate with the user that you typed in the Control Center
administrator name field.
Password (verify) Re-enter the password for confirmation.
Firewall audit export user account
Account Name
Specifies the user name, which denotes the Firewall audit export user account on the
Management Server. This restricted logon account can be used by firewalls as the
receiver for exported firewall audit logs and exported firewall backup files sent to the
Control Center server via SCP. The protocol that is used to export the archives to the
Management Server is SCP. This is the same as ftp user in 5.2.x versions.
Password
Specifies the password that is assigned to the Firewall audit export user on the
Control Center Management Server.
Password (verify) Specifies the password that you specified in the Password field.
Database user account
Account Name
Specifies the administrator account that is configured in the Management Server
database. This is the same as dbuser in 5.2.x versions.
We recommend not to name the database user as dbadmin.
Password
Specifies the password to associate with the database user account. This account is
used to allow the Apache Tomcat server to communicate with the database.
Password (verify) Re-enter the password for confirmation.
Perform these steps to install and configure the MLOS-based Management Server.
Task
1
Connect to your ESX server using the VMware vSphere Client for a physical or virtual appliance.
2
From the toolbar, click CD/DVD drive 1. In the options, click Connect to ISO image on local disk.... Browse to
the .iso file location and double-click the Control Center Management Server .iso file.
The Welcome to McAfee Firewall Enterprise Control Center Installer screen is displayed. By default, the
installation begins in 10 seconds.
3
The Installation Finished! screen is displayed. Remove the install media. Enter Y to reboot the installed
system.
The GNU GRUB screen is displayed.
46
4
On the End User License Agreement screen, press q to move to the Accept screen to accept the
agreement. Press <space> to scroll down to the next page.
5
On the Select Configuration screen, press M to manually configure the system.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Install the Management Server
Apply the configuration file to the Management Server
6
9
On the Setting Root Password screen, enter the password for the super user account.
Confirm your root password for authentication.
7
On the Administrative Account Creation screen, enter the supervisor username and password . Press Y to
create the supervisor account.
Use the Tab key to move between fields and enter details.
8
On the Client Account Creation screen, enter the account name and password. Press Y to create the
client account to log in.
Use the Tab key to move between fields and enter details.
9
On the Firewall Audit Export Account Creation screen, enter the account name and password. Press Y to
create this account for backups and audit exports to Control Center.
10 On the Database User Account Creation screen, enter the account name and password. Press Y to create
this administrative account in the database of the Management Server.
11 On the Network Selection screen, press the Up Arrow and Down Arrow keys to select the network
interface. Press Enter.
12 On the Network Setup for the Main Network Interface screen, enter network, addresses, and interface details.
Press Y to proceed with these settings.
13 On the Host Name Setup screen, enter the host name. Press Y to create the host name.
14 On the Domain Setup screen, enter the domain name. Press Y to create the domain.
15 On the Time Zone Setup screen, press Y to select a time zone or N for Universal Time (UTC).
If you pressed Y for the time zone setup, select the time zone, continent, country, and state on the
subsequent screens. Press Y to confirm the time zone settings.
16 (Optional) On the NTP Setup screen, enter the NTP server address for configuration.
17 (Optional) On the SMTP Server Setup screen, enter the SMTP server address.
When it is finished, the Rebooting System screen is displayed. The Management Server automatically
reboots and the logon prompt appears.
•
Register the firewall so that Firewall Audit and Backup export to Control Center is functional.
Apply the configuration file to the Management Server
You can automatically install the Management Server using the initial configuration file. Use the
ccint.txt file created from the 5.3.2 Initialization tool or a loaded and modified 5.3.1 ccinit.txt file to
initialize the Management Server.
Refer to the prerequisites in Manually configure the Management Server.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
47
9
Install the Management Server
Apply the configuration file to the Management Server
Task
1
Use a diagram of your network to determine the proper place for your Management Server. Your
server must be able to reach the appropriate routers, subnets, and managed firewalls.
2
Attach the power cord to your Management Server and plug it into an electrical outlet.
If your Management Server has redundant power supplies, attach and plug in both power cords. If
only one power supply is connected, the amber indicator blinks, indicating an error.
3
Connect the network cable.
4
Insert the configuration USB drive into a Management Server USB port.
5
Turn on the Management Server.
The Management Server automatically loads the configuration information. When the initial
configuration is complete, a logon prompt is displayed.
The Management Server now has its initial configuration.
48
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Upgrade from 5.3.1 to 5.3.2
Upgrade from your 5.3.1 system and perform post-upgrade tasks. Install the
532P02 patch on your 5.3.2 system.
If you are upgrading from 5.2.x or 5.3.0, refer to the Control Center Installation and Migration Guide
5.3.0 and 5.3.1 to upgrade to 5.3.1. After that follow these procedures to upgrade to Control Center
5.3.2 and install the 532P02 patch.
Chapter 10
Chapter 11
Chapter 12
Download the Control Center 5.3.2 software
Upgrade the Management Server
Upgrade the Client application
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
49
Upgrade from 5.3.1 to 5.3.2
50
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
10
Download the Control Center 5.3.2
software
Download the Control Center 5.3.2 patch upgrade package to the system that has version 5.3.1 of the
Control Center Client application installed.
Perform these steps to download the required files:
Task
1
Open a web browser and go to www.mcafee.com/us/downloads.
2
Enter your grant number, then navigate to the appropriate product and version.
3
Download the following version 5.3.2 files:
•
Software Downloads — Click the Patches tab and download the version 5.3.2 .zip file.
Download and install the 532P02 patch file on a 5.3.2 system.
•
Documentation — Click the Documentation tab, then download version 5.3.2 of the McAfee Firewall
Enterprise Control Center Product Guide.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
51
10
Download the Control Center 5.3.2 software
52
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
11
Upgrade the Management Server
Upload and apply the version 5.3.2 files for the upgrade.
Before you begin
•
Save all your data and make sure that all McAfee Firewall Enterprise appliances are
licensed.
•
Create a full configuration backup of the Management Server. For more information, see
the McAfee Firewall Enterprise Control Center Product Guide.
•
If the Management Server is running with the High Availability (HA) option, use the High
Availability Removal Wizard to stop HA. You must recreate and restart HA after you have
upgraded.
After installing 701UP packages, when you select and click Download update, the firewall fails to point to
the appropriate package. You need to manually download these packages so that they are available on
the Management Server.
Tasks
•
Load the 5.3.2 upgrade package on page 53
Upload the 5.3.2 package to the Control Center Client application.
•
Apply the 5.3.2 upgrade on page 54
Install the 5.3.2 upgrade on the Control Center Management Server.
Contents
Load the 5.3.2 upgrade package
Apply the 5.3.2 upgrade
Load the 5.3.2 upgrade package
Upload the 5.3.2 package to the Control Center Client application.
Task
1
Unzip the Control Center 5.3.2 .zip file onto the hard drive of your Windows-based client computer.
2
Log on to version 5.3.1 of the Client application.
a
From the Start menu, select All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | 5.3.1 | Firewall
Control Center.
The logon window appears.
b
Specify the information on the logon window, then click Connect.
The Summary page of the Control Center Client application appears.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
53
11
Upgrade the Management Server
Apply the 5.3.2 upgrade
3
In the navigation bar, select Control Center | Control Center Updates.
The Control Center Update page appears.
4
Make sure that the Upload to Server tab is displayed and select Upload to Server from Client.
5
Click Browse to locate the .tar file for the 5.3.2 release.
6
Click Upload.
A confirmation message is displayed.
7
Click OK.
Apply the 5.3.2 upgrade
Install the 5.3.2 upgrade on the Control Center Management Server.
If the Management Server was running as part of an HA pair, you must first break the HA pair, apply the
upgrade, and then recreate the HA pair after upgrade.
Task
1
Click the Uploaded Packages tab.
2
Select the patch and click Apply. A confirmation message is displayed. All of the Client applications
are logged off and the Management Server restarts.
3
Click Yes. Wait for the Management Server to install the package and restart.
If this Management Server was running as part of an HA pair, you must perform this same
procedure on the other Management Server of the HA pair.
54
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
12
Upgrade the Client application
The Control Center Client application is automatically updated to version 5.3.2 when the client
connects to the Management Server.
You can also manually update the client by running the client Setup .exe file.
Task
1
On your client computer, log on to version 5.3.1 of the Client application.
•
From the Start menu, select All Programs | McAfee| McAfee Firewall Enterprise Control Center v5 | 5.3.1 | Firewall
Control Center. The logon window is displayed.
•
Specify the information on the logon window, then click Connect.
A message appears indicating the new Client application will be uploaded to this computer from
the Management Server.
2
Click OK. Wait for the new version of the Client application to be uploaded to your computer.
The installation program for version 5.3.2 of the Client application is displayed.
3
Follow the on-screen instructions. When the installation is complete, click Finish.
An informational message appears indicating the update was successfully installed.
4
Click OK.
The logon window for version 5.3.1 of the Client application reappears.
5
Click Exit to close the version 5.3.1 logon window.
6
Log on to the newly installed version 5.3.2 Client application. From the Start menu, select All Programs
| McAfee | McAfee Firewall Enterprise Control Center v5 | 5.3.2 | Firewall Control Center.
Microsoft .NET Framework 3.5 Service Pack 1 is required. If you do not have this installed on your
client computer, see KnowledgeBase article KB68967 for instructions about how to obtain it.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
55
12
Upgrade the Client application
56
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Post–installation and upgrade
tasks
Depending on whether you installed Control Center on a physical or virtual
appliance, or performed an upgrade follow these procedure for a functional
5.3.2 system.
Chapter
Chapter
Chapter
Chapter
13
14
15
16
Connect to the Management Server
Post-installation tasks
Perform post-upgrade tasks
Add firewalls to the Control Center
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
57
Post–installation and upgrade tasks
58
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
13
Connect to the Management Server
You can connect to the Management Server using the Client application.
This procedure assumes you are logging on to Control Center for the first time.
Task
1
On the Client application system, from the Start menu, select the following path:
All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | <version> | Firewall Control Center
The Add New Server window is displayed.
2
Specify the appropriate information.
If another version of the Control Center Client application is installed on this computer, the default
information from that version is displayed in this window. Make whatever changes are necessary.
If this is the first version of the Control Center Client application that is being installed on this
computer, you must complete the fields on this window.
3
•
In the Name field, specify a name that quickly identifies this Management Server.
•
In the Server address field, specify the host name or IP address of the Management Server.
•
Select Primary server, and then complete the following fields with information appropriate for this
Management Server:
•
In the User name field, specify a valid user name.
•
In the Password field, specify the password that has been assigned to this user name by the
system administrator.
Click OK. A Certificate Problem message is displayed. The message is similar to the following example:
The Management Server's SSL certificate needs to be validated. The server detected the
following error when contacting the URL "https://<IP_address>:9005/cm/certdist/ca.cer":
"A certificate chain processed, but terminated in a root certificate which is not trusted
by the trust provider". Do you want to ignore this error and continue?
This message is expected. It is displayed because the application imports a non-Certificate
Authority (CA) certificate before it imports the CA certificate of the Management Server. You can
safely ignore this error.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
59
13
Connect to the Management Server
4
Click Yes. A Security Warning message is displayed. The message is similar to the following example:
You are about to install a certificate from certification authority (CA) claiming to
represent CommandCenter CA
Windows cannot validate that the certificate is actually from "CommandCenter CA". You
should confirm its origin by contacting "CommandCenter CA". The following number will
assist you in this process: Thumbprint (sha1): <actual certificate thumbprint>
Warning:
If you install this root certificate, Windows will automatically trust any certificate
issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security
risk. If you click "Yes", you acknowledge this risk. Do you want to install this
certificate?
5
Click Yes.
If the Management Server and the Client application are the same version, the main logon window
is displayed, and the newly created server is selected.
•
Management Server older than the Client — If the Management Server is older than the Client
application, a version warning is displayed when you attempt to log on. Click Yes.
After you have finished your update, restart the Client application.
•
Client older than the Management Server — If the Client application is older than the Management Server,
a Client Software Update prompt is displayed when you attempt to log on. Click Yes to begin
installing the Client application update.
The prompt is displayed only if a Client Software Update is available for download from the
Management Server.
After you have finished your update, you are returned to the main logon window.
6
In the User Name field, type a valid Control Center user name.
7
[Optional] Click Remember User Name to preserve the entered user name in the field for subsequent
logon attempts.
8
In the Password field, type the password that was assigned to this user name by the system
administrator.
9
Click Connect. The Certificate validation message is displayed. The message is similar to the following
example:
The Management Server's SSL certificate needs to be validated. When contacting the server
at the address: nn.nn.nnn.nnn, the server presented a certificate with the following
information: Subject Name: CN=example.example.net Issuer: CN=CommandCenter CA Expiration:
(date) (time)Thumbprint: (thumbprint)Do you want to allow communication with this server?
10 Click Yes.
You are now logged on to the Client application, which is connected to the Management Server.
60
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
14
Post-installation tasks
After you have completed the setup tasks, you are ready to begin creating policies, set up users,
roles, and other settings.
For details, press F1 to access Help topics for the tasks indicated in the following table.
Table 14-1 Post-installation tasks
Task
Location
Check for software updates
Control Center | Control Center Updates
Set up accounts for other administrators
Control Center | Administrators
Back up the current configuration
Control Center | Maintenance | Backup System
Add backup (standby) Management Servers
Control Center | High Availability Setup Wizard
See the McAfee Firewall Enterprise Control Center Product Guide for information on post-installation
tasks.
Tomcat Java settings
Set Tomcat Java heap size for better performance.
1
As a root user run the command:
vi /usr/local/tomcat/bin/setenv.sh
The value in setenv.sh must be in multiples of 128. We recommend that for large configurations,
you set this value to 1024 .
2
Look for the JAVA_OPTS property, which will be set something like the following. The numbers in
bold are variables whose values depend upon the configured RAM size.
JAVA_OPTS="-Xms499m -Xmx499m"
3
Use the following table to set JAVA_OPTS for better performance and replace it accordingly based
on RAM size.
RAM Size
JAVA_OPTS Value to set
1 GB
JAVA_OPTS="-Xms512m -Xmx512m"
2 GB
JAVA_OPTS="-Xms1024m -Xmx1024m"
3 GB
JAVA_OPTS="-Xms1536m -Xmx1536m"
4 GB
JAVA_OPTS="-Xms2048m -Xmx2048m"
6 GB
JAVA_OPTS="-Xms3072m -Xmx3072m"
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
61
14
Post-installation tasks
4
Restart the tomcat by running the following command as a root user.
service tomcat restart
The Java settings are automatically configured with the correct.memory.sh script during installation.
In the following complex scenarios, the settings might need further tuning and we recommend you to
increase JAVA_OPTS by multiples of 128. For example, if you have a complex nested rule deployment
with 3500 rules with carried over nested groups and Control Center (2GB Physical RAM and 1024m
JAVA_OPTS). Control Center is throwing an Out of Memory or a GCC overhead error. So it is
recommended you increase the JAVA_OPTS to 1024m+(128*2=256m)=1280m
62
•
Continuous GCC overhead error
•
Out of memory error in the CC logs or catalina logs
•
Large number of rules, example beyond 2500
•
Lot of nesting in the rules
•
Lot of nested groups that might have come in the rules during firewall upgrade from older versions
of firewall like 7x to 8x
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
15
Perform post-upgrade tasks
Perform the following tasks after the upgrade is complete.
•
Re-register all the firewalls that existed prior to an upgrade. Retrieve the firewall dialog
information.
•
Check for updates to Control Center.
•
Upgrade the signature files such as the application database.
•
Create a full configuration backup of the Management Server.
•
In the Client application, select Control Center | Settings | Network | General and Static tab. Copy the network
information from 5.3.1 backup to the 5.3.2 system.
•
If the Management Server was running in High Availability mode before the upgrade, use the High
Availability Setup Wizard to implement the High Availability option mode. After an upgrade,
recreate an HA pair and restart HA.
•
If you want to create an HA:
•
During upgrade, if you didn't use the same host name and IP address, remove the Control
Center CA certificates from 5.3.2. As a root user, run the following command:
/usr/local/bin/clear_cacert.sh
•
•
Reboot the Management Server
•
Re-register all the firewalls
Configure the Alert Processing Rule for Disk Usage to send a notification to the administrator if
available disk space is low.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
63
15
Perform post-upgrade tasks
64
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
16
Add firewalls to the Control Center
Register firewalls with the Control Center Management Server. Depending on the current status of the
firewall, you can register multiple firewalls at once, or each firewall individually.
Tasks
•
Add multiple firewalls at one time on page 65
You can sign up one or more firewalls by initiating the process from the Control Center
Management Server, rather than from the firewall. This process can be initiated only under
specific conditions and only for specific firewalls that have been prepared to employ this
option.
•
Add a single firewall on page 66
After the Control Center Management Server has been installed and the firewall-specific,
Control Center-enabling configurations have been made, you can begin to add new firewall
objects and their associated configuration objects to the Control Center Management
Server database.
•
Add an HA cluster on page 67
You can register a standalone firewall or a High Availability cluster that already has a
configured policy.
Contents
Add multiple firewalls at one time
Add a single firewall
Add an HA cluster
Add multiple firewalls at one time
You can sign up one or more firewalls by initiating the process from the Control Center Management
Server, rather than from the firewall. This process can be initiated only under specific conditions and
only for specific firewalls that have been prepared to employ this option.
Before you begin
The firewalls must be configured for rapid deployment.
You can also import a prepared file for multiple firewalls to avoid manually specifying the details that
are required to support this option. To use this feature, all the firewalls must have the same password.
Sign up multiple firewalls by using the Sign Up Firewalls window.
After you complete this task, you will still have to register each firewall separately as an additional task.
To add and register a single firewall in one wizard, use the Add New Firewall Wizard.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
65
16
Add firewalls to the Control Center
Add a single firewall
To add multiple firewalls at one time:
Task
1
In the navigation bar, select Policy.
2
In the Policy tree, right-click the Firewalls node and select Sign Up Firewalls. The Sign Up Firewalls window is
displayed.
3
Configure the fields on this window as needed.
For option descriptions, press F1.
4
Click OK to start the registration process. View the progress of the firewall enrollment process on
the Deployment Status page.
Add a single firewall
After the Control Center Management Server has been installed and the firewall-specific, Control
Center-enabling configurations have been made, you can begin to add new firewall objects and their
associated configuration objects to the Control Center Management Server database.
You can add and register a new firewall to the Control Center by using the Add New Firewall Wizard. You
can also retrieve the configuration from the firewall.
To use this wizard, the Control Center must be able to have SSH access to the firewall. You must
configure this SSH access on the firewall. Use the McAfee Firewall Enterprise Admin Console to enable
the SSH access control rule on this firewall for external sources and destinations. After you save this
change, you can come back to the Control Center Client application and run the Add New Firewall Wizard.
Creating firewall objects is a two-part process:
1
All types of firewall objects that represent physical devices in your configuration must be identified
by providing basic information.
2
All the firewall-specific configuration information must be created or retrieved for each firewall.
Both of these parts can be performed in the Add New Firewall Wizard. You can use the Add New Firewall Wizard
as described in the following examples:
•
You have already added several firewalls by using the Sign Up Firewalls window. Now you need to
retrieve their configurations. Perform a retrieve for each firewall individually with this wizard.
•
If a single firewall is not registered with the Control Center, you can add it, register it to Control
Center, and retrieve its configuration—all in one step.
•
If a single firewall has already been registered with the Control Center, you can add it and retrieve
its configuration.
If a firewall has already been added to and registered with the Control Center Management Server, you
can retrieve its configuration by using the Firewall Retrieval Options window.
66
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Add firewalls to the Control Center
Add an HA cluster
16
Task
1
In the navigation bar, select Policy.
2
To display the Add New Firewall Wizard:
•
In the Policy tree, double-click the Firewalls node.
•
Right-click the Firewalls node and select Add Object.
For option descriptions, press F1.
3
To begin the process of adding the firewall to the list of firewalls in the Policy tree, complete the
information on the Firewall Connection Information page and click Next. The Firewall Registration Information page
is displayed.
4
Select an option to register the firewall with the Control Center Management Server.
To skip the registration process, on the Firewall Registration Information page, click Next. The Retrieval of the
firewall into Control Center page is displayed. Skip to Step 7.
To register this firewall with the Control Center Management Server:
a
On the Firewall Registration Information page, select the Register the firewall with this Management Server
checkbox.
b
Click Next. The Summary page is displayed.
5
On the Summary page, verify the information that you have configured. If it is correct, click Register; if
not, correct any problems. The Registration Status page is displayed.
6
On the Registration Status page, view the progress of the firewall registration. After it successfully
completes, click Next.
7
To retrieve items and categories from the firewall into Control Center, on the Retrieval of the Firewall into
Control Center page, select the items and categories to be retrieved and click Finish. These objects are
retrieved and the firewall is displayed in the list of firewalls in the Policy tree.
Add an HA cluster
You can register a standalone firewall or a High Availability cluster that already has a configured policy.
Task
1
In the navigation bar, select Policy.
2
In the Policy tree, right-click the Clusters node and select Add Object. The Add New Cluster Wizard window is
displayed.
3
Configure the fields on this window as needed.
For option descriptions, press F1.
4
Click OK to start the registration process. View the progress of the firewall enrollment process on
the Deployment Status page.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
67
16
Add firewalls to the Control Center
Add an HA cluster
68
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Navigate the Control Center
Client application
Log in to Control Center and accomplish various tasks with the Control
Center Client application.
Chapter 17
Navigate the Control Center user interface
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
69
Navigate the Control Center Client application
70
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
17
Navigate the Control Center user
interface
The Control Center Client application is designed to provide a centralized location from which you can
perform all the tasks that you need to manage your security policy and firewalls in your distributed
network environment.
Contents
Working with Management Servers
User interface overview
Title bar
Navigation bar
Tabs
Bread crumb trail
Object area
Work area
Status bar
Additional navigational aids
Search for objects in the Control Center Client application
Client application icons
Working with Management Servers
This section explains how to log on to, add, or delete Management Servers.
Log on to the Management Server
Launch the Client application and log on to the Control Center Management Server.
Task
1
From the Start menu, select the following path:
All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | <version> | Firewall Control Center
The logon window is displayed.
2
Specify a valid Control Center user name in the User Name field. After the initial installation of the
Management Server, the default user name is the Control Center administrator user name specified
in the ccinit.txt file.
3
[Optional] Select the Remember User Name checkbox to preserve the specified user name in the field or
the default user value that is specified in the ccinit.txt file.
4
Specify the corresponding password in the Password field.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
71
17
Navigate the Control Center user interface
Working with Management Servers
5
Select a Management Server connection from the Server list or select <Add New Server> to add a new
Management Server connection.
6
Click Connect. A certificate validation message is displayed.
7
Click Yes.
You are now logged on to the Management Server.
If you attempt to log on to a Management Server using a Client application version earlier than the
Management Server version, you will be prompted to update the Client application before proceeding.
Add a backup (standby) Management Server
Configure a secondary, or backup, Control Center Management Server.
Task
1
From the Start menu, select the following path:
All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | <version> | Firewall Control Center.
The logon window is displayed.
2
Specify the user name and password in their respective fields.
3
In the Server field, make sure that <Add New Server> is displayed and click Browse. The Add New Server
window is displayed.
4
Configure the fields in this window, specifying whether you are adding a primary or a backup
(standby) server and then specifying the related field information.
5
Click OK. The Certificate Problem message is displayed because the Management Server imports a
non-Certificate Authority (CA) certificate before it imports the CA certificate. Click Yes. Another
message is displayed. Click Yes. The logon window is displayed.
6
In the Server list, select the server to log on to. Then specify the user name and password for that
server and click Connect.
Remove Management Servers
Use this procedure to delete a Control Center Management Server from the list of Management
Servers.
Task
1
From the Start menu, select the following path:
All Programs | McAfee | McAfee Firewall Enterprise Control Center v5 | <version> | Firewall Control Center
The logon window is displayed.
2
Specify the user name and password in their respective fields.
3
In the Server field, select the server to be removed and click Browse. The Add New Server window is
displayed.
4
Click Remove.
The Management Server is removed from the list of available Management Servers.
72
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Navigate the Control Center user interface
User interface overview
17
User interface overview
The Control Center Client application interfaces consists of links, icons, buttons, tabs, trees, and
displayed information, such as server information and the users who are logged on to this
configuration domain of this Management Server. (If no configuration domains are implemented,
everyone is logged on to the default domain.)
The Control Center Client application is displayed after you have successfully logged on to the Control
Center Client.
The following figure shows the different areas that make up the Control Center Client application.
Figure 17-1 Example of the Control Center Client main window
Title bar
The title bar is located across the top of the main window.
Server-related information
The information in this left portion of the title bar provides information about the Management Server
and also a link for changing the password that you use to access this server.
Table 17-1 Server-related information
Option
Definition
Server
Displays the name of the Management Server to which you are logged on.
Server Time
Displays the current date and time of the Management Server to which you are
logged on.
Version
Displays the current version of the Management Server to which you are logged
on. This value is the same as the value of the Management Server Version field
on the About McAfee Firewall Enterprise Control Centerwindow.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
73
17
Navigate the Control Center user interface
Navigation bar
Table 17-1 Server-related information (continued)
Option
Definition
FIPS 140-2
Appears if FIPS 140-2 cryptography processing is enabled on the Control
processing enabled Center.
Change Password
Displays the Change User Password window, where you can change your user
password.
This window is available only if your user profile has been configured to use
internal authentication to access the Control Center.
If you have administrator privileges and you want to change the password of a
different user, use the Control Center Administrator window.
Title bar icons
There are several functions are provided by the icons located to the right in the title bar.
•
Locking objects to protect single user updates — Protect selected objects from being
simultaneously updated by multiple users by clicking Locking Manager on the title bar. The Locking
Manager window is displayed, where you can select one or more objects to lock for this active
session.
•
Starting and stopping a ticket to track changes — Start a ticket to begin capturing audit data
from a specific point in time. This data will be identified on the Firewall Audit page by the ticket
number that you have assigned to this ticket. After you have started a ticket, you can stop it at any
time. Perform this function by clicking (Start ticket) or (Stop ticket).
•
Accessing online Help — Access the main Help page from anywhere in the Client by clicking Help.
You can access window- or page-specific online Help by pressing F1.
•
Accessing Control Center version information — Access information about the Control Center,
such as Client, Management Server, and database versions and copyright information by clicking
About.
Navigation bar
Several icons are located in the navigation bar area of the main window.
•
Dashboards
•
Maintenance
•
Policy
•
Control Center
•
Monitor
The information that is displayed in the tab area, bread crumb area, objects area, and work area is
specific to the icon that is currently selected.
Additionally, there are two buttons in the navigation bar area:
Table 17-2 Navigation bar area buttons
Option Definition
Apply
Applies configuration changes to one or more firewalls. You can also apply changes for a
specific firewall by right-clicking it in the Policy tree and selecting Apply Configuration.
Validate Validates configuration changes to one or more firewalls. You can also validate changes for
a specific firewall by right-clicking it in the Policy tree and selecting Validate Configuration.
74
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Navigate the Control Center user interface
Tabs
17
Tabs
Each icon has its own set of tabs that provide access to additional functions. When selected, a tab
either displays the related page in the work area or it displays a menu from which you can select
additional pages.
For more information about the tabs and their menus, see the section for each icon.
In addition to these icon-specific tabs on the left part of this area, when configuration domains have
been activated, the following fields and buttons are displayed, regardless of the icon that is currently
selected:
Table 17-3 Additional fields and buttons
Option
Definition
Domain
Displays the list of configuration domains. You can change to a different domain,
provided that you have access to it, by selecting it in this list. The displayed
domain is the domain to which you are logged on.
Manage versions Displays the Manage Configuration Domain Versions window, where you can create, modify
and activate versions of a configuration domain.
Bread crumb trail
Whenever a tab is clicked or a menu option from a tab is selected, the title of the page is displayed in
the bread crumb trail.
If the page that is displayed is the result of a menu selection, the entire bread crumb is displayed in
the bread crumb trail. For example, on the Monitor icon, if you click Reports and then select Policy Report,
the bread crumb trail displays Reports | Policy Report.
Object area
The object area can differ from icon to icon, depending on whether the icon has any object trees or
tabs.
Trees
Some of the icons provide the ability to configure objects that are found in a tree view that is located
in the object area.
The most complex icon is the Policy icon, with its firewall tree at the top of the object area and a set of
tabs, each with its own tree at the bottom of the object area. The Monitor icon currently does not have
an object area.
Auto Hide button
For every icon that has an objects area, there is also the Auto Hide button. Use this button to manage
the display (or hiding) of the Objects area to increase the size of the work area in the main window.
To hide the objects area, click the Auto Hide button. To bring back the display of the objects area, click
the object area name on the left to display the object area. Then click the Auto Hide button to lock it
into its original position.
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
75
17
Navigate the Control Center user interface
Work area
Tree tabs
Because there are many configuration objects that can be configured on the Policy icon, the bottom of
the objects area is broken out into tabs, each with its own tree of objects to be configured.
Work area
This portion of the user interface is where the data that is associated with the pages is displayed when
the associated tab for the page is selected.
Status bar
The status bar at the bottom of the main window displays information about users.
Table 17-4 Status bar information
Option Definition
Users
Displays the name and the IP address of each user who is currently logged on to the current
domain of the Management Server. This information is in the right corner of the status bar.
Additional navigational aids
There are additional functions that are provided in the Control Center Client to help you configure and
manage the security policy for your firewalls.
•
Right-click menus — Right-click menus are available for the objects that appear in the trees in
the Objects area. You can also use the right-click menu in some of the pages that are displayed in
the work area, such as the Access Control Rules page. Many of these menu options are also
accessible through another way on the page, such as a tool on the toolbar for the page.
•
Edit status column — Many tables that are displayed on windows and pages include the first
column, which is an Edit column that identifies the edit status of a row in a table. The following
icons can be displayed in this column:
•
[blank] — Indicates an existing line with associated values that is not the currently selected
line.
•
Edit — Indicates that this row is the one that is being edited.
•
New — Indicates that you are creating a new row or entry.
•
Current — Indicates that this row is currently selected and it contains previously specified
values.
Search for objects in the Control Center Client application
You can search for configurable objects within a larger list of objects by specifying certain criteria in
the Search window.
Often, the name that is associated with an object is not enough information to identify the object that
you need to find. By using the Search window, you can specify any character or string of characters to
search through all the presented data columns to locate the item that you seek.
76
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Navigate the Control Center user interface
Client application icons
17
Task
1
From various lists in windows and pages, click Search. The Search window is displayed.
For option definitions. press F1.
2
Enter a search term, then click Filter. Items in the list that contain the search term are displayed in
a drop-down list.
3
Select the item you were looking for.
The item is selected (checkbox filled with a checkmark) in the list.
Client application icons
Icons are provided for common tasks.
Most icons have tooltips that appear when you hover your mouse over them.
Table 17-5
Client application icons
Icon
Description
Common icons
About
Apply
Delete
Edit
Help
Line Selection
Locking Manager
Refresh
Version Warning
Warning
Validate
Search icons
Clear Search
Search
Status icons
Status: Not Running
Status: Running
Status: Uncertain
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
77
17
Navigate the Control Center user interface
Client application icons
Table 17-5
Client application icons (continued)
Icon
Description
Unknown Status
Policy Tree icons
Firewalls
CloudShield firewall
Crossbeam firewall
Clusters
Device Groups
Rule Object icons
Users
User Groups
External Groups
McAfee® Logon Collector Users
McAfee Logon Collector Groups
McAfee Logon Collector Distribution Lists
Rule icons
Add Rule
Edit Rule
Delete Rule
Delete Rules
Move to Position
Move Down
Move Up
Search and Replace
Export Rule
Rule
Rule Group
Alerts icons
Alarm Sound Mapping
Acknowledge
Alert jump
78
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Navigate the Control Center user interface
Client application icons
Table 17-5
17
Client application icons (continued)
Icon
Description
Alert options
Annotate
Clear
Critical
High
Medium
Low
Warning
Export to CSV
Secure Alert Server status
View events
Add
Administrators
Update icons
Update Settings
Schedule Firewalls
Manual Download
Control Center Tree icons
Administrators
Roles
LDAP User Groups
Auto-Hide
Browse
Clear Filter
Clear Pending Changes
Collapse All
Expand All
Manage Configuration Domain
Move Down
Move Left
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
79
17
Navigate the Control Center user interface
Client application icons
Table 17-5
Client application icons (continued)
Icon
Description
Move Right
Move to Top
Move Up
Save Pending Changes
Service Not Running
Service Running
Service Running Error
80
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
Index
A
about this guide 7
C
ccinit 40
ccinit.txt 40
checklist
integration 22
setup 21
Client application
installing 39
logging on 59
configuration
Firewall Enterprise Control Center 40
configuration file 40
conventions and icons used in this guide 7
D
documentation
audience for this guide 7
product-specific, finding 8
typographical conventions and icons 7
documents 13
E
ESX virtual networking 29
installation
Client application 39
integration planning 22
L
log on 71
logon 59
M
Management Server
adding backup (standby) 72
configuring backup (standby) servers 72
configuring new primary or backup 71
deleting backup (standby) 72
deleting primary 72
logging on to 71
removing 72
McAfee Firewall Enterprise Control Center Management Server
administering 71
McAfee ServicePortal, accessing 8
MLOS
installing and configuring 45
N
navigation
main window functionality 73
right-click menus 76
F
firewalls
adding 65, 66
adding multiple at one time 65
registering 66
registering manually 66
retrieving configurations 66
P
post-upgrade 63
primary servers
configuring 71
removing 72
R
H
High Availability (HA) feature 19
I
initial configuration 40
Initialization Tool 40
starting 40
McAfee Firewall Enterprise Control Center
version 5.3.2
registration 65
Release Notes 21
requirements
client application 17
documentation 17
MLOS 17
server 17
Installation and Migration Guide
81
Index
right-click menus 76
U
upgrade package 53
S
USB drive 39
search 76
ServicePortal, finding product documentation 8
standby servers
configuring 72
removing 72
W
websites
Release Notes 21
T
technical support, finding product information 8
82
McAfee Firewall Enterprise Control Center
version 5.3.2
Installation and Migration Guide
0B00
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement