Network Security Platform Manager-Mxx30

Network Security Platform Manager-Mxx30 Manager-Mxx30-series Release Notes
McAfee Network Security Platform 8.2
Revision B
About this release
New features
Resolved Issues
Installation instructions
Known issues
Product documentation
About this release
This document contains important information about the current release. We strongly recommend that
you read the entire document.
Network Security Platform follows a new release process starting with the 8.2 release. The changes in
the release process are based on customer requirements, and best practices followed by other McAfee
teams. For details, read KB78795.
This maintenance release of Network Security Platform is to provide few fixes on the Manager and
Mxx30-series Sensor software.
Release parameters
Network Security Manager
Signature Set
Mxx30-series Sensor
This version of 8.2 Manager software can be used to configure and manage the following hardware:
NS9x00-series Sensors (NS9100, NS9200, NS9300)
7.1, 8.1, 8.2
NS7x00-series Sensors (NS7100, NS7200, NS7300)
8.1, 8.2
Virtual IPS Sensors (IPS-VM100 and IPS-VM600)
8.1, 8.2
Virtual Security System Sensors (IPS-VM100-VSS)
M‑series and Mxx30-series Sensors
7.1, 8.1, 8.2
XC Cluster Appliances
7.1, 8.1, 8.2
NTBA Appliance software (Physical and Virtual)
7.1, 8.1, 8.2
I-series Sensors
The above mentioned Network Security Platform software version support integration with the
following product versions:
Table 1-1 Network Security Platform compatibility matrix
Version supported
McAfee ePO
5.0, 5.1
McAfee Global Threat Intelligence
Compatible with all versions.
McAfee Advanced Threat Defense,
McAfee Endpoint Intelligence Agent
2.4, 2.5
McAfee Logon Collector
2.2, 3.0
McAfee Vulnerability Manager
7.0, 7.5
McAfee Host Intrusion Prevention
7.0, 8.0
Intel® Security Controller
Currently port 4167 is used as the UDP source port number for the SNMP command channel
communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound
connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the
same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version
1.7.0_80, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to
bind for IPv6.
Manager 8.2 uses JRE version 1.7.0_80. If you have IPv6 Sensors behind a firewall, you need to
update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to
function between those IPv6 Sensors and the Manager.
With release 8.1 onwards, Network Security Platform no longer supports the Network Access Control
module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only)
Sensors, McAfee recommends that you continue to use the version. If you are using the
Network Access Control module in M-series Sensors, continue to use the version. That is, you
should not upgrade the Manager or the Sensors to 8.1 for such cases.
Manager software version 8.1 and above are not supported on McAfee-built Dell‑based Manager
Appliances. McAfee recommends that you use Intel-based Manager Appliances instead.
New features
This release is to provide fixes for some of the previously known issues, and does not include any new
This release is to provide fixes for some of the previously known issues, and does not include any
Resolved Issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases,
see the Release Notes for the specific release.
Resolved Manager software issues
The following table lists the high-severity Manager software issues:
ID #
Issue Description
1074977 Memory leak in the Manager results in an MDR failover.
1061728 The exception objects assigned to attacks at device, interface, and zone levels are not
displayed as Ignore Rules after upgrading the Manager and devices to 8.2.
The following table lists the medium-severity Manager software issues:
ID #
Issue Description
1080394 The revision number for an IPS policy gets incremented even if you save the policy with no
1080121 Running the Default - Top 10 Malware Detections report in the child admin domain displays data
from the parent admin domain as well.
1078487 The effective firewall rules configured for Inbound and Outbound directions does not display
the rules correctly.
1078287 Manager's web application is inaccessible by using firefox 39 browser.
1076649 Policy updates are not sent from the Manager to the Sensor.
1076274 Connection limiting policies are not displayed in the root admin domain.
1075336 The Default-Quarantine History report displays only 10 entries.
1075133 SOAP exception in McAfee ePO integration.
1074124 Firewall rules created for a combination of any TCP service with a Deny response action
1073419 Certain Blocked alerts are not listed in the Executive summary report, but appear in the
Threat Analyzer.
1072067 The Manager session times out immediately after accepting the Java security warning
1071158 The Executive Summary Report in the Manager does not get generated for the report for last
full calendar month beginning from the 1st of the month till the last date of the month.
1070791 The IPS Sensor Configuration report displays the output for jumbo frame parsing as Enabled even
when the jumbo parsing feature is disabled in the IP Settings page.
ID #
Issue Description
1070702 Exporting the NTBA Appliance configuration fails when attempted with proxy server
inheritance enabled in the Manager.
1070592 Archive restore fails in the Manager.
1070486 The events ivSensorStringContentEvent and ivSensorInLayer2SwitchModeEvent, in
the EMS-TRAP-MIB file displays the same description.
1070366 When generating a report from Manage | (Admin Domain Name) | Reporting | Report Automation |
Automatically-Generated Reports, the error “An internal application error occurred. Please check
log files." is displayed.
1070105 In Traditional Executive Summary reports, fail over pairs are not getting listed with fail over pair
names but are listed with their individual Sensor names.
1067206 Rules deleted from the Custom Attack Editor are not deleted in the rule set.
1066678 Communication between ePolicy Orchestrator and the Manager fails in some rare
1066611 In certain rare instances, the Manager logs out unexpectedly when you click the Edit button
in the Quarantine Access Events page.
1065876 The NTBA Appliance software version in the Deploy Device Software page is sorted incorrectly.
1065726 The NTBA Appliance policies page does not load the plug-in necessary to display the page.
1065390 The User Activity Log page displays more logs than the actual changes.
1065343 The Default - Top 10 Application Categories by Bandwidth Usage (Bytes) report lists more than 10 entries.
1063973 Devices are not displayed appropriately in the Device List page, when you click on the device
from the Dashboard.
1063486 The Endpoint Reputation Analysis in Inspections Options, for an interface, does not recognize that
McAfee GTI is enabled even when it is.
1063246 The pending changes notification in the Manager does not disappear even after completion
of a configuration push to a Sensor.
1062428 An Ignore Rule created in the Threat Analyzer using an IPv4 address, creates a rule for an
IPv6 endpoint, with an IPv4 address.
1062423 The Automatically Generated Rreports is displayed in improper format.
1062364 In the Threat Explorer page, McAfee ePO tagging success message for default tags,
assigned to an endpoint or server, does not display the correct names.
1060249 While configuring the physical ports in the Manager, the port configured to inline fail-open
does not display the updated fail-open status.
1060003 The User-Defined report generates a report with blocked attacks present even when one of
the criteria is set as Does not equal Attack Blocked.
1059912 The IPS Sensor Configuration Report does not display the configuration for failover pairs.
1059142 The Manager does not run the minimum compliant MySQL version.
1059120 After Manager upgrade, the LDAP logon from the Manager fails due to an invalid certificate
1057170 When the Central Manager policy is applied on the Sensor, baseline policies inherit settings
from the Central Manager's Default IPS attack settings (GARE).
1057060 The Threat Analyzer times out after loading the Dashboard and Preferences tabs.
1057027 Configuration updates made in the Manager | Notification | Faults | Syslog are not saved.
1056266 The alert channel goes down while establishing trust between ePolicy Orchestrator and the
Manager, when the Manager has a Host Intrusion Prevention Sensor configured.
1055867 In some rare MDR scenarios, the primary Manager displays a communication error while
accessing the Dashboard.
ID #
Issue Description
1055490 At the time of polling the Sensor for throughput, bps disappears after several polling
1054397 A quarantined host cannot access other hosts within the quarantined zone.
1052514 Attack type displays Reconnaissance attack instead of Signature attack.
1051657 The Manager fails to update the signature set of the Sensor.
1048233 The Central Manager Threat Analyzer does not display any alerts when there are alerts
present in the Manager Threat Analyzer.
1047563 An IP address ending with 30 cannot be configured for an NTBA collection port.
1047251 The Devices page does not connect to the Manager from the Central Manager.
1046712 VLAN tags assigned to a child domain cannot be removed.
1046270 A restriction in the Virtual NTBA Appliance prevents users from adding more than two
1044456 Whitelist entries continued to get added in the Manager even though those inspection
options are disabled in both, inbound and outbound, directions.
1043874 The XFF source IP cannot be quarantined from Threat Analyzer.
1040886 An error is generated when you attempt to run Next Generation report (Top 10 Attack Source
1037772 The Top Applications Summary dashboard in the Threat Analyzer always displays the top
application as having 3.66 Gb of traffic in the last 5 minutes.
1036507 The Sensor model and Software version columns in the IPS policy editor display different
1033817 In certain rare instances, when you reboot the Sensor after deploying the latest Sensor
software, you notice a "Signature set download failure" fault in the Manager.
1031880 When the Manager service is stopped, all acknowledged faults are sent from the Manager
to the SMTP server.
1027910 The E-mail report that is generated and sent by the Manager does not contain any report
1023248 The Manager fails to establish communication with the McAfee Update Server.
1007548 In certain rare scenarios, when VirusScan Enterprise is installed and then uninstalled on
the Manager server, the TIE VirusScan Enterprise hot-fix does not work.
The Threat Analyzer abruptly hangs after running for a long time.
The Sig. Decs. button for an alert does not open the Display Signatures for Attack window.
Policy synchronization with a 7.5 Manager fails with Snort rules imported.
During a manual import of certain Snort rules, the Manager displays the error '- 63 - 30 error: Pattern is too large message' during compilation.
Resolved Sensor software issues
The following table lists the medium-severity Sensor software issues:
ID #
Issue Description
1076555/ In a rare scenario, the Sensor reboots after the signature set is updated successfully.
For certain botnet attacks, the exclusion list does not get applied if advanced botnet
detection is enabled in the Inspection Options policy.
In rare scenarios, when L7 Data collection is disabled, the maximum percentage of L7
Dcap flows shows incorrect usage statistics in the Sensor CLI show mem-usage.
ID #
Issue Description
In the CLI debug mode, the option to set interface operating mode is not available.
In exceptional situations, when OS Fingerprinting and Layer 7 Data Collection are
enabled, the Sensor might automatically recover or reboot depending on the
In rare scenarios, the Sensor fails to initialize when the Web Services feature is enabled
and has more than 46 assignments.
McAfee GTI DNS errors faults are raised in the Manager when McAfee GTI is disabled.
In some scenarios, the Sensor fails to block the Utorrent/BitTorrent application.
The PSU failure message does not indicate which Sensor, primary or secondary, in the
MDR pair has failed.
False positive alerts are triggered from the Sensor when the signature set is pushed to the
In certain scenarios, due to incorrect XFF parsing, the non-true client gets quarantined.
Installation instructions
Manager server/client system requirements
The following table lists the 8.2 Manager server requirements:
Minimum required
Any of the following:
Windows Server 2012 R2
Standard Edition
operating system.
• Windows Server 2008 R2 Standard or Enterprise Edition,
English operating system, SP1 (64-bit) (Full Installation)
• Windows Server 2008 R2 Standard or Enterprise Edition,
Japanese operating system, SP1 (64-bit) (Full
• Windows Server 2012 R2 Standard Edition (Server with a
GUI) English operating system
• Windows Server 2012 R2 Standard Edition (Server with a
GUI) Japanese operating system
• Windows Server 2012 R2 Datacenter Edition (Server with
a GUI) English operating system
• Windows Server 2012 R2 Datacenter Edition (Server with
a GUI) Japanese operating system
Only X64 architecture is supported.
8 GB
8 GB or more
Server model processor such as Intel Xeon
Disk space
100 GB
300 GB or more
100 Mbps card
1000 Mbps card
32-bit color, 1440 x 900 display setting
1440 x 900 (or above)
The following are the system requirements for hosting Central Manager/Manager server on a VMware
Table 5-1 Virtual machine requirements
Operating system Any of the following:
• Windows Server 2008 R2 Standard or Enterprise
Edition, English operating system, SP1 (64-bit) (Full
Windows Server 2012 R2
Standard Edition
operating system.
• Windows Server 2008 R2 Standard or Enterprise
Edition, Japanese operating system, SP1 (64-bit) (Full
• Windows Server 2012 R2 Standard Edition (Server
with a GUI) English operating system
• Windows Server 2012 R2 Standard Edition (Server
with a GUI) Japanese operating system
• Windows Server 2012 R2 Datacenter Edition (Server
with a GUI) English operating system
• Windows Server 2012 R2 Datacenter (Server with a
GUI) Japanese operating system
Only X64 architecture is supported.
8 GB
8 GB or more
Virtual CPUs
2 or more
Disk Space
100 GB
300 GB or more
Table 5-2 VMware ESX server requirements
Virtualization software • ESXi 5.0
• ESXi 5.1
• ESXi 5.5
Intel Xeon ® CPU ES 5335 @ 2.00 GHz; Physical Processors – 2; Logical
Processors – 8; Processor Speed – 2.00 GHz
Physical Memory: 16 GB
Internal Disks
1 TB
The following table lists the 8.2 Manager client requirements when using Windows 7, Windows 8, or
Windows 2012:
• Windows 7, English or Japanese
• Windows 8, English or Japanese
• Windows 8.1, English or Japanese
The display language of the Manager client must be
the same as that of the Manager server operating
2 GB
4 GB
1.5 GHz processor
1.5 GHz or faster
• Internet Explorer 9, 10, or 11
• Internet Explorer 11
• Mozilla Firefox
• Mozilla Firefox 20.0 or
• Google Chrome (App mode in Windows 8 is not
• Google Chrome 24.0 or
To avoid the certificate mismatch error and security
warning, add add the Manager web certificate to the
trusted certificate list.
If you are using Google Chrome 42 or later, the NPAPI plugin is disabled by default, which means that
Java applet support is disabled by default. Perform the following steps to enable NPAPI plugin:
In the address bar, type chrome://flags/#enable-npapi.
Click the Enable link in the Enable NPAPI configuration option.
Click Relaunch Now located at the bottom of the page to restart Google Chrome for the changes to
take effect.
For the Manager client, in addition to Windows 7, Windows 8, and Windows 8.1, you can also use the
operating systems mentioned for the Manager server.
The following are Central Manager and Manager client requirements when using Mac:
Mac operating system
• Lion
Safari 6 or 7
• Mountain Lion
For more information, see McAfee Network Security Platform Installation Guide.
Upgrade recommendations
McAfee regularly releases updated versions of the signature set. Note that automatic signature set
upgrade does not happen. You need to manually import the latest signature set and apply it to your
The following is the upgrade matrix supported for this release:
Minimum Software Version
Manager/Central Manager software
• 7.1 —,,,,
• 8.1 —,,,,
• 8.2 —,,,,
Mxx30-series Sensor software
• 7.1 —
• 8.1 —,
• 8.2 —,,
Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article:
Network Security Platform software issues: KB83288
Product documentation
Every McAfee product has a comprehensive set of documentation.
Find product documentation
Go to the McAfee ServicePortal at and click Knowledge Center.
Enter a product name, select a version, then click Search to display a list of documents.
8.2 product documentation list
The following software guides are available for Network Security Platform 8.2 release:
Quick Tour
Installation Guide (includes Upgrade Guide)
Manager Administration Guide
Manager API Reference Guide (selective distribution - to be requested via support)
CLI Guide
IPS Administration Guide
Custom Attacks Definition Guide
XC Cluster Administration Guide
Integration Guide
NTBA Administration Guide
Best Practices Guide
Troubleshooting Guide
Copyright © 2015 McAfee, Inc.
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF