Revision B McAfee Network Security Platform (9.2.9.3-9.2.5.34 Manager-NS3500 Release Notes) Contents About this release New Features Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. This release of Manager version 9.2.9.3 is to manage the new NS3500 Sensor hardware platform. Upgrade the Manager to 9.2.9.3 only if you want to manage NS3500 Sensors in addition to other Sensor platforms. This version of the Manager is supported only on Windows and is not supported on Linux. Network Security Platform follows a release process that is based on customer requirements and best practices followed by other McAfee teams. For details, read KB78795. This release of Network Security Platform is to introduce the new NS3500 Sensor hardware platform. 1
Release parameters Version Network Security Manager software 9.2.9.3 Signature Set 9.8.38.2 NS3500 Sensor software 9.2.5.34 If your Sensor has run out of memory and does not accept signature set updates, see the section Lite Signature Set in McAfee Network Security Platform Manager Administration Guide to overcome the problem. Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the Sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.8.0_181, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 9.2 uses JRE version 1.8.0_181 and MySQL version 5.6.41. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. Manager software version 9.2 is not supported on McAfee-built Dell-based Manager Appliances. McAfee recommends that you use Intel-based Manager Appliances instead. Upgrade support McAfee regularly releases updated versions of the signature set. You can choose to automatically download and deploy the signature set in the Manager. Upgrade paths for Manager software versions Current version Upgrade path to 9.2 8.1.3.4, 8.1.3.6, 8.1.7.5, 8.1.7.12, 8.1.7.13 8.1.7.82 9.2.9.3 8.1.7.33, 8.1.7.52, 8.1.7.82, 8.1.7.91, 8.1.7.96, 8.1.7.100, 8.1.7.105 9.2.9.3 8.3.7.7, 8.3.7.28, 8.3.7.44, 8.3.7.52, 8.3.7.64, 8.3.7.68, 8.3.7.86 9.2.9.3 9.1.7.11, 9.1.7.15, 9.1.7.49, 9.1.7.63, 9.1.7.73, 9.1.7.75 9.2.9.3 9.2.7.9, 9.2.7.22 9.2.9.3 All intermediate Manager versions, such as Hotfixes, below 8.1.7.33 must upgrade to 8.1.7.82 before upgrading to the latest 9.2 Manager version. All Manager versions above 8.1.7.33 can directly upgrade to the latest 9.2 Manager version. Upgrade paths for Sensor software versions This is the first release of NS3500 Sensor, hence upgrade is not applicable. Heterogeneous support This version of 9.2 Manager software can be used to configure and manage the following devices: Sensor images for IPS-VM100 and IPS-VM100-VSS Sensor models are not available in version 9.2. Device NS-series Sensors (NS3100, NS3200, NS5100, NS5200, NS7100, NS7200, NS7300, NS9100, NS9200, NS9300) Version NS-series Sensors (NS7150, NS7250, NS7350) 9.1, 9.2 8.1, 8.3, 9.1, 9.2 2
Device NS3500 Sensor 9.2 Version Virtual IPS for ESXi server (IPS-VM100, IPS-VM600) IPS-VM100: 8.1, 8.3, 9.1 Virtual IPS for KVM (IPS-VM100, IPS-VM600) 8.3 Virtual IPS for VMware NSX (IPS-VM100-VSS, IPS-VM600-VSS) Virtual IPS Sensor versions 8.3 and 9.1 are not available for VMware NSX environment. IPS-VM600: 8.1, 8.3, 9.1, 9.2 IPS-VM100-VSS: 8.1 IPS-VM600-VSS: 9.2 Virtual IPS for AWS (IPS-VM100-VSS, IPS-VM600-VSS) IPS-VM100-VSS: 8.3, 9.1 Virtual IPS for Azure (IPS-VM600-VSS) 9.2 M-series Sensors (M-1250, M-1450, M-2850, M-2950, M-3050, M-4050, M-6050, M-8000) IPS-VM600-VSS: 9.2 8.1, 8.3, 9.1 Mxx30-series Sensors (M-3030, M-4030, M-6030, M-8030) 8.1, 8.3, 9.1 M-8000XC Cluster Appliance 8.1, 8.3, 9.1 NTBA Appliances (T-200, T-500, T-600, T-1200) 8.1, 8.3, 9.1 Virtual NTBA Appliances (T-VM, T-100VM, T-200VM) 8.1, 8.3, 9.1 Integration support The above mentioned Network Security Platform software versions support integration with the following product versions: Starting with Manager release 9.1.7.63, integration with McAfee Cloud Threat Defense is no longer supported. Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.9.1 McAfee Global Threat Intelligence Compatible with all versions McAfee Endpoint Intelligence Agent 2.6.3 McAfee Logon Collector 3.0.7 McAfee Threat Intelligence Exchange 2.0.0 McAfee Data Exchange Layer 3.1.0 McAfee Advanced Threat Defense 4.2.0 McAfee Virtual Advanced Threat Defense 4.2.0 McAfee Vulnerability Manager 7.5 McAfee Host Intrusion Prevention 8.0 Intel Security Controller 2.6 New Features This release of Network Security Platform includes the following new features. 3
Introducing Network Security NS3500 Sensor This release of 9.2 introduces McAfee's next generation Network Security Platform hardware, NS series Sensor model NS3500. The NS3500 Sensor operates at 200 Mbps or 100 Mbps throughput depending on the license purchased. The NS series Sensors are flexible enough to adapt to the security needs of any enterprise environment. When deployed at key network access points, they provide real time monitoring on high traffic loads to detect malicious activity and respond to the malicious activity as configured by the administrator. The NS3500 Sensors are 1RU device equipped with the following components: Four RJ 45 10/100/1000 Mbps Ethernet Monitoring ports One Console port One RJ-45 10/100/1000 Management port External USB port for Storage/Rescue application The front and back panel LEDs provide status information about the health of the Sensor and the ports activity Diagnostics for field replacement Built-in Fail-Open Unsupported features The following features are not supported on the NS3500 Sensors for this release: SSL decryption QoS policies/rate limiting VLAN bridging Layer 2 forwarding/stateless scanning exception Sensor Failover R1 Response Port Cannot be managed by Linux based Manager Resolved issues The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues This release of Manager software does not contain resolved issues for any previously known issues. Resolved Sensor software issues This is the first release of NS3500 Sensor. Hence, no resolved issues are applicable. 4
Installation instructions Manager server/client system requirements The following table lists the 9.2 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Datacenter Edition (Server with a GUI) Windows Server 2012 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2016 Standard Edition (Server with a GUI) Windows Server 2016 Standard Edition (Server with a GUI) Windows Server 2016 Datacenter Edition (Server with a GUI) Windows Server 2016 Datacenter Edition (Server with a GUI) Only X64 architecture is supported. Recommended Windows Server 2016 Standard Edition operating system Memory 8 GB Supports up to 3 million alerts in Solr. >16 GB Supports up to 10 million alerts in Solr. CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more 5
Minimum required Recommended Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. Table 4-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Datacenter Edition (Server with a GUI) Windows Server 2012 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2016 Standard Edition (Server with a GUI) Windows Server 2016 Standard Edition (Server with a GUI) Windows Server 2016 Datacenter Edition (Server with a GUI) Windows Server 2016 Datacenter Edition (Server with a GUI) Only X64 architecture is supported. Windows Server 2016 Standard Edition operating system Memory 8 GB >16 GB Supports up to 3 million alerts in Solr. Supports up to 10 million alerts in Solr. Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more 6
Table 4-2 VMware ESX server requirements for Windows Operating System Component Minimum Virtualization software ESXi 5.5 Update 3 ESXi 6.0 Update 1 ESXi 6.5 Update 1 The following table lists the 9.2 Manager client requirements when using Windows 8, Windows 8.1, or Windows 10: Operating system Minimum Windows 8, English or Japanese Windows 8.1, English or Japanese Windows 10, English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended Windows 10, English or Japanese RAM 2 GB 4 GB CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 10, 11 Mozilla Firefox Google Chrome (App mode in Windows 8 is not supported) Internet Explorer 11 Mozilla Firefox 20.0 or later Google Chrome 24.0 or later To avoid the certificate mismatch error and security warning, add the Manager web certificate to the trusted certificate list. For the Manager client, in addition to Windows 8, Windows 8.1 and Windows 10, you can also use the operating systems mentioned for the Manager server. The following are Central Manager and Manager client requirements when using Mac: Mac operating system Yosemite El Capitan Browser Safari 8 or 9 For more information, see McAfee Network Security Platform Installation Guide. Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: Network Security Platform software issues: KB90337 7
Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation Go to docs.mcafee.com to find the product documentation for this product. Or 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 9.2 product documentation list The following guides are available for Network Security Platform 9.2 release: NS3500 Sensor Quick Start Guide IPS Administration Guide NS3500 Sensor Product Guide Virtual IPS Administration Guide Quick Tour CLI Guide Installation Guide (includes Upgrade Guide) Integration Guide Manager Administration Guide Best Practices Guide Custom Attack Definitions Guide Troubleshooting Guide Manager API Reference Guide Copyright 2019 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 0B00