McAfee Firewall Enterprise 8.3.0

Similar documents
McAfee Firewall Enterprise 8.3.2P05

Sidewinder. Release Notes 8.3.2P11. Revision A

Sidewinder. Release Notes 8.3.2P10. Revision A

McAfee Firewall Enterprise and 8.3.x

McAfee Network Security Platform 8.1

Network Security Platform 8.1

Network Security Platform 8.1

This release of the product includes these new features that have been added since NGFW 5.5.

McAfee Network Security Platform

McAfee Network Security Platform 8.3

McAfee Network Security Platform 9.1

McAfee Network Security Platform

Stonesoft Next Generation Firewall

This release of the product includes these new features that have been added since NGFW 5.5.

McAfee Network Security Platform 8.3

McAfee Network Security Platform

McAfee Network Security Platform 9.1

McAfee Network Security Platform 8.3

McAfee Next Generation Firewall 5.9.1

This release of the product includes these new features that have been added since NGFW 5.5.

McAfee Data Loss Prevention 9.2.2

McAfee Network Security Platform 8.3

Network Security Platform 8.1

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Network Security Platform 8.1

This release of the product includes these new features that have been added since NGFW 5.5.

Network Security Platform 8.1

McAfee Network Security Platform 9.1

Next Generation Firewall

This release of the product includes these new features that have been added since NGFW 5.5.

McAfee Network Security Platform 8.3

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Firewall Enterprise

This release of the product includes these new features that have been added since NGFW 5.5.

Network Security Platform 8.1

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Network Security Platform 8.1

SOURCEFIRE 3D SYSTEM RELEASE NOTES

High Availability Synchronization PAN-OS 5.0.3

McAfee Network Security Platform 8.1

Network Security Platform 8.1

Network Security Platform 8.1

This release of the product includes these new features that have been added since NGFW 5.5.

McAfee Network Security Platform 8.3

McAfee Network Security Platform 9.1

McAfee Gateway Appliance Patch 7.5.3

Forcepoint Sidewinder Control Center, Virtual Appliance. Installation Guide 5.3.x. Revision A

Forcepoint Sidewinder Control Center. Product Guide 5.3.2P09. Revision A

McAfee Network Security Platform 8.3

McAfee Data Loss Prevention 9.3.3

McAfee Network Security Platform 8.3

McAfee Firewall Enterprise 8.3.2

McAfee Network Security Platform 9.2

McAfee Network Security Platform 8.3

Firewall Enterprise epolicy Orchestrator

McAfee Firewall Enterprise Control Center

McAfee Web Gateway

NGFW Security Management Center

NGFW Security Management Center

McAfee Network Security Platform 8.3

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

SUPERSTACK 3 FIREWALL FIRMWARE VERSION RELEASE NOTES

Stonesoft Management Center. Release Notes Revision A

This document contains important information about the current release. We strongly recommend that you read the entire document.

Barracuda Link Balancer

McAfee Data Loss Prevention 9.3.2

Network Security Platform 8.1

Systrome Next Gen Firewalls

McAfee Network Security Platform 9.1

McAfee Network Security Platform 8.3

McAfee Network Security Platform 9.1

Branch Repeater :51:35 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

This release of the product includes these new features that have been added since NGFW 5.7.

McAfee Network Security Platform 9.2

Network Security Platform 8.1

Network Security Platform 8.1

McAfee Network Security Platform 9.1

McAfee Network Security Platform 8.3

CA Agile Central Administrator Guide. CA Agile Central On-Premises

SOURCEFIRE 3D SYSTEM RELEASE NOTES

McAfee Web Gateway

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Stonesoft Next Generation Firewall. Release Notes Revision B

SonicOS Enhanced Release Notes

Installation Guide McAfee Firewall Enterprise (Sidewinder ) on Riverbed Services Platform

McAfee Virtual Network Security Platform 8.4 Revision A

Network Security Platform 8.1

Device Management Basics

McAfee epolicy Orchestrator Release Notes

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Stonesoft Next Generation Firewall. Release Notes Revision C

Network Security Platform 8.1

NGFW Security Management Center

McAfee Network Security Platform 9.1

NGFW Security Management Center

McAfee epo Deep Command

McAfee Data Loss Prevention 9.3.1

Network Security Platform 8.1

Basic Firewall Configuration

Transcription:

Release Notes Revision B McAfee Firewall Enterprise 8.3.0 This document provides information about McAfee Firewall Enterprise (Firewall Enterprise) version 8.3.0, including download and installation instructions. About this document Thank you for choosing this McAfee product. This document contains important information about this release. We strongly recommend you read the entire document. You can find additional information by using the resources listed in the table. Table 1 Product resources Firewall type Online Help McAfee Technical Support ServicePortal Product updates Product installation files Platform requirements Online Help is built into Firewall Enterprise. Click Help on the toolbar or from a specific window. Visit mysupport.mcafee.com to find: Product documentation KnowledgeBase Product announcements Technical support Visit go.mcafee.com/goto/updates to download the latest Firewall Enterprise patches. 1 Go to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version. About this release Firewall Enterprise version 8.3.0 introduces new features and enhancements, and resolves issues present in the previous release. For information about the Firewall Enterprise support life cycle, refer to www.mcafee.com/us/support/ support eol.aspx. 1

Supported firewall types Firewall Enterprise 8.3.0 supports: McAfee Firewall Enterprise appliances McAfee Firewall Enterprise, Virtual Appliance McAfee Firewall Enterprise on Crossbeam X Series Platforms McAfee Firewall Enterprise on CloudShield CS 4000 platforms Unsupported features on Crossbeam X-Series Platforms These features are not supported on Crossbeam X Series Platforms for this release: Firewall Enterprise Admin Console Use a standalone McAfee Firewall Enterprise Control Center (Control Center) Management Server to manage Firewall Enterprise on X Series Platforms. Multicast dynamic routing using the PIM SM protocol Hybrid mode (configuring standard and transparent mode on the same firewall) Default route failover Quality of Service (QoS) Transparent (bridged) mode for these configurations: Dual Box High Availability Multi application serialization Dual Box High Availability active active mode Active standby DBHA is supported. X Series Operating System (XOS) features: VAP group hide vlan header parameter Equal cost multi path routing Configuration of the VRRP MAC address If you need functionality similar to the VRRP MAC address, Crossbeam recommends configuring a user defined MAC address on each traffic circuit/interface pair included in the VRRP failover group. For more information and the configuration procedure, refer to Crossbeam Technical Support Knowledgebase article 0004069. Unsupported features on CloudShield CS-4000 platforms When installed on CS 4000 platforms, some features are not supported on Firewall Enterprise. High Availability Sendmail Admin Console Firewall Enterprise must be managed using Control Center. Link aggregation and interface redundancy 2

PPPoE USB disaster recovery and USB installation VCD and alternate slice Installation options These installation options are available for version 8.3.0. Upgrade Upgrade a firewall from 8.2.1 to 8.3.0. New installation Re image a firewall using 8.3.0 installation media. Compatible McAfee products Firewall Enterprise version 8.3.0 is compatible with these McAfee products. McAfee Firewall Enterprise epolicy Orchestrator Extension McAfee Firewall Enterprise Control Center McAfee Logon Collector McAfee Network Integrity Agent McAfee Firewall Profiler McAfee Firewall Reporter For more information, see: 3

McAfee firewall products and versions that Firewall Enterprise supports Refer to KnowledgeBase article KB67462. Firewall products and interoperability with Firewall Enterprise Refer to the Using McAfee Firewall Enterprise with Other McAfee Products application note. Requirements Before you install this version, make sure the Admin Console and Firewall Enterprise requirements are met. Admin Console requirements The computer that hosts the Admin Console must meet these requirements. Table 2 Admin Console minimum requirements Component Requirements Operating system One of the following Microsoft operating systems: Windows Server 2008 Windows XP Professional Windows Vista Windows 7 Web browser One of the following: Microsoft Internet Explorer, version 6 or later Mozilla Firefox, version 1.0 or later Hardware 2 GHz x86 compatible processor 1024 x 768 display 2 GB of system memory 300 MB of available disk space CD ROM drive Network card (to connect to your firewall) USB port 4

Firewall Enterprise requirements The firewall must meet these requirements. Table 3 Minimum requirements by Firewall Enterprise type Firewall type Firewall Enterprise appliance Firewall Enterprise, Virtual Appliance Platform requirements Appliance with a valid support contract that meets the following requirements: 1 GB of memory AMD64 compatible processor Virtualization server that meets the following requirements: Hypervisor operating system VMware ESX/ESXi version 4.0 or later Firewall Enterprise, Virtual Appliance is installed in 64 bit mode by default. Your system must support Intel VT technology (or equivalent) to run properly in a virtual environment. Before starting the virtual appliance, verify that VT is enabled in your computer BIOS. Hardware resources: 2 virtual processors AMD64 compatible processor 1 GB of memory 30 GB of free disk space 2 or more NICs of type e1000 Internet connectivity The firewall requires a persistent Internet connection to maintain an active license and full functionality. Firewall Enterprise on Crossbeam X Series Platforms Firewall Enterprise on CloudShield CS 4000 platforms Crossbeam X Series Platform that meets the following requirements: Chassis X50, X60, or X80 S XOS version 9.6.2 and later, 9.7.x, or 9.9.x Application Processor Module APM 50 or APM 9600 At least one local disk (RAID 0 and RAID 1 disk configurations are supported; two disk, non RAID configurations are not supported) A minimum of 12 GB of memory Network Processor Module NPM 50, NPM 86x0, or NPM 96x0 CloudShield CS 4000 platform that meets the following requirements: MC CPOS server version 5.1 Chassis Management Module CMM 100 1/10G Ethernet Integrated Switch Module ISM 800 or ISM XVR Content Processing Accelerator CPA 1000 5

Network Integrity Agent requirements Systems must meet these requirements to install McAfee Network Integrity Agent (Network Integrity Agent). Table 4 Network Integrity Agent minimum requirements Component Operating system Hardware Requirements One of the these Microsoft operating systems: Windows XP Service Pack 2 and above Windows 7 Windows Server 2003 Service Pack 1 and above Windows Server 2003 R2 Service Pack 1 and above Windows Server 2008 R2 2 GHz x86 compatible processor 2 GB of system memory 300 MB of available disk space 1024 x 768 display Network card (to connect to your firewall) One of the following: USB port CD ROM drive New features Firewall Enterprise version 8.3.0 includes these new features. Host firewall interlock When you enable Network Integrity Agent on a host endpoint, the agent collects user and application details on initiated connections. Firewall Enterprise uses this host data for identity control, auditing, reporting, and policy enforcement. SPAN mode You can enable Switched Port Analyzer (SPAN) mode on firewalls to passively analyze network traffic without disrupting the existing network. Firewall Enterprise connects to the switch SPAN port, analyzes two way traffic, and uses the data to generate audits and reports. Firewall Enterprise on CloudShield CS 4000 platforms Deploy Firewall Enterprise on the CloudShield CS 4000 platform to provide maximum security for high assurance environments. 6

Enhancements These enhancements are included in this release. Dashboard usage reports The Admin Console Dashboard provides new usage reports and updated functionality for these areas: Applications Users Threats McAfee Global Threat Intelligence Rules Network Integrity Agent Geo Location Installation and initial configuration When installing and performing initial configuration for Firewall Enterprise, you can use a default configuration as an alternative to the Quick Start Wizard. SNMP agent Authentication type and privacy protocol options are added for v3 user and trap settings. Dynamic routing The version of Quagga is updated from v0.99.18 to v0.99.21. Resolved issues These issues are resolved in this release. Admin Console Corrects an error that occurred when viewing an IPS signature category group that contained an obsolete signature due to an IPS signature database update Resolves an issue with deleting SSH known host entries Resolves a server logon failure with an upgraded firewall Improves error handling when entering an invalid IP address Fixes the display of upstream proxy settings for HTTP and FTP in the HTTP Application Defense Resolves an issue where usage modify buttons were grayed out for non existent applications Resolves an issue with enabling or disabling the Internet DNS server Resolves an issue with column reference to the audit detail for Real Time audit Resolves an issue with modifying the signed zone file in a secure DNS configuration Resolves an issue where the SmartFilter database download date was displayed instead of the version Corrects an error on the Admin Console Properties tab Corrects an error when adding a new user with mismatched passwords 7

Resolves an issue with split DNS configuration Resolves an issue where a separate audit window did not close upon disconnect Resolves an issue with deleting the last application group Resolves an issue where the DNS configuration was disabled when configured with invalid domain names Corrects an error with adding an unsupported user name to a rule Corrects an error if validation failed when restoring the ospfv3 routing configuration Resolves an issue with custom application window cleanup when creating a new application Corrects an error when clicking the Usage button for Users and Groups in an access control rule Audit Resolves an auditbotd issue where the source zone and/or attack zones were not present in the audit when evaluating the audit filter Resolves an auditbotd issue with running long duration traffic on a transparent firewall Resolves an issue where syslog audit entries appeared twice in the Admin Console Resolves an issue where auditfsyncd was unable to dump core files in /var/run/audit Fixes the handling of the virus name in an audit filter when the virus name had spaces Resolves an issue where the Admin Console became unresponsive when using the View Audit option Authentication Resolves an issue with the Auth Lockout check working incorrectly for SSH logon Resolves an issue where the Control Center domain was unable to delete Passport cases Updates validation of simple passwords for alphanumeric characters Resolves an issue with Logon Collector user and group synchronization between cluster members Resolves an issue with enabling and disabling Passport multiple times Certificates Resolves an issue where the Certificate Management Daemon was unable to fetch intermediate CA certificates when required Command line interface Corrects an error when configuring a cluster using the cf command Adds configuration support for SSH known hosts trust_level Updates the man page for cf_passport with more information on the flush command Configuration Resolves an audit filter scanner issue with custom audit filters Corrects an error in the application database when simultaneous operations are performed 8

Resolves an issue with a Control Center query for version status on the application database while the database is updating Resolves an issue with traffic failures during an IPS update for load sharing clusters when rules used a large amount of host objects as the source, destination, NAT, or redirect Corrects an error that occurred when adding a drop TCP or UDP rule followed by a deny all rule with Global Threat Intelligence Resolves an issue where updating a specific policy area on a firewall managed by Control Center incorrectly updated unrelated policy areas Crossbeam X Series Platforms support Resolves an issue with unstable cluster behavior when using a VRRP 6 node (3x3) cluster with a naming convention of any_cluster_name_vrrpno_vapno Resolves an intermittent issue with traffic failover in DBHA when FTP traffic used NAT Improves IPF session performance using net.isr.direct_dynamic Crypto Resolves an issue where the pkcs7_verify tool printed invalid Type Enforcement logs in the audit Dynamic routing Resolves an issue where the dynamic routing stack did not update when changing the interface MTU Resolves an issue where OSPF terminated intermittently when disabling interfaces DNS Resolves an issue where the named server incorrectly listened on v6 ports when Enable traffic on v6 socket was disabled High Availability Resolves an issue with route synchronization for recursive BGP routes when in load sharing HA Resolves an issue where a load sharing peer reset the TCP SYN/ACK on connections meant for the other peer Fixes ARP cache clearing when applying a configuration from Control Center Improves the handling of SYN/ACK netprobes seen in the peer firewall by adding the sysctl share_session_at_create Corrects an error when running the cf license status command on a cluster with a trial license Updates the man page for cf_cluster with more information for default_l2_mode Corrects an IGMP protocol error in faild startup up on a load sharing cluster using multicast L2 mode Resolves an issue where the secondary firewall did not respond after changing the cluster type from peer to peer to load sharing Corrects an error when configuring the primary or shared heartbeat IP address of the primary firewall Improves the runtime error message shown in cluster status reporting 9

Installation Resolves an issue with serial console installation Updates installation prompt questions to clarify options IPS Resolves an issue where some attacks detected by IPS were not blocked by the deny action Resolves an issue with disabling IPS Kernel Resolves an issue where the mtools suite did not work correctly when using S model hardware with eusb devices Resolves an issue where ICMPv6 rate limiting caused traffic to stop flowing through the firewall Resolves an issue where the system ran out of memory when IPv6 traffic flowed through Policy Fixes an Application Defense conflict on access control rules Resolves an issue with mask creation function in iputil Resolves an issue where a deny rule for UDP traffic with IPS scanning enabled allowed traffic to pass through Resolves an issue where traffic redirected to an incorrect destination when no redirect host was specified Resolves an issue with loopback address redirection due to a FreeBSD upgrade Improves performance for policies using application categories Resolves an issue with reconfiguring Global Threat Intelligence reputation values within a policy Proxy FTP Corrects an error with pftp when sending heavy traffic HTTP Resolves issues where httpp failed due to: Using certain applications in deny rules A memory access problem Performing DNS queries when instantiated as sfredirectp dnsp running out of memory; acld also failed Resolves an issue when configuring non transparent HTTPS traffic with a default connection type of both and in band authentication Resolves an issue where httpp performed slowly when using streaming media applications Resolves an issue where httpp consumed high CPU load when IPv6 is enabled by default on a firewall Resolves an issue where httpp tried to send an error page when the process was socket mated Resolves an issue with decrypting HTTPS traffic when virus scanning was enabled 10

H.323 Fixes a buffer overflow when large user names and passwords were provided Resolves an issue where certain bad sessions caused the H.323 proxy to fail Corrects an error when a redirected host could not be resolved by DNS Resolves an issue with the H.323 proxy incorrectly terminating PUD Resolves an issue with name resolution on the firewall SNMP Resolves an issue where acld stopped working when SNMP sent an invalid zone Enhances support for IF MIB (1.3.6.1.2.1.31) Fixes an fd leak in SIGUP handling SSH Corrects an error in sshp when minimal proxy was the Application Defense Corrects an error in sshp when processing heavy traffic T120 Corrects an error when processing heavy traffic UTT Resolves a memory issue in the UTT client SmartFilter Resolves an issue where SmartFilter did not block decrypted/re encrypted SSL for certain browsers System Crypto Enhances certificate and key checking during import Dynamic routing Fixes a system failure with processing the PIM Register message in PIM SM multicast routing when the firewall is the rendezvous point Interfaces Resolves an issue with VLANs and LAGG on IX devices when packets were tagged with two VLAN tags (Q in Q) Resolves an issue with a single interface member bridge configuration sendmail Resolves a sendmail zone update issue that caused smtp to shut down instead of restart Resolves an issue with sendmail zone filtering SNMP Fixes engine ID format to RFC specifications for SNMP server configuration Resolves an issue where the SNMP agent incorrectly listened on a loopback address Fixes a race condition leading to the use of a null pointer in SNMP proxy packet processing Vulnerabilities Common Vulnerabilities and Exposures (CVE) Fixes a directory traversal vulnerability in PAM (CVE 2011 4122) Fixes a denial of service attack in OpenSSL (CVE 2012 2333) 11

Fixes a denial of service (or memory corruption) in OpenSSL (CVE 2012 2110 and CVE 2012 2131) Fixes a denial of service (or CPU consumption) in OpenSSL (CVE 2011 1473) Fixes a unicode password authentication attack in crypt module (CVE 2012 2143) Fixes a vulnerability in the DNS protocol ghost domain names (CVE 2012 1033) Fixes a buffer overflow in libtelnet (CVE 2011 4862) Fixes a vulnerability in the sshd Privilege Separation Monitor in OpenSSH (CVE 2006 5794) Fixes a vulnerability where local users gained privileges through a crafted application (CVE 2012 0217) Fixes a denial of service attack for BGP and OSPF in Quagga; updates Quagga to v0.99.21 (CVE 2012 0250, CVE 2012 0249, CVE 2012 0255, CVE 2012 1820) Upgrades OpenSSL to 0.9.8x Other Resolves an issue where ccmd always sent FULL status instead of PARTIAL Fixes a buffer overflow in the password warder when large user names and passwords were provided Resolves an issue with ipv6refcount while running IPv6 in high load Resolves an issue where sysinstall did not work with 34 or more NICs Fixes a lock reversal problem in ipfilter processing when IPF cookie level is zero Resolves an issue with an unexpected state where UDP socket in inpcb structure is zero Resolves a locking issue with IP filter session list updates Fixes a system lockup while processing mixed traffic when in load sharing HA Resolves a locking issue with kernel TCP/IPS Resolves a locking issue with timeout ARP entries Resolves an issue where a transparent firewall dropped multicast MAC in ARP replies Corrects a synchronization error in IP Filter session management Resolves intermittent issues with IPv6 DNS queries Resolves an issue where the tar utility did not preserve the MAC label of compressed files Resolves an issue with invalid message handling in the Passport module after firewall upgrade Fixes /secureos filling up with phantom files due to an IPS update Resolves an issue with alpha characters in a message board configuration listing Resolves a deadlock issue when the Cavium card was installed on the firewall Resolves a memory write issue in BPF (tcpdump) Resolves an issue with SSD optimization by reducing the size of ATA disks by one tenth 12

VPN Resolves a routing issue where TCP connections originating locally went through a VPN tunnel Resolves a locking issue in the opencrypto global session when using an IPsec VPN Known issues For known issues in this product release, refer to KnowledgeBase article KB75285. Upgrade a firewall to version 8.3.0 Select the appropriate upgrade method for your firewall type. Before you begin Upgrading a 32 bit hardware appliance that does not support 64 bit processing to 8.3.0 is not supported. Your firewall must be at version 8.2.1 to upgrade to version 8.3.0. Your firewall must have either 8.2.1E25 or 8.2.1P02 installed. [Virtual appliances only] Your system must support Intel VT technology (or equivalent). Verify that VT is enabled in your computer BIOS. [Virtual appliances only] If your system is running a 32 bit image of version 8.2.0, the file /VT_ENABLED must exist. You can create this file at the firewall command line by entering: touch /VT_ENABLED s Upgrade a standalone firewall or HA cluster on page 13 Use the Admin Console to upgrade a standalone firewall or HA cluster Upgrade a Control Center-managed firewall or HA cluster on page 17 Use Control Center to upgrade managed firewalls and clusters. Upgrade a firewall on a Crossbeam X-Series Platform on page 17 Upgrade Firewall Enterprise on a Crossbeam X Series Platform. Upgrade a standalone firewall or HA cluster Use the Admin Console to upgrade a standalone firewall or HA cluster To upgrade a High Availability cluster, upgrade the secondary/standby firewall first, then upgrade the primary firewall. 13

s Create a configuration backup on page 14 McAfee recommends that you create a configuration backup before upgrading. Backing up the configuration files lets you quickly restore a firewall. Download the package on a firewall with Internet access on page 14 If your firewall has Internet connectivity, use the Admin Console to download the patch. Manually load the package on a firewall without Internet access on page 15 If your firewall is not connected to the Internet, use a web browser to download the package, then manually load the package on the firewall. Install the 8.3.0 package on page 16 Install the 8.3.0 package on your firewall. This package also includes a separate Admin Console update. Update the Admin Console on page 16 The Admin Console automatically updates by connecting to the firewall. Verify that version 8.3.0 is installed on page 16 Verify that version 8.3.0 is installed on your firewall. Perform patch rollback on page 17 If the installed patch does not work to your satisfaction, you can use the Rollback feature to restore the firewall to a previous state. Create a configuration backup McAfee recommends that you create a configuration backup before upgrading. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide. Download the package on a firewall with Internet access If your firewall has Internet connectivity, use the Admin Console to download the patch. Downloading the patch moves it from the McAfee FTP site to the firewall but does not install it. 1 Select Maintenance Software Management. 2 Click the Manage Packages tab. 3 Display the available packages. a Click Check for Updates. When the operation is complete, a pop up window appears. b Click OK. Packages appear in the table with a status of Available. These packages are available for downloading from the McAfee FTP site. To configure this action to occur automatically, use the Download Packages tab. 4 Select the 8.3.0 package, then click Download. Click Yes to confirm. A success message appears, and the package status changes to Loaded. 14

Manually load the package on a firewall without Internet access If your firewall is not connected to the Internet, use a web browser to download the package, then manually load the package on the firewall. 1 Use a web browser to download the 8.3.0 package. a Go to go.mcafee.com/goto/updates. b c Scroll down to the McAfee Firewall Enterprise Upgrades and Patches entry for version 8.3.0, then click Download. Enter a valid Firewall Enterprise serial number, then click Submit. d Click Download Patch for version 8.3.0. 2 Place the 8.3.0 file where the firewall can access it. Choose one of these options: Local FTP site Place the package on an FTP site that the firewall has access to. HTTPS website Place the package on an HTTPS website that the firewall has access to. CD Place the package in a /packages directory on a CD, then insert the CD into the firewall CD drive. Directory on the firewall Use SCP to copy the package to the /home directory of your firewall administrator account. To transfer files to the firewall using SCP, SSH access must be enabled on the firewall. 3 In the Admin Console, select Maintenance Software Management, then click the Download Packages tab. For option descriptions, click Help. 4 Click Perform Manual Load Now. The Manual Load window appears. 5 Specify where the 8.3.0 package is stored. a From the Load packages from drop down list, select the appropriate method to load the package. FTP Package is on a local FTP site HTTPS Package is on an HTTPS website CD ROM Package is contained on a CD you created File Package is copied to your home directory on the firewall b In the Packages field, type 8.3.0. c d Complete the remaining fields. Click OK. A confirmation message appears. 6 Click Yes. The firewall loads the package from the specified location. When the operation is complete, a message appears. 7 Click OK. 8 Verify that 8.3.0 is loaded on your firewall. a Click the Managed Packages tab. b Verify the Status column of the 8.3.0 package shows Loaded on <date>. 15

Install the 8.3.0 package Install the 8.3.0 package on your firewall. This package also includes a separate Admin Console update. The firewall will restart during the patch installation. 1 Select Maintenance Software Management. 2 Click the Manage Packages tab. 3 Select 8.3.0 from the list of packages, then click Install. 4 Select Install now, then click OK. A warning appears stating that the firewall will restart after the patch is installed. 5 Click Yes. The package is installed, then an error message appears stating that the connection to the server has been lost. 6 Click OK. The Admin Console is disconnected and the firewall restarts. Update the Admin Console The Admin Console automatically updates by connecting to the firewall. 1 Reconnect the Admin Console to the firewall. A message appears prompting you to install an Admin Console update. 2 Click Yes. The Admin Console update downloads, then a message appears asking if you want to install the package now. 3 Click Yes. The Admin Console closes and the InstallShield Wizard window appears. 4 Click Next. A progress bar appears while the Admin Console update installs. When the installation completes, the Update Complete window appears. 5 Click Finish. The Admin Console opens. Verify that version 8.3.0 is installed Verify that version 8.3.0 is installed on your firewall. 1 Reconnect the Admin Console to the firewall. 2 Select Maintenance Software Management. 16

3 In the Manage Packages tab, verify that the Status column for 8.3.0 shows Installed. If the patch status is still Loaded, call technical support. You can also click View Package Details or View Log to see information about the installation. The patch is now installed. Perform patch rollback If the installed patch does not work to your satisfaction, you can use the Rollback feature to restore the firewall to a previous state. If you use the Rollback feature, any configuration changes made after the patch was installed are lost. Therefore, rolling back is a recommended recovery option for only a short time after a patch installation. A rollback always requires a restart. 1 Select Maintenance Software Management. 2 Click the Rollback tab. 3 Click Rollback Now, or select Schedule Rollback for to schedule a time for the rollback. Upgrade a Control Center-managed firewall or HA cluster Use Control Center to upgrade managed firewalls and clusters. Do not use the Firewall Enterprise Admin Console to install a patch directly on a managed firewall. 1 Upgrade your Control Center to version 5.3.0 or later; see the McAfee Firewall Enterprise Control Center Release Notes, version 5.3.0. 2 Use Control Center to upgrade the managed firewall to version 8.3.0; see the McAfee Firewall Enterprise Control Center Product Guide. Upgrade a firewall on a Crossbeam X-Series Platform Upgrade Firewall Enterprise on a Crossbeam X Series Platform. s Upgrade your Control Center on page 18 Upgrade your Control Center to version 5.3.0 or later; see the McAfee Firewall Enterprise Control Center Release Notes, version 5.3.0. Upgrade or install your Crossbeam X-Series Platform on page 18 Make sure you are running a supported version of XOS. Install the Firewall Enterprise CBI package on page 18 Download the Firewall Enterprise CBI package and load it on your Crossbeam X Series Platform. Use Control Center to upgrade the firewall VAPs on page 18 Use Control Center to upgrade all firewall VAPs to version 8.3.0 at the same time. 17

Upgrade your Control Center Upgrade your Control Center to version 5.3.0 or later; see the McAfee Firewall Enterprise Control Center Release Notes, version 5.3.0. Upgrade or install your Crossbeam X-Series Platform Make sure you are running a supported version of XOS. Select one of these options: Upgrade to the latest 9.6.x or 9.7.x version of XOS. Perform a new installation of the latest 9.9.x version of XOS. For instructions, see the Crossbeam XOS Configuration Guide. Install the Firewall Enterprise CBI package Download the Firewall Enterprise CBI package and load it on your Crossbeam X Series Platform. This procedure updates the Firewall Enterprise CBI that is present on the CPM, which is used to provision new VAPs. Performing this procedure will not modify firewall VAPs that are already installed. 1 Download the Firewall Enterprise CBI package. a In a web browser, navigate to www.mcafee.com/us/downloads. b c Enter your grant number, then navigate to the appropriate product and version. Download the version 8.3.0 Crossbeam installer (.cbi) file. 2 Transfer the.cbi file to the /crossbeam/apps/archive directory on each X Series CPM. 3 Run the following command for the firewall VAP group: CBS# application upgrade mfe vap group <VAP_group_name> 4 Accept the prompts. Use Control Center to upgrade the firewall VAPs Use Control Center to upgrade all firewall VAPs to version 8.3.0 at the same time. Before you begin Make sure your firewalls are at version 8.2.1. Refer to the McAfee Firewall Enterprise Release Notes, version 8.2.1 for details. The Firewall Enterprise VAP group will not pass traffic until all firewall VAPs are upgraded. 1 Download the 8.3.0 package. 2 Install the 8.3.0 package. Traffic will be interrupted during the patch installation. For instructions, see the McAfee Firewall Enterprise Control Center Product Guide. 18

Perform a new installation Perform a new installation of 8.3.0 on your firewall. s Create a configuration backup on page 19 If you are installing over an existing firewall configuration, McAfee recommends that you create a configuration backup. Download Firewall Enterprise software on page 19 Download applicable files for version 8.3.0. Download Firewall Enterprise documentation on page 20 Download documentation necessary for the planning and setup process. Install the Management Tools on page 20 Install the Management Tools on a Windows based computer. Install Firewall Enterprise on page 21 Use one of these options to install version 8.3.0. Create a configuration backup If you are installing over an existing firewall configuration, McAfee recommends that you create a configuration backup. When you perform a new installation on your firewall, all configuration and log information is removed. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide. Download Firewall Enterprise software Download applicable files for version 8.3.0. 1 Go to www.mcafee.com/us/downloads. 2 Enter your grant number, then navigate to the appropriate product and version. 3 Download the appropriate files. Firewall Enterprise appliance Download the installation CD image (.iso) file or USB image (.zip) file. Select the USB image file if your appliance does not have a CD drive. Firewall Enterprise, Virtual Appliance Download the virtual image (.zip) file. Firewall Enterprise on Crossbeam X Series platforms Download the Crossbeam installer (.cbi) file. Firewall Enterprise on CloudShield CS 4000 platforms Download the CPA V template (.zip) file. Management Tools If your firewall is not managed by Control Center, download the McAfee Firewall Enterprise Admin Console executable (.exe) file or CD image (.iso) file. Select the CD image file if you want to create a CD for use in installing the Management Tools. 19

4 [Firewall Enterprise appliances only] Create physical installation media using the downloaded installation files. Write the.iso file to a CD. If you downloaded the USB image file, write the image to a USB drive. Refer to KnowledgeBase article KB69115 for instructions. Download Firewall Enterprise documentation Download documentation necessary for the planning and setup process. 1 Go to the McAfee Technical Support ServicePortal at mysupport.mcafee.com. 2 Under Self Service, click Product Documentation. 3 Select the appropriate product and version. 4 Download the McAfee Firewall Enterprise Product Guide. 5 For non appliance platforms, download the appropriate documentation for your platform. McAfee Firewall Enterprise, Virtual Appliance Installation Guide McAfee Firewall Enterprise on Crossbeam X Series Platforms Installation Guide McAfee Firewall Enterprise on CloudShield CS 4000 Platforms Installation Guide Install the Management Tools Install the Management Tools on a Windows based computer. The Management Tools include: Quick Start Wizard Creates the initial configuration for the firewall Admin Console Manages the firewall Firewall Enterprise management tools are version specific. You cannot connect to a version 8.x firewall using an older version of the Admin Console. However, you can have multiple management tools that co exist on the same Windows based computer. 1 Start the installation process: If you downloaded the.exe file, locate the file on your computer, then double click it. If you downloaded the CD image (.iso) file and used it to create a CD, insert the CD into the appropriate drive. The welcome window appears. 2 Follow the on screen instructions to complete the setup program. McAfee recommends using the default settings. Consider installing an SSH client on your computer. Use the SSH client to provide secure command line access to the firewall. 20

Install Firewall Enterprise Use one of these options to install version 8.3.0. Firewall Enterprise, Virtual Appliance Refer to the McAfee Firewall Enterprise, Virtual Appliance Installation Guide. McAfee Firewall Enterprise, Virtual Appliance installations support using a serial cable to apply the Quick Start Wizard configuration at version 8.3.0. You can create a virtual serial connection if the virtual appliance and the Windows client are on the same vsphere client. Firewall Enterprise on Crossbeam X Series platforms Refer to the McAfee Firewall Enterprise on Crossbeam X Series Platforms Installation Guide. Firewall Enterprise on CloudShield CS 4000 platforms Refer to the McAfee Firewall Enterprise on CloudShield CS 4000 Platforms Installation Guide. Firewall Enterprise appliances Perform these steps. 1 Boot the firewall from the physical installation media you created. Installation USB drive: If the firewall is on, insert the USB drive and restart. If the firewall is off, insert the USB drive and turn on the firewall. Installation CD: If the firewall is on, insert the CD and restart. If the firewall is off, turn it on and quickly insert the CD. The firewall starts and displays standard boot up information. 2 When the firewall starts, configure it to boot from the installation media. Models without a CD drive Enter the boot menu, then select the installation USB drive. Models with a CD drive By default, the boot order is set to check the CD drive first. If the boot order has been altered and does not check the CD drive first, restart and enter the BIOS to adjust the boot order accordingly. The firewall boots from the installation media. 3 At the McAfee Inc. menu, accept the default, which is the Operational System. The welcome menu appears. 4 At the Welcome to McAfee Firewall Enterprise menu, select a Firewall Enterprise boot option. If you are using a locally attached terminal, press Enter to accept the default. If you intend to use a serial console, type 4 and press Enter. 5 When the installation complete message appears, remove the installation media from the firewall. 6 Press R to restart the firewall, then press Enter. The firewall restarts and displays standard restart information. Firewall Enterprise version 8.3.0 is now installed on your appliance. For complete setup instructions and post installation tasks, refer to the McAfee Firewall Enterprise Product Guide. 21

Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. Copyright 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 22 00B00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback