8.4.7.101-8.3.7.18 Manager-Virtual IPS Release Notes McAfee Virtual Network Security Platform 8.4 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation 1
About this release This document contains important information about the current release. We recommend that you read the whole document. Network Security Platform follows a revised process. The changes in the release process are based on customer requirements, and best practices followed by other McAfee teams. For details, read KB78795. The vnsp solutions consists of the Network Security Manager, Virtual IPS Sensor, and the Virtual Security System. Functionality of each of these components are as follows: Network Security Manager It is the same web based user interface that is used to manage the Virtual IPS Sensor and Virtual Security System. You can create and manage policies against attacks detected by the Sensors. Virtual IPS Sensor This is the Network Security Sensor that protects the network against harmful attacks. It inspects the traffic and generates alerts in the Network Security Manager in case of attacks. Virtual Security System This is a probe-based logical construct which is a cluster solution comprising several individual Virtual IPS Sensor member instances. These members Sensors are clustered in a single appliance and share common security policies. Virtual Network Security Platform (vnsp) release comprises of Network Security Manager (Manager) software, version 8.4 and Virtual IPS Sensor software, version 8.3 for Amazon Web Services (AWS) environment. Software images released in this version must only be used to deploy in an AWS environment. Release parameters Version Network Security Manager 8.4.7.101 Signature Set 8.7.92.2 Virtual IPS Sensor 8.3.7.18 Virtual Network Security Platform Controller Virtual Network Security Platform Probe 3.5.3-8 3.5.3 (031617a) This version of 8.4 Manager software can be used to configure and manage the following hardware: Appliance Virtual Security System Sensors (IPS-VM100-VSS) 8.3 Version The above mentioned Network Security Platform software versions support integration with the following product versions: Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.3.2, 5.1.1 McAfee Global Threat Intelligence Compatible with all versions McAfee Advanced Threat Defense 3.8.0.29, 3.6.2.21 McAfee Virtual Advanced Threat Defense 3.10.0.35 McAfee Endpoint Intelligence Agent 2.6 McAfee Logon Collector 3.0.6 2
Table 1-1 Network Security Platform compatibility matrix (continued) Product McAfee Threat Intelligence Exchange 2.0, 1.3 Version supported McAfee Data Exchange Layer 3.0.0.285, 2.0.1 McAfee Vulnerability Manager 7.5.10, 7.5.7 McAfee Host Intrusion Prevention 8.0 McAfee MOVE AntiVirus Agentless 4.0.0.317 McAfee MOVE AntiVirus Multi-Platform 4.5.0.211 Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the Sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.8.0_112, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.4 uses JRE version 1.8.0_112. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. Manager software version 8.4 is not supported on McAfee-built Dell based Manager Appliances. McAfee recommends that you use Intel-based Manager Appliances instead. New features This release announces the availability of vnsp for Amazon Web Services (AWS). Public cloud infrastructure providers such as AWS provide a dynamic environment that provides resources such as servers, applications, and storage over the Internet. Due to its dynamic nature, it is susceptible to breaches. It provides an open environment for hackers to access confidential data of users. The vnsp solution is a scalable, enterprise-class solution that provides real-time threat protection to your public cloud infrastructure. The Virtual IPS Sensors protect endpoints deployed in the AWS environment by redirecting traffic appearing or leaving an endpoint. You are able to manage Virtual IPS Sensors deployed in AWS using a single, familiar user-interface which is the Network Security Manager. Policies are created and enforced on Virtual Sensors and Clusters through the Network Security Manager thereby giving you the ability to block, send an alert, or drop packets as you would in a physical environment. For more information on AWS, see AWS Documentation. Enhancements This is the first release of vnsp and does not contain any enhancements. 3
Resolved issues This is the first release of the Manager software and Virtual IPS Sensor software for AWS environment. Hence this release does not contain resolved issues for any previously known issues. Installation instructions Network Security Manager server requirements The following table lists the 8.4 Manager Server requirements: Operating System Minimum required Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only x64 architecture is supported. Recommended Windows Server 2012 R2 Standard Edition operating system. Memory 8 GB Supports up to 3 million alerts. >16 GB Supports up to 10 million alerts. Virtual CPUs 2 2 or more Disk space 100 GB 300 GB or more Operating System Windows 7, English or Japanese. Windows 8, English or Japanese. Windows 8.1, English or Japanese. Windows 10, English or Japanese. The display language of the Manager client must be the same as that of the Manager server operating system. 4
Network Security Manager client requirements The following are the system requirements for client systems connecting to the Manager application: Operating System Minimum required Windows 7, English or Japanese. Windows 8, English or Japanese. Windows 8.1, English or Japanese. Windows 10, English or Japanese. The display language of the Manager client must be the same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 10, 11, or Microsoft Edge. Mozilla Firefox. Google Chrome (App mode in Windows 8 is not supported.) To avoid the certificate mismatch error and security warning, add the Manager web certificate to the trusted certificate list. Internet Explorer 11. Mozilla Firefox 20.0 or later. Google Chrome 24.0 or later. If you are using Google Chrome 42 or later, the NPAPI plug-in is disabled by default, which means that Java applet support is disabled by default. Perform the following steps to enable NPAPI plug-in: 1 In the address bar, type chrome://flags/#enable-npapi. 2 Click the Enable link in the Enable NPAPI configuration option. 3 Click Relaunch Now at the bottom of the page to restart Google Chrome for the changes to take effect. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Manager/Central Manager software Virtual Security System (IPS-VM100-VSS) Minimum Software Version This is the first release of the Manager/Central Manager software for AWS environment. This is the first release of the Virtual Security System for AWS environment. 5
Known issues The following table lists the high-severity Manager software issues: Reference Number Issue Description 1186657 Issue: The Licenses page under Manager Admin Domain Name Setup Licenses shows no data for a few seconds before it refreshes and populates the actual data. The following table lists the medium-severity Sensor software issues: Reference Number Issue Description 1183868 Issue: The Manager Admin Domain Name Global IPS Device Settings Advanced Device Settings page loads forever till the inactive Sensor becomes active. Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.4 product documentation list The following software guides are available for Network Security Platform 8.4 release: NSP AWS Deployment Guide 2017 Intel Corporation Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 0A-00