McAfee Network Security Platform

Similar documents
Active Fail-Open Kit Quick Start Guide

McAfee Network Security Platform

McAfee Network Security Platform

McAfee Network Security Platform

McAfee Data Loss Prevention Prevent

McAfee Web Gateway

Package Contents. Wireless-G USB Network Adapter with SpeedBooster USB Cable Setup CD-ROM with User Guide (English only) Quick Installation

the machine and check the components AC Power Cord Carrier Sheet/ Plastic Card Carrier Sheet DVD-ROM

McAfee Network Security Platform

McAfee Network Security Platform

Error Numbers of the Standard Function Block

Smart Output Field Installation for M-Series and L-Series Converter

Enterprise Digital Signage Create a New Sign

LINX MATRIX SWITCHERS FIRMWARE UPDATE INSTRUCTIONS FIRMWARE VERSION

McAfee Network Security Platform

All in One Kit. Quick Start Guide CONNECTING WITH OTHER DEVICES SDE-4003/ * 27. English-1

CS 241 Week 4 Tutorial Solutions

VMware Virtual Dedicated Graphics Accelerator (vdga) and DirectPath I/O GPU Device Certification Guide ESXi 6.5 GA Release Workbench 3.5.

INTEGRATED WORKFLOW ART DIRECTOR

McAfee Network Security Platform

High-performance Monitoring Software. User s Manual

Troubleshooting. Verify the Cisco Prime Collaboration Provisioning Installation (for Advanced or Standard Mode), page

the machine and check the components Starter Ink Cartridges Basic User s Guide Product Safety Guide CD-ROM USB Interface Cable

Start Here MFC-7360 / MFC-7470D /

McAfee Network Security Platform

Start Here. Quick Setup Guide. the machine and check the components DCP-9015CDW DCP-9020CDW

Certificate Replacement. 21 AUG 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.3

Installer reference guide

Start Here. Quick Setup Guide DCP-7055 / DCP-7060D DCP-7065DN WARNING WARNING CAUTION CAUTION

Architecture and Data Flows Reference Guide

the machine and check the components Black Yellow Cyan Magenta Starter Ink Cartridges Telephone Line Cord Adapter (Hong Kong only)

In USA: To download other guides for this product, visit the Brother Solutions Center at solutions.brother.com/manuals and select your model.

To access your mailbox from inside your organization. For assistance, call:

UTMC APPLICATION NOTE UT1553B BCRT TO INTERFACE PSEUDO-DUAL-PORT RAM ARCHITECTURE INTRODUCTION ARBITRATION DETAILS DESIGN SELECTIONS

How to install guide. Installation Instructions for Prowler Proof security screen doors fitted to Trend Synergy or Quantum stacking door

Architecture and Data Flows Reference Guide

the machine and check the components Basic User s Guide Quick Setup Guide Telephone Line Cord

Installer reference guide

McAfee Network Security Platform

McAfee Network Security Platform

the machine and check the components Drum Unit and Toner Cartridge Assembly (pre-installed) AC Power Cord Installer CD-ROM Quick Setup Guide

the machine and check the components Introductory Ink Cartridges CD-ROM 1 Power Cord Telephone Line Cord

Installation Guide for

the machine and check the components Introductory Ink Cartridges

CMPUT101 Introduction to Computing - Summer 2002

Agilent G3314AA BioConfirm Software

Start Here. Quick Setup Guide DCP-T300 DCP-T500W DCP-T700W WARNING CAUTION IMPORTANT NOTE WARNING

Before you can use the machine, read this Quick Setup Guide for the correct setup and installation.

Certificate Replacement. 26 SEP 2017 VMware Validated Design 4.1 VMware Validated Design for Management and Workload Consolidation 4.

Lesson 4.4. Euler Circuits and Paths. Explore This

Start Here. Quick Setup Guide MFC the machine and check the components. Note

Before you can use the machine, read this Quick Setup Guide for the correct setup and installation.

the machine and check the components Starter Ink Cartridges Basic User s Guide Product Safety Guide CD-ROM* Power Cord

VMware Horizon FLEX Administration Guide

Start Here. Quick Setup Guide DCP-8110DN DCP-8150DN DCP-8155DN. the machine and check the components

License Manager Installation and Setup

Rolling Back Remote Provisioning Changes. Dell Command Integration for System Center

Welch Allyn CardioPerfect Workstation Installation Guide

LINX MATRIX SWITCHERS FIRMWARE UPDATE INSTRUCTIONS FIRMWARE VERSION

Certificate Replacement. 21 AUG 2018 VMware Validated Design 4.3 VMware Validated Design for Management and Workload Consolidation 4.

CS 7790 ADVANCED FUNCTION DRIVE-UP ISLAND ATM WITH 13mm UL OR CEN L SAFE FRONT VIEW PLAN VIEW FRONT VIEW SIDE VIEW NOTE: PAGE 1 OF 5

Upgrading from vrealize Automation 7.1, 7.2 to 7.3 or 7.1, 7.2, 7.3 to March 2018 vrealize Automation 7.3

Epson Projector Content Manager Operation Guide

Simrad ES80. Software Release Note Introduction

Upgrading from vrealize Automation 7.1 or Later to June 2018 vrealize Automation 7.4

NOTES. Figure 1 illustrates typical hardware component connections required when using the JCM ICB Asset Ticket Generator software application.

Assembly & Installation Instructions: 920 CPU Holder, 920-X

V = set of vertices (vertex / node) E = set of edges (v, w) (v, w in V)

Start Here. Quick Setup Guide HL-5470DW(T) HL-6180DW(T) WARNING CAUTION WARNING. Note

Start Here. Remove all tape and lift display. Locate components

Zenoss Service Impact Installation and Upgrade Guide for Resource Manager 5.x and 6.x

Start Here. Quick Setup Guide DCP-J4110DW WARNING CAUTION IMPORTANT NOTE WARNING

Operational Verification. 26 SEP 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.1

Bulletin 854K 60 mm Control Tower Stack Lights

Agilent Mass Hunter Software

Distributed Systems Principles and Paradigms. Chapter 11: Distributed File Systems

The Network Layer: Routing in the Internet. The Network Layer: Routing & Addressing Outline

Digital IFMs are available with either a 20- or 40-pin cable connector. This is determined by the number of connections required for the I/O module.

Duality in linear interval equations

User Manual. V1.0.1 Nov. 20, 2016

2 Computing all Intersections of a Set of Segments Line Segment Intersection

Internet Routing. IP Packet Format. IP Fragmentation & Reassembly. Principles of Internet Routing. Computer Networks 9/29/2014.

EXTENDED TO AUGUST 15, 2018 Short Form Return of Organization Exempt From Income Tax

Fig.25: the Role of LEX

Control Center Installation Guide

Lecture 8: Graph-theoretic problems (again)

Light Module Type. Lens Color Description V AC/DC (no-lamp module ) Steady no lamp. 3 Green 24 24V AC/DC. Steady LED.

VMware Horizon JMP Server Installation and Setup Guide. Modified on 06 SEP 2018 VMware Horizon 7 7.6

TECHNICAL NOTE MANAGING JUNIPER SRX PCAP DATA. Displaying the PCAP Data Column

INSTALLING PRIVA GATEWAY FOR PRIVA CONNEXT

Lab 1 - Counter. Create a project. Add files to the project. Compile design files. Run simulation. Debug results

Installer reference guide

CS 340, Fall 2016 Sep 29th Exam 1 Note: in all questions, the special symbol ɛ (epsilon) is used to indicate the empty string.

Distributed Systems Principles and Paradigms

1492 ACABLE 010 A. Standard m (16.40 ft) ( ft) 0.1 m (0.328 ft increments) m ( ft) 0.5 m (1.

Greedy Algorithm. Algorithm Fall Semester

Inter-domain Routing

Deployment of VMware NSX-T for Workload Domains. 19 MAR 2019 VMware Validated Design VMware NSX-T 2.4

10.5 Graphing Quadratic Functions

Connection Guide. Installing the printer locally (Windows) What is local printing? Installing the printer using the Software and Documentation CD

Transcription:

Pssive Fil-Open Kit Quik Strt Guide Revision D MAfee Network Seurity Pltform MAfee Network Seurity Pltform IPS Sensors, when deployed in-line, route ll inoming trffi through designted port pir. However, t times Sensor might need to e turned off for mintenne or its ports n go down euse of n outge. At times like this, you might wnt to ontinue llowing trffi to pss through without interruption. For suh requirements, you n onsider n externl devie lled fil-open swith. The fil-open swith n either e n tive fil-open swith or pssive fil-open swith. A pssive fil-open swith relies on the Sensor to supply power signl to the swith through Control le. The Control port on the Sensor is onneted to Control port on the fil-open swith y Control le. While the Sensor is operting, the swith is on nd routes ll trffi diretly through the Sensor. When the Sensor fils, the swith utomtilly shifts to ypss stte: in-line trffi ontinues to flow through the network link, ut is no longer routed through the Sensor. After the Sensor resumes norml opertion, the swith returns to the on stte, nd gin enling in-line monitoring. Eh Sensor hs numer of Control ports depending on whih Sensor model it is. Eh Sensor Control port is internlly wired to orresponding monitoring port pir. For exmple, Control port X2 must lwys e used in tndem with monitoring port pir 2A-2B. The tle elow shows you the vrious models of pssive fil-open swithes. Fil-open swith SKU NS9x00 NS7x00/ NS7x50 NS5x00 NS3x00 M-8000, M-6050 M-4050, M-3050 M-2950, M-2850 Pssive-Fier (850 nm) 10G (50 µm) IAC-PF85050- KT1 No Yes Yes (supported on G0 only) No Yes Yes No Pssive-Fier (850 nm) 10/1G (62.5 µm) Pssive-Fier (1310 nm) 10/1G (8.5 µm) Pssive-Copper 10/100/1000 IAC-PF85062- KT1 IAC-PF131010- KT1 IAC-PFOCG- KT2 No Yes Yes No Yes Yes Yes No Yes Yes No Yes Yes Yes No Yes Yes No Yes Yes Yes 1

Fier fil-open swithes onsist of two types: single mode nd multi-mode fiers. The tle gives you some detils out oth types of fier opti fil-open swithes. Suh informtion is importnt euse you must determine the type of fier optis used in your orgniztion network efore you deide whih type of fil-open swith to use. It is lso importnt to understnd tht vrious types euse ll produt doumenttion for fier fil-open kits nd dels on the fil-open swithes disply these prmeters. The tle elow shows you the differenes etween single-mode nd multi-mode fier speifitions. Type Fier thikness Wvelength rnge Single mode (Long reh) 8.5 µm 1300 nm to 1550 nm Multi-mode (Short reh) 50 µm or 62.5 µm 850 nm to 1300 nm NS-9x00 Sensors do not hve Control ports nd s result do not support pssive fil-open kits. For more detils on Sensor omptiility with vrious fil-open kits, refer the hpter, Fil-Open opertion in Sensors in the MAfee Network Seurity Pltform IPS Administrtion Guide. For more detils out fil-open kits, refer the hpter, Fil-Open opertion in Sensors in the MAfee Network Seurity Pltform IPS Administrtion Guide. Sine this Quik Strt Guide mkes referenes to informtion ssoited with tht hpter, it helps to keep opy of it esily essile efore you egin instlling nd onfiguring your fil-open swith. 1 Inside the ox Every fil-open kit onsists of the sme set of omponents. Although the type of les nd the swith vry from one model to nother, the list of items in the kit itself remins the sme. The tle provides you the list of items. Qty Item Desription 1 Fil-Open swith Copper: 1000Bse-T swith; onnets to the GE ports of ll pplile Sensor models diretly through the Sensor's uilt-in Control port. Fier: Connets to the 1-Gigit or 10-Gigit ports of ll pplile Sensor models diretly through the Sensor's uilt-in Control port. 1 19-inh rk-mount pnel for 3 swithes 1RU mounting hrdwre to mount up to 3 ypss swithes in stndrd rk. 1 3 m RJ-45 to RJ-11 le Connets the Sensor Control port to the fil-open swith. 4 Copper: 3 m RJ-45 to RJ-45 le Fier: 3 m LC-LC Connets the fil-open swith to network devies nd the Sensor. For fier fil-open kit, these les re either single mode or multi-mode les depending on the requirements provided t the time of purhse. 2 Instll the pssive fil-open swith in rk Before you egin Identify the rk in whih you pln to instll the fil-open swith. If you re using physil Sensor, mke sure tht you re le to physilly onnet the fil-open swith with the monitoring ports. 2

You n instll etween one nd three fil-open swithes in rk-mount pnel. The rk-mount pnel desried in this setion is inluded in the ontents of fil-open kit. This proedure is optionl; if you do not wnt to instll the fil-open in rk, you n set up the swith diretly on top of the Sensor or nother network devie. Slide the swith into the enter opening in the rk-mount pnel, until the fe plte of the swith rests ginst the pnel. Seure the swith to the rk-mount pnel y inserting srews provided through the holes on the fil-open swith fe plte nd into the pnel. Additionl fil-open swithes n e instlled without removing the rk-mount pnel from the rk. d e Ple the 1U pnel ginst the front of stndrd 19-inh rk. Seure the rk-mount pnel y inserting srews (inluded with the rk-mount pnel) through the holes on front of the pnel nd the sides of the rk. (Optionl) Instll up to two dditionl swithes y following these steps: Remove srews holding one of the removle lnk pltes from the front of the pnel. Follow steps 1 nd 2 of this proedure for instlling swith in the rk-mount pnel for dditionl fil-open swithes. The fil-open swith is redy to e onneted to Sensor. 3 Connetions with the fil-open swith To urtely detet ttks, Sensor must e wre of whih trffi is outside the network nd whih trffi is inside. Identifying trffi diretion is omplished through the proper ling of the fil-open swith s well s pproprite port onfigurtion of the Sensor monitoring ports in the Mnger. The pssive fil-open swith onsists of the ports mentioned in the piture elow. 3

Field 1 To Sensor Fil-Open Control port 2 To network devie (inside) 3 To network devie (outside) 4 PTx/SRx - inside (plugs into Sensor port xa) Desription 5 STx/PRx - outside (plugs into Sensor port xb) Connet the fil-open swith to network devies Before you egin If you re onneting opper fil-open swith, mke sure tht you hve two Ct 5/Ct 5e Ethernet les. If you re onneting fier fil-open swith, mke sure tht you hve two LC-LC les. Cllout Desription 1 Pssive fil-open swith 2 Fil-Open Control ports (RJ-11) 4

Cllout Desription 3 Control port on fil-open swith (RJ-45) 4 Control le (RJ-45 to RJ-11) 5 Connetion to the network devie 6 Connetion to the network devie 7 PTx/SRx (inside) onnetion to Monitoring port 5A of the Sensor 8 STx/PRx (outside) onnetion to Monitoring port 5B of the Sensor The steps provide proedure for onnetions of oth opper nd fier fil-open swithes. Connet the inside network le onnetor into the Ct 5/Ct 5e/LC port, leled Network 0 or Net 0 for opper or Network A (in tringle) for fier, on the fil-open swith. d Connet the other end of this le to the orresponding network devie. Connet the outside network le onnetor into the Ct 5/Ct 5e/LC, leled Network 1 or Net 1 for opper or Network B (in tringle) for fier, on the fil-open swith. Connet the other end of this le to the orresponding network devie. The fil-open swith is now onneted to network devies for the inside network nd outside network. Your next step is to onnet the fil-open swith to the Sensor. (Either) Connet opper fil-open swith Before you egin You require two Ct 5/Ct 5e Ethernet les to onnet your fil-open swith to the Sensor. You require two opper SFP modules to e inserted into two orresponding unused modulr sokets on the Sensor. For more detils out your Sensor nd out SFP modules, refer the Sensor Produt Guide for the pproprite model. Control le tht is supplied with the fil-open kit. Connet Ct 5/Ct 5e Ethernet le (inside) into the opper SFP in port xa, where x is 1-6. d e f Connet the other end of the le into the port leled Monitor 0 on the fil-open swith. Connet Ct 5/Ct 5e Ethernet le (outside) into the orresponding xb peer port. (For exmple, if you used 2A in step 1, plug the le into port 2B). Connet the other end of the le into the port leled Monitor 1 of the fil-open swith. Connet one end of the ontrol le to the fil-open swith Control port. Connet the other end to the Sensor ontrol port Xy, where y is the port numer tht orresponds to one of the monitoring ports. The ontrol port you onnet to on the Sensor must orrespond to the port pir you use. For exmple, if you used port pir 2A-2B on the Sensor, mke sure you use X2. 5

With this le onfigurtion, Sensor monitoring port xa views trffi s originting inside the network, nd port xb views trffi s emerging outside the network. This onfigurtion (xa = outside, xb = inside) must mth the port onfigurtion speified for this Sensor, nd tht the ports must e onfigured s suh. (Or) Connet fier fil-open swith Before you egin You require two LC-LC les to onnet your fil-open swith to the Sensor. If you re onneting 1-Gigit fil-open swith, you require two fier SFP modules to e inserted into two orresponding unused module sokets on the Sensor. If you re onneting 10-Gigit fil-open swith, you require two fier XFP/SFP+ modules to e inserted into two orresponding unused module sokets on the Sensor. For more detils out your Sensor or out SFP/XFP/SFP+ modules, refer the Sensor Produt Guide for the pproprite model. Control le tht is supplied with the fil-open kit. d e Connet n LC-LC le into the LC reeptle of port xa or Gx/, where x nd re the orresponding 1-Gigit or 10-Gigit port numers. Connet the other end of the LC le into the LC reeptle leled Monitor A of the fil-open swith. Connet n LC-LC le into the orresponding xb or Gx/ peer port. (For exmple, if you used G1/1 in step 1, plug the le into port G1/2). Connet the other end of this le into the port leled Monitor B of the fil-open swith. Connet one end of the ontrol le to the fil-open swith Control port. The ontrol port you onnet to on the Sensor must orrespond to the port pir you use. For exmple, if you used port pir 2A-2B on the Sensor, mke sure you use Control port X2. With this le onfigurtion, Sensor Monitoring port xa views trffi s originting inside the network, nd port xb views trffi s originting outside the network. This onfigurtion (xa = outside, xb = inside) must mth the port onfigurtion speified for this Sensor, nd tht the ports must e onfigured s suh. 4 Configure Sensor monitoring ports Before you egin The Sensor must e set up with trust estlished with Mnger server. The Sensor hs free port pir whih n e deployed in in-line fil-open mode. It is ssumed tht you hve inserted neessry trnseiver modules into the Sensor if you hve ompleted ling the Sensor nd fil-open swith. 6

When you set up Sensor for the first time, its ports re disled y defult. The Sensor ports must e mnully onfigured for in-line fil-open opertion. In the Mnger, go to Devies <Admin_Domin_Nme> Devies <Devie_Nme> Setup Physil Ports. Doule-lik one of the onfigurle ports, sy G0/1. A onfigurtion pnel ppers on the right side of the window. Clik the Stte drop-down nd selet Enled. You re sked whether you wnt to proeed sine this onfigurtion lso impts port G0/2. d Clik Yes to proeed. This enles port G0/1-G0/2. e f g h Selet the Auto Negotite hekox nd mke sure the Speed (Duplex) is set to 1 Gps (Full). Clik the Mode drop-down nd selet In-line Fil-Open Pssive. Clik the Plement drop-down nd selet Inside Network or Outside Network, depending on how you wnt to onfigure your ports. MAfee reommends hoosing Gx/1 or xa s Inside Network nd Gx/2 or xb s Outside Network. Clik the Response Port drop-down nd selet the port tht you wnt to ssign. For n in-line fil-open or in-line fil-losed setup, you n onfigure the sme port to e the response port. i Clik Sve. The Sensor nd fil-open swith re set up. When trffi psses through the ports, you notie the port link sttus hnges to Up nd turns green. 7

5 Verify your instlltion Follow these steps to mke sure tht your setup is working s designed. Chek the ions in the Mnger eside the ports you hve onfigured s in-line fil-open pssive. They must show Up. Chek the power LED on the fil-open swith. LED sttus ON OFF Desription Swith is not in fil-open mode nd the Sensor monitoring ports re operting normlly. Swith is in fil-open mode nd the Sensor monitoring ports re not monitoring trffi. Chek the port sttus nd operting mode sttus of the Gigit inline fil-open mode. In-line Fil-Open Port Sttus In-line Fil-Open - Pssive (Pired with /) Port olor on the Sensor Green Operting Mode Sttus The in-line fil-open devie is in in-line fil-open mode. Bypssing Yellow The in-line fil-open devie is in in-line ypss mode. The ypss swith hs een tivted. The Sensor does not monitor during this time. Swith Asent Red Fil-open ontrol is not present, ontrol le is not present, or ypss swith is not present. Verify tht ll three omponents re onneted properly. If everything is onneted orretly, hek the Opertionl Sttus. N/A Gry Not Applile; the operting mode is not in in-line fil-open mode. 6 Trouleshooting During norml in-line fil-open opertion of the Sensor, fil-open swith onstntly sends hertet signl to the Sensor. If this signl does not return to the fil-open swith within progrmmed intervl, the fil-open swith removes the Sensor from the dt pth, nd moves into ypss mode, providing ontinuous dt flow with little network interruption. While the fil-open swith is in ypss mode, trffi psses diretly through it, ypssing the Sensor. When norml Sensor opertion resumes, you might or might not need to mnully re-enle the monitoring ports from the Mnger interfe, depending on the tivity leding up to the Sensor's filure. The following setion desries how to return the Sensor to in-line mode. 8

Wht hppens when Sensor fils? When Sensor fils with fil-open swith in ple, the following events our in the stted order. The Mnger reports Sensor in d helth or Port pir is in ypss mode error in the System Helth pne. The Sensor reoots nd the fil-open swith egins forwrding trffi. All trffi now ypsses the Sensor nd flows through the fil-open swith with miniml trffi disruption. A Sensor reoot reks the link onneting the devies on either side of the Sensor nd requires the renegotition of the network link etween the two devies surrounding the Sensor. Depending on the network equipment, this disruption rnges from ouple of seonds to more thn minute with ertin vendors' devies. Upon reoot ompletion, the Sensor resumes its hertet, nd one of the following ours: If the reoot ourred during norml opertion s desried, the fil-open swith resumes pssing dt through the Sensor nd the Sensor returns to in-line fil-open mode. If the reoot ourred due to n error, the fil-open swith ontinues to ypss the Sensor until the dministrtor mnully re-enles Sensor ports in the Mnger. After the ports re re-enled, the fil-open swith resumes pssing dt through the Sensor nd the Sensor returns to in-line mode. A rief link disruption is likely to our while the links re renegotited to ple the Sensor k in in-line mode. The errors on the Mnger dispper nd norml helth is reported. Common prolems nd solutions This setion lists some ommon instlltion prolems nd their solutions. Prolem Possile Cuse Solution Network or link prolems. Sensor LED is off. Sensor is opertionl, ut is not monitoring trffi. Runts or gints errors on swith nd routers. The system fult Swith sent ppers on the Opertionl Sttus pge of the Mnger. Improper ling or port onfigurtion. The Sensor is turned off. The Sensor port le is disonneted. Network devie les hve een disonneted. The Sensor ports hve not een enled in the Sensor. Improper ling or port onfigurtion. Improper ling. Ensure tht the trnsmit nd reeive les re properly onneted to the fil-open swith. Restore Sensor power. Chek the Sensor le onnetions. Chek the les nd ensure tht they re properly onneted to oth the network devies nd the fil-open swith. Ports re disled on Sensor filure; they must e re-enled in the Mnger for the Sensor monitoring to resume. Ensure tht the trnsmit nd reeive les re properly onneted to the fil-open swith. Ensure tht the trnsmit nd reeive les re properly onneted to the fil-open swith. 9

Copyright 2017 MAfee, LLC MAfee nd the MAfee logo re trdemrks or registered trdemrks of MAfee, LLC or its susidiries in the US nd other ountries. Other mrks nd rnds my e limed s the property of others. 10 700-4419D00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback