Load Balancing with McAfee Network Security Platform

Similar documents
Configuring EtherChannels

Configuring EtherChannels and Layer 2 Trunk Failover

Configuring EtherChannels and Link-State Tracking

Protecting Your Enterprise Databases from Ransomware

Configuring EtherChannels and Link-State Tracking

Configuring IEEE 802.3ad LACP EtherChannels on the Cisco MWR 2941

Configuring EtherChannels and Layer 2 Trunk Failover

Configuring Link Aggregation

Securing Your Microsoft Azure Virtual Networks

Configuring EtherChannels

CCNA 3 (v v6.0) Chapter 3 Exam Answers % Full

McAfee Network Security Platform Administration Course

McAfee Database Security Insights

Configuring EtherChannel Between a Catalyst Switch Running CatOS and a Workstation or Server

Securing Your Amazon Web Services Virtual Networks

Configuring Link Aggregation

McAfee epolicy Orchestrator

Lab Configuring EtherChannel

McAfee Network Security Platform

Configuring SPAN and RSPAN

Interfaces for Firepower Threat Defense

McAfee Network Security Platform

Interfaces for Firepower Threat Defense

Configuring SPAN. Understanding SPAN CHAPTER. This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2960 switch.

PrepKing. PrepKing

4 PWR XL: Catalyst 3524 PWR XL Stackable 10/100 Ethernet

Cisco Systems Fiber Intelligent Gigabit Ethernet

Abstract. AM; Reviewed: WCH/JK 9/11/02. Solution & Interoperability Test Lab Application Notes 2002 Avaya Inc. All Rights Reserved.

McAfee Network Security Platform

Exam Implementing Cisco IP Switched Networks (SWITCH)

Configuring EtherChannels

McAfee Network Security Platform

McAfee Labs Threat Report

UK Gender Pay Gap Report 2018

McAfee Virtual Network Security Platform

Configuring Port Channels

Network Security Platform Overview

Configuring Interfaces

Configuring EtherChannels

McAfee Endpoint Security

McAfee Network Security Platform 8.3

VXLAN Testing with TeraVM

A10 SSL INSIGHT & SONICWALL NEXT-GEN FIREWALLS

Configuring Interfaces

Configuring SPAN and RSPAN

Securing the Software-Defined Data Center

Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances

Catalyst 1900 Series and Catalyst 2820 Series Enterprise Edition Software Configuration Guide

GUIDE. Optimal Network Designs with Cohesity

McAfee Network Security Platform

McAfee Web Gateway Administration

McAfee Network Security Platform 8.1

Building Resilience in a Digital Enterprise

Designing Solution with Cisco Intrusion Prevention Systems

Configuring VLANs. Understanding VLANs CHAPTER

Configuring SPAN and RSPAN

WHITE PAPER A10 SSL INSIGHT & FIREWALL LOAD BALANCING WITH SONICWALL NEXT-GEN FIREWALLS

Configuring VLANs. Understanding VLANs CHAPTER

SIEM Solutions from McAfee

Cajun P550/P880 Manger User Guide

Pass-Through Technology

Aggregate Interfaces and LACP

McAfee Network Security Platform 9.2

Configuring Link Aggregation on the ML-MR-10 card

EX 3500 ETHERNET SWITCH

Configuring VLANs. Understanding VLANs CHAPTER

Cisco CISCO Data Center Networking Infrastructure Design Specialist. Practice Test. Version

McAfee Total Protection for Data Loss Prevention

1 Mojo S-2000 Series Managed PoE Switches

Configuring Virtual Port Channels

Configuring VLANs. Understanding VLANs CHAPTER

Configuring Modular QoS on Link Bundles

EtherChannel and Redundant Interfaces

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee NGFW Installation Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

Figure 7-1 Unicast Static FDB window

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Configuring VLANs. Understanding VLANs CHAPTER

Exam Questions

McAfee Network Security Platform

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Managing Latency in IPS Networks

Deployment Modes Citrix Product Documentation docs.citrix.com January 3, 2019

EtherChannel Between a Cisco Catalyst Switch That Runs Cisco IOS and a Workstation or Server Configuration Example

Configuring Port Channels

Network Security Platform 8.1

Nighthawk S8000 Gaming & Streaming Advanced 8-Port Gigabit Ethernet Switch User Manual

McAfee Skyhigh Security Cloud for Citrix ShareFile

McAfee Network Security Platform 9.1

Configuring Interface Characteristics

McAfee Public Cloud Server Security Suite

Configuring SPAN and RSPAN

Why can t I just do that with a switch? Joseph Magee Chief Security Officer Top Layer Networks

Configuring VLANs. Understanding VLANs CHAPTER

CISCO EXAM QUESTIONS & ANSWERS

McAfee Network Security Platform 9.1

CUSTOMER DATA FORMAT REQUIREMENTS

Cisco Intelligent Traffic Director Deployment Guide with Cisco ASA

material. For more information on how to get additional questions, please see

Split Trunking Support with HP Auto Port Aggregation

Transcription:

Load Balancing with McAfee Network Security Platform Optimizing intrusion prevention system performance 1 Load Balancing with McAfee Network Security Platform

Load Balancing with McAfee Network Security Platform Optimizing intrusion prevention system performance McAfee Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network by using advanced detection and emulation techniques. This next-generation hardware platform scales to speeds of more than 40 Gbps with a single device to meet the needs of demanding networks. For larger enterprise environments that require additional performance, an individual intrusion prevention system (IPS) can be replaced with a cluster of IPS devices, easily scaling to achieve the desired throughput. In this scenario, network traffic is load balanced across the sensor cluster for fast, efficient inspection. In addition, multiple IPS sensors can be easily managed via a single pane of glass for efficiency. This paper describes several load balancing techniques to optimize performance across the sensors. Key Advantages Scalable solutions for larger enterprise environments Flexible load balancing options optimize performance and reduce costs Easily manage multiple IPS sensors via a single pane of glass Basic Configuration Considerations The sensor needs to maintain flow information for proper IPS processing. This means all packets belonging to one flow should go to the same sensor. External devices need to be configured to ensure this condition is always satisfied. For example, all packets with the same source or destination address pair should pass through the same sensor. IPS devices can be clustered to achieve throughput that exceeds that delivered by an individual device. Total throughput is limited by the capacity of the external devices, such as the load balancer or the switch. Basic terminology Link Aggregation: There are various ways to increase individual-link bandwidth, like traffic policing and WAN optimization. Along with this, there are techniques to combine the bandwidth of all links, also known as Link Aggregation. As the name implies, it combines more than one network link logically in parallel to increase bandwidth between network devices. This may also be referred to as trunking. Connect With Us 2 Load Balancing with McAfee Network Security Platform

EtherChannel: Cisco s proprietary aggregation scheme is built upon standards-based 802.3 Ethernet. This technology is composed of several Gigabit Ethernet links and is capable of load balancing traffic across those links. Unicast, broadcast, and multicast traffic is evenly distributed across the links, providing higher performance and redundant parallel paths. When a link fails, traffic is redirected to the remaining links within the channel without user intervention and with minimal packet loss. Load-balancing policy can be based on media access control (MAC) address (L2), IP address (L3), or port number (L4). Link Aggregation Control Protocol (LACP): This is the IEEE standard (defined in IEEE 802.3ad) for achieving link aggregation across multiple network links between two switches. Port Aggregation Control Protocol (PAgP): Cisco s proprietary protocol helps in automatic creation of EtherChannel links. PAgP packets are sent between EtherChannel capable ports to negotiate EtherChannel creation, but there are restrictions. Bundles aren t formed with dynamic VLAN-configured ports. In addition, all ports should be on the same VLAN and should operate at the duplex. Modes for PAgP include Off, Auto, and Desirable. Load Balancing Solutions with McAfee Network Security Platform Using a third-party load balancer Third-party load balancers are supported with McAfee Network Security Platform. A cluster of McAfee Network Security Platform sensors can be used between properly configured load balancers on either side of IPS appliances to scale beyond single sensor limits. All the network-level functionalities are available, including stateful failover (Figure 1). Throughput of this solution depends on the load balancer selected by the customer. With use of a McAfee Network Security Platform NS-9300 sensor, in conjunction with a load balancer, throughput can scale above 300 Gbps. Load balancers need to be configured to ensure packets belonging to a flow are always received by the same sensor. Configuring a firewall Internet Firewall IPS Device Intranet Figure 2. Inline IPS configuration residing behind a firewall. Let s look at various forms of firewalls: application-based, packet-based, application proxy, and layer 2 firewalls. Since an IPS requires flow state to be maintained, applicationbased firewalls are more suitable here. The firewall can track all the IP packets bi-directionally to ensure that only packets from a valid session are passed through. Again, firewalls need to be configured to ensure that traffic pertaining to a flow are received by the same sensor and to distribute traffic evenly across different sensors. This means asymmetrical routing should not occur once flow connections are established through the sensors. Load Balancer 1 Load Balancer 2 Figure 1. Load balancer configuration. 3 Load Balancing with McAfee Network Security Platform

External Switches and McAfee Network Security Platform Cluster OEM third-party switches Link aggregation of network switches OEM Switch Figure 3. OEM switch configuration. In this solution, a third-party switch can run as a load balancer by executing a load balancing algorithm and evenly distributing traffic across the sensors connected to the switch. Several IPS devices can be connected to the switch and are limited by port pair availability. This design is scalable and provides high port density. Figure 4. IPS sensors directly connected to switches. Another approach is to configure switches so they are directly connected to the IPS devices. This requires configuring of the switches connected to the sensors to enable link aggregation, achieving both bandwidth increase and link fault tolerance. Summary The McAfee Network Security Platform delivers scalable solutions to meet the needs of enterprise organizations. For larger enterprise environments, individual IPS systems can be replaced with a cluster of IPS devices to achieve the desired throughput. In this scenario, multiple load balancing options are available to ensure that network traffic is optimized for cost-effective, fast inspection and data protection. 4 Load Balancing with McAfee Network Security Platform

About McAfee McAfee is one of the world s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. By building solutions that work with other companies products, McAfee helps businesses orchestrate cyber environments that are truly integrated, where protection, detection and correction of threats happen simultaneously and collaboratively. By protecting consumers across all their devices, McAfee secures their digital lifestyle at home and away. By working with other security players, McAfee is leading the effort to unite against cybercriminals for the benefit of all. www.mcafee.com. 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 www.mcafee.com McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2018 McAfee, LLC. 3721_0118 JANUARY 2018 5 Load Balancing with McAfee Network Security Platform

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback