McAfee Network Security Platform 8.1

8.1.7.73-8.1.5.163-3.5.82 Manager-XC-Cluster Release Notes McAfee Network Security Platform 8.1 Revision B Contents About this release New features Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. This release of Network Security Platform is to introduce the Network Security Platform XC-640 Load Balancing solution that consists of XC-640 appliance and NS9300XC Sensors. Network Security Manager software version: 8.1.7.73 Signature Set: 8.7.68.3 1

NS9300XC Sensor software version: 8.1.5.163 XC-640 software version: 3.5.82 Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance releases or hot-fix releases on version 8.0. With release 8.1, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 7.5 and above are not supported on McAfee-built Dell based Manager Appliances. This version of 8.1 Manager software can be used to configure and manage the following hardware: 7.1 and 8.1 NS9x00-series Sensors 8.1 NS7x00-series and NS5x00-series Sensors 8.1 Virtual IPS Sensors 7.1 and 8.1 M series and Mxx30-series Sensors 7.1 and 8.1 XC Cluster Appliances 7.1 and 8.1 NTBA Appliance software (Physical and Virtual) 7.1 I-series Sensors Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. New features This release of 8.1 is to provide the XC-640 Load Balancer solution that includes XC-640 Load Balancer device and NS9300XC Sensor. An XC-640 Cluster in Network Security Platform comprises of an XC-640 Load Balancer and a maximum of 8 NS9300XC Sensors. The XC-640 Cluster behaves like a single virtual Sensor. The XC-640 Load Balancer solution offers next-generation intrusion prevention technology that is tailored for high-capacity networks. The XC-640 Load Balancer device is a high performance traffic access device for load balancing, providing throughput of 40-320 GB. It enables high traffic loads on 10 and 40 GB links to be processed by distributing the traffic to multiple NS9300XC Sensors. 2

The NS9300XC Sensor is used to analyze traffic on selected network segments and to respond when an attack is detected. The NS9300XC Sensors are connected to the XC-640 Load Balancer device. These Sensors cannot be used as standalone Sensors. They can be used as part of the XC Cluster only. The existing NS9300 devices need to be upgraded to NS9300XC. Contact the McAfee Technical Support for more details. Sensor redundancy is supported in an XC Cluster. To configure redundancy, one of the Sensor ports on the XC-640 is configured as the spare port. The spare port is configurable. XC Clusters support high-availability deployment, using a standby XC-640 device. The standby secondary XC-640 is connected to the primary XC-640 via port 3/1. If one XC-640 fails, the standby XC-640 continues to load balance and monitor the traffic. See the Network Security Platform 8.1 XC Cluster Administration Guide to set up and configure the XC-640 Load Balancer solution. XC-640 features The XC-640 enables high traffic loads on 10/40 gigabit links to be processed by distributing the traffic to multiple NS9300XC Sensors. It supports 4 QSFP+ 40 Gbps or 20 QSFP+/SFP+ 40/10 Gbps or 32 SFP+ 10Gbps monitoring ports and eight 40 gigabit Ethernet Sensor ports. The XC-640 includes the following features: 8 QSFP+ 40 Gbps / 20 QSFP+ and SFP+ 40 and 10 Gbps / 32 SFP+ 10Gbps Monitoring ports (based on I/O modules in slots) 8 QSFP+ 40 Gbps Sensor ports 1 10/100/1000 Mbps Management port 1 Console port Dual power supply LED indicators for link and activity status Configurable to load balance up to 8 NS9300XC Sensors XC Cluster modes of operation Various modes can be configured manually on the XC-640 device using the Manager and primarily determine the XC Cluster behavior. The Network Security Platform and the NS9300XC Sensors are not affected by any change in these modes. The number of Sensors connected to the XC-640 is determined by the throughput requirement. By default, the XC Cluster is configured in the 320G N standalone mode. Port 3/1 is reserved for High Availability. For N+1 configuration, the spare port is configurable. The following modes are supported: XC-640 High Availability 3

This mode supports configuring a standby XC-640 through port G3/1. High Availability is implemented in the active/active mode and can support both 280G N and 240G N+1 modes. 240G N+1 - Configuration with Sensor redundancy This mode supports configuring a standby Sensor. One of the Sensor ports is configured as a spare port. The standby Sensor is connected to the spare port. This enables you to utilize 6 40 GB Sensor ports for active Sensors, providing a maximum throughput of 240 Gbps. 280G N - Configuration without Sensor redundancy This mode does not support a standby Sensor and enables you to utilize 7 40 GB Sensor ports for active Sensors, providing a maximum throughput of 280 Gbps. XC-640 Standalone 320G N - Configuration without Sensor redundancy This is the default mode and does not support a standby Sensor and enables you to utilize 8 40 GB Sensor ports for active Sensors, providing a maximum throughput of 320 Gbps. 280G N+1 - Configuration with Sensor redundancy This mode supports configuring a standby Sensor. One of the Sensor ports is configured as a spare port. The standby Sensor is connected to the spare port. This enables you to utilize 7 40 GB Sensor ports for active Sensors, providing a maximum throughput of 280 Gbps. NS9300XC Sensors The NS9300XC Sensor consists of a Primary Sensor, NS9300XC-P, and a Secondary Sensor, NS9300XC-S. The XC-640 is connected to any 40G monitoring port of the NS9300XC Sensor. The NS9300XC includes these features: Console ports on the NS9300XC-P and NS9300XC-S Sensors (2) QSFP+ 40 Gigabit Ethernet Interconnect ports (4). G0/1 and G0/2 on NS9300XC-P Sensor and G4/1 and G4/2 on NS9300XC-S Sensor Four slots for I/O modules (Any combination of the interface modules can be used) QSFP+ 40 Gigabit Ethernet ports (4) QSFP+ 40 Gigabit Ethernet ports (2) SFP/SFP+ 1/10 Gigabit Ethernet Monitoring ports (8) SFP/SFP+ 10/1 Gigabit 8.5 μm (SM) interface module with internal fail-open (4) SFP/SFP+ 10/1 Gigabit 50 μm (MM) interface module with internal fail-open (4) SFP/SFP+ 10/1 Gigabit 62.5 μm (MM) interface module with internal fail-open (4) RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (6) RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (16) The supported transceiver modules are QSFP+, SFP+ (MM and SM), SFP Fiber (MM and SM) and SFP Copper. USB ports (4) Dual power supply RJ 45 100/1000/10000 Management port (Mgmt) (2). Mgmt on NS9300XC-S Sensor is used as an interconnect port 4

RJ 45 100/1000/10000 Response port (R1) (2). R1 on NS9300XC-P Sensor is used as an interconnect port RJ 45 Auxiliary ports (Aux) (2) For more information, see Network Security Platform NS9300XC Quick Start Guide and Network Security Platform NS9300XC Product Guide. Limitations The following features are not supported on XC-640: Active and Passive Fail-open kits are not supported Tap mode Network Threat Behavior Analysis is not integrated System faults are not available IPv6 support for management port is not available XC-640 software upgrade is not possible through the Manager The CLI commands do not support configuring the mode of operation: the load balancing group and High Availability parameters. 5

Resolved issues This 8.1 release introduces new functionality. There are no resolved issues. Installation instructions Manager server/client system requirements The following table lists the 8.1 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only x64 architecture is supported. Recommended Same as the minimum required. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 6

Table 4-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter (Server with a GUI) Japanese operating system Only X64 architecture is supported. Same as minimum required. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 4-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 CPU Memory Internal Disks Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Physical Memory: 16 GB 1 TB The following table lists the 8.1 Manager client requirements when using Windows 7 or Windows 8: Operating system Minimum Windows 7 English or Japanese Windows 8 English or Japanese Windows 8.1 English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB 7

Minimum Recommended CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10 or 11 Mozilla Firefox Google Chrome in not supported since the NPAPI plug-in is disabled by default and will not be supported by Google going forward. This means that Java applet support is also disabled by default. Internet Explorer 11 Mozilla Firefox 20.0 or above For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating systems mentioned for the Manager server. The following table lists the 8.1 Central Manager / Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Manager/Central Manager software NS9300XC Sensor software XC-640 Minimum Software Version 8.1 8.1.3.4, 8.1.3.6, 8.1.7.5, 8.1.7.12, 8.1.7.13, 8.1.7.33, 8.1.7.52 This is the first release of the Sensor software. Hence, upgrade is not applicable. This is the first release of the appliance software. Hence, upgrade is not applicable. Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: Manager software issues: KB81373 XC-Cluster Sensor software issues: KB81377 8

Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.1 product documentation list The following software guides are available for Network Security Platform 8.1 release: Quick Tour Installation Guide Upgrade Guide Manager Administration Guide Manager API Reference Guide (selective distribution - to be requested via support) CLI Guide IPS Administration Guide Custom Attacks Definition Guide XC Cluster Administration Guide Integration Guide NTBA Administration Guide Best Practices Guide Troubleshooting Guide Copyright 2016 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 0B-00