Network Security Platform 8.1

8.1.7.100-8.1.3.130 Manager-M-series Release Notes Network Security Platform 8.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. This maintenance release of Network Security Platform is to provide few fixes on the Manager and M-series Sensor software. 1

Release parameters Version Network Security Manager software version 8.1.7.100 Signature Set 8.7.109.5 M-series Sensor software version 8.1.3.130 Note the following points regarding application identification feature before you upgrade: Application identification feature works correctly in a fresh install of version 8.1.7.96 When upgrading from version 8.1.7.91 to 8.1.7.96, the application identification feature does not work as it is incompatible with signature set version 8.7.99.4. After upgrading the signature set version from 8.7.99.4 to 8.7.109.5, the application identification feature still does not work. In any of the above mentioned scenarios, delete the signature set, and manually import the signature set version 8.7.109.5 This version of 8.1 Manager software can be used to configure and manage the following hardware: Hardware NS-series Sensors (NS3100, NS3200, NS5100, NS5200, NS7100, NS7200, NS7300, NS9100, NS9200, NS9300) Virtual IPS Sensors (IPS-VM100 and IPS-VM600) 8.1 Virtual Security System Sensors (IPS-VM100-VSS) 8.1 M-series Sensors (M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050, M-6050, M-8000) 8.1 Mxx30-series Senors (M-3030, M-4030, M-6030, M-8030) 8.1 XC Cluster Appliances (XC-240) 8.1 NTBA Appliances (T-200, T-500, T-600, T-1200) 8.1 Virtual NTBA Appliances (T-VM, T-100VM, T-200VM) 8.1 The above mentioned Network Security Platform software version support integration with the following product versions: Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.9.0, 5.3.2, 5.1.1 McAfee Global Threat Intelligence Compatible with all versions McAfee Advanced Threat Defense 3.8.0.29, 3.6.2.21 McAfee Endpoint Intelligence Agent 2.6 McAfee Logon Collector 3.0.6 McAfee Vulnerability Manager 7.5.10, 7.5.7 McAfee Host Intrusion Prevention 8.0 Version Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. 8.1 2

Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance releases or hot-fix releases on version 8.0. With release 8.1, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 7.5 and above are not supported on McAfee-built Dell based Manager Appliances. New features This release is to provide fixes for some of the previously known issues, and does not include any new features. Enhancements Updated certificates with extended validity have been used to digitally sign the Network Security Manager binary files. Resolved issues The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues This release does not contain any resolved issues for the Manager. Resolved Sensor software issues The following table lists the high-severity Sensor software issues: ID # Issue Description 1201115 A deadlock condition in the Management processor resulted in stopping of packet forwarding in datapath packet processors. This in turn may result in auto recovery or reboot. The following table lists the medium-severity Sensor software issues: ID # Issue Description 1203549 Smart blocked attacks show different results in the syslog notification for IV_RESULT_STATUS. 1193022 The Sensor response port flaps while re-establishing trust with the Manager. 1190201 The management port speed setting does not update after reboot. 3

ID # Issue Description 1188347 When a "GET" request is split across two packets, the Sensor is unable to generate an alert for the HTTP traffic. 1184582 In the Sensor, the Ignore rule does not work when same TCP/HTTP based protocol packet in the flow is resent. 1180807 The Sensor reboots or performs auto-recovery when resources for packets are processed for Malware and the resources are freed twice in cases where either NTBA is involved or attacks are not blocked along with SSL decryption. 1178512 TCP packets are dropped by the Sensor if you attempt a configuration update simultaneously while traffic is run by a test generator. 1161392 The G3 slot in the Sensor displays the built-in copper ports as configurable ports. 1156996 McAfee Logon Collector configuration update fails on Sensor as internal resources are full due to which resources are not available. Installation instructions Manager server/client system requirements The following table lists the 8.1 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Only x64 architecture is supported. Recommended Same as the minimum required. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) 4

The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. Table 5-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter (Server with a GUI) Only X64 architecture is supported. Same as minimum required. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 5-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 Update 3 ESXi 6.0 Update 1 CPU Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Memory Internal Disks Physical Memory: 16 GB 1 TB 5

The following table lists the 8.1 Manager client requirements when using Windows 7, Windows 8, or Windows 10: Operating system Minimum Windows 7 English or Japanese Windows 8 English or Japanese Windows 8.1 English or Japanese Windows 10 English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10 or 11 Mozilla Firefox Google Chrome is not supported since the NPAPI plug-in is disabled by default and will not be supported by Google going forward. This means that Java applet support is also disabled by default. Internet Explorer 11 Mozilla Firefox 41.0.2 or above In Mozilla Firefox version 52 and above the NPAPI plug-in is disabled and will not be supported by Mozilla going forward. This means that pages that uses Java in the Manager will not render properly on Mozilla Firefox version 52 and above. For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating systems mentioned for the Manager server. The following table lists the 8.1 Central Manager / Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Minimum Software Version Manager/Central Manager software 8.1: 8.1.7.82, 8.1.7.91, 8.1.7.96 M-series Sensor software 8.1: 8.1.3.100, 8.1.3.124 6

Known issues For a list of known issues in this product release, see these McAfee KnowledgeBase articles: Manager software issues: KB81373 M-series Sensor software issues: KB81374 Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.1 product documentation list The following software guides are available for Network Security Platform 8.1 release: Quick Tour Custom Attacks Definition Guide Installation Guide XC Cluster Administration Guide Upgrade Guide Integration Guide Manager Administration Guide NTBA Administration Guide Manager API Reference Guide Best Practices Guide CLI Guide Troubleshooting Guide IPS Administration Guide Copyright 2017 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 00