Revision A McAfee Network Security Platform 8.3 (8.3.7.86-8.3.5.53 Manager-NS-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. Network Security Platform follows a release process that is based on customer requirements and best practices followed by other McAfee teams. For details, read KB78795. This release of Network Security Platform is to provide few fixes on the NS-series Sensor software. Release parameters Version Network Security Manager software version 8.3.7.86 Signature Set 8.7.116.2 NS-series Sensor software version 8.3.5.53 If your Sensor has run out of memory and does not accept signature set updates, see the section Lite Signature Set in McAfee Network Security Platform 8.3 Manager Administration Guide to overcome the problem. 1
Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.8.0_144, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.3 uses JRE version 1.8.0_144 and MySQL version 5.6.30. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. Manager software version 8.3 is not supported on McAfee-built Dell based Manager Appliances. McAfee recommends that you use Intel-based Manager Appliances instead. Upgrade support McAfee regularly releases updated versions of the signature set. You can choose to automatically download and deploy the signature set in the Manager. The following are the upgrade paths supported for this release: Manager Current version Upgrade path to 8.3 8.1.3.4, 8.1.3.6, 8.1.7.5, 8.1.7.12, 8.1.7.13, 8.1.7.33, 8.1.7.52, 8.1.7.82 8.3.7.86 8.1.7.91, 8.1.7.96, 8.1.7.100, 8.1.7.105 Not supported 8.3.7.7, 8.3.7.28, 8.3.7.44, 8.3.7.52, 8.3.7.64, 8.3.7.68 8.3.7.86 NS-series Current version Upgrade path to 8.3 8.1.5.14, 8.1.5.39, 8.1.5.57, 8.1.5.135, 8.1.5.175, 8.1.5.210, 8.1.5.215, 8.1.5.217 8.3.5.53 8.3.5.6, 8.3.5.11, 8.3.5.32, 8.3.5.47, 8.3.5.48 8.3.5.53 Network Security Manager versions 8.1.7.91, 8.1.7.96, 8.1.7.100, and 8.1.7.105 use the SHA1 certificate which employs a 1024-bit encryption based signature. However, Manager version for 8.3 uses the SHA256 certificate which employs a 2048-bit encryption based signature. Hence, upgrade is not supported. Heterogeneous support This version of 8.3 Manager software can be used to configure and manage the following devices: New Sensor image for IPS-VM100 and IPS-VM100-VSS Sensor models will not be released from this release of 8.3. Device NS-series Sensors (NS3100, NS3200, NS5100, NS5200, NS7100, NS7200, NS7300, NS9100, NS9200, NS9300) Version 8.1, 8.3 NS3x00-series and NS5x00-series Sensors are not compatible with Manager version 8.3.7.28. See Known Issues for more information. Virtual IPS for ESXi server (IPS-VM100, IPS-VM600) 8.1, 8.3 Virtual IPS for KVM (IPS-VM100, IPS-VM600) 8.3 Virtual IPS for VMware NSX (IPS-VM100-VSS) 8.1, 8.3 Virtual IPS for AWS (IPS-VM100-VSS) 8.3 2
Device Version M-series Sensors (M-1250, M-1450, M-2850, M-2950, M-3050, M-4050, M-6050, M-8000) 8.1, 8.3 Mxx30-series Sensors (M-3030, M-4030, M-6030, M-8030) 8.1, 8.3 M-8000XC Cluster Appliance 8.1, 8.3 NTBA Appliances (T-200, T-500, T-600, T-1200) 8.1, 8.3 Virtual NTBA Appliances (T-VM, T-100VM, T-200VM) 8.1, 8.3 Integration support The above mentioned Network Security Platform software versions support integration with the following product versions: From this release of 8.3, integration of McAfee Network Security Platform with McAfee Cloud Threat Detection is no longer supported. Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.9.1, 5.9.0 McAfee Global Threat Intelligence McAfee Endpoint Intelligence Agent 2.6 McAfee Logon Collector 3.0.7 McAfee Threat Intelligence Exchange 2.0.1 McAfee Data Exchange Layer 3.0.1 McAfee Advanced Threat Defense 4.0.4.23 McAfee Virtual Advanced Threat Defense 3.10.0.35 McAfee MOVE AntiVirus Agentless 4.0.0.317 McAfee MOVE AntiVirus Multi-Platform 4.5.0.211 McAfee Vulnerability Manager 7.5.10 McAfee Host Intrusion Prevention 8.0 Intel Security Controller 2.5 Compatible with all versions New features This release provides fixes for some of the previously known issues, and does not include any new features. Enhancements This release of Network Security Platform includes the following enhancement: Increase in memory size for handling signature sets With a growing number of threats, the frequency of signature set updates and the number of attacks in each update constantly increase. As a means to accommodate a larger signature set size in the future, the memory size allocated to signature sets on the Sensor has been increased. 3
Resolved issues The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues The following table lists the medium-severity Manager software issues: ID # 1224460/ 1198908 Issue Description Unable to login to the Manager using the RADIUS user credentials with the EAP-MD5 authentication method. 1217393/ 1211212 The Manager sends a zero sized file hash to the Sensor which causes the Sensor to reboot. 1216184 When user defined signatures (UDS) are created, the Benign Trigger Probability (BTP) displays incorrect value under Policy <Admin Domain Name> Intrusion Prevention Policy Types IPS Policies Custom Attacks. 1215445 Descriptions are missing for signature sets downloaded automatically. 1214486 After importing or saving a custom attack, the conditions set in the signature changes. 1213914 The REST API request using the parameter page=next does not work. 1207705 While deleting large number of alerts from Attack Log, some alerts are not deleted. 1207311 Unrelated lines of text are displayed in the ems.log. 1205856 After a health check, the policies in use are reported as Unused Custom IPS Policies. 1204420 The SNORT rule configured to ignore "X-Forwarded-for Header" is not working. This Manager fix will work only with signature set 8.7.116.2 or later. 1203747 The Benign Trigger Probability (BTP) value in user defined signatures (UDS) does not map to correct malware confidence (severity) level. 1184808 Snort signatures are not triggered on HTTP response data. 1170812 Unable to view alert statistics in the Manager. The following table lists the low-severity Manager software issues: ID # Issue Description 1210987 Limitation error message appears in the Text to Match field while creating a ReGex. Resolved Sensor software issues The following table lists the high-severity Sensor software issues: ID # Issue Description 1221039 In rare scenarios, the Sensor's datapath processor crashes while processing SMTP traffic. 1218590 The Sensor unexpectedly reboots or becomes unresponsive if the Sensor is up for 497 days. 1217998 The management process for user authentication experiences an exception when user entries are beyond the supported limit. The following table lists the medium-severity Sensor software issues: 4
ID # Issue Description 1235441 [NS5x00, NS3x00] Sensor software version cannot be downgraded from 9.1 to 8.3. 1234673 Upgrade from Sensor version to 9.1.5.20 causes Sensor to reboot if 10G I/O modules are present. 1233320 The datapath processor experiences an exception when guest portal is enabled and the internal resources are incorrectly released causing corruption. 1230865 Sensor experiences an exception causing it to go to Layer2 mode or reboot when NSP Analysis Engine (Network Threat Response) is enabled. 1230284 Management process in the Global Threat Intelligence IP reputation experiences an exception when cache entries exceed the supported limit. 1224971 The SENSOR: Attack Marker Resources Exhausted alerts are generated. 1224468 Malware management process experiences an exception while extracting URI information to be exported to external engines such as Network Threat Behavior Analysis and Advance Threat Defense. 1222361 Firewall rules for McAfee Logon Collector are incorrectly matched with non McAfee Logon Collector firewall rules. 1220494 New firewall policies updated in the Sensor does not work without Sensor reboot. 1220164 In rare scenarios, the datapath processor experiences an exception when Callback Detectors and Heuristic Callback Discovery are enabled. 1211263 Auto negotiation feature disabled in the port setting is updated in the Sensor after a Sensor reboot. 1211242 Alert suppression displays incorrect values when a set pattern of n number of attacks are given. 1208841 [NS9x00, NS7x00] Auto MDI/MDI-X remains enabled even though the auto-negotiation option is disabled. 1207772 Sensor connection does not reset in SPAN mode. 1206700 The Manager and Sensor quarantine query are not synchronized. 1206400 [NS3x00] In rare scenarios, the Sensor's datapath processor fails to initialize. 1205502 HTTPS protocol connections for users based on McAfee Logon Collector database are incorrectly blocked. 1200980 In rare scenarios, SNMP management process experiences an exception due to large number of queries. 5
Installation instructions Manager server/client system requirements The following table lists the 8.3 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only X64 architecture is supported. Recommended Windows Server 2012 R2 Standard Edition operating system. Memory 8 GB Supports up to 3 million alerts in Solr. >16 GB Supports up to 10 million alerts in Solr. CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 6
Table 5-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter (Server with a GUI) Japanese operating system Only X64 architecture is supported. Windows Server 2012 R2 Standard Edition operating system. Memory 8 GB >16 GB Supports up to 3 million alerts in Solr. Supports up to 10 million alerts in Solr. Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 5-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.5 Update 3 ESXi 6.0 Update 1 CPU Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Memory Internal Disks Physical Memory: 16 GB 1 TB The following table lists the 8.3 Manager client requirements when using Windows 7, Windows 8, or Windows 2012: Operating system Minimum Windows 7, English or Japanese Windows 8, English or Japanese Windows 8.1, English or Japanese Windows 10, English or Japanese The display language of the Manager client must be the same as that of the Manager server operating system. Recommended Windows 10, English or Japanese RAM 2 GB 4 GB 7
Minimum Recommended CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 10, 11, or Microsoft Edge Mozilla Firefox Google Chrome (App mode in Windows 8 is not supported.) To avoid the certificate mismatch error and security warning, add add the Manager web certificate to the trusted certificate list. Internet Explorer 11 Mozilla Firefox 20.0 or later Google Chrome 24.0 or later In Mozilla Firefox version 52 or Google Chrome version 42 and above, the NPAPI plug-in is disabled by default. For the Manager client, in addition to Windows 7, Windows 8, and Windows 8.1, you can also use the operating systems mentioned for the Manager server. The following are Central Manager and Manager client requirements when using Mac: Mac operating system Yosemite El Capitan Browser Safari 8 or 9 For more information, see McAfee Network Security Platform Installation Guide. Known issues For a list of known issues in this product release, see Network Security Platform software issues: KB86387 Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.3 product documentation list The following software guides are available for Network Security Platform 8.3 release: Quick Tour Custom Attacks Definition Guide Installation Guide (includes Upgrade Guide) XC Cluster Administration Guide Manager Administration Guide Integration Guide Manager API Reference Guide NTBA Administration Guide CLI Guide Best Practices Guide 8
IPS Administration Guide Troubleshooting Guide Virtual IPS Administration Guide Copyright 2018 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 0A00