Network Security Platform 8.1

8.1.7.12-8.1.5.39 NS-series Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. This maintenance release of Network Security Platform is to introduce the new NS 7x00-series Sensor models. Network Security Manager software version: 8.1.7.12 Signature Set: 8.6.42.7 NS-series Sensor software version: 8.1.5.39 This release is for NS7300, NS7200, and NS7100 Sensor models. For NS9300, NS9200, and NS9100, McAfee recommends that you use Sensor software version 8.1.5.14. Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance releases or hot-fix releases on version 8.0. 1

This version of 8.1 Manager software can be used to configure and manage the following hardware: 7.1, 7.5, and 8.1 M series and Mxx30-series Sensors 8.1 Virtual IPS Sensors 7.1, and 8.1 NS 9x00-series Sensors 7.1, 7.5, and 8.1 XC Cluster Appliances 7.1, 7.5, and 8.1 NTBA Appliance software (Physical and Virtual) 7.1 I-series Sensors Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. With release 8.1, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 7.5 and above are not supported on McAfee-built Dell based Manager Appliances. New features This release of Network Security Platform includes the following new features. Introducing Network Security Sensors: NS7100, NS7200, and NS7300 This release of 8.1 introduces McAfee's next generation Network Security Platform hardware, NS Series Sensor models NS7100, NS7200, and NS7300. The NS7300, NS7200, and NS7100 Sensor models are a mid-range offering that provide 5 Gbps, 3 Gbps, and 1.5 Gbps throughput respectively. The NS series Sensors are flexible enough to adapt to the security needs of any enterprise environment. When deployed at key network access points, they provide real time monitoring on high traffic loads to detect malicious activity and respond to the malicious activity as configured by the administrator. The NS7x00 Sensors are 1RU units equipped with the following components: Two slots for pluggable and hot swappable I/O modules 8-port SFP/SFP+ 1/10 Gigabit interface module 6-port RJ-45 10/100/1000 Mbps with internal fail-open interface module 4-port SFP+ 1/10 GigE LR Optical with internal fail-open interface module 2

4-port SFP+ 1/10 GigE SR Optical 50 micron with internal fail-open interface module 4-port SFP+ 1/10 GigE SR Optical 62.5 micron with internal fail-open interface module Pluggable Transceiver modules McAfee's IAC SFTSR FOT 10 Gbs enhanced 850nm SFP+ transceivers are designed for use in 10 Gigabit Ethernet links over multimode fiber McAfee's IAC SFTLR FOT 10 Gbs enhanced 1310nm SFP+ transceivers are designed for use in 10 Gigabit Ethernet links up to 10 km over single mode SFP transceiver modules are also supported on the NS7x00 Sensors. Two fixed SFP+ 10/1 Gigabit Ethernet ports Eight RJ 45 10/100/1000 Mbps Ethernet Monitoring ports One Console port Up to 1 Gbps Support on Management and Response ports One RJ-45 10/100/1000 Management port One RJ-45 10/100/1000 Response port One DB9 Auxiliary port External USB ports for Storage/Rescue application DB9/Serial Console Baud Rate = 115200 RJ-11 port for fail-open control of two built-in SFP+ ports in slot G0 The front and rear panel LEDs provide status information for the health of the Sensor and the activity on its ports. Diagnostics for field replacement The 10/100/1000 Mbps Fail Open Kit and the 1 and 10 Gigabit Fail Open Kits are supported on the NS7x00 Sensors. NTBA is supported on the NS7x00 Sensors. Unsupported features The traffic management or rate limiting feature is not supported on NS7x00 Sensors for this release. Resolved issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues The following table lists the medium-severity Manager software issues: ID # Issue Description 1012914 Shutting down the Sensor from the Manager, logs out the user from the Manager. 1010396 When Vulnerability Manager is configured with the Network Security Manager, error Asset information not available for the given host is displayed in the Manager upon selecting Destination Host Details. 1009928 The Configuration Report for Sensor displays ports connected in inline and with no SFPs inserted as undefined. 3

ID # Issue Description 1009606 The Destination Country filter does not display any alert results in the Threat Analyzer. 1006698 The DATGTICommunicationFailure:ConnectionFailure error due to connection failure is not included in the faults report. 1006565 The Manager logs out when a user is assigned a specific user role 1006240 The Firewall rule, FW- International Offices does not load in the Manager. 1005282 The Select or Deslect All checkbox does not function in the Email Now page in Automatically Generated Reports. When viewing pre-generated reports in Google Chrome, upon clicking the back icon the browser displays an error. 991464 Host Intrusion Prevention attack IDs are not resolved to names after installing 8.1.7.5.3 hot fix. 989639 The Dashboard does not display high-risk endpoints, malware detection and botnet detectors data even though there are alerts raised in the Threat Analyzer. 988953 The new open SSL version is updated and bundled with the Manager. 988371 Duplicate entries for Hourly/Daily Data Mining are generated for Automated Pruning. 985695 The Modification Time is not included in the faults report for an alert generated as the fault flag is not deleted in the fault log. 984846 The configuration update status displays as In Progress under long running process even after the signature sets are successfully downloaded. 983689 The Name field in Advanced Malware Policy cannot be deleted upon reaching the limit. 982509 When generating a new Next Generation Report, the report shows the attack count for signature attacks instead of alert count. 982477 The Next Generation Report displays only 10 attack results even when are there more than 10 attack results in the Threat Analyzer. 981597 The error srleap:dev Prof Alert Queue is displayed as the device profiling queue flags have reached the limit. 980430 Email notifications are sent even after disabling the Enable E-mail Forwarding option in the Manager. 979763 The Manager includes unexpected characters like MNAC Forwarder Alert to syslog messages. 979568 The Physical Ports page does not display ports for a configured NTBA Appliance. 979075 The syslog settings are not synchronized between the MDR pair after switchover to the secondary. 978015 The Alert Channel Down fault takes 12 hours to be cleared after the channel comes online. 977974 The file name cannot be added for an NTBA communication rule. 977943 The primary Manager switches to standby mode due to overloading of the heapdump. 977359 The IPS Event Logging feature cannot be configured for older M-series Sensor softwares before 8.1.5.14. 976417 The Next Generation reports filter accepts only abbreviation for source and destination countries. 976299 The View Connectivity Data is not displayed correctly when extracted from NTBA response logs. 975753 The time zone formats on the Manager and the report generated from the Threat Analyzer are different. 974497 The Running Tasks report displays the Sensor configuration update as failed even though the configuration update was completed successfully. 973858 The options for Additional Constraints are empty in the Historical Threat Analyzer. 973071 The user cannot perform certain actions in the Manager even after a custom role is assigned. 4

ID # Issue Description 972740 During scheduled backup, the temporary tables are also included in the process. 970942 The secondary Manager displays the Incompatible custom attack fault when synchronization is initiated with the primary Manager due to SSID.bin file corruption. 969889 While viewing the configuration update table, the Last Updated column does not sort correctly. 969510 The user once logged out of the Manager cannot login back without restarting the Manager service. 969112 The Top Attacks in the Threat Explorer displays a numeral instead of the attack name. 968658 Bulk signature set update for 20 or 30 Sensors fails. 964715 The Botnet DAT update fails on multiple Sensors. 964351 In rare scenarios, after Sensor reboot the SSL certificates are not enabled on the Sensor due to concurrent SNMP error. 964185 The Manager versions 8.0.5.11 / 7.5.3.11 are vulnerable to HTTP Server Prone To Slow Denial Of Service Attack when configured with Vulnerability Manager. 941108 The Sensor performance report provides incorrect data and labels. 924628 The synchronization between the Central Manager and MDR pair is generating the fault Manager <host name>:<host IP> unreachable. Also, error srleap:icc_ism_module is generated in the logs. Resolved Sensor software issues This is the first release of the NS7300, NS7200, NS7100 Sensors. Hence, there are no resolved issues applicable. 5

Installation instructions Manager server/client system requirements The following table lists the 8.1 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, SP1 (Full Installation), English operating system Windows Server 2008 R2 Standard or Enterprise Edition, SP1 (Full Installation), Japanese operating system Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only X64 architecture is supported. Recommended Same as the minimum required. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 6

Table 4-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition with SP1 English operating system Windows Server 2008 R2 Standard or Enterprise Edition with SP1 Japanese operating system Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter (Server with a GUI) Japanese operating system Only X64 architecture is supported. Same as minimum required. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 4-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 CPU Memory Internal Disks Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Physical Memory: 16 GB 1 TB The following table lists the 8.1 Manager client requirements when using Windows 7 or Windows 8: Operating system Minimum Windows 7 English or Japanese Windows 8 English or Japanese Windows 8.1 English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB 7

Minimum Recommended CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10 or 11 Mozilla Firefox Google Chrome (App mode in Windows 8 is not supported) If you are using Google Chrome, add the Manager certificate to the trusted certificate list. Internet Explorer 11 Mozilla Firefox 20.0 or above Google Chrome 24.0 or above For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating systems mentioned for the Manager server. The following table lists the 8.1 Central Manager / Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Manager/Central Manager software NS-series Sensor software Minimum Software Version 7.1 7.1.3.5, 7.1.5.7, 7.1.5.10, 7.1.5.14, 7.1.5.15 7.5 7.5.3.11, 7.5.5.6, 7.5.5.7, 7.5.5.10 8.1 8.1.3.4, 8.1.3.6, 8.1.7.5 This is the first release of the Sensor software, upgrade is not applicable. Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: Manager software issues: KB81373 NS-series Sensor software issues: KB82173 8

Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. The related documents available with NS7x00 software are: NS7x00 Sensor Quick Start Guide NS7x00 Sensor Product Guide Addendum II to 8.1 Documentation Copyright 2014 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 0B-00