Release notes. Symantec Event Manager for Firewall. What s new. System requirements



Similar documents
Pearl Echo Installation Checklist

Symantec AntiVirus for Network Attached Storage 5.1

Symantec LiveUpdate Administrator. Getting Started Guide

Getting started. Symantec AntiVirus Business Pack. About Symantec AntiVirus. Where to find information

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Getting started. Symantec AntiVirus Corporate Edition 8.1 for Workstations and Network Servers

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

HP Business Availability Center

TANDBERG MANAGEMENT SUITE 10.0

Trend ScanMail. for Microsoft Exchange. Quick Start Guide


Ad-Aware Management Server Installed together with Ad-Aware Business Client Ad-Aware Update Server Before You Start the Deployment...

What is Aconex Local Copy? Controlling Access to a Datastore Hardware Requirements Software Requirements Installing Aconex Local Copy Troubleshooting

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Enterprise Server. Application Sentinel for SQL Server Installation and Configuration Guide. Application Sentinel 2.0 and Higher

Kaseya Server Instal ation User Guide June 6, 2008

Installation Instruction STATISTICA Enterprise Server

Topaz Installation Sheet

Matisse Installation Guide for MS Windows

Symantec Mail Security for Domino

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Symantec bv-control for Microsoft Exchange 9.0 Getting Started Guide

NETWRIX WINDOWS SERVER CHANGE REPORTER

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Receptionist-Small Business Administrator guide

Filter. SurfControl Filter 5.0 for SMTP Getting Started Guide. The World s #1 Web & Filtering Company

SysPatrol - Server Security Monitor

2. Installation and System requirements

Core Protection for Virtual Machines 1

LT Auditor+ for Windows

Symantec Protection for SharePoint Servers Implementation Guide

Novell ZENworks Asset Management 7.5

Symantec Protection for SharePoint Servers Getting Started Guide

INSTALLING SQL SERVER 2012 EXPRESS WITH ADVANCED SERVICES FOR REDHORSE CRM

SonicWALL Global Management System Installation Guide Entry Edition. Version 2.1

Getting Started with. Ascent Capture Internet Server Revision A

Installation and Deployment

Reporting for Contact Center Setup and Operations Guide. BCM Contact Center

Online Backup Client User Manual Linux

Uptime Infrastructure Monitor. Installation Guide


Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP

System Requirements - CommNet Server

FedEx Ship Manager Software. Installation Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Ignify ecommerce. Item Requirements Notes

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

FactoryTalk Gateway Getting Results Guide

escan Corporate Edition User Guide

NSi Mobile Installation Guide. Version 6.2

Charter Business Desktop Security Administrator's Guide

VERITAS Backup Exec TM 10.0 for Windows Servers

Release Notes for Websense Security v7.2

BitDefender Security for Exchange

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

4cast Server Specification and Installation

Enterprise Manager. Version 6.2. Installation Guide

4cast Client Specification and Installation

1. Product Information

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Resolving H202 Errors (INTERNAL)

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

McAfee Total Protection Service Installation Guide

Installation Guide Sybase ETL Small Business Edition 4.2 for Windows

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

NETWRIX EVENT LOG MANAGER

Windows 2003 Server Installation Guide

Installation Notes for Outpost Network Security (ONS) version 3.2

Lexia Network Installation Instructions

System Requirements - Table of Contents

Mirtrak 6 Powered by Cyclope

Upgrade to Webtrends Analytics 8.7: Best Practices

Getting Started with ESXi Embedded

WhatsUp Gold v16.2 MSP Edition Deployment Guide This guide provides information about installing and configuring WhatsUp Gold MSP Edition to central

new Business Online Technical Troubleshooting Guide

Installing and Configuring vcenter Support Assistant

IBM Business Process Manager Version IBM Business Process Manager for Microsoft SharePoint Add-On Installation Guide

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Installation and Connection Guide to the simulation environment GLOBAL VISION

Installation Guide: Delta Module Manager Launcher

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Server Management 2.0

RecoveryVault Express Client User Manual

Symantec System Recovery 2013 Management Solution Administrator's Guide

SOS Suite Installation Guide

Total Defense Endpoint Premium r12

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Installation Instruction STATISTICA Enterprise Small Business

FreeFlow Accxes Print Server V15.0 August P Xerox FreeFlow Accxes Print Server Drivers and Client Tools Software Installation Guide

VERSION 9.02 INSTALLATION GUIDE.

Matisse Installation Guide for MS Windows. 10th Edition

DocuShare Installation Guide

Installation Guide. Release 3.1

FileMaker Server 11. Getting Started Guide

Online Backup Client User Manual

Understand Troubleshooting Methodology

Transcription:

Release notes Symantec Event Manager for Firewall What s new Symantec Event Manager for Firewall provides centralized logging, alerting, and reporting across Symantec s enterprise firewall protection solutions. Symantec Event Manager for Firewall integrates the following products with the Symantec Enterprise Security Architecture (SESA) event management system: Symantec Enterprise Firewall (SEF), version 7.0 Symantec Gateway Security (SGS), models 5110, 5200, 5300, and 5310, version 1.0 (firewall events only) Symantec VelociRaptor (VR), models 1100, 1200, 1300, and 1310, version 1.5 Also supports older versions of VelociRaptor hardware models that have been upgraded to version 1.5. Third-party Event Collector products (requires separate purchase) The Symantec Event Manager for Firewall delivers enterprise firewall security events to a central console, enabling administrators to see a consistent view of their firewall security posture. Through the collection and transformation of enterprise firewall security events from Symantec Security Gateways and third-party security gateways, the Symantec Event Manager for Firewall can reduce consolidate and normalize data, making impending threats more easily identifiable. Combining powerful alert notification, enterprise reporting and role based administration with a highly scalable secure architecture, the Symantec Event Manager for Firewall is ideally suited to medium to large enterprises and managed security services environments. These Release Notes cover the following: System requirements on page 1 Documentation on page 3 Symantec Event Manager for Firewall CD on page 3 Installation prerequisites on page 3 Installation overview on page 4 Support on page 4 Issues and workarounds on page 4 System requirements Before installing Symantec Event Manager for Firewall, it is important to adequately plan its installation for your environment. SESA Manager computer prerequisites Before installing SESA integration components and the Event Manager for Firewall on the SESA Manager, ensure that the SESA Foundation Pack version 1.0 is installed and operating properly. For installation Part Number: 10054384 1

information, see the Symantec Enterprise Security Architecture Installation Guide. Symantec Event Manager for Firewall for Symantec Security Gateways system prerequisites Make sure that the computer or computers on which you will install the Event Manager for Firewall, (including the following components: Event Collector for Symantec Security Gateways, the SESA Agent, and the Java Runtime Environment) meet the following minimum requirements: Operating system Sun Java requirements Microsoft Windows 2000 Server with Service Pack 3 Microsoft Windows 2000 Advanced Server with Service Pack 3 or Solaris 8 (32-bit or 64-bit) Java Runtime Environment (JRE) version 1.3.1_02 Processor Intel Pentium III-compatible 1 GHz processor (Windows) Sun Microsystems sbus or PCI UltraSPARC workstation The amount of disk space you will need to accommodate the event data depends on how many devices are logging events, how verbose they are, and how long you want to keep the event data. 128GB should be sufficient to store events from several security gateways for 30-days. Sizing guidelines for Symantec Security Gateway This section provides guidelines to help you determine the number of Symantec Event Manager for Firewalls, SESA Managers, and SESA DataStores you need to manage specific numbers of Symantec Security Gateways. Information in this section applies to Symantec Security Gateways only. Note: Information in the following table was derived using a 200 MB log file per day. The information below is intended to be a guideline only; the actual size of log files will vary depending on the size of your network and the amount of traffic generated. Table 1-1 Symantec Event Manager for Firewall components Memory 512 MB of memory (minimum) for the SESA Agent and for each Symantec security product - 1MB is strongly recommended Symantec Security Gateways Symantec Event Manager for Firewall SESA Managers SESA DataStores Hard disk space 11 MB disk space for Event Collector and SESA Agent 1 MB disk space for RemoteLog utility 2 GB free disk space for RemoteLog files for each managed firewall 25 1 1 1 50 2 2 1 100 4 3 2 Network connection TCP/IP connection to network SESA DataStore prerequisites The SESA DataStore computer, installed during the SESA installation, must have enough hard disk space to accommodate the security events that are being generated. For large organizations that manage more than 100 security gateways, the SESA implementation may require detailed planning to deploy. We suggest contacting your authorized sales representative or Symantec Systems Engineer for assistance in determining the appropriate sizing guidelines. 2

Documentation In addition to these release notes. the Symantec Event Manager for Firewall also comes with an Integration Guide. Once SESA is installed, PDF versions of the SESA Installation and Administrator s Guide is available online. Symantec Event Manager for Firewall CD The following table lists the Symantec Event Manager for Firewall CD contents: CD folder Contents top level autorun.inf auto-start program to run cdstart when the CD-ROM is inserted into a Microsoft Windows system. cdstart.exe displays the installation menu to start either the Event Collector installation or the SESA integration component installation. JREGENT.DLL JWINUTIL.DLL launcher.settings libjsunutil.so setup.jar integration component installer program. \techpubs SEM_Firewall_Intg.pdf (Symantec Event Manager for Firewall Integration Guide) \lib ldapjdk.jar sesa-common.jar sipi-installer.jar xerces.jar \Solaris install SEFCollector.tar libjsunutil.so SEM_Firewall_RN.PDF (Symantec Event Manager for Firewall Release Notes) \AgtInst Contains the files to install the SESA Agent in a Solaris 8 environment. \Windows Data1.cab isscript.msi j2re-1_3_1_02-win-i.exe setup.exe Symantec Event Manager for Firewall.msi Installation prerequisites Before you install Symantec Event Manager for Firewall, make sure that the conditions in this section have been met. For Symantec and third-party security gateways: Ensure that SESA Foundation Pack version 1.1 is installed and operating properly. For more information, see the Symantec Enterprise Security Architecture Installation Guide. CD folder Contents \AgtInst Contains the files to install the SESA Agent. Ensure that the Java Runtime Environment (JRE) is installed on the computer on which the SESA Agent will be installed. Note: An international Windows version of the JRE is included on the Symantec Event Manager for Firewall product CD-ROM. A Solaris version of the JRE, can be obtained from Sun s Web site at http:// java.sun.com/products/archive/j2se/1.3.1_02/jre/ index.html. For Symantec Security Gateways only, Ensure that Remote Logging is enabled for the remote log server and each Symantec Security Gateway to be monitored. This consists of: Configuring each security gateway to grant the remote log server permission to connect and obtain its log files. Configuring the remote log server with the IP address and password for each security gateway to be monitored. Detailed instructions for configuring remote logging can be found in Chapter 2 of the Symantec Event Manager for Firewall Integration Guide. 3

Ensure that the Log Normal Events setting is enabled for your Symantec Security Gateways. By default, Symantec Security gateways are configured to log normal events. This ensures that all possible events are logged to SESA. If you have disabled this setting, use the Symantec Security Management Console (SRMC) for Windows or Remote Console for Unix (RCU) for Solaris to enable the Log Normal Events setting. Installation overview Once you have fulfilled the installation considerations described above, you are ready to install Symantec Event Manager for Firewall. For Symantec Security Gateways only, complete the following procedures: Enabling remote logging Installing the Remote Log Utility on the log server For both Symantec Security Gateways and third party security gateways. complete the following procedures: Installing Symantec Event Manager for Firewall SESA integration components Installing the Java Runtime Environment Installing Symantec Event Manager for Firewall for Symantec Security Gateways Configuring network interfaces and remote management host Customizing the SESA Agent s configuration Customizing the SESA Manager s configuration Configuring Symantec Event Manager for Firewall to monitor multiple Symantec Security Gateways Refer to the Symantec Event Manager for Firewall Integration Guide to complete the full installation, and always check the Symantec web site for the latest updates on this product: Support Symantec technical support offerings include: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and Web support components that provide rapid response and up-to-the-minute information Upgrade insurance that delivers automatic software upgrade protection Content updates for virus definitions and security signatures that ensure the highest level of protection Global support from Symantec Security Response experts, which is available 24 hours a day, 7 days a week, worldwide in a variety of languages Advanced features, such as the Symantec Alerting Service and Technical Account Manager role, which offer enhanced response and proactive security support Please visit the Symantec Web site for current information on Support Programs. The specific features available may vary based on the level of support purchased and the specific product that you are using. Issues and workarounds This section describes issues, and where applicable, workarounds that you should be aware of before installing and using Symantec Event Manager for Firewall. Windows uninstall is not clean Currently, Symantec Event Manager for Firewall can be uninstalled using the uninstall feature on the product CD-ROM or Add/Remove Programs in Start > Settings > Control Panel. Although the uninstall is complete, logfiles (and other miscellaneous files) will remain in the C:/Program Files/ Symantec directory tree. Manually delete the Symantec directory. Note: If left, the files will not adversely affect your computer s operation. Erroneous Possible Attack event may be generated Possible Attack events may be generated when the SRMC or Event 4

Collector connects to Symantec Security Gateways if you did not edit FirewallInformation.ini to define remote management hosts. Files in the bin/ and init scripts should be rwxr--r--. Edit the Remote Management Hosts parameter in the FirewallInformation.ini file to add the IP addresses of the computers on which the SRMC and Event Collector are installed. Detailed instructions are contained in the Symantec Event Manager for Firewall Integration Guide. Invalid traffic direction in SESA events The traffic direction field in the event details in SESA report views has the wrong data. This means that you can not tell from the Direction field in which direction the connection (or attempted connection) was made. Enter system names for inside (Internal) and outside (External) network interfaces in the FirewallInformation.ini file for firewalls that the Event Collector will monitor. These can be obtained by viewing the firewall log file after passing network traffic. See Chapter 2 in the Symantec Event Manager for Firewall Integration Guide for detailed instructions. Permissions of most Solaris files are incorrect Some of the files provided for the Solaris install are executable and/or writable. You can manually change the file permissions. All files but those in bin/ directory should be rw-r--r--. 5

Event Collect for Symantec Security Gateways cannot tell if a machine is trusted When an internal machine pings an external machine, an erroneous message is generated that there is a potential attack event. You can prevent this by disabling outbound ping roll-ups. In the file DE_FirstPass.rule (in the KnowledgeBase/Firewalls/SEF directory in the installation directory), change the value of ROLLUP_OUTBOUND_PINGS to 1 to simply report them as statistics, or to 0 to disable reporting of these events. You may also wish to disable ROLLUP_INTERNAL_PINGS in the same way. Hyphen displayed at the end of the source ip field For nmap scan events, a hyphen may be displayed at the end of the source ip field when viewing the event in the SESA Console. None. Reconfigured Successfully event not sent When a new configuration of the firewall is logged, no event is sent to SESA. None. A multiple login failure event is not generated The default behavior of the Event Collector for Symantec Security Gateways is to not generate an event when there is a multiple logon failure. To generate an event for a multiple logon failure, edit the rule that defines how failed login events should be processed. In the DE_FirstPass.rule configuration file, change ROLLUP_FAILED_LOGINS to a setting that is greater than 1. If set to 2 or greater, the Event Collector will roll up failed login events by user name. For example, if ROLLUP_FAILED_LOGINS is set to 5, the Event Collector will report one event for every five failed login events for a given user name. Note: This may cause the events that are logged by the firewall next to be missed. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information