RSA Security Analytics Virtual Appliance Setup Guide

Similar documents
RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics. S4 Broker Setup Guide

EMC Data Domain Management Center

Syncplicity On-Premise Storage Connector

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

Virtual Managment Appliance Setup Guide

Uila Management and Analytics System Installation and Administration Guide

Virtual Appliance Setup Guide

Virtual Web Appliance Setup Guide

VMware vcenter Log Insight Getting Started Guide

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

RSA Authentication Manager 7.1 Basic Exercises

PHD Virtual Backup for Hyper-V

Getting Started with ESXi Embedded

Installing and Configuring vcenter Multi-Hypervisor Manager

Uila SaaS Installation Guide

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Install Guide for JunosV Wireless LAN Controller

Installing and Using the vnios Trial

Quick Start Guide. for Installing vnios Software on. VMware Platforms

NetIQ Sentinel Quick Start Guide

VMware vsphere 5.0 Evaluation Guide

Altor Virtual Network Security Analyzer v1.0 Installation Guide

FortiAnalyzer VM (VMware) Install Guide

F-Secure Internet Gatekeeper Virtual Appliance

Installing and Configuring vcenter Support Assistant

Virtual Appliance Setup Guide

VMware vsphere 5.0 Evaluation Guide

Quick Note 052. Connecting to Digi Remote Manager SM Through Web Proxy

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

CommandCenter Secure Gateway

Building a Penetration Testing Virtual Computer Laboratory

RSA Security Analytics

POD INSTALLATION AND CONFIGURATION GUIDE. EMC CIS Series 1

Installing and Configuring vcloud Connector

GRAVITYZONE HERE. Deployment Guide VLE Environment

Unitrends Virtual Backup Installation Guide Version 8.0

Virtual LoadMaster for VMware ESX, ESXi using vsphere

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

How To Secure An Rsa Authentication Agent

RSA Security Analytics Security Analytics System Overview

Citrix XenServer Workload Balancing Quick Start. Published February Edition

NexentaConnect for VMware Virtual SAN

Nasuni Filer Virtualization Getting Started Guide. Version 7.5 June 2016 Last modified: June 9, Nasuni Corporation All Rights Reserved

VMware vcenter Support Assistant 5.1.1

Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide

RealPresence Platform Director

Security Analytics Virtual Appliance

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

VMware for Bosch VMS. en Software Manual

Table of Contents. Online backup Manager User s Guide

HP CloudSystem Enterprise

Drobo How-To Guide. Cloud Storage Using Amazon Storage Gateway with Drobo iscsi SAN

VMware Virtual SAN Backup Using VMware vsphere Data Protection Advanced SEPTEMBER 2014

Cookbook Backup, Recovery, Archival (BURA)

Quick Start Guide for VMware and Windows 7

VMware vcenter Log Insight Getting Started Guide

Dell PowerVault MD32xx Deployment Guide for VMware ESX4.1 Server

Managing Multi-Hypervisor Environments with vcenter Server

XenClient Enterprise Synchronizer Installation Guide

Getting Started with Database Provisioning

Frequently Asked Questions: EMC UnityVSA

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015

vsphere Replication for Disaster Recovery to Cloud

ESX System Analyzer Version 1.0 Installation Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

VMware Identity Manager Connector Installation and Configuration

Clustered Data ONTAP 8.3

QNAP in vsphere Environment

Installing and Administering VMware vsphere Update Manager

Exinda How to Guide: Virtual Appliance. Exinda ExOS Version Exinda, Inc

SonicWALL SRA Virtual Appliance Getting Started Guide

Quick Start - Virtual Server idataagent (VMware)

vsphere Replication for Disaster Recovery to Cloud

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter

Quick Start Guide For Ipswitch Failover v9.0

Bosch Video Management System High availability with VMware

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage

VMware vsphere Data Protection 6.0

vsphere Agent 7.1 Quick Start Guide

RSA envision Windows Eventing Collector Service Deployment Overview Guide

Barracuda Message Archiver Vx Deployment. Whitepaper

How to Backup and Restore a VM using Veeam

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Oracle Virtual Desktop Infrastructure. VDI Demo (Microsoft Remote Desktop Services) for Version 3.2

RSA SecurID Software Token 1.0 for Android Administrator s Guide

BLACK BOX. Quick Start Guide. Virtual Central Management System (VCMS) Works with LES Series Console Servers. LES-VCMS. Customer Support Information

Barracuda Backup Vx. Virtual Appliance Deployment. White Paper

Deploying Avaya Aura Experience Portal in an Avaya Customer Experience Virtualized Environment

Quick Start Guide for Parallels Virtuozzo

Virtual Server Installation Manual April 8, 2014 Version 1.8

FortiOS Handbook VM Installation for FortiOS 5.0

In order to upload a VM you need to have a VM image in one of the following formats:

Technical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5

vrealize Air Compliance OVA Installation and Deployment Guide

NVIDIA GRID 2.0 ENTERPRISE SOFTWARE

PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT

LifeSize Transit Virtual Appliance Installation Guide June 2011

Transcription:

RSA Security Analytics Virtual Appliance Setup Guide

Copyright 2010-2015 RSA, the Security Division of EMC. All rights reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm. License Agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Third-Party Licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses.pdf file. Note on Encryption Technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2

Virtual Appliance Setup Guide Contents Virtual Appliance Setup Guide 4 Virtual Appliance Overview 5 Install Security Analytics Virtual Appliance in Virtual Environment 8 Step 1: Deploy the Virtual Appliance 9 Step 2: Configure the Network 13 Step 3: Configure Datastore Space for the Appliance 16 Step 4: Configure Appliance-Specific Parameters 20 3

Overview Virtual Appliance Setup Guide Overview This guide provides instructions for installing and configuring virtual instances of the Security Analytics appliances. This document pertains only to elements for installation and configuration that are dependent on instances of Security Analytics running in a virtualized environment. Last Modified: July 23 2015, 9:01PM 4

Overview Virtual Appliance Overview Overview This topics provides an overview of the virtual instances of Security Analytics appliances, including installation media, available appliances, recommendations, minimum requirements, and sizing guidelines. Context You can install the following Security Analytics appliances in your virtual environment as a virtual appliance and inherit features that are provided by your virtual environment: Archiver Broker Concentrator Event Stream Analysis Log Decoder Malware Analysis Decoder Remote IPDB Remote Log Collector Security Analytics Server Warehouse Connector You must be familiar with the following VMware infrastructure concepts: VMware vcenter Server VMware ESX host Virtual machine For information on these VMware concepts, refer to the VMware product documentation. The virtual appliances are provided as an Open Virtual Appliance (OVA). You need to deploy the OVA file as a virtual machine in your virtual infrastructure. Last Modified: July 23 2015, 8:59PM 5

Installation Media Installation Media Installation media are in the form of Open Virtual Appliance (OVA) packages, which are available for download and installation from Download Central (https://download.rsasecurity.com). As part of your RSA order fulfillment, you are provided access to the OVFs that pertain to each component ordered. Virtual Environment Recommendations The virtual appliances installed with the OVF packages have the same functionality as the Security Analytics hardware appliances. As a result, when implementing any of the virtual appliances considerations, you must account for the backend hardware. Based on resource requirements of the different components, follow best practices to utilize the system and dedicated storage appropriately. Ensure that backend disk configurations provide minimum write speed of 10% greater than the required sustained capture and ingest rate for the deployment. Build Concentrator directories for meta and Index databases on the SSD/EFD HDD. If the database components are separate from the installed OS components (that is, on a separate physical system), provide direct connectivity using either two 8-Gbps Fiber Channel SAN ports per virtual appliance or 6-Gbps SAS connectivity. Virtual Appliance Minimum Requirements The following table lists CPU, Memory, and OS Disk partition minimum requirements for the virtual appliances. The disk requirements are fixed sizes for the OVA packages. Some settings for the OVA package will need to be adjusted. RAM and CPU metrics are minimums and are also dependent on the capture and ingest environment. The requirements were tested at ingest rates of 5k EPS for logs and 300 Mbps for packets. Virtual Appliance Type Quantity of CPUs CPU Specifications RAM Disk Decoder 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Log Decoder 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Concentrator 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Archiver 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Broker 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Warehouse Connector 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Security Analytics Server 4 Intel Xeon CPU @2.93 Ghz 16 GB 320 GB Last Modified: July 23 2015, 8:59PM 6

Virtual Log Collector Sizing Guidelines Virtual Log Collector Sizing Guidelines The following table lists the recommended CPU Specifications, Memory, and Disk size for the Virtual Log Collector (VLC) based on events per second (EPS). Rate Quantity of CPUs CPU Specifications RAM Disk 1,000 EPS 2 Intel Xeon CPU @2.00 Ghz 2 GB 150 GB 2,500 EPS 2 Intel Xeon CPU @2.00 Ghz 2.5 GB 150 GB 5,000 EPS 3 Intel Xeon CPU @2.00 Ghz 3 GB 150 GB 20,000 EPS 8 Intel Xeon CPU @2.00 Ghz 8 GB 150 GB Last Modified: July 23 2015, 8:59PM 7

Overview Install Security Analytics Virtual Appliance in Virtual Environment Overview This topic provides the sequence of the installation steps along with detailed procedures for installing a Security Analytics virtual appliance in your virtual environment. Prerequisites Make sure that you have: A VMware ESX Server that meets the requirements described in the above section. vsphere 4.1 Client or vsphere 5.0 Client installed to log on to the VMware ESX Server. Administrator rights to create the virtual machines on the VMware ESX Server. Last Modified: July 23 2015, 9:01PM 8

Overview Step 1: Deploy the Virtual Appliance Overview This topic provides instructions to deploy the OVA file on the vsphere Server or ESX Server using the vsphere client. Prerequisites Make sure that you have: Network IP addresses, netmask, and gateway IP addresses for the virtual appliance. Network names for all virtual appliances, if you are creating a cluster. DNS or host information. Password for virtual appliance access. The default username is root and the default password is netwitness. Downloaded the Security Analytics virtual appliance package file from the download server. Note: A script will run immediately upon logging on, asking for the Security Analytics server IP address. Press Enter, with no IP address, or Ctrl-C to break out of this script. Once the current appliance is completely setup and the Security Analytics server is online and ready to accept appliances, enter the Security Analytics IP address at this prompt by logging off and logging back on. Procedure Note: The following instructions illustrate one possible example of deploying an OVA appliance, your screens may vary. To deploy the OVA appliance: 1. Log on to the ESXi environment. Last Modified: July 23 2015, 8:41PM 9

Procedure 2. In the File drop-down, select Deploy OVF Template. The Deploy OVF Template dialog is displayed. 3. In the Deploy OVF Template dialog, select the OVF for the appliance that you want to deploy in the virtual environment, and click Next. The Name and Location dialog is displayed. The designated name does not reflect the server hostname, instead it is for inventory reference from within ESXi. 4. Make a note of the name, and click Next. Storage Options are displayed. Last Modified: July 23 2015, 8:41PM 10

Procedure 5. For Storage options, designate the datastore location for the virtual appliance. This location is only for the appliance OS. It is not required to be the same datastore needed when setting up and configuring additional volumes for the Security Analytics databases on certain appliances (covered in the following sections). When finished, click Next. The Network Mapping options are displayed. Last Modified: July 23 2015, 8:41PM 11

Procedure 6. If you want to configure Network Mapping now, you can select options here, but RSA recommends that you keep the default values and save network mapping for after the OVF has been configured. This configuration is done in Step 4: Configure Appliance-Specific Parameters. Leave the default values, and click Next. A status window showing deployment status is displayed. After the process is complete, the new OVF is presented in the designated resource pool visible on ESXi from within vsphere. At this point, the core virtual appliance is installed but is still not configured. Last Modified: July 23 2015, 8:41PM 12

Overview Step 2: Configure the Network Overview This topic provides instructions on how to configure the network of the Virtual Appliance. Prerequisites Make sure that you have: Network IP addresses, netmask, and gateway IP addresses for the virtual appliance. Network names for all virtual appliances, if you are creating a cluster. DNS or host information. Note: A script will run immediately upon logging on, asking for the Security Analytics server IP address. Press Enter, with no IP address, or Ctrl-C to break out of this script. Once the current appliance is completely setup and the Security Analytics server is online and ready to accept appliances, enter the Security Analytics IP address at this prompt by logging off and logging back on. Procedure Perform the following steps for all virtual appliances to get them on your network. To configure the network: 1. Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 configuration file as shown below with the appropriate IP address, netmask and gateway. (The reason for manual network configuration is that the Security Analytics OVF automatic network configuration option does not successfully set all network settings at this time.) BOOTPROTO should be set Last Modified: July 23 2015, 9:01PM 13

Procedure to NONE or STATIC to avoid automatically defaulting to DHCP. 2. Edit the /etc/sysconfig/network file and set the appliance Hostname. 3. (Optional) Edit the /etc/resolv.conf file and set the preferred DNS servers the appliance should use. 4. Configure the hostname. If you configured the DNS server entries so that the DNS server can resolve the Security Analytics appliances, you can skip this step. Otherwise, configure the /etc/hosts file as follows: a. Change all references to the default appliance hostname to match your chosen hostname. b. Add the line: <your-appliance-ip-address> <your-appliance-hostname> where <your-appliance-ip-address> is the IP address of your machine, where <your-appliancehostname> is the name of your appliance. c. Add the line: <your-security-analytics-server-ip-address> <your-security-analytics-appliance-hostname> where <your-security-analytics-server-ip-address> is the IP address and <your-security-analytics-appliance-hostname> is the name of your Security Analytics appliance. 5. Restart the network adapter, and type the following command: service network restart Last Modified: July 23 2015, 9:01PM 14

Procedure 6. Progress messages are displayed as the adapter restarts. Last Modified: July 23 2015, 9:01PM 15

Overview Step 3: Configure Datastore Space for the Appliance Overview This topic provides configuration options for configuring datastore space for the different appliances. Refer to the specific section for information on the virtual appliance you are trying to configure. Virtual Drive Space Ratios The following table provides optimal configurations for packet and log appliances. Additional partitioning and sizing examples for both packet capture and log ingest environments are provided at the end of this topic. Decoder Persistent Datastores Cache Datastores PacketDB SessionDB MetaDB Index 100% as calculated by Sizing Calculator 6 GB per 100Mb/s of traffic sustained provides 4 hours cache 60 GB per 100Mb/s of traffic sustained provides 4 hours cache 3 GB per 100Mb/s of traffic sustained provides 4 hours cache Concentrator Persistent Datastores Cache Datastores MetaDB SessionDB Index Index Calculated as 10% of the PacketDB required for a 1:1 retention ratio 30 GB per 1TB of PacketDB for standard multi protocol network deployments as seen at typical internet gateways 5% of the calculated MetaDB on the Concentrator. Preferred High Speed Spindles or SSD for fast access Last Modified: July 23 2015, 8:51PM 16

Procedures Log Decoder Persistent Datastores Cache Datastores PacketDB SessionDB MetaDB Index 100% as calculated by Sizing Calculator 1 GB per 1000 EPS of traffic sustained provides 8 hours cache 20 GB per 1000 EPS of traffic sustained provides 8 hours cache 0.5 GB per 1000 EPS of traffic sustained provides 4 hours cache Log Concentrator Persistent Datastores Cache Datastores MetaDB SessionDB Index Index Calculated as 100% of the PacketDB required for a 1:1 retention ratio 3 GB per 1000 EPS of sustained traffic per day of retention 5% of the calculated MetaDB on the Concentrator. Preferred High Speed Spindles or SSD for fast access Procedures Expand Drive Space for Packet and Log Decoders The following instructions provide configuration options to expand drive space on a Virtual Packet/Log Decoder appliance. Configure Virtual Datastores 1. Ensure that the newly connected Virtual Datastores are presented as a generic SCSI device to the operating system. 2. Configure the following required datastores for a Decoder within the VM: PacketDB (Raw Capacity) This virtual database represents the largest virtual database. This datastore will ultimately house the raw packet or log data. MetaDB This virtual datastore represents the meta database cache and is only needed for temporary storage of the meta database on the Decoder. Recommended sizing for this datastore is to allow for a 4-hour cache. Sizing for this datastore is dependent on the sustained capture rate or the sustained EPS rate. The datastore size can also be increased to accommodate a longer cache window. SessionDB This virtual datastore houses the session database of the Decoder. The sizing for this datastore is directly related to the size of the MetaDB cache. IndexDB Represents the index database cache on the Decoder. The sizing for this datastore is directly related to the size of the MetaDB cache. 3. Ensure that the configured datastores are presented to the virtual Decoder as a SCSI device. Last Modified: July 23 2015, 8:51PM 17

Procedures Configure the Linux Volumes 1. Log on to the virtual machine as root. The virtual datastores show up as a SCSI device. (for example, /dev/sdb, /dev/sdc, and /dev/sdd) 2. Using fdisk, create a GPT partition for each virtual datastore you created. It is useful to name the partitions after the datastores to which they are attached. 3. Format the volume using mkfs_xfs. 4. To add the scsi devices to /etc/fstab, use the following examples as a guide: /dev/sdb1/var/netwitness/decoder/packetdb xfs noatime 12 /dev/sdc1 /var/netwitness/decoder/metadb xfs noatime 12 /dev/sdd1 /var/netwitness/decoder/sessiondb xfs noatime 12 /dev/sde /var/netwitness/decoder/index xfs noatime 12 Expand Drive Space for a Concentrator The following instructions provide configuration options to expand drive space on a Virtual Concentrator appliance. Configure the Virtual Datastores The estimates below are intended to provide guidance for configuring the partitioning for the Log Decoder databases. The capacity requirements have an additional 5% overhead designated to account for overhead when ultimately configured within Security Analytics. To configure the virtual datastores: 1. Configure the following required datastores for a Concentrator: Metadb This virtual datastore houses the permanent database and should be largest datastore on the attached storage. Sessiondb This virtual datastore houses the session database for the concentrator. RSA recommends that you configure SSDs for this datastore. Index This virtual datastore houses the index for the Concentrator. RSA recommends that you configure SSDs for this datastore. 2. Ensure that the configured datastores are presented to the virtual Concentrator as a SCSI device. Configure the Linux Volumes 1. Log on to the virtual machine as root. The virtual datastores show up as a SCSI device. (for example, /dev/sdb, /dev/sdc, and /dev/sdd) 2. Using fdisk, create a GPT partition for the each virtual datastore you created. It is useful to name the partitions after the datastores to which they are attached. 3. Format the volume using mkfs_xfs. 4. To add the scsi devices to /etc/fstab, use the following examples as a guide: /dev/sdc1 /var/netwitness/concentrator/metadb xfs noatime 12 /dev/sdd1 /var/netwitness/concentrator/sessiondb xfs noatime 12 /dev/sde /var/netwitness/concentrator/index xfs noatime 12 Add the New Partitions to the Security Analytics Configuration 1. Log on to Security Analytics. Last Modified: July 23 2015, 8:51PM 18

Procedures 2. Select Administration > Services. 3. In the Services view select the service, and at the end of the row, click > View > Explore. 4. Select Database > Config. 5. Select the directory that you want to expand (for example, meta dir, session dir, and so on.). 6. Append the value by using a semicolon (;) followed by the mount point that you defined in Step 4 of Configure the Linux Volumes. Note: Verify that the databases are configured to roll over at approximately 95% of their full capacity. If you mounted the additional partition to /var/netwitness/decoder/packetdb, and the partition is 10TB, you can have the following entry under packet.dir: /var/netwitness/decoder/packetdb=xxx TB;/var/netwitness/decoder/packetdb=9.5TB The first entry before (;) denotes the original location for packet.dir. 7. After adding the new 10TB partition to the configuration, you must run the reconfig file so that the correct size is added. a. Right-click Database and click Properties. b. In the drop-down list, select reconfig and enter update=1 in the Parameters field. c. Click Send. The partition sizes will be adjusted to 95% of the partition's available space. 8. Restart the appliance service for the changes to take effect. Last Modified: July 23 2015, 8:51PM 19

Overview Step 4: Configure Appliance-Specific Parameters Overview This section provides guidance and options specific for configurations based on whether you will be analyzing logs, packets, or both. Procedures Configure Log Ingest in the Virtual Environment Log ingest is easily accomplished by sending the logs to the IP address you have specified for the decoder. The decoder s management interface allows you to then select the proper interface to listen for traffic on if it has not already selected it by default. Configure Packet Capture in the Virtual Environment There are two options for capturing packets in a VMWare environment The first is setting your vswitch in promiscuous mode and the second is to use a third party Virtual Tap. Set a vswitch to Promiscuous Mode The option of putting a switch whether virtual or physical into promiscuous mode, also described as a SPAN port (Cisco services) and port mirroring, is not without limitations. Whether virtual or physical, depending on the amount and type of traffic being copied, packet capture can easily lead to oversubscription of the port, which equates to packet loss. Taps, being either physical or virtual, are designed and intended for lossless 100% capture of the intended traffic. Promiscuous mode is disabled by default, and should not be turned on unless specifically required. Software running inside a virtual machine may be able to monitor any and all traffic moving across a vswitch if it is allowed to enter promiscuous mode as well as causing packet loss due to oversubscription of the port.. To configure a portgroup or virtual switch to allow promiscuous mode: 1. Log on to the ESXi/ESX host or vcenter Server using the vsphere Client. 2. Select the ESXi/ESX host in the inventory. 3. Select the Configuration tab. Last Modified: July 23 2015, 8:41PM 20

4. In the Hardware section, click Networking. 5. Select Properties of the virtual switch for which you want to enable promiscuous mode. 6. Select the virtual switch or portgroup you want to modify, and click Edit. 7. Click the Security tab. In the Promiscuous Mode drop-down menu, select Accept. Use of a Third-Party Virtual Tap Installation methods of a virtual tap vary depending on the vendor. Please refer to the documentation from your vendor of choice for installation instructions. Virtual taps are typically easy to integrate, and the user interface of the tap simplifies the selection and type of traffic to be copied. Virtual taps encapsulate the captured traffic in a GRE tunnel. Depending on the type you choose, either of these scenarios may apply: An external appliance is required to terminate the tunnel, and the external appliance directs the traffic to the Decoder interface. The tunnel send traffic directly to the Decoder interface, where Security Analytics handles the de-encapsulation of the traffic. Last Modified: July 23 2015, 8:41PM 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information