McAfee Network Security Platform 8.2

Similar documents
How To Fix A Fault Notification On A Network Security Platform (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent

Network Security Platform 7.5

Network Security Platform 8.1

Release Notes 7.5 [formerly IntruShield]

McAfee Network Security Platform Administration Course

McAfee Advanced Threat Defense 3.6.0

McAfee Threat Intelligence Exchange Software

Installation Guide Revision E. McAfee Network Security Platform 8.2

Managing Latency in IPS Networks

VMware vcenter Log Insight Getting Started Guide

Data Center Connector for vsphere 3.0.0

Enterprise Manager. Version 6.2. Installation Guide

McAfee Web Gateway 7.4.1

OnCommand Performance Manager 1.1

Installation Guide Revision G. McAfee Network Security Platform 8.1

Installing and Administering VMware vsphere Update Manager

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Core Protection for Virtual Machines 1

VMware vcenter Log Insight Getting Started Guide

Enterprise Manager. Version 6.2. Administrator s Guide

McAfee Data Loss Prevention Endpoint 9.4.0

McAfee Endpoint Security Software

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

System Status Monitoring Guide. McAfee Network Security Platform 6.1

Desktop Release Notes. Desktop Release Notes 5.2.1

BlackBerry Enterprise Server Express for Microsoft Exchange. Version: 5.0 Service Pack: 4. Upgrade Guide

McAfee Data Loss Prevention Endpoint

Product Guide Revision A. McAfee Web Reporter 5.2.1

Sage Grant Management System Requirements


Sharp Remote Device Manager (SRDM) Server Software Setup Guide

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Virtualization Guide. McAfee Vulnerability Manager Virtualization

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Policy Auditor software Installation Guide

Addendum I to 7.1 Documentation. McAfee Network Security Platform 7.1

McAfee Content Security Reporter 2.0.0

McAfee Asset Manager Console

Rally Installation Guide

McAfee Data Loss Prevention Endpoint

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

1. Server Microsoft FEP Instalation

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

Analyzer 7.1 Administrator s Guide

Parallels Containers for Windows 6.0

insync Installation Guide

OnCommand Performance Manager 1.1

McAfee Host Intrusion Prevention Patch 6 Software

Extreme Networks Security Upgrade Guide

McAfee Firewall for Linux 8.0.0

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

McAfee Public Cloud Server Security Suite

McAfee Data Loss Prevention 9.3.0

McAfee VirusScan and epolicy Orchestrator Administration Course


Cisco Application Networking Manager Version 2.0

McAfee(R) Security Virtual Appliance 5.6 Installation Guide

OnCommand Performance Manager 2.0

WatchGuard Training. Introduction to WatchGuard Dimension

VMware Identity Manager Connector Installation and Configuration

HP Universal CMDB. Software Version: Support Matrix

Adaptive Log Exporter Users Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

OnCommand Unified Manager 6.3

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Configuration Information

Virtual Web Appliance Setup Guide

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Rebasoft Auditor Quick Start Guide

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

Best Practices Guide Revision B. McAfee epolicy Orchestrator Software

VMware vcenter Update Manager Administration Guide

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

McAfee MOVE AntiVirus (Agentless) 3.6.0

Network Threat Behavior Analysis Monitoring Guide. McAfee Network Security Platform 6.1

Cisco WebEx Meetings Server System Requirements

Installation Guide. McAfee Security for Microsoft Exchange Software

Configuration Guide. Websense Web Security Solutions Version 7.8.1

The following topics describe how to manage policies on the Management Center:

Junos Space. Virtual Appliance Deployment and Configuration Guide. Release 14.1R2. Modified: Revision 2

Deployment and Configuration Guide

IBM Security QRadar Version (MR1) WinCollect User Guide

Analyzer 7.2 Administrator s Guide

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

McAfee MOVE AntiVirus 2.6.0

Getting Started with ESXi Embedded

PHD Virtual Backup for Hyper-V

McAfee(R) and Web Security Virtual Appliance 5.6 Installation Guide

Grant Management. System Requirements

F-Secure Internet Gatekeeper Virtual Appliance

VMware vsphere-6.0 Administration Training

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Configuration Guide. Installation and. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

Proof of Concept Guide

Transcription:

8.2.7.71-8.2.3.84 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.2 Revision B Contents About this release New features Enhancements Resolved Issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. Network Security Platform follows a new release process starting with the 8.2 release. The changes in the release process are based on customer requirements, and best practices followed by other McAfee teams. For details, read KB78795. This maintenance release of Network Security Platform is to provide few fixes on the Manager and Mxx30-series Sensor software. Release parameters Version Network Security Manager 8.2.7.71 Signature Set 8.7.57.5 Mxx30-series Sensor 8.2.3.84 1

This version of 8.2 Manager software can be used to configure and manage the following hardware: Hardware Version NS9x00-series Sensors (NS9100, NS9200, NS9300) 7.1, 8.1, 8.2 NS7x00-series Sensors (NS7100, NS7200, NS7300) 8.1, 8.2 Virtual IPS Sensors (IPS-VM100 and IPS-VM600) 8.1, 8.2 Virtual Security System Sensors (IPS-VM100-VSS) 8.1 M series and Mxx30-series Sensors 7.1, 8.1, 8.2 XC Cluster Appliances 7.1, 8.1, 8.2 NTBA Appliance software (Physical and Virtual) 7.1, 8.1, 8.2 I-series Sensors 7.1 The above mentioned Network Security Platform software version support integration with the following product versions: Table 1-1 Network Security Platform compatibility matrix Product McAfee epo 5.0, 5.1 McAfee Global Threat Intelligence Version supported Compatible with all versions. McAfee Advanced Threat Defense 3.4.6.83, 3.4.8.86 McAfee Endpoint Intelligence Agent 2.4, 2.5 McAfee Logon Collector 2.2, 3.0 McAfee Vulnerability Manager 7.0, 7.5 McAfee Host Intrusion Prevention 7.0, 8.0 Intel Security Controller 1.0 Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_80, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. Manager 8.2 uses JRE version 1.7.0_80. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. With release 8.1 onwards, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 8.1 and above are not supported on McAfee-built Dell based Manager Appliances. McAfee recommends that you use Intel-based Manager Appliances instead. 2

New features This release is to provide fixes for some of the previously known issues, and does not include any new features. Enhancements This release is to provide fixes for some of the previously known issues, and does not include any enhancements. Resolved Issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues The following table lists the high-severity Manager software issues: ID # 1074977 Memory leak in the Manager results in an MDR failover. 1061728 The exception objects assigned to attacks at device, interface, and zone levels are not displayed as Ignore Rules after upgrading the Manager and devices to 8.2. The following table lists the medium-severity Manager software issues: ID # 1080394 The revision number for an IPS policy gets incremented even if you save the policy with no changes. 1080121 Running the Default - Top 10 Malware Detections report in the child admin domain displays data from the parent admin domain as well. 1078487 The effective firewall rules configured for Inbound and Outbound directions does not display the rules correctly. 1078287 Manager's web application is inaccessible by using firefox 39 browser. 1076649 Policy updates are not sent from the Manager to the Sensor. 1076274 Connection limiting policies are not displayed in the root admin domain. 1075336 The Default-Quarantine History report displays only 10 entries. 1075133 SOAP exception in McAfee epo integration. 1074124 Firewall rules created for a combination of any TCP service with a Deny response action fails. 1073419 Certain Blocked alerts are not listed in the Executive summary report, but appear in the Threat Analyzer. 1072067 The Manager session times out immediately after accepting the Java security warning message. 1071158 The Executive Summary Report in the Manager does not get generated for the report for last full calendar month beginning from the 1st of the month till the last date of the month. 1070791 The IPS Sensor Configuration report displays the output for jumbo frame parsing as Enabled even when the jumbo parsing feature is disabled in the IP Settings page. 3

ID # 1070702 Exporting the NTBA Appliance configuration fails when attempted with proxy server inheritance enabled in the Manager. 1070592 Archive restore fails in the Manager. 1070486 The events ivsensorstringcontentevent and ivsensorinlayer2switchmodeevent, in the EMS-TRAP-MIB file displays the same description. 1070366 When generating a report from Manage (Admin Domain Name) Reporting Report Automation Automatically-Generated Reports, the error An internal application error occurred. Please check log files." is displayed. 1070105 In Traditional Executive Summary reports, fail over pairs are not getting listed with fail over pair names but are listed with their individual Sensor names. 1067206 Rules deleted from the Custom Attack Editor are not deleted in the rule set. 1066678 Communication between epolicy Orchestrator and the Manager fails in some rare scenarios. 1066611 In certain rare instances, the Manager logs out unexpectedly when you click the Edit button in the Quarantine Access Events page. 1065876 The NTBA Appliance software version in the Deploy Device Software page is sorted incorrectly. 1065726 The NTBA Appliance policies page does not load the plug-in necessary to display the page. 1065390 The User Activity Log page displays more logs than the actual changes. 1065343 The Default - Top 10 Application Categories by Bandwidth Usage (Bytes) report lists more than 10 entries. 1063973 Devices are not displayed appropriately in the Device List page, when you click on the device from the Dashboard. 1063486 The Endpoint Reputation Analysis in Inspections Options, for an interface, does not recognize that McAfee GTI is enabled even when it is. 1063246 The pending changes notification in the Manager does not disappear even after completion of a configuration push to a Sensor. 1062428 An Ignore Rule created in the Threat Analyzer using an IPv4 address, creates a rule for an IPv6 endpoint, with an IPv4 address. 1062423 The Automatically Generated Rreports is displayed in improper format. 1062364 In the Threat Explorer page, McAfee epo tagging success message for default tags, assigned to an endpoint or server, does not display the correct names. 1060249 While configuring the physical ports in the Manager, the port configured to inline fail-open does not display the updated fail-open status. 1060003 The User-Defined report generates a report with blocked attacks present even when one of the criteria is set as Does not equal Attack Blocked. 1059912 The IPS Sensor Configuration Report does not display the configuration for failover pairs. 1059142 The Manager does not run the minimum compliant MySQL version. 1059120 After Manager upgrade, the LDAP logon from the Manager fails due to an invalid certificate file. 1057170 When the Central Manager policy is applied on the Sensor, baseline policies inherit settings from the Central Manager's Default IPS attack settings (GARE). 1057060 The Threat Analyzer times out after loading the Dashboard and Preferences tabs. 1057027 Configuration updates made in the Manager Notification Faults Syslog are not saved. 1056266 The alert channel goes down while establishing trust between epolicy Orchestrator and the Manager, when the Manager has a Host Intrusion Prevention Sensor configured. 1055867 In some rare MDR scenarios, the primary Manager displays a communication error while accessing the Dashboard. 4

ID # 1055490 At the time of polling the Sensor for throughput, bps disappears after several polling cycles. 1054397 A quarantined host cannot access other hosts within the quarantined zone. 1052514 Attack type displays Reconnaissance attack instead of Signature attack. 1051657 The Manager fails to update the signature set of the Sensor. 1048233 The Central Manager Threat Analyzer does not display any alerts when there are alerts present in the Manager Threat Analyzer. 1047563 An IP address ending with 30 cannot be configured for an NTBA collection port. 1047251 The Devices page does not connect to the Manager from the Central Manager. 1046712 VLAN tags assigned to a child domain cannot be removed. 1046270 A restriction in the Virtual NTBA Appliance prevents users from adding more than two Sensors. 1044456 Whitelist entries continued to get added in the Manager even though those inspection options are disabled in both, inbound and outbound, directions. 1043874 The XFF source IP cannot be quarantined from Threat Analyzer. 1040886 An error is generated when you attempt to run Next Generation report (Top 10 Attack Source Countries). 1037772 The Top Applications Summary dashboard in the Threat Analyzer always displays the top application as having 3.66 Gb of traffic in the last 5 minutes. 1036507 The Sensor model and Software version columns in the IPS policy editor display different values. 1033817 In certain rare instances, when you reboot the Sensor after deploying the latest Sensor software, you notice a "Signature set download failure" fault in the Manager. 1031880 When the Manager service is stopped, all acknowledged faults are sent from the Manager to the SMTP server. 1027910 The E-mail report that is generated and sent by the Manager does not contain any report data. 1023248 The Manager fails to establish communication with the McAfee Update Server. 1007548 In certain rare scenarios, when VirusScan Enterprise is installed and then uninstalled on the Manager server, the TIE VirusScan Enterprise hot-fix does not work. 985630 The Threat Analyzer abruptly hangs after running for a long time. 954584 The Sig. Decs. button for an alert does not open the Display Signatures for Attack window. 908697 Policy synchronization with a 7.5 Manager fails with Snort rules imported. 904402 During a manual import of certain Snort rules, the Manager displays the error '- 63-30 - error: Pattern is too large message' during compilation. Resolved Sensor software issues The following table lists the medium-severity Sensor software issues: ID # 1076555/ 1059122 In a rare scenario, the Sensor reboots after the signature set is updated successfully. 1072131 For certain botnet attacks, the exclusion list does not get applied if advanced botnet detection is enabled in the Inspection Options policy. 1071663 In rare scenarios, when L7 Data collection is disabled, the maximum percentage of L7 Dcap flows shows incorrect usage statistics in the Sensor CLI show mem-usage. 5

ID # 1067355 In the CLI debug mode, the option to set interface operating mode is not available. 1065968 In exceptional situations, when OS Fingerprinting and Layer 7 Data Collection are enabled, the Sensor might automatically recover or reboot depending on the configuration. 1065717 In rare scenarios, the Sensor fails to initialize when the Web Services feature is enabled and has more than 46 assignments. 1060913 McAfee GTI DNS errors faults are raised in the Manager when McAfee GTI is disabled. 1056146 In some scenarios, the Sensor fails to block the Utorrent/BitTorrent application. 1053934 The PSU failure message does not indicate which Sensor, primary or secondary, in the MDR pair has failed. 1052324 False positive alerts are triggered from the Sensor when the signature set is pushed to the Sensor. 1015306 In certain scenarios, due to incorrect XFF parsing, the non-true client gets quarantined. Installation instructions Manager server/client system requirements The following table lists the 8.2 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only X64 architecture is supported. Recommended Windows Server 2012 R2 Standard Edition operating system. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 6

Table 5-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system Windows Server 2012 R2 Datacenter (Server with a GUI) Japanese operating system Only X64 architecture is supported. Windows Server 2012 R2 Standard Edition operating system. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 5-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 CPU Memory Internal Disks Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Physical Memory: 16 GB 1 TB The following table lists the 8.2 Manager client requirements when using Windows 7, Windows 8, or Windows 2012: Operating system Minimum Windows 7, English or Japanese Windows 8, English or Japanese Windows 8.1, English or Japanese The display language of the Manager client must be the same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB 7

Minimum Recommended CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10, or 11 Mozilla Firefox Google Chrome (App mode in Windows 8 is not supported.) To avoid the certificate mismatch error and security warning, add add the Manager web certificate to the trusted certificate list. Internet Explorer 11 Mozilla Firefox 20.0 or later Google Chrome 24.0 or later If you are using Google Chrome 42 or later, the NPAPI plugin is disabled by default, which means that Java applet support is disabled by default. Perform the following steps to enable NPAPI plugin: 1 In the address bar, type chrome://flags/#enable-npapi. 2 Click the Enable link in the Enable NPAPI configuration option. 3 Click Relaunch Now located at the bottom of the page to restart Google Chrome for the changes to take effect. For the Manager client, in addition to Windows 7, Windows 8, and Windows 8.1, you can also use the operating systems mentioned for the Manager server. The following are Central Manager and Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Minimum Software Version Manager/Central Manager software 7.1 7.1.3.5, 7.1.5.7, 7.1.5.10, 7.1.5.14, 7.1.5.15 8.1 8.1.3.4, 8.1.3.6, 8.1.7.5, 8.1.7.12, 8.1.7.13 8.2 8.2.7.5, 8.2.7.24, 8.2.7.25, 8.2.7.27, 8.2.7.46 Mxx30-series Sensor software 7.1 7.1.3.119 8.1 8.1.3.5, 8.1.3.43 8.2 8.2.3.7, 8.2.3.12, 8.2.3.69 8

Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: Network Security Platform software issues: KB83288 Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.2 product documentation list The following software guides are available for Network Security Platform 8.2 release: Quick Tour Installation Guide (includes Upgrade Guide) Manager Administration Guide Manager API Reference Guide (selective distribution - to be requested via support) CLI Guide IPS Administration Guide Custom Attacks Definition Guide XC Cluster Administration Guide Integration Guide NTBA Administration Guide Best Practices Guide Troubleshooting Guide Copyright 2015 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 0B-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information