McAfee Network Security Platform

Similar documents
Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

Quick Start Guide. 500 Series Stackable Managed Switches

Quick Start Guide. RV0xx Series Routers

Sensor High Availability. McAfee Network Security Platform

Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

Quick Start Guide. Cisco Small Business. 200 Series 8-Port Smart Switches

Gigabit Switching Ethernet Media Converters - Product User Guide

Quick Start Guide. Cisco Small Business. 200E Series Advanced Smart Switches

Full_IG.book Page 1 Monday, January 9, :11 PM. ProSafe 24 Port Gigabit Switch Installation Guide

M-3050/M-4050 Sensor Product Guide Revision B. McAfee Network Security Platform

Network Design. Yiannos Mylonas

WIRELESS INTERNET TROUBLESHOOTING GUIDE Help Desk

SCREENLOGIC INTERFACE WIRELESS CONNECTION KIT

1-Port Wireless USB 2.0 Print Server Model # APSUSB201W. Quick Installation Guide. Ver. 2A

REC FIM LOCKPICK INSTALLATION OPTIONS

Quick Start Guide. WAP371 Wireless AC/N Dual Radio Access Point with Single Point Setup Quick Start Guide. Cisco Small Business

How to Set Up Your NSM4000 Appliance

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Cascade Profiler Fibre Channel SAN Attached Storage Installation Guide. Version 8.2 March 2009

RouteFinder SOHO. Quick Start Guide. SOHO Security Appliance. EDGE Models RF825-E, RF825-E-AP CDMA Models RF825-C-Nx, RF825-C-Nx-AP

UPS Network Interface. Quick InstallationGuide

Provides one channel for Ethernet over existing

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

BEC 6200WZL. 4G/LTE Cellular Broadband Router. Quick Start Guide

Quick Installation Guide 24-port PoE switch with 2 copper Gigabit ports and 2 Gigabit SFP ports (af Version 15.4W)

JDSU HST-3000 RFC-2544 Ethernet Testing Guide

Installation Guide for. 10/100 to Triple-speed Port Aggregator. Model TPA-CU Doc. PUBTPACUU Rev. 1, 12/08. In-Line

Wireless Internet Camera

IP DSLAM IDL Quick Installation Guide

Quick Installation Guide. EtherFast 10/100M Switch. Model No.: SP624R.

Networking and High Availability

McAfee Firewall Enterprise

Lighting Controls ! WARNING RISK OF ELECTRIC SHOCK. Installation Instructions DESCRIPTION

Acano solution. Acano Solution Installation Guide. Acano. January B

Provides one channel for Ethernet over existing

Setup guide. point to point wall plate extenders

ACU-1000 Manual Addendum Replacement of CPM-2 with CPM-4

Load Balancing ContentKeeper With RadWare

Quick Installation Guide. Live! Titanium

élan Mira WiFi Wireless Communication User Guide

Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports

Cisco Unmanaged Rackmount Switches

Version User Manual. USB 3.0 to Gigabit Ethernet Adapter DUB-1312

HP Advanced Wireless Docking Station. User Guide

10/ English Edition 1. Quick Start Guide. NWA1100N-CE CloudEnabled Business N Wireless Access Point

Meraki MX50 Hardware Installation Guide

LifeSize Networker Installation Guide

Connector and Cable Specifications

N300 WiFi Range Extender

Networking Guide Redwood Manager 3.0 August 2013

Installation Guide for Gig Zero Delay Tap and 10/100/1000BaseT Tap

Installation Guide. Wireless N Access Point EAP110/EAP120/EAP220

2014 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo and other marks are trademarks of AT&T Intellectual Property.

Quick Installation Guide 8-Port 10/100/1000Mbps Green Switch

ENGINEERING DOCUMENT. Subject: Hardware Installation Procedure for Ultinet Networking Option.

Lightning Protection Guide. PTP 400 and 600 SERIES

ECR Shelf System Installation Guide Centralized Rack Mount Call Recording

Installation Guide for. 10/100BaseT Port Aggregator Tap with Active Response. Models PA-CU-AR, PAD-CU-AR. Doc. PUBPACUARU Rev.

CriticalConneX. 100/1000 CriticalTAP User Guide

Deployment Guide: Transparent Mode

PCI/PXI ETHERNET ADAPTERS

VAC 50/60Hz Power Adapter

Package Contents. D-Link DSN-3200/3400 Installation Guide. DSN-3200/3400 xstack Storage Area Network (SAN) Array. CD-ROM with User Guide.

AXIS 205 Network Camera Quick Installation Guide

BX7000 Multi-Access Gateway Getting Started Guide

Quick Installation Guide. 16-Port 10/100Mbps Fast Ethernet Switch

Raritan AMS Series Intelligent Electronic Asset Management

User Manual. EtherUSB

Broadband ADSL2+ Modem Model DM111Pv2 Setup Manual

Setting Up the Cisco Unified IP Phone

5-port / 8-port 10/100BaseTX Industrial Ethernet Switch User Manual

RM410. Hardware Installation Guide. Quick Start Guide. Rack Mounting Kit. Version 1.00 Edition 1, 12/2012

HP 16/18-Port Cable Management Kit Installation Guide

Using a Fabric Extender with a Cisco Nexus 5000 Series Switch

Security & Surveillance Cabling Systems

Diamante WiFi Wireless Communication User Guide. Linksys E1200

Quick-Start Guide 007-SE Gigaset. Residential Wireless Gateway SE567/SE568. Gigaset Communications GmbH is a trademark licensee of Siemens AG

PN L, Revision B, October Epic 950 TM. Master Programmer User s Guide

LevelOne IFE Port PoE + 1-Port TP Industrial Fast Ethernet Switch User Manual

IPX AUTOMATIC IP NETWORK LOSS BACKUP A/B SWITCH INSTRUCTION BOOK IB

Ethernet over Copper Transmission Extenders. Ethernet Transmission over Coaxial or UTP Cable. Fiber Optic and Ethernet Network Solutions

Package Contents. D-Link DSN-3200/3400 Installation Guide. DSN-3200/3400 xstack Storage Area Network (SAN) Array. CD-ROM with User Guide.

Setting up VPN Access for Remote Diagnostics Support

Firebox X550e, Firebox X750e, Firebox X1250e Firebox X5500e, Firebox X6500e, Firebox X8500e, Firebox X8500e-F

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

HP UPS R1500 Generation 3

How To Use Mview On A Powerline 2.2 (Powerline) On A Pc Or Macbook 2 (Powerplst) On An Iphone Or Ipa 2 (Aldo) On Your Iphon 2 (

Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports

N300 WiFi Range Extender WN2000RPT User Manual

Infinity C Reference Guide

SGI InfiniteStorage NAS 50/100 Quick Start Guide

P-791R v2. Quick Start Guide. G.SHDSL.bis Router DEFAULT LOGIN. Administrator Password User Password. Version /2007 Edition 1

GEU Port Gigabit Switch

Quick Start Guide. Cisco SPA232D Mobility Enhanced ATA

Troubleshooting the Verizon MI424WR Router

ScreenLogic Wireless Connection Kit. Installation Guide. pool/spa control system

Monitoring the Switch

CriticalConneX. 100/1000 CriticalTAP User Guide. CC1220-V: CriticalConneX TAP Module CC1220-VP: CriticalConneX Portable TAP

Transcription:

10/100/1000 Copper Passive Fail-open Bypass Kit Guide Revision C McAfee Network Security Platform The 10/100/1000 passive fail-open ypass kit (the kit) minimizes the potential risks of in-line Network Security Sensor (Sensor) failure on critical network links. The 10/100/1000 monitoring ports on Sensors are fail-closed; thus, if the Sensor is deployed in-line, a hardware failure results in network downtime. Fail-open operation for GE ports requires the use of the optional external ypass switch provided in the kit. With the ypass switch in place, normal Sensor operation supplies power to the switch via a control cale. While the Sensor is operating, the switch is on and routes all traffic directly through the Sensor. When the Sensor fails, the switch automatically shifts to a ypass state: in-line traffic continues to flow through the network link, ut is no longer routed through the Sensor. After the Sensor resumes normal operation, the switch returns to the on state, and again enaling in-line monitoring. The kit contains a ypass switch and all the connectivity components to connect the switch to the GE monitoring ports of any Sensor model, and to connect a control cale etween the Sensor and the switch. Additional cales may e required to connect the ypass switch to your other network devices (routers, switches), and you may not require all the components included in the kit (for example, you will use only one of the two types of control cale included in the kit). This document descries the contents of the kit; how to install the kit for all Sensor models with 10/100/1000 ports, or small form-factor pluggale (SFP) ports; how the kit functions; and what to expect during normal use. 1 Kit contents The following external hardware is shipped with the Copper Fail-Open Kit: Qty Item 1 Gigait fail-open Bypass Switch 1 19-inch rack-mount panel for 3 switches Description 1000Base-T switch; connects to the GE ports of all Sensor models either directly through the Sensor's uilt-in control port. 1RU mounting hardware to mount up to three Bypass Switches in a standard rack 1 Gigait fail-open cale Connects the Fail-Open control port to one or two Bypass Switch(es) 1

Qty Item 4 3-meter RJ45 - RJ45 cales 1 3-meter RJ45 - RJ11 cale Description Connects the Bypass Switch to the peer network device and to the Sensor Connects the Bypass Switch to a uilt-in Sensor Fail-Open Control port. Depending on the Sensor model and port type, certain Sensor ports have uilt-in corresponding Fail-Open Control ports. 2 Connecting the Fail-Open Kit to a Sensor The Bypass Switch connects to any Sensor model with Gigait Ethernet (GE) ports; and the physical connection differs y Sensor model and port pair, as explained in this section. Connecting the switch to Sensors with SFP ports Connect the switch to any of the M-series Sensor model. For example, the M-3050/M-4050 Sensors each have eight SFP GE monitoring ports (four pairs), and each model supports up to four kits. Fail-open switch connected to ports 3A-3B This diagram shows a switch connected to one of the first four port pairs; thus the switch is controlled via the corresponding Fail-Open Control port, X1. Figure 1 Fail-open switch connected to ports 3A-3B 2

Item Description 1 Fail-Open Bypass Switch 2 Fail-Open Control Ports (RJ11 connection) 3 Control port on Bypass Switch (RJ45 connection) 4 RJ45 - RJ11 cale 5 Connection to network device 6 Connection to network device 7 PTx/SRx (inside) connection to port 3A of the Sensor (copper SFP) 8 STx/PRx (outside) connection to port 3B of the Sensor (copper SFP) 3 Installing the Bypass Switch on a rack You can install etween one and three Bypass Switches onto the Bypass Switch rack-mount panel. The rack-mount panel descried in this section is included in the Fail-Open Kit. This procedure is optional; if you do not wish to install the Bypass Switch on a rack, you may set the switch directly on top of the Sensor or another network device. Install the switch on the rack-mount panel a Slide the switch into the center opening in the rack-mount panel, until the faceplate of the switch rests against the panel. Secure the switch to the rack-mount panel y inserting the screws through the holes on the switch faceplate and into the panel. Additional Bypass Switches can e installed without removing the rack-mount panel from the rack. 3

To install up to two additional switches: 1 Remove the screws holding one of the removale lank plates from the front of the panel. 2 Follow the procedure for installing a switch in the rack-mount panel for the additional Bypass Switch(es). Install the panel and switch(es) on a rack a Place the 1U panel against the front of a standard 19-inch rack. Secure the rack-mount panel y inserting the screws (included with the rack-mount panel) through the holes on front of the panel and the sides of the rack. 4 Installing the fail-open ypass switch To accurately detect attacks, the Sensor must e aware of which traffic is outside the network and which traffic is inside. Identifying traffic direction is accomplished via proper caling of the Bypass Switch as well as proper port configuration of the Sensor Monitoring ports in the McAfee Network Security Manager (Manager). For information on how to configure Sensor ports via the Manager, see McAfee Network Security Platform IPS Administration Guide. In addition to the RJ45 Control port, the Fail-Open Module has four RJ45 connectivity ports.the two on the left have A and B laels aove the ports and a Network lael elow the port. These connect to your network devices. The two on the right have A and B laels aove the ports and a Monitor lael elow the port. These connect to the Sensor. 4

Field Description 1 To Sensor Fail-Open Control port. 2 To Network Device (inside) 3 To Network Device (outside) 4 PTx/SRx - inside (plugs into Sensor port xa) 5 STx/PRx - outside (plugs into Sensor port xb) Connecting the Bypass Switch to a Network Device a c d Plug an inside network cale connector into the Network port laeled A on the ypass switch. Plug the other end of this cale into the corresponding network device. Plug an outside network cale into the Network port laeled B on the ypass switch. Plug the other end of this cale into the corresponding network device. Connecting the Bypass Switch to a Sensor with SFP ports a Plug a Cat 5/Cat 5e Ethernet cale (inside) into the copper SFP in port xa, where x is 1-6. c d Plug the other end of the cale into the Monitor port laeled A of the ypass switch. Plug a Cat 5/Cat 5e Ethernet cale (outside) into the corresponding xb peer port. (For example, if you used 2A in step 1, plug the cale into port 2B). Plug the other end of the cale into the Monitor port laeled B of the ypass switch. With this cale configuration, Sensor Monitoring port 1A views traffic as originating inside the network, and port 1B views traffic as originating outside the network. Note that this configuration (1A = outside, 1B = inside) must match the port configuration specified for this Sensor, and that the ports must e enaled. For more information, on Port configuration accomplished via Manager, see McAfee Network Security Platform IPS Administration Guide. Configuring the Sensor Monitoring Ports You configure the Sensor's monitoring ports from the McAfee Network Security Manager (Manager) interface. The port configuration must match the caling of the switch, the ports must e set to "In-line Fail-Open" and the ports must e enaled. 5

To view/configure the settings of your monitoring ports: a In the Manager interface, select Devices <Admin_Domain_Name> Devices <Device_Name> Setup Physical Ports Monitoring Ports. c d e f g Click a numered port (for example 10A) from Monitoring Ports pane. A pop-up displays current port settings. Indicate whether you are using a McAfee Certified module. Select the State to Enaled. In the Operation section, select Mode as In-line Fail-Open Passive. In the same section, select Placement as Inside (internal) or Outside (external). Click Save to commit your configuration. 6

h Click OK to confirm that you the configuration on port 10B too. i j Repeat for any other ports you need to configure. Download the changes to your Sensor y performing the steps in Deploy pending changes to a device in the McAfee Network Security Platform Manager Administration Guide. 5 Verify proper installation After the Bypass Switch has een connected to the network and the Sensor, check the switch's LED to verify that the switch is receiving power from the Sensor. Check the port status and operating mode status in the McAfee Network Security Manager (Manager) interface to ensure that the port is enaled and is in the In-Line Fail-Open mode. Status LED on the Bypass Switch The indicator is adjacent to the Control port on the Bypass Switch. Light Status ON OFF Switch is receiving power from the Sensor and traffic is passing to the Sensor. The switch is in ypass mode; it is not receiving power and is not passing network traffic to the Sensor. Port and operating mode status The port status and operating mode status for GE In-line Fail-open mode are detailed as follows: In-line Fail-Open Port Status In-line Fail-Open Port Status Port color on the virtual Sensor Green Operating Mode Status The in-line fail-open device is in in-line fail-open mode. In-line Bypass Yellow The in-line fail-open device is in in-line ypass mode. The ypass switch has een activated. The Sensor does not monitor during this time. Unknown Orange Unale to get the status of the in-line fail-open device from Sensor. Check the Operational Status. 7

In-line Fail-Open Port Status Port color on the virtual Sensor Operating Mode Status Switch Asent Red Fail-open control is not present, control cale is not present, or ypass switch is not present. Verify that all three components are connected properly. If everything is connected correctly, check the Operational Status. N/A Gray Not Applicale; the operating mode is not in in-line fail-open mode. If you encounter any prolems, see Common Prolems and Solutions. 6 Trouleshooting How does the Bypass Kit work? During normal Sensor in-line, fail-open operation, the Fail-Open or uilt-in Control port (depending on which controls the ypass switch) supplies power and a hearteat signal to the ypass switch. If this signal is not presented within its programmed four-second interval, the Fail-Open ypass switch removes the Sensor from the data path, and moves into ypass mode, providing continuous data flow with little network interruption. While the Sensor is in ypass mode, traffic passes directly through the switch, ypassing the Sensor. When normal Sensor operation resumes, you may or may not need to manually re-enale the monitoring ports from the Manager interface, depending on the activity leading up to the Sensor's failure. The following section descries how to return the Sensor to in-line mode. Moving from ypass mode ack to in-line mode Moving from ypass mode ack to in-line mode involves the following: Manual Sensor reoot Sensor error Manual Sensor reoot Certain normal Sensor activity involves a reoot, such as installation of a new Sensor software image or a manual reoot issued from the Manager. If the Sensor reoots during normal activity, no manual intervention is necessary. When the switch receives power and a hearteat signal from the Sensor, it sends traffic through the Sensor and the Sensor resumes monitoring traffic in in-line mode. Sensor error If the Sensor reoots due to internal error, hardware failure, removal of the Bypass Switch during normal operation or disruption of the Sensor or Bypass switch cales during Sensor operation, the Monitoring ports connected to the Bypass Switch are automatically disaled. You must re-enale the ports via the Manager to resume monitoring mode. When the ports are re-enaled, the Sensor resumes monitoring traffic in in-line mode. 8

What happens in a Sensor failure? When a Sensor fails with the Bypass Kit in place, the following events occur in the order shown. a The Manager reports a "Sensor in ad health" or "Port pair is in ypass mode" error in the Operational Status pane. The Sensor reoots and Bypass Switch egins forwarding traffic. All traffic then ypasses the Sensor and flows across the Bypass Switch with minimal traffic disruption. A Sensor reoot reaks the link connecting the devices on either side of the Sensor and requires the renegotiation of the network link etween the two devices surrounding the Sensor. Depending on the network equipment, this disruption should range from a couple of seconds to more than a minute with certain vendors' devices. c Upon reoot completion, the Sensor resumes its hearteat, and one of the following occurs: 1) If the reoot happened during normal activity as descried aove, the Bypass Switch resumes passing data through the Sensor and the Sensor returns to in-line mode. 2) If the reoot occurred due to an error, the Bypass Switch will continue to ypass the Sensor until the Sensor ports are re-enaled from the Manager. After the ports are re-enaled, the Bypass Switch resumes passing data through the Sensor and the Sensor returns to in-line mode. A very rief link disruption might occur while the links are renegotiated to place the Sensor ack in in-line mode. d The errors on the Manager are cleared and normal health is reported. Common Prolems and Solutions This section lists some common installation prolems and their solutions. Prolem Possile Cause Solution LED is off. The control cale has een disconnected Check the control cale and ensure it is properly connected to oth the Sensor and the Bypass Switch. LED is off. The Sensor is powered off. Restore Sensor power LED is off. Sensor is operational, ut is not monitoring traffic Sensor is operational, ut is not monitoring traffic. The Sensor port cale is disconnected. Network device cales have een disconnected. The Sensor ports have not een enaled in the Manager. Check the Sensor cale connections. Check the cales and ensure they are properly connected to oth the network devices and the Bypass Switch. The Sensor will not monitor traffic on the ports unless the ports are enaled in the Manager. Ports are disaled in a Sensor failure; they must e re-enaled for Sensor monitoring to resume. 9

Prolem Possile Cause Solution Network or link prolems. Runts or giants errors on switch and routers. The system fault "Switch asent" appears in the Manager Operational Status window. Improper caling or port configuration. Improper caling or port configuration. The control cale has een disconnected. Ensure that the transmit and receive cales are properly connected to the Bypass Switch. Ensure that the transmit and receive cales are properly connected to the Bypass Switch. Check the control cale and ensure it is properly connected to oth the Sensor and the Bypass Switch. Copyright 2014 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and rands may e claimed as the property of others. 10 700-3602C00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information