McAfee Network Security Platform

Similar documents
McAfee Network Security Platform

Quick Start Guide. Cisco Small Business. 200E Series Advanced Smart Switches

Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

BIG-IP ASM plus ibypass Switch

Quick Start Guide. 500 Series Stackable Managed Switches

Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Configuring the Switch with the CLI-Based Setup Program

ACU-1000 Manual Addendum Replacement of CPM-2 with CPM-4

Quick Start Guide. WAP371 Wireless AC/N Dual Radio Access Point with Single Point Setup Quick Start Guide. Cisco Small Business

How to Set Up Your NSM4000 Appliance

Quick Start Guide. RV0xx Series Routers

Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports

Deployment Guide: Transparent Mode

4 Ports + 3 SFP Gigabit Smart Switch Use Manual. Ver.A0

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Quick Start Guide. Cisco Small Business. 200 Series 8-Port Smart Switches

Dominion KX II-101-V2

Barracuda Link Balancer

Monitoring the Switch

Barracuda Link Balancer Administrator s Guide

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Prestige 324. Prestige 324. Intelligent Broadband Sharing Gateway. Version 3.60 January 2003 Quick Start Guide

Best Practices Guide Revision E. McAfee Network Security Platform 8.1

IPS Anti-Virus Configuration Example

AT-S99 and AT-S102 Version Management Software for the Converteon Media Converter Products. Software Release Notes

Cisco S380 and Cisco S680 Web Security Appliance

BEC 6200WZL. 4G/LTE Cellular Broadband Router. Quick Start Guide

BRI to PRI Connection Using Data Over Voice

ETHERNET WEATHER STATION CONNECTIONS Application Note 33

LifeSize Networker Installation Guide

SecureLinx Spider Duo Quick Start Guide

Prestige 324 Quick Start Guide. Prestige 324. Intelligent Broadband Sharing Gateway. Version V3.61(JF.0) May 2004 Quick Start Guide

McAfee Firewall Enterprise

M-3050/M-4050 Sensor Product Guide Revision B. McAfee Network Security Platform

Quick Installation Guide. Live! Titanium

N300 WiFi Range Extender WN2000RPT User Manual

IPS Attack Protection Configuration Example

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Networking Guide Redwood Manager 3.0 August 2013

How To - Deploy Cyberoam in Gateway Mode

Cascade Profiler Fibre Channel SAN Attached Storage Installation Guide. Version 8.2 March 2009

UPS Network Interface. Quick InstallationGuide

HP StorageWorks 8Gb Simple SAN Connection Kit quick start instructions

Installation Guide for. 10/100 to Triple-speed Port Aggregator. Model TPA-CU Doc. PUBTPACUU Rev. 1, 12/08. In-Line

To perform Ethernet setup and communication verification, first perform RS232 setup and communication verification:

Chapter 1 Connecting the Router to the Internet

Unpacking the Product. Rack Installation. Then, use the screws provided with the equipment rack to mount the firewall in the rack.

HP ProLiant DL380 G5 High Availability Storage Server

Acano solution. Acano Solution Installation Guide. Acano. January B

Managing Latency in IPS Networks

Connecting the DG-102S VoIP Gateway to your network

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

Industrial L2+ Managed Gigabit/ 10 Gigabit Ethernet Switch. IGS-5225 Series. Quick Installation Guide

NetScanner System. Toronto: , Montreal: , Toll Free: ,

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Wireless Router Setup Manual

iboss Enterprise Deployment Guide iboss Web Filters

Gigabit Switching Ethernet Media Converters - Product User Guide

WRE6505. User s Guide. Quick Start Guide. Wireless AC750 Range Extender. Default Login Details. Version 1.00 Edition 1,

2012 uptimedevices.com

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

Panorama High Availability

CM500 High Speed Cable Modem User Manual

SNMP Web Management. User s Manual For SNMP Web Card/Box

Vantage RADIUS 50. Quick Start Guide Version 1.0 3/2005

10/ English Edition 1. Quick Start Guide. NWA1100N-CE CloudEnabled Business N Wireless Access Point

50-Port 10/100/1000Mbps with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

Voice Over Internet Protocol (VoIP) Configuration

* Rev A* PN Rev A 1

LotWan Appliance User Guide USER GUIDE

User Manual. EtherUSB

GV-Data Capture V3 Series User's Manual

McAfee Network Security Platform Administration Course

PePWave Surf Series PePWave Surf Indoor Series: Surf 200, AP 200, AP 400

QUICK START GUIDE. Cisco C170 Security Appliance

Load Balancing ContentKeeper With RadWare

Ethernet. Customer Provided Equipment Configuring the Ethernet port.

Quick Start Guide. RV 120W Wireless-N VPN Firewall. Cisco Small Business

Fail-Safe IPS Integration with Bypass Technology

If you are unable to set up your Linksys Router by using one of the above options, use the steps below to manually configure your router.

Network Video Recorder. User s Manual v Model: SVR-504/508/516/516+

GlobalSCAPE DMZ Gateway, v1. User Guide

TCP/IP MODULE CA-ETHR-A INSTALLATION MANUAL

Network Monitoring User Guide Pulse Appliance

EMBEDDED ACCESS CONTROL Hardware Installation Guide

ProSAFE 8-Port and 16-Port Gigabit Click Switch

Quick Start Guide. Cisco SPA232D Mobility Enhanced ATA

IX Support Tool Setting Manual

Application Notes for Configuring NMS Adaptive Desktop SMS with Avaya IP Office R8.0 using Avaya IP Office TAPI Service Provider - Issue 1.

IP DSLAM IDL Quick Installation Guide

ENET-710. ENET Ethernet Module ENET-710 JAN / 06 FOUNDATION

Setting Up the Cisco Unified IP Phone

Prisma II Software Upgrade Program (SOUP) Installation Guide

SIP Proxy Server. Administrator Installation and Configuration Guide. V2.31b. 09SIPXM.SY2.31b.EN3

T3 Mux M13 Multiplexer

Transcription:

10 Gigabit Optical Active Fail-Open Bypass Kit Guide Revision E McAfee Network Security Platform This document describes the contents and how to install the McAfee 10 Gigabit Optical Active Fail-Open Bypass Kit (the Kit) for McAfee Network Security Sensor (Sensor) M-series and NS-series models with standard 10 Gigabit Small Form Factor Pluggable Module (XFP) monitoring ports, how the Kit functions, and what to expect during normal use. The Kit contains an Active Fail-Open Optical Bypass Switch (Optical Bypass Switch) and all the connecting components to connect the switch to the monitoring ports of the Sensor. Additional cables may be required to connect the Optical Bypass Switch to your other network devices such as, routers or switches. You may not require all the components included in the Kit. For example, you will use only one of the two types of cable included in the Kit. The Optical Bypass Switch can be configured for the following Sensor models: NS9300, NS9200, NS9100, M-8000, M-6050, M-4050, and M-3050. The 10 Gigabit optical monitoring ports on the Sensor are fail-closed; thus, if the Sensor is deployed in-line, a hardware failure results in network downtime. Fail-open operation for the monitoring ports requires the use of an optional external Optical Bypass Switch provided in the Kit. With the Optical Bypass Switch in place, the switch receives power from the dual power adapters (for power redundancy, use two independent power sources). When the Sensor is operating, the switch is On and routes all traffic directly through the Sensor. When the Sensor fails, the switch automatically shifts to a bypass state: in-line traffic continues to flow through the network link, but is no longer routed through the Sensor. Once the Sensor resumes normal operation, the switch returns to the On state, again enabling in-line monitoring. During normal Sensor in-line fail-open operation, the Optical Bypass Switch sends a heartbeat signal (1 every 10 milliseconds) to the monitoring port pair. If the Optical Bypass Switch does not receive 10 heart beat signals within its programmed interval, the Optical Bypass Switch removes the Sensor s monitoring port pair from the data path, and moves the Sensor into the bypass mode, providing continuous data flow. In the event the Optical Bypass Switch loses power, traffic will bypass the IPS Sensor monitoring ports, and will be forwarded to the peer device (after renegotiation). Since there is no heartbeat signal during this period, the status of the Sensor monitoring port pair will be displayed as AUK (unknown) in the Port Settings page. 1

The Optical Bypass Switch with SNMP monitoring provides the additional feature of raising SNMP faults to track events. The Optical Bypass Switch can raise faults for the following events: Utilization exceeds the threshold on any port Any port link status changes Either power supply state changes You can use the Web and System Managers to configure and remotely manage the Optical Bypass Switch. The Web Manager is used to monitor and control individual Optical Bypass Switches and the System Manager is used to view/change the system status settings and retrieve data from the configured Optical Bypass Switch. For more information, see NetOptics Documentation. McAfee supports two different models of 10 Gigabit Optical Bypass Switches single (SR) and multiple (LR) modes. Note that the two external XFPs [850nm and 1310 nm] required for your setup must be purchased separately. For the multi-mode, you must use the 850 nm XFP; for the single-mode, the 1310 nm XFP is required. The following external hardware is shipped with the Kit: Quantity Items 2 Power supplies/cords 1 RS-232 programming cable 2 2 LC fiber cables (models BPO-HBSX-LC0, BPO-HB-LX/SX, and BPO-HBLX-SC/LC) or 2 LC-to-SC cables (model BPO-HBSX-SC/LC) 1 Quick Start Guide 1 Rack mounting panel Power supply specification: Specification Manufactured by: Condor P/N: SA-123AOI INPUT: 100-240VAC ~ 0.8A 47~63Hz OUTPUT: 12V === 3.0A If any component from the preceding table is missing or damaged, contact McAfee Technical Support at http://mysupport.mcafee.com. 1 Install the Optical Bypass Switch on a rack You can install the kit on a two slot 19 inch panel and the mounted kit occupies one rack unit. 2

Install the Optical Bypass Switch on the rack mount panel a b Slide the Optical Bypass Switch into the opening on the rack-mount panel, until the faceplate of the switch rests against the panel. Secure the Optical Bypass Switch to the rack-mount panel by inserting the thumb screws through the holes on the panel. Additional Optical Bypass Switches can be installed without removing the rack-mount panel from the rack. Install an additional Optical Bypass Switch a b Remove the screws holding one of the removable blank plates from the front of the panel. Follow the procedure for installing a switch in the rack-mount panel for the additional Optical Bypass Switch(es). Install the panel and switch(es) on a rack a b Place the 1U panel against the front of a standard 19-inch rack. Secure the rack-mount panel by inserting the screws (included with the rack-mount panel) through the holes on front of the panel and the sides of the rack. 2 Connect the Bypass Switch to a network device a b c d Plug an inside network cable connector into the Network port labeled A on the Bypass Switch. Plug the other end of this cable into the corresponding network device. Plug an outside network cable into the Network port labeled B on the Bypass Switch. Plug the other end of this cable into the corresponding network device. 3 Connect the Optical Bypass Switch to a Sensor with XFP ports The physical connection between the Optical Bypass Switch and the Sensor differs by Sensor model and port pair. The number of XFP monitoring ports available on the M-8000 is 12 (6 in the Primary and 6 in the Secondary Sensors). 3

For example: The following diagram shows the example of the Optical Bypass Switch connected to port pair of an M-8000 Sensor. Item Description 1 10 Gigabit Optical Bypass Switch. The LFD (Link Fault Detect) and bypass detecting mode settings cannot be changed. 2 Connection to network device (inside) 3 Connection to network device (outside) 4 Monitoring port A (inside) connection to port 1A (fiber XFP) 5 Monitoring port B (outside) connection to port 1B (fiber XFP) 6 Monitoring port in M-8000. The M-8000 Sensor has 12 Gigabit Ethernet monitoring ports (six pairs) and supports up to six kits. 1 Plug a LC fiber cable (inside) into the fiber XFP. 2 Plug the other end of the cable into the monitoring port labeled 1 on the Optical Bypass Switch. 4

3 Plug a LC fiber cable (outside) into the corresponding peer port. (For example, if you used 1A in step 1, plug the cable into port 1B). 4 Plug the other end of the cable into the monitoring port labeled 2 on the Optical Bypass Switch With this cable configuration, Sensor monitoring port 1A views traffic as originating inside the network, and port 1B views traffic as originating outside the network. Note that this configuration (1A = outside, 1B = inside) must match the port configuration specified for this Sensor, and that the ports must be enabled. For more information, on port configuration accomplished via the Manager, see McAfee Network Security Platform IPS Administration Guide. 4 Log on to the Optical Bypass Switch Accessing the CLI command prompt: 1 Ensure the power to the Optical Bypass Switch is On. 2 Using a DB-9 RS232 programming cable, connect a PC that is running the HyperTerminal to the Optical Bypass Switch. 3 Launch a terminal emulation software such as HyperTerminal, and set the following communication parameters: Bits per second: 19200 Stop bit: 1 Data bits: 8 Flow control: None Parity: None 4 Click OK. The CLI banner and login prompt are displayed. 5 Type the default username and password. The default username and password is McAfee, and is case sensitive. McAfee strongly recommends that you change the default login credentials for security purposes. For information on the CLI commands, see the chapter, Fail-Open operation in Sensors in the IPS Administration Guide. 5

5 Set the Optical Bypass Switch parameters The details of the commands used in the port configuration are displayed in the following table: Table 1 Commands Command Description a Set the timeout value. To set the Timeout value, do the following: Type a and press Enter. TimeOut period (1-254 milliseconds) Type the number of milliseconds between each heartbeat (1-254 milliseconds) and press Enter. Default = 10 msec. Retry Count (1-254) Type the number of missed heartbeats allowed before the Bypass Switch enters On mode. Default = 10. The Retry Count must be greater than or equal to the Timeout period. b Set Switch parameters. To set speed duplex and auto-negotiation, LFD, bypass detect: 1= turn On. 0 = turn Off. Fail Mode Open/Close= 1 The LFD and Bypass detecting mode settings cannot be changed. c Set TAP mode. Type c and press Enter. Type 1 to set the tap mode On or 0 to set the tap mode Off. Default = Off. d Show configuration. Type d and press Enter. The following is displayed: LFD = On Timeout Period= 10 msec Bypass Detect= Off Retry Count= 10 Fail Mode= Open Bypass State= On TAP Mode= Off e Show port status. Type e and press Enter. The following is displayed: Port A= Up/Down Port B= Up/Down Port 1= Up/Down Port 2= Up/Down 6

Table 1 Commands (continued) Command Description f z Set Switch name. Type f and press Enter. At the prompt, type the Switch name, which can be 8 characters long. Reset to factory defaults. 6 Deploy the Optical Bypass Switch: inline vs tap The Optical Bypass Switch can be configured to operate in inline and tap modes. McAfee recommends customers to deploy Network IPS in inline mode. However, if you decide to install Network IPS in tap mode, there is an option available in Optical Bypass Switch to switch from tap mode to inline mode when your network is experiencing symptoms of potential denial of service attacks or if you need to block certain threats for a short period of time. After the period is over, you can switch back to tap mode deployment. Configure the Optical Bypass Switch in tap mode To change the Optical Bypass Switch from inline to tap mode: a Type set mode <1 2> on the CLI command prompt. Parameter Description 1 sets the Tap mode On 2 sets the Tap mode Off (Default) You can configure the Optical Bypass Switch to tap mode only using CLI. Tap mode cannot be set using the Manager. To verify if the connection is in tap mode, do the following: b c Click Devices <Admin_Domain_Name> Devices <Device_Name> Setup Physical Ports Verify that Tap is displayed for the corresponding port. This indicates the operating mode of the Optical Bypass Switch. 7

d e Click on the port to navigate to the Monitoring Port panel. Verify that the Operating Mode is displayed as In line Fail Open Active. This indicates the operating mode of the Sensor monitoring port. 8

Configure the Optical Bypass Switch in in-line mode You configure the Sensor monitoring ports from the Manager interface. The port configuration must match the cabling of the switch, the ports must be set to In-line Fail-open Active (Port Pair) and must be enabled. a In the Manager interface, select Devices <Admin_Domain_Name> Devices <Device_Name> Setup Physical Ports. b Click a numbered port (for example 1/5) from monitoring ports.. The Monitoring Port panel displays current port settings. c d e f In the Port Configuration, do the following: a Select Allow Only McAfee Certified Modules. Select the State as Enabled. Select the Operating Mode as In-line Fail-Open Active. For the message Are the Active Fail-open Kit connected? select Yes if you have already connected the Optical Bypass Switch. 9

g h i j Select the area of your network to which the current port is connected: Inside (internal) or Outside (external) Click OK. Open the Optical Bypass Switch HyperTerminal session. Repeat steps 1-8 for any other ports you need to configure. For more information on configuring monitoring ports, see McAfee Network Security Platform IPS Administration Guide. 7 Verify proper installation Once the Optical Bypass Switch has been connected to the network and the Sensor, check the switch s green status LED to verify that the switch is receiving power from the power adaptors and check the port status and operating mode status in the Sensor interface to ensure that the port is enabled and in in-line fail-open active mode. Status LED on the Optical Bypass Switch Table 2 Item Description 1 The two power LEDs indicate power status. Each LED glows when the power is connected to the Optical Bypass Switch. 2 The two LEDs indicate the Optical Bypass Switch mode. When Bypass On is illuminated, traffic is not flowing through the in-line device. When Bypass Off is illuminated, traffic is routed through the in-line device. When the Optical Bypass Switch loses power, traffic continues to flow through the network link, but is no longer routed through the Optical Bypass Switch. This allows network devices to be removed and replaced without network downtime. 3 When traffic is flowing through the ports the LEDs are illuminated. 4 When traffic is flowing through the ports the LEDs are illuminated. 10

Port and Operation mode status The port status and operating mode status for in-line fail-open mode are as follows: Table 3 LED Port Color on the Sensor Operation mode status Gigabit Ports Link Gigabit Ports Act Green Off Amber Off The link is connected. The link is disconnected. Data transferring. No data transferring. Port status on the Central Manager Table 4 Port Status In-line Failopen Port Status Port color on the Sensor Green Operating Mode Status The Sensor is in in-line fail-open mode. Switch Absent Red The Optical Bypass Switch is not present. Verify that the component is connected properly. After connecting, check the Operational Status. N/A Gray The Optical Bypass Switch is not present. Verify that the component is connected properly. After connecting, check the Operational Status. In-line Bypass Yellow The Sensor is down and the Optical Bypass Switch has been activated. The Sensor does not monitor during this time. Unknown Teak Unable to get the status of the Optical Bypass Switch from Sensor. Check the Operational Status. 11

Verification process At the Sensor console on the HyperTerminal, type show intfport 1A. The configuration of the Sensor interface port is displayed. On the Sensor console, the Operational Status field should display Up. On the Sensor, go to the Configuration page, and select Device List Sensor_Name Physical Sensor Port Settings. Look at the color representing the ports, and check the color legend on the screen to see the status of the Sensor s ports. 8 Troubleshooting How does the Optical Bypass Switch work? During normal Sensor in-line fail-open operation, the Optical Bypass Switch sends a heartbeat signal (1 every 10 milliseconds) to the monitoring port pair. If the Optical Bypass Switch does not receive 10 heart beat signals within its programmed interval, the Optical Bypass Switch removes the Sensor's monitoring port pair from the data path, and moves the Sensor to the bypass mode, providing continuous data flow. While the Sensor is in bypass mode, traffic passes directly through the Optical Bypass Switch, bypassing the Sensor. When normal Sensor operation resumes, you may or may not need to manually re-enable the monitoring ports from the Manager interface, depending on the activity leading up to the Sensor's failure. The Optical Bypass Switch packets are sent in both directions (that is, inbound and outbound.) The following section describes how to return the Sensor to in-line mode: Move from bypass mode back to in-line mode Moving from bypass mode back to in-line mode involves the following: Manual Sensor reboot 12

Certain normal Sensor activity involves a reboot, such as installation of a new Sensor software image or a manual reboot issued from the Manager. If the Sensor reboots during normal activity, no manual intervention is necessary. When the switch receives power from the power adaptor and a heartbeat signal from the Sensor, it sends traffic through the Sensor and the Sensor resumes monitoring traffic in in-line mode. Sensor Error If the Sensor reboots due to internal error, hardware failure, removal of the Optical Bypass Switch during normal operation or, disruption of the Sensor or the Optical Bypass Switch cables during Sensor operation, the monitoring ports connected to the Optical Bypass Switch are automatically enabled when the Sensor resumes monitoring traffic in in-line mode. What happens in a Sensor failure? When a Sensor fails with the Optical Bypass Switch in place, the following events occur in the order shown. a b c The Manager reports a Sensor in bad health or Port pair is in bypass mode error in the Operational Status window. The Sensor reboots and the Optical Bypass Switch begins forwarding traffic. All traffic then bypasses the Sensor and flows across the Optical Bypass Switch with minimal traffic disruption. Upon reboot completion, the Optical Bypass Switch resumes its heartbeat, and one of the following occurs: 1) If the reboot happened during normal activity as described above, the Optical Bypass Switch resumes passing data through the Sensor once the Sensor returns to in-line mode. 2) If the reboot occurred due to an error, the Optical Bypass Switch will continue to bypass the Sensor until the Sensor ports are re-enabled automatically. Once the ports are re-enabled, the Optical Bypass Switch resumes passing data through the Sensor and the Sensor returns to in-line mode. d The errors on the Manager are cleared and normal health is reported. What happens if one of the 2 network port is down If only one of the 2 network ports that the Optical Bypass Switch is connected to goes down, the Optical Bypass Switch will bring down the peer network port when LFD option is enabled (enabled by default). When this happens, the ports of the Optical Bypass Switch connected to IPS Sensor ports will remain up but traffic will not be inspected by IPS. Common Problems and Solutions This section lists some common installation problems and their solutions. 13

Problem Possible Cause Solution Network or link problems. Sensor LED is off. Sensor is operational, but is not monitoring traffic. The Optical Bypass Switch power LEDs are off. Runts or giants errors on switch and routers. The system fault Switch absent appears on the operational status page of the Manager. Improper cabling or port configuration. The Sensor is powered off. The Sensor port cable is disconnected. Network device cables have been disconnected. The Sensor ports have not been enabled in the Sensor. If the power LEDs do not illuminate on the bypass switch, it indicates that either the power supply is not connected or it is not functioning. Improper cabling or port configuration. Improper cabling. Ensure that the transmit and receive cables are properly connected to the Optical Bypass Switch. Restore Sensor power. Check the Sensor cable connections. Check the cables and ensure they are properly connected to both the network devices and the Optical Bypass Switch. Ports are disabled on a Sensor failure; they must be re-enabled in the Manager for the Sensor monitoring to resume. Check the connection of the power supply in the Optical Bypass Switch. It indicates that either the power supply is not connected or it is not functioning. Ensure that the transmit and receive cables are properly connected to the Optical Bypass Switch. Ensure that the transmit and receive cables are properly connected to the Optical Bypass Switch. 14

15

Copyright 2015 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 16 700-3608E00

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information