McAfee M-2850 Manual de usuario

M-2850/M-2950 Sensor Product Guide

Revision F

McAfee® Network Security Platform

TRADEMARK ATTRIBUTIONS

McAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,

McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,

LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE

GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE

CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE

RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU

DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF

APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

2McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide

Contents

Preface 5

About this guide ................................... 5

Audience ...................................5

Conventions ..................................5

What's in this guide ...............................6

Find product documentation ...............................6

1Introducing Network Security Sensors 7

About the M-2850/M-2950 Sensor .............................7

M-2850/M-2950 key features .............................. 8

M-2850/M-2950 physical description ............................8

Ports on the Sensor ...............................8

Front and back panel LEDs ............................10

2Before you install 13

Usage restrictions .................................. 13

Safety measures ...................................13

Working with ber-optic ports ..............................14

Contents of the Sensor box ...............................14

Unpack the Sensor ..................................15

3Setting up the Sensor 17

Setup overview ................................... 17

Position the Sensor ..................................17

Install the rails and ears on the chassis and rack ....................17

Mount the Sensor on a rack ........................... 18

Remove a Sensor from the rack .......................... 18

Redundant power supply ............................... 19

Install the power supply .............................19

Remove the power supply ............................ 19

Cable the Sensor .................................. 20

Small form-factor pluggable modules ...........................20

SFP module ................................. 21

Power on the Sensor ................................. 22

Power o the Sensor .................................22

4Attaching cables to the Sensor 23

Cable the Console port ................................ 23

Cable the Auxiliary port ................................ 24

Cable the fail-open port ................................24

Cable the Management port .............................. 24

Cable the Monitoring ports ...............................24

How to use peer ports ............................. 25

Default Monitoring port speed settings ....................... 25

Cable types for routers, switches, hubs, and PCs ....................25

McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide 3

Cable for in-line ...................................26

Connect the cables for tap mode .............................26

Connect the cables for SPAN or hub mode ......................... 27

Cable the fail-over interconnection ............................27

About the fail-open hardware ..............................27

5Troubleshooting the Sensor 29

ATechnical specications 31

BRegulatory, compliance, and safety information 33

Index 35

Contents

4McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide

Preface

This guide provides the information you need to congure, use, and maintain your McAfee product.

Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this

guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

•Administrators — People who implement and enforce the company's security program.

•Users — People who use the computer where the software is running and can access some or all of its

features.

Conventions

This guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, or provide an

alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation, network,

business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product

McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide 5

What's in this guide

This guide contains information necessary to setup your M-2850/M-2950 Sensor model. This information

includes guiding you through preconguring, cabling, and troubleshooting your Sensor.

Find product documentation

On the ServicePortal, you can nd information about a released product, including product documentation,

technical articles, and more.

Task

1Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2In the Knowledge Base pane under Content Source, click Product Documentation.

3Select a product and version, then click Search to display a list of documents.

Preface

Find product documentation

6McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide

1Introducing Network Security Sensors

This section describes the McAfee® Network Security Sensors at a high-level and also describes the McAfee®

M-2850/M-2950 Network Security Sensor (Sensor) in detail.

Sensors are high-performance, scalable, and exible content processing appliances built for the accurate

detection and prevention of intrusions, misuse, distributed denial of service (DDoS) attacks, and network access

control(NAC) of hosts. When deployed at key access points, a Sensor provides real-time trac monitoring to

detect malicious activity, and respond to the malicious activity as congured by the administrator.

After the Sensor is deployed and communication established, Sensors are congured and managed using the

McAfee Network Security Manager (Manager) server.

The process of conguring a Sensor and establishing communication with the Manager is described in the later

chapters of this guide. The Manager server is described in detail in the McAfee Network Security Platform Manager

Administration Guide.

Contents

About the M-2850/M-2950 Sensor

M-2850/M-2950 key features

M-2850/M-2950 physical description

About the M-2850/M-2950 Sensor

The M-2850/M-2950 Sensor provides eective network access control (NAC) of hosts.

The M-2850/M-2950 Sensor provides eective network IPS functionality as well as network access control (NAC)

of hosts.

The IPS functionality involves providing real-time detection and prevention of threats and known, zero-day, or

encrypted attacks. The Sensor can perform many types of attack responses, including generating alerts and

packet logs, resetting TCP connections, "scrubbing" malicious packets, and blocking attack packets entirely

before they reach the intended target.

NAC hosts involves regulating access to network resources based on host Operational Status level (Standard/

DHCP NAC), identity of the user logged into the host (IBAC) or both, and OOB NAC (L2, L3 ). The Sensor also

provides the Hybrid NAC functionality where a host is rst subjected to DHCP-NAC and then Standard NAC at

dierent ports of the same Sensor. For more information on the NAC functionality and congurations of the

Manager, see McAfee® Network Security Platform NAC Administration Guide.

Throughout this guide, the terms 'Sensor' and 'M-2850/M-2950' refer to the M-2850 or the M-2950 Sensor in

general.

McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide 7

M-2850/M-2950 key features

M-2850 M-2950

600 Mbps 1 Gbps

1 RJ-45 10/100/1000 Management port 1 RJ-45 10/100/1000 Management port

12 SFP one gigabit Ethernet monitoring ports 12 SFP one gigabit Ethernet monitoring ports

6 RJ-11 fail-open Control ports 6 RJ-11 fail-open Control ports

1 Response port 1 Response port

Dual power supply Dual power supply

External Compact Flash port External Compact Flash port

M-2850/M-2950 physical description

A high-port density M-2850/M-2950 Sensor, is designed for high bandwidth links, and is equipped with twenty

Fast Ethernet ports (or interfaces). This Sensor can monitor ten 1 Gbps Ethernet segments in full-duplex mode

(tap or in-line), and twenty segments in half-duplex mode (monitoring SPAN ports or hubs). M-2850/M-2950 can

monitor upto 600 Mbps of aggregate trac.

M-2850/M-2950 Sensor supports both built-in fail-open as well as conguring of external fail-open hardware.

Both passive and active fail-open kits (sold separately) are supported.

Ports on the Sensor

The M-2850/M-2950 Sensor is a 2RU (2 rack unit) and is equipped with the following components.

Figure 1-1 The front panel

Item Description

1 RJ-45 10/100/1000 Management port (1)

2 RS-232C Console port (1)

3 RS-232C Auxiliary port (1)

4 RJ-11 fail-open Control ports (6)

5 SFP one Gigabit Ethernet Monitoring ports (12)

6 External Compact Flash port (1)

7 Front panel LEDs (4)

1Introducing Network Security Sensors

M-2850/M-2950 key features

8McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide

Item Description

8 RJ 45 10/100/1000 Ethernet Monitoring ports (8)

9 Bypass LEDs (4)

Figure 1-2 The back panel

Item Description

10 Power supply A (included)

11 Power supply B (optional and sold separately)

12 Back panel LEDs (5)

1One RJ-45 10/100/1000 Management port, which is used for communication with the Manager server. You

can assign an IP address to this port during installation.

2One RS-232C Console port, which is used to set up and congure the Sensor using the CLI.

3One RS-232C Auxiliary port, which may be used to dial in remotely to set up and congure the Sensor.

4Six RJ-11 fail-open Control ports, designed for use the Optical fail-open bypass kit. Both optical and copper

kits can use these ports if congured in passive fail-open mode. The ports are marked X1, X2, X3, X4, X5, X6,

are used in conjunction with ports 1A/1B, 2A/2B, 3A/3B, 4A/4B, 5A/5B, 6A/6B, respectively.

5Twelve small form-factor pluggable (SFP) 1 Gigabit Monitoring ports, which enable you to monitor ten

Ethernet segments in-line.

If you choose to run in fail-over mode, port 6A is used to interconnect with a standby M-2850/M-2950

Sensor.

The gigabit ports of the M-2850/M-2950 running in In-line mode fail closed, meaning that if the Sensor fails, it

will interrupt/block data ow. Refer to the Gigabit Fail-Open Bypass Kit Guide for more information.

6One External Compact Flash port. This port is used only for ash recovery purposes. That is, this port is

used in troubleshooting situations where the Sensor's internal ash is corrupted and you need to reboot the

Sensor through the external compact ash. For more information, see the on-line KnowledgeBase at http://

mysupport.mcafee.com/Eservice/, where you need to click Search the KnowledgeBase.

7Four front panel LEDs, The LEDs which indicate the Sensor's general operational status.

8Four RJ-45 10/100/1000 Ethernet Monitoring port, which enable you to monitor four Ethernet segments

in-line. Also, built-in fail-open is available on ports 7-10.

9Four Bypass LEDs, which indicate the bypass status of the Sensor.

10 Primary Power Supplies—PWR A (included). Power supply A is included with each Sensor. The supply uses

a standard IEC port (IEC320-C13). McAfee provides a standard; 2m NEMA 5-15P (US) power cable (3 wire).

International customers must procure a country-appropriate power cable.

Introducing Network Security Sensors

M-2850/M-2950 physical description 1

McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide 9

11 Power Supplies—PWR B (optional, and can be purchased separately). Power supply B is a hot-swappable,

redundant power supply. This power supply also uses a standard IEC320-C13 port, and you can use the

McAfee--provided cable or acquire one that meets your specic needs.

12 Five Back panel LEDs. The LEDs which indicate the Sensor's fan and power supply operational status.

Front and back panel LEDs

Figure 1-3 Front panel LEDs

Figure 1-4 Back panel LEDs

Region in the image LEDs represented here

1 Sys, Temp, Flash, Fan

2 Power A

3 Back panel fan LEDs

4 Management Port Speed, Management Port Link, Response Port Speed, Response Port

Link

5 Gigabit Ports (SFP) Act, Gigabit Ports (SFP) Link

6 Fail-Open Control Port FO, Fail-Open Control Port Err

7 Bypass LEDs

The front panel LEDs provide status information for the health of the Sensor and the activity on its ports. The

back panel LEDs provide information regarding the Sensor fans and the power supply.

The following tables describe the front and back panel LEDs of M-2850/M-2950:

LED Status Description

Sys Green

Amber

Sensor is operating.

Sensor is booting. (It could also indicate a system failure.)

Temp Green

Amber

Inlet air temperature measured inside chassis is normal. (Chassis temperature OK.)

Inlet air temperature measured inside chassis is too hot. (Chassis temperature too hot.)

1Introducing Network Security Sensors

M-2850/M-2950 physical description

10 McAfee® Network Security Platform M-2850/M-2950 Sensor Product Guide

Este manual sirve para los siguientes modelos

Tabla de contenidos

Otros manuales de Accesorios de McAfee

McAfee

McAfee IIP-S03K-NA-100I - IntruShield 3000 Sensor... Manual de usuario

McAfee

McAfee M-8000XC Manual de usuario

McAfee

McAfee IIP-M15K-ISAA - Network Security Platform... Manual de usuario

McAfee

McAfee IIP-M80K-ISAA - Network Security Platform... Manual de usuario

McAfee

McAfee IIP-S14C-NA-100I - IntruShield 1400 Sensor... Manual de usuario

McAfee

McAfee IFO-M65K-ISAA - Network Security Platform M-6050... Manual de usuario

McAfee

McAfee IIP-M65K-ISAA - Network Security Platform... Manual de usuario

McAfee

McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor... Manual de usuario

Manuales populares de Accesorios de otras marcas

Hillco

Hillco 2810 Manual de usuario

Siemens

Siemens QSA2700D Manual del operador

Contours

Contours ZY024 Manual de usuario

Saivod

Saivod VS621 Manual de usuario

Virtuox

Virtuox VirtuCLEAN 2.0 Manual de usuario

SCE

SCE ENVIRO-THERM SCE-TE170B24VSS Manual de usuario

Z-Wave

Z-Wave HSD-200Z Manual de usuario

turck

turck FMX-IM-2UPLI63FX Manual de usuario

Decagon Devices

Decagon Devices 10HS Manual de usuario

UPPAbaby

UPPAbaby Cup Holder Manual de usuario

Elko

Elko SmartSensor Leakage Wireless Manual de usuario

Grizzly

Grizzly H8371 Manual de usuario

Panasonic

Panasonic HG-T Series Manual de usuario

IFM Electronic

IFM Electronic Efector 250 Series Guía de referencia

DigiDesign

DigiDesign 888/24 I/O Manual de usuario

PROZIS

PROZIS QUAY Manual de usuario

patagonia

patagonia PSI Vest Manual de usuario

SFC Energy

SFC Energy EFOY GO! Manual de usuario