Trellix FireEye EX Series Manual de instrucciones
EX Series
Hardware Administration Guide
EX 8600
FEI-019
Trellix, FireEye, and Skyhigh Security are the trademarks or registered
trademarks of Musarubra US LLC, FireEye Security Holdings US LLC,
and their affiliates in the US and /or other countries. McAfee is the
trademark or registered trademark of McAfee LLC or its subsidiaries
in the US and /or other countries. Other names and brands are the
property of these companies or may be claimed as the property of
others.
FireEye Security Holdings US LLC assumes no responsibility for any
inaccuracies in this document. FireEye Security Holdings US LLC
reserves the right to change, modify, transfer, or otherwise revise this
publication without notice.
Copyright © 2022 FireEye Security Holdings LLC. All rights reserved.
EX Series Hardware Administration Guide
EX 8600
Trellix Contact Information
Website: www.trellix.com
Technical Support: https://www.trellix.com/en-us/support.html
Phone (US):
1.408.321.6300
1.877.347.3393
Table of Contents
The EX 8600 ........................................................................................... 4
The Front View ................................................................................. 4
The Rear View ................................................................................. 6
Deployment ............................................................................................ 8
Message Transfer Agent Deployment .............................................. 8
Bcc: Deployment .............................................................................. 9
SPAN/ TAP Deployment ................................................................. 10
Installation ........................................................................................... 12
Before You Begin ........................................................................... 12
Installation Site Guidelines ............................................................. 12
Rack Precautions ........................................................................... 13
Server Precautions ........................................................................ 13
Rack-Mounting Precautions ........................................................... 14
Power Requirements ..................................................................... 14
Ventilation Requirements ............................................................... 14
Cabling Requirements ................................................................... 15
Rack Installation ............................................................................. 15
Attaching Cables to the Appliance ................................................. 16
Turning On the Appliance .............................................................. 16
Replacements ...................................................................................... 17
Return Process .............................................................................. 17
Removing and Replacing a Disk Drive .......................................... 17
Removing and Replacing a Power Supply Unit ............................. 17
Removing and Replacing a Cooling Fan ....................................... 17
Appendices .......................................................................................... 19
Appendix 1: System Specifications ................................................ 19
Technical Support ............................................................................... 20
Documentation ............................................................................... 20
EX Series
Page 3 © 2022 FireEye Security Holdings US LLC
The EX 8600
The FireEye EX 8600 protects your network from spear phishing attacks that bypass
traditional anti-spam technologies. It analyzes every attachment using a signature-less, Multi-
Vector Virtual Execution engine that can identify zero-day attacks by detonating attachments
in an environment that mimics operating systems, applications, and browsers in their
exhaustive list of versions, configurations, and plug-ins.
The EX 8600 provides layers of dynamic malware analysis to protect your network from
malicious images, PDFs, and ZIP/RAR/TNEF archives.
The Front View
Button/ LED Name Description Status Indication
1. Power button The main power switch applies or removes
primary power from the power supply to the
server but maintains standby power. Unplug
the appliance before servicing.
2. Reset button Reboots the system.
3. Power LED Steady on Power on
EX Series The EX 8600
Page 4 © 2022 FireEye Security Holdings US LLC
Button/ LED Name Description Status Indication
Blinking at 4 Hz Checking BIOS/BMC integrity
Blinking at 4Hz and "i" LED is blue BIOS firmware updating
Two blinks at 4 Hz, one pause 2 Hz and "i"
LED is blue
BMC firmware updating
Blinking at 1 Hz and "i" LED is red Fault detected
4. LAN 1 LED Indicates network activity on a LAN when
flashing.
5. Power Failure LED Indicates a power supply module has failed.
6. HDD Activity LED Indicates activity on the hard drive when
flashing.
7. LAN 2 LED Indicates network activity on a LAN when
flashing;
8. Information LED Alerts operator to several states:
Red, solid An overheat condition has oc-
curred
Red, blinking at 1 Hz A fan has failed, check for an
inoperative fan
Red, blinking at 0.25 Hz A power supply has failed,
check for a non-operational
power supply
Red, solid, with Power LED blinking green Fault detected
Blue and red, blinking at 10 Hz Recovery mode
Blue, solid UID has been activated local-
ly to locate the server in a
rack environment
Blue, blinking at 1 Hz UID has been activated using
the BMC to locate the server
in a rack environment
Blue, blinking at 2 Hz BMC is resetting
Blue, blinking at 4 Hz BMC is setting factory de-
faults
Blue, blinking at 10 Hz with Power LED
blinking green
BMC/BIOS firmware is updat-
ing
9. Drive Device LED Each drive carrier displays two status LEDs
on the front of the carrier.
10. Drive Device LED Each drive carrier displays two status LEDs
on the front of the carrier.
Drive Carrier LED Indicators
The chassis includes externally accessible SAS/SATA drives. Each drive carrier displays two
status LEDs on the front of the carrier.
• Green: When illuminated, this LED indicates drive activity. It blinks on and off when
the particular drive is being accessed This function is controlled by the backplane.
• Red: When illuminated, this LED indicates a drive failure. You should be notified by
your system management software.
EX Series The EX 8600
Page 5 © 2022 FireEye Security Holdings US LLC
Chassis
1. Disk Drive Carrier: Each carrier can house a hot-swappable disk drive. A drive
slot map displays the disk slot numbers on top of the appliance.
2. Handle Release: Press this tab to release the handle. Use the handle to pull the
disk drive carrier from the chassis.
The Rear View
1) Power Supply 1 8) VGA Connector
2) Power Supply 2 9) pether3 (SFP+) SMTP interface 3 Port
3) Serial Console Port 10) pether4 (SFP+) SMTP interface 4 Port
4) USB 2.0 Port 11) pether5 (SFP+) SMTP interface 5 Port
5) USB 3.2 Port 12) pether6 (SFP+) SMTP interface 6 Port
6) ether1 (RJ45) Management 1 Port 13) IPMI Port
7) pether2 (RJ45) live mode analysis 2 Port
Power
•Power: Connect your power source to this port to provide power to the appliance.
The appliance comes with one redundant power supply unit for use if the primary
unit fails.
EX Series The EX 8600
Page 6 © 2022 FireEye Security Holdings US LLC
I/O Ports
•USB 2.0: These ports are USB 2.0 compliant.
•Serial Console: Connect to this port to manage the appliance from your terminal.
•Video: Connect a monitor to this port to view the appliance's command-line
interface.
•USB 3.2: These ports are USB 3.2 compliant.
Management Ports
•ether1 (RJ45): Connect your LAN to this port to enable remote access to the CLI
and Web UI. The RJ45 connector is a 10/100/1000BASE-T port.
•IPMI: Connect for access to out-of-band management functions, including power
control, console redirection, and appliance health status. The connector is a
10/100/1000BASE-T port.
Live Mode Analysis Ports
•pether2 (RJ45): The RJ45 connector is 10/100/1000BASE-T port.
SMTP Interface Ports
•pether3 through pether6 (SFP+): The SFP+ ports support 1G or 10Gbps data rate.
pether (SFP+): The SFP+ connectors accept the following modules:
• 1000BASE-SX/10GBASE-SR (LC MMF)
• 1000BASE-LX/10GBASE-LR (LC SMF)
• 1000BASE-T (RJ45)
• 10GBASE-CU (5m direct attach cable)
EX Series The EX 8600
Page 7 © 2022 FireEye Security Holdings US LLC
Deployment
You can deploy the EX 8600 in your network in one of the following ways:
•Message Transfer Agent Deployment Page 8
•Bcc: Deployment Page 8
•SPAN/TAP Deployment Page 8
Message Transfer Agent Deployment
When the EX 8600 is in Message Transfer Agent deployment, it serves as an MTA inline
with the email traffic flow and can be configured to Block Analysis Mode or Monitor Analysis
Mode. In Block Analysis Mode (the default), the EX 8600 will prevent malicious emails from
passing through to the mail server. In Monitor Analysis Mode, all email is passed through to
the mail server and only copies of the email are analyzed.
The diagram below illustrates the MTA deployment of an EX 8600 in a typical network
environment.
NOTE
For information about configuring the EX 8600 for MTA deployment mode,
see the Email Security System Administration Guide for your release.
EX Series Deployment
Page 8 © 2022 FireEye Security Holdings US LLC
Prerequisites
Before connecting the EX 8600 to your network, ensure that your network devices provide
10/100/1000BASE-T Ethernet output.
Cabling
Connect two cables to the EX 8600 appliance’s management ports as follows:
• ether1: Connect one end of an Ethernet cable to the EX appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
• pether3: Connect one end of an Ethernet cable to the EX appliance’s pether3 port,
and connect the other end to your MTA or anti-spam device. This connection allows
the appliance access to the upstream and downstream of traffic.
• (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet
cable to the EX appliance’s pether2 port, and connect the other end to your Internet
facing firewall device.
This connection allows the appliance to retrieve objects referred to by suspicious
URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.
You can monitor more network segments by connecting additional MTA or anti-spam devices
to pether3-6.
Bcc: Deployment
When the EX 8600 is in Bcc: mode, it receives a copy of all emails from a Message Transfer
Agent (MTA) or anti-spam device for analysis. If the results of the analysis are positive for
malicious attachments or URLs, a notification is sent to a configured email alias of “admin
CC:” or “Bcc:” members.
The diagram below illustrates the Bcc: deployment of an EX 8600 appliance in a typical
network environment.
IMPORTANT
For information about configuring the EX Appliance for Bcc: mode, see the
EX Series System Administration Guide for your release.
EX Series Deployment
Page 9 © 2022 FireEye Security Holdings US LLC
Prerequisites
Before connecting the EX appliance to your network, ensure that your network devices
provide 10/100/1000BASE-T Ethernet output.
Cabling
• ether1: Connect one end of an Ethernet cable to the EX appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
• pether3: Connect one end of an Ethernet cable to the EX appliance’s pether3 port,
and connect the other end to your MTA or anti-spam device. This connection allows
the appliance access to the upstream and downstream of traffic.
• (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet
cable to the EX appliance’s pether2 port, and connect the other end to your Internet
facing firewall device.
This connection allows the appliance to retrieve objects referred to by suspicious
URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.
You can monitor more network segments by connecting additional MTA or anti-spam devices
to pether3-6.
SPAN/ TAP Deployment
When the EX 8600 appliance is in SPAN/TAP deployment, it is connected to a network switch
capable of mirroring traffic. The EX appliance extracts email from the traffic for analysis.
EX Series Deployment
Page 10 © 2022 FireEye Security Holdings US LLC
Este manual sirve para los siguientes modelos
1
Tabla de contenidos
