Installation guide

Example Network Scenario

The main features of McAfee IPS and Layer 2 Firewall include:

• Multiple detection methods: misuse detection uses fingerprints to detect known attacks.

Anomaly detection uses traffic statistics to detect unusual network behavior. Protocol

validation identifies violations of the defined protocol for a particular type of traffic. Event

correlation processes event information to detect a pattern of events that might indicate an

intrusion attempt.

• Response mechanisms: There are several response mechanisms to anomalous traffic. These

include different alerting channels, traffic recording, TCP connection termination, traffic

blacklisting, and traffic blocking with Inline Interfaces.

The IPS engines, Layer 2 Firewalls, Master Engines, Virtual IPS engines, and Virtual Layer 2

Firewalls are managed centrally through the SMC. You must have an SMC configured before you

can proceed with installing the engines. The SMC installation is covered in a separate guide.

See the McAfee SMC Reference Guide for more background information on the SMC, and the

McAfee NGFW Reference Guide for IPS and Layer 2 Firewall Roles for more background

information on IPS engines and Layer 2 Firewalls.

Example Network Scenario

To get a better understanding of how McAfee IPS and Layer 2 Firewall fit into a network, you can

consult the Example Network Scenario that shows you one way to deploy the system. See

Example Network Scenario (page 157).

Layer 2 Firewall

(cont.)

Passive Inline

In a passive inline installation, the traffic flows through the Layer

2 Firewall, but the Layer 2 Firewall is configured to only log

connections. A Layer 2 Firewall in Passive Firewall mode can

send blacklisting requests to other Layer 2 Firewalls, IPS

engines, or Firewalls, but it cannot enforce blacklisting requests

from other components.

Table 2.1 Installation Modes for IPS Engines and Layer 2 Firewalls (Continued)

NGFW Role Mode Description