Installation guide
3
Table of Contents
TABLE OF CONTENTS
INTRODUCTION
CHAPTER 1
Using SMC Documentation. . . . . . . . . . . . . . . . 9
How to Use This Guide . . . . . . . . . . . . . . . . . . 10
Documentation Available . . . . . . . . . . . . . . . . . 11
Product Documentation. . . . . . . . . . . . . . . . . 11
Support Documentation . . . . . . . . . . . . . . . . 12
System Requirements. . . . . . . . . . . . . . . . . . 12
Supported Features . . . . . . . . . . . . . . . . . . . 12
Contact Information . . . . . . . . . . . . . . . . . . . . 12
PREPARING FOR INSTALLATION
CHAPTER 2
Planning the Installation . . . . . . . . . . . . . . . . . 15
Introduction to McAfee IPS and
Layer 2 Firewall . . . . . . . . . . . . . . . . . . . . . . . 16
Example Network Scenario . . . . . . . . . . . . . . . 17
Overview to the Installation Procedure . . . . . . . 18
Important to Know Before Installation . . . . . . . 19
Supported Platforms. . . . . . . . . . . . . . . . . . . 19
Date and Time Settings . . . . . . . . . . . . . . . . 19
Capture Interfaces . . . . . . . . . . . . . . . . . . . . 19
Switch SPAN Ports . . . . . . . . . . . . . . . . . . . 20
Network TAPs. . . . . . . . . . . . . . . . . . . . . . . 20
Cabling Guidelines . . . . . . . . . . . . . . . . . . . . 20
Speed And Duplex . . . . . . . . . . . . . . . . . . . . 21
CHAPTER 3
Installing Licenses . . . . . . . . . . . . . . . . . . . . . . 23
Getting Started with IPS and Layer 2 Firewall
Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configuration Overview . . . . . . . . . . . . . . . . . 25
Generating New Licenses . . . . . . . . . . . . . . . . 25
Installing Licenses . . . . . . . . . . . . . . . . . . . . . 26
CHAPTER 4
Configuring NAT Addresses . . . . . . . . . . . . . . . 27
Getting Started with NAT Addresses. . . . . . . . . 28
Configuration Overview . . . . . . . . . . . . . . . . . 29
Defining Locations . . . . . . . . . . . . . . . . . . . . . 29
Adding SMC Server Contact Addresses . . . . . . 30
CONFIGURING ENGINES
CHAPTER 5
Defining IPS Engines. . . . . . . . . . . . . . . . . . . . 33
Getting Started with Defining IPS Engines . . . . 34
Creating Engine Elements. . . . . . . . . . . . . . . . 34
Defining System Communication Interfaces
for IPS Engines . . . . . . . . . . . . . . . . . . . . . . . 35
Defining Physical Interfaces . . . . . . . . . . . . . 35
Defining VLAN Interfaces . . . . . . . . . . . . . . . 35
Defining IP Addresses . . . . . . . . . . . . . . . . . 36
Setting Interface Options for IPS Engines . . . . . 37
Defining Traffic Inspection Interfaces for IPS
Engines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Defining Logical Interfaces . . . . . . . . . . . . . . 39
Defining Reset Interfaces . . . . . . . . . . . . . . . 40
Defining Capture Interfaces . . . . . . . . . . . . . 40
Defining Inline Interfaces . . . . . . . . . . . . . . . 41
Bypassing Traffic on Overload . . . . . . . . . . . . . 42
Finishing the Engine Configuration. . . . . . . . . . 42
CHAPTER 6
Defining Layer 2 Firewalls . . . . . . . . . . . . . . . . 43
Getting Started with Defining
Layer 2 Firewalls . . . . . . . . . . . . . . . . . . . . . . 44
Creating Engine Elements. . . . . . . . . . . . . . . . 44
Defining System Communication Interfaces for
Layer 2 Firewall Engines . . . . . . . . . . . . . . . . . 45
Defining Physical Interfaces . . . . . . . . . . . . . 45
Defining VLAN Interfaces . . . . . . . . . . . . . . . 45
Defining IP Addresses . . . . . . . . . . . . . . . . . 46
Setting Interface Options for Layer 2 Firewall
Engines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Defining Traffic Inspection Interfaces for Layer 2
Firewall Engines . . . . . . . . . . . . . . . . . . . . . . . 48
Defining Logical Interfaces . . . . . . . . . . . . . . 48
Defining Reset Interfaces . . . . . . . . . . . . . . . 49
Defining Capture Interfaces . . . . . . . . . . . . . 50
Defining Inline Interfaces . . . . . . . . . . . . . . . 51
Finishing the Engine Configuration. . . . . . . . . . 51