Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
31323334353637383940
34
Chapter 5 Defining IPS Engines
Getting Started with Defining IPS Engines
The IPS engine elements are a tool for configuring nearly all aspects of your physical IPS
components.
An important part of the IPS engine elements are the interface definitions. There are two main
categories of IPS engine interfaces:
Interfaces for system communications. These are used when the IPS engine is the source or
the final destination of the communications (for example, in system communications between
the IPS engine and the Management Server). You must define at least one interface that is
dedicated to system communications for each IPS engine element.
Interfaces for inspecting traffic. You must define one or more traffic inspection interfaces for
each IPS engine element.
The interfaces have their own numbering in the SMC called Interface ID. The numbering is
independent of the operating system interface numbering on the engines. However, if you do the
engine’s initial configuring using the automatic USB memory stick configuration method, the
Interface IDs in the SMC are mapped to match the Physical Interface numbering in the operating
system (eth0 is mapped to Interface ID 0 and so on). If you do the initial configuration manually,
you can freely choose how the Interface IDs in the SMC are mapped to the Physical Interfaces.
Creating Engine Elements
This section covers the basic configuration of IPS engine elements. For complete instructions on
configuring IPS engine properties, see the Management Client Online Help or the McAfee SMC
Administrator’s Guide.
To create an engine element
1. Select ConfigurationConfigurationSecurity Engine. The Security Engine Configuration
view opens.
2. Right-click Security Engines and select one of the following:
NewIPSIPS Cluster
NewIPSSingle IPS
3. Enter a unique Name.
4. Select the Log Server that stores the log events that the IPS engine creates. If no Log
Server is selected, the engine does not make any traffic recordings.
5. (Optional) Define one or more DNS IP Addresses for the IPS engine. These are the IP
addresses of the DNS server(s) that the IPS engine uses to resolve domain names and web
filtering categorization services (which are defined as URLs).
To enter a single IP address manually, click Add and select IP Address. Enter the IP
address in the dialog that opens.
To define an IP address by using a Network element, click Add and select Network
Element. Select a predefined Alias element that represents the IP address of the DNS for
a dynamic network interface, a Host element, or an External DNS Server element from
the dialog that opens, or click the New icon and select Host or External DNS Server to
define a new element.
6. Select the correct Location for this engine if there is a NAT device between SMC
components affecting this IPS engine’s communications.