Product guide

ManualsBrandsMcAfee ManualsOtherM4050 - Network Security Platform

M-3050/M-4050 Sensor Product Guide

Revision B

McAfee

Network Security Platform

Summary of content (42 pages)

PAGE 1
M-3050/M-4050 Sensor Product Guide Revision B McAfee® Network Security Platform
PAGE 2
COPYRIGHT Copyright © 2014 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries.
PAGE 3
Contents 1 Preface 5 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 5 6 6 Overview 7 About Network Security Sensors . . . . . . . . . . . .
PAGE 4
Contents About the fail-open port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cable the Management port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About connecting cables to the Monitoring ports . . . . . . . . . . . . . . . . . . . . . How to use peer ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default Monitoring port speed settings . . . . . . . . . . . . . . . . . . . . . . Cable types for routers, switches, hubs, and PCs . . . . . . . . . . . . . . .
PAGE 5
Preface This guide provides the information you need to configure, use, and maintain your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience.
PAGE 6
Preface Find product documentation Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. What's in this guide This guide contains information necessary to setup your M-3050/M-4050 Sensor model. This information includes guiding you through preconfiguring, cabling, and troubleshooting your Sensor.
PAGE 7
1 Overview This chapter provides an overview of McAfee® Network Security Sensors in general and the M-3050/ M-4050 Sensor model in particular.
PAGE 8
1 Overview Functions of a Sensor Functions of a Sensor The primary function of a McAfee® Network Security Sensor (Sensor) is to analyze traffic on selected network segments and to respond when an attack is detected. The Sensor examines the header and data portion of every network packet, looking for patterns and behavior in the network traffic that indicate malicious activity.
PAGE 9
Overview M-3050/M-4050 key features 1 Following is an example of a network topology using Gigabit Ethernet throughput. In the illustration, McAfee® Network Security Platform (formerly McAfee® IntruShield®) provides IPS protection to outsourced servers. High port-density and virtualization provides a highly scalable solution, while Network Security Platform protects against Web and eCommerce mail server exploits.
PAGE 10
1 Overview M-3050/M-4050 physical description M-3050 M-4050 Dual power supply Dual power supply 3 Fan units (that are field replaceable) 3 Fan units (that are field replaceable) It has 2 XLRs (A/B) host entries It has 3 XLRs (A/B/C) host entries Power slots for fail-open kit Power slots for fail-open kit M-3050/M-4050 physical description The high-port density M-3050/M-4050, is designed for high bandwidth links, and is equipped to support two 10 Gigabit full-duplex Ethernet segments or four 10 G
PAGE 11
1 Overview M-3050/M-4050 physical description Item Description 10 10/100/1000 Management port 11 Back panel LEDs (3) 1 Power Supply A. Power supply A is included with each Sensor. The supply uses a standard IEC port (IEC320-C13). McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire). International customers must procure a country-appropriate power cable. 2 Power Supply B (optional, purchased separately). Power supply B is a hot-swappable, redundant power supply.
PAGE 12
1 Overview M-3050/M-4050 physical description LED Status Description Pwr A (Power A) OK Green Power Supply A is functioning. Amber Power Supply A is not functioning. ~AC Green Power Supply in AC mode. Green Power Supply B is functioning. Pwr B (Power B) OK Amber Power Supply B is not functioning. Green ~AC Power Supply in AC mode. If a power supply is not present, both green and amber LEDs are off. Management Port Speed Green The port speed is 1000 Mbps. Amber The port speed is 100 Mbps.
PAGE 13
Overview M-3050/M-4050 physical description 1 The three back panel LEDs provide information regarding the Sensor fans. LED Status Description Fan LED OFF The fan is functioning properly. Amber The fan has malfunctioned.
PAGE 14
1 Overview M-3050/M-4050 physical description 14 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 15
2 Before you install This chapter describes the best practices for deployment of Sensors in your network. Topics include the safety considerations for handling the Sensor, usage restrictions that apply to the Sensor model, and the contents that are shipped along with the Sensor.
PAGE 16
2 Before you install About fiber-optic ports Warnings: • Read the installation instructions before you connect the system to its power source. • To remove all power from the Sensor, unplug all power cords, including the redundant power cord. • Only trained and qualified personnel should be allowed to install, replace, or service this equipment. • Before working on the equipment that is connected to power lines, remove all jewelry including rings, necklaces, and watches.
PAGE 17
Before you install Contents of the box 2 Contents of the box The following accessories are shipped in the Sensor box: • One Sensor. • One power supply. • Two CD-ROMs containing the Sensor software and on-line documentation. • Power cords. McAfee provides a standard and international power cables. • One set of rack mounting rails. • One set of rack mounting ears. • One printed Slide Rail Assembly Procedure. • One printed Quick Start Guide. • Release Notes.
PAGE 18
2 Before you install Unpack the Sensor 18 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 19
3 Setting up the Sensor This chapter describes how to set up the Sensor for you to configure it. Contents Setup overview How to position the Sensor Redundant power supply Cable the Sensor Small form-factor pluggable modules Power on the Sensor Power off the Sensor Setup overview Setting up a Sensor involves the following steps: 1 Positioning the Sensor. 2 Installing interface modules (SFP and XFP). 3 Attaching power, network, and monitoring cables. 4 Powering on the Sensor.
PAGE 20
3 Setting up the Sensor How to position the Sensor Install the rails and ears on the chassis and rack Before you begin Before you install the rails and ears on the chassis, make sure that the power is off. Remove the power cable and all network interface cables from the Sensor. Each rack-mounting rail and ear has holes that match up with holes in the chassis. You will need a screwdriver to secure the slotted panhead screws.
PAGE 21
Setting up the Sensor Redundant power supply 3 Because of the weight of the appliance, McAfee recommends that two people remove the chassis from the rail cabinet. When removing the chassis from the rack, pull the chassis forward until you hear the innermost rails snap in place. On each side of the rails, press in the release button as pictured below and continue pulling the chassis.
PAGE 22
3 Setting up the Sensor Cable the Sensor 3 Place the power supply in the slot with the cable outlet facing front and on the left side of the faceplate. Figure 3-3 Installing the power supply 4 Slide in the power supply until it makes contact with the backplane, then push firmly to mate the connectors solidly with the backplane. For true redundant operation with the optional redundant power supply, McAfee recommends that you plug each supply into a different power circuit.
PAGE 23
Setting up the Sensor Small form-factor pluggable modules 3 Small form-factor pluggable modules The Sensor uses two types of small form-factor pluggable modules as shown in the following table: Type Performance SFP 10/100/1000 Mbps (copper) 1 Gbps (fiber optic) XFP 10 Gbps (fiber optic) Each module is a hot-swappable input/output device that plugs into an LC-type Gigabit Ethernet port, linking the module port with a copper or fiber-optic network.
PAGE 24
3 Setting up the Sensor Small form-factor pluggable modules XFP modules The supported XFP module is a robust small form-factor pluggable, operating at 850nm, for up to 10 gigabits per second on SONET/SDH, Fibre Channel, Gigabit Ethernet and other applications. This module operates in single mode and multimode. Additionally, this module transmits on a 850-nanometer wavelength on Short Reach (SR), and 1310-nanometer wavelength on long reach (LR).
PAGE 25
Setting up the Sensor Power on the Sensor 3 Remove a module Perform these tasks if you need to remove an SFP or XFP module. Task 1 Disconnect the network fiber-optic cable from the module. 2 Release the module from the slot by pulling the bail clasp out of its locked position. 3 Slide the module out of the slot. 4 Insert the module plug into the module optical bore for protection.
PAGE 26
3 Setting up the Sensor Power off the Sensor 26 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 27
4 Attaching Cables to the Sensor Follow the steps outlined in this chapter to connect the cables to the various ports of your Sensor.
PAGE 28
4 Attaching Cables to the Sensor Cable the Auxiliary port 2 Connect the other end of the Console cable directly to a COM port of the PC or terminal server you will use to configure the Sensor, for example, a PC running the correctly configured Windows HyperTerminal software. You must connect directly to the console for initial configuration. Required settings for HyperTerminal are: 3 Name Setting Baud rate 38400 Number of bits 8 Parity None Stop bits 1 Flow Control None Power on the Sensor.
PAGE 29
4 Attaching Cables to the Sensor About the fail-open port About the fail-open port Fail-open functionality for the GE Monitoring ports is accomplished using the standard Gigabit Fail-open Bypass Kit, which is sold separately. Both copper and optical versions are available. Fail-open functionality for the 10 Gigabit Monitoring ports is accomplished using the standard 10 Gigabit (Optical) Fail-open Bypass Kit, which is also sold separately.
PAGE 30
4 Attaching Cables to the Sensor Connect the cables for in-line mode Port Pairs (and Transceiver Type) 5A and 5B (SFP) 6A and 6B (SFP) You cannot configure, for example, IA and 2A to work together as a pair. Figure 4-1 Using peer ports Default Monitoring port speed settings Make sure that the settings on the network devices match the settings on the Sensor Monitoring ports to which they are connected.
PAGE 31
Attaching Cables to the Sensor Connect the cables for tap mode 4 Task 1 Plug the cable appropriate for use with your Gigabit Ethernet into one of the Monitoring ports, for example 1A. 2 Plug another cable into the peer of the port used in Step 1. 3 Connect the other end of each cable to the network devices that you want to monitor. For example, if you plan to monitor traffic between a switch and a router, connect the cable connected to 1A to the switch and the one connected to 1B to the router.
PAGE 32
4 Attaching Cables to the Sensor How does the fail-open function work Task 1 Plug the cable appropriate for use with your XFP module into port 2A of the active Sensor. 2 Connect the other end of the cable to port 2A of the standby Sensor. Figure 4-2 Sensors connected for failover How does the fail-open function work The standard Gigabit Fail-Open Kit and the 10 Gigabit Fail-Open Kit minimize the potential risks of in-line Sensor failure on critical network links.
PAGE 33
Attaching Cables to the Sensor How does the fail-open function work 4 continues to flow through the network link but is no longer routed through the Sensor. Once the Sensor resumes normal operation, the switch returns to the "on" state, once again enabling in-line monitoring. Sensor outage breaks the link connecting the devices on either side of the Sensor for a brief moment and requires the renegotiation of the network link between the two peer devices connected to the Sensor.
PAGE 34
4 Attaching Cables to the Sensor How does the fail-open function work 34 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 35
5 Troubleshooting the Sensor This section lists some common installation problems, the possible causes, and the corresponding solutions. Problem Possible Cause Solution LED is off. The control cable has been disconnected. Check the control cable and ensure it is properly connected to both the Sensor and the bypass switch. LED is off. The Sensor is powered off. Restore Sensor power. LED is off. The Sensor port cable is disconnected. Check the Sensor cable connections.
PAGE 36
5 Troubleshooting the Sensor 36 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 37
6 Sensor technical specifications The following table lists the specifications of the Sensor: Sensor Specifics Description Dimensions Without mounting ears/rails/cable management: • width: 16.75 in. (41.91 cm) • height: 3.5 in. (8.89 cm) • depth: 30.00 in. (76.20 cm) Dimensions do not include cables or power cords. Weight 47 lbs (21.31 kg) Voltage Range 100-240VAC Frequency 50/60Hz Vibration, operating Sinusoidal: 3 to 500 Hz @ 0.15 gpk Random: 2.5 to 200 Hz @ 0.
PAGE 38
6 Sensor technical specifications Sensor Specifics Description System Heat Dissipation AC (max): 535W, 1825 BTU/hr DC (max): To Be determined 38 Airflow 200 lfm (1 m/s) Altitude Sealevel to 10,000 ft (3050m) McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 39
A Regulatory, compliance, and safety information The Sensor meets the following standards: Sensor regulatory, safety, and compliance Regulatory: Products with the CE Marking are compliant with the 89/336/EEC and 73/23/EEC directives, which include the safety and EMC standards listed.
PAGE 40
A Regulatory, compliance, and safety information Sensor regulatory, safety, and compliance • Radiated Emissions • Conducted Emissions • EN 61000-3-2: 2000 Harmonic Current Emissions • EN 61000-3-3: 1995 + A1: 2001 Voltage Fluctuation/Flicker CISPR/KN22: • Radiated Emissions • Conducted Emissions 40 McAfee® Network Security Platform M-3050/M-4050 Sensor Product Guide
PAGE 41
Index A about this guide 5 Auxiliary port 28 C Cable types for switches 30 Cabling for In-line mode 30 Cabling for SPAN 15, 31, 32 Cabling for TAP mode 31 Cabling the Console port 27 Cabling the Fail-open port 29, 30 chasis 25 conventions and icons used in this guide 5 D documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 F McAfee ServicePortal, accessing 6 module 24, 25 P peer 29, 31 Pluggable 23 ports 10 power supply 21 R rack 16, 19, 20 Respons
PAGE 42
700-3589B00