McAfee DTP-1650-MGRA - Network DLP Manager 1650 Appliance Installation guide

Installation Guide

Revision C

McAfee Data Loss Prevention 9.2.1

For use with ePolicy Orchestrator 4.5.0 and 4.6.0 Software

COPYRIGHT

TRADEMARK ATTRIBUTIONS

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,

McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,

McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,

TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and

other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS

FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU

HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR

SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A

FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET

FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF

PURCHASE FOR A FULL REFUND.

2

McAfee Data Loss Prevention 9.2.1 Installation Guide

Contents

Preface 5

About this guide .................................. 5

Audience .................................. 5

Conventions ................................. 5

Find product documentation ..............................6

1 Setting up the hardware 7

Adding devices and servers ..............................7

Check the shipment .................................7

Plan your installation ................................ 8

Rack mount the appliances ..............................8

Connect a management console ............................9

Configure McAfee DLP Manager ............................ 10

Select an integration mode for McAfee DLP Monitor ....................11

SPAN port configuration ............................11

Network tap configuration ...........................13

Complete the setup ................................ 14

2 Installing or upgrading the software on 4400 appliances 15

Download the 4400 archive ............................. 15

Boot options ................................... 16

Set up the next boot option .......................... 17

Install a fresh image on 4400 appliances ........................ 17

Upgrade the products on 4400 appliances ........................18

Apply a hotfix ...................................20

Convert an installation to another McAfee DLP product .................. 20

Restoring the drives ................................ 21

3 Installing or upgrading software on 1650 and 3650 appliances 23

Download the 1650 or 3650 archive .......................... 23

Install a fresh image on 1650 or 3650 appliances .....................24

Upgrade the products on 1650 or 3650 appliances .................... 25

Apply a hotfix ...................................26

4 Configuring McAfee DLP appliances and adding servers 29

Configure McAfee DLP appliances using Setup Wizard ...................29

Configure McAfee DLP appliances after installation .................... 35

Add McAfee DLP products to McAfee DLP Manager .................... 35

Configuring McAfee DLP Prevent ........................... 36

MTA requirements for McAfee DLP Prevent .................... 37

Configure McAfee DLP Prevent ......................... 38

Add LDAP servers to McAfee DLP Manager ....................... 39

Add McAfee Logon Collector to McAfee DLP Manager ................... 41

Add syslog servers to McAfee DLP systems ....................... 42

Resynchronize McAfee DLP systems with an NTP server .................. 42

McAfee Data Loss Prevention 9.2.1 Installation Guide

3

Testing the system ................................. 43

5 Installing McAfee DLP Endpoint 45

Verify system requirements ............................. 46

Configure the server ................................ 47

Install McAfee ePolicy Orchestrator .......................... 48

Installing McAfee DLP WCF service ...........................49

Install the McAfee DLP WCF service ....................... 50

Repository folders ................................. 55

Creating and configuring repository folders .................... 55

User and permission sets .............................. 57

Create and define McAfee DLP administrators ................... 57

Create and define permission sets ........................58

DLP permission set options ...........................58

Install the McAfee Data Loss Prevention Endpoint extension ................ 59

Initialize the McAfee DLP Endpoint Policy console .....................60

Upgrade the license .................................62

Check in the McAfee DLP Endpoint package to ePolicy Orchestrator ..............63

Deploy McAfee DLP Endpoint .............................63

Define a default rule ............................. 63

Deploy McAfee DLP Endpoint with ePolicy Orchestrator 4.6 .............. 64

Verify the installation ............................. 65

Uninstall McAfee DLP Endpoint ............................ 66

6 Integrating McAfee DLP Endpoint into a unified policy system 67

Setting up Unified DLP on ePolicy Orchestrator ..................... 68

Install the network extension ......................... 68

Install the UDLP (host) extension ........................68

Configure McAfee Agent on ePolicy Orchestrator .................. 69

Add an evidence folder on ePolicy Orchestrator ...................69

Connecting McAfee DLP Manager and the ePolicy Orchestrator server ............ 70

Gather ePolicy Orchestrator registration information ................ 70

Add an ePolicy Orchestrator database user .................... 70

Register McAfee DLP Manager on ePolicy Orchestrator server .............71

Register ePolicy Orchestrator on McAfee DLP Manager ................71

Checking the connection ........................... 72

Configuring McAfee DLP Endpoint on McAfee DLP Manager ................. 72

Generate a global policy for McAfee DLP Endpoint ..................73

Maintaining compatibility with installed McAfee clients ............... 73

Add an Agent Override Password ........................ 74

Set the manual tagging option ......................... 74

Installation and configuration complete .........................75

Index 77

Contents

4

McAfee Data Loss Prevention 9.2.1 Installation Guide

Preface

This guide provides the information you need to install your McAfee product.

It contains all of the necessary information for installing McAfee

®

Data Loss Prevention software,

including detailed steps and verification of the installation and configuration process in both the new

hardware platform and legacy appliances. It also includes integration with McAfee

®

ePolicy

Orchestrator

®

and McAfee

®

Data Loss Prevention Endpoint to configure a unified policy installation.

When the process is completed, the user will have a fully functional McAfee DLP hardware and

software implementation that is properly configured.

Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used

in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Security officers — People who determine sensitive and confidential data, and define the

corporate policy that protects the company's intellectual property.

Conventions

This guide uses these typographical conventions and icons.

Book title, term,

emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,

message

Commands and other text that the user types; a code sample; a displayed

message.

Interface text

Words from the product interface like options, menus, buttons, and dialog

boxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an

option.

McAfee Data Loss Prevention 9.2.1 Installation Guide

5

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

product.

Find product documentation

McAfee provides the information you need during each phase of product implementation, from

installation to daily use and troubleshooting. After a product is released, information about the product

is entered into the McAfee online KnowledgeBase.

Task

1

Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2

Under Self Service, access the type of information you need:

To access... Do this...

User documentation

1

Click Product Documentation.

2

Select a product, then select a version.

3

Select a product document.

KnowledgeBase

• Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

Preface

Find product documentation

6

McAfee Data Loss Prevention 9.2.1 Installation Guide

1

Setting up the hardware

This Quick Start serves as a high‑level road map for setting up your McAfee DLP system. McAfee DLP

Manager is shipped pre‑installed; the other products in the suite (McAfee DLP Monitor, McAfee DLP

Discover, and McAfee DLP Prevent) must be installed on‑site.

McAfee DLP Monitor must be set up to capture network traffic, so it requires additional configuration

steps.

Contents

Adding devices and servers

Check the shipment

Plan your installation

Rack mount the appliances

Connect a management console

Configure McAfee DLP Manager

Select an integration mode for McAfee DLP Monitor

Complete the setup

Adding devices and servers

The final setup for McAfee Total Protection for Data Loss Prevention depends on your protection

strategy. After you complete setup of all of the appliances, go to the System tab on McAfee DLP

Manager to add the products to be managed and the servers needed to complete the system.

For example, depending on your objectives, you might add McAfee DLP Discover or McAfee DLP

Prevent, which require additional configuration.

If you add McAfee DLP Endpoint to the network product suite, you must install it on McAfee

®

ePolicy

Orchestrator

®

, and add endpoint, evidence, and directory servers.

Check the shipment

Each product ships with all of the material needed to install it on a network. Check each shipment to

verify that all items on the packing list have been received.

Task

1

Refer to your Accessory Kit Content List to ensure that you received the following items:

• Region‑specific power cords ‑ 2

• CAT5 cables ‑ 3

• Serial cable: RJ‑45 to RS‑232 ‑ Cisco console cable

1

McAfee Data Loss Prevention 9.2.1 Installation Guide

7

• Intel Diagnostic Tool (IDT) USB

• Product notes for IDT (CD media)

• Safety document

• Warranty document

• Recovery media

2

If an item is missing or damaged, contact your supplier.

Plan your installation

Before installing, survey your environment and collect configuration information.

For the McAfee DLP Monitor appliance, you will also need a network tap (unless you are planning a

SPAN port configuration).

Task

1

Collect the following information about the network in which McAfee Total Protection for DLP will be

installed.

• Host name • Secondary DNS server

• IP address • Domain

• Subnet mask • NTP server

• Default gateway • Syslog server

• DNS domain • Email relay server

• Primary DNS server

2

Devise a protection strategy by evaluating the type of information you need to protect. Your

objectives will determine which policies you activate.

3

Determine who will be the primary administrator of the system.

Rack mount the appliances

Each of the McAfee DLP products is shipped on an Intel

®

Server System SR2612UR.

For rack mounting instructions, download the Intel

®

Server System SR2612UR Service Guide from the

Intel download site.

http://download.intel.com/support/motherboards/server/s5520ur/sb/r2612ur_service_guide_14.pdf

For more information, download the Intel

®

Server System SR2612UR Technical Product Specification.

http://download.intel.com/support/motherboards/server/s5520ur/sb/sr2612ur_tps_13.pdf

1

Setting up the hardware

Plan your installation

8

McAfee Data Loss Prevention 9.2.1 Installation Guide

Connect a management console

Connect a laptop to the management port of the McAfee DLP appliance so you can reconfigure it

through a directly connected device. Because McAfee DLP Manager requires additional steps,

reconfigure all other products first.

Before you begin

You will need the list of network parameters you prepared when you planned your

installation.

Figure 1-1 Model 1650 appliance port configuration

1 Ethernet port 0

2 Ethernet port 1 — Management port

3 Ethernet port 2 — Capture port 0

4 Ethernet port 3 — Capture port 1

Figure 1-2 Model 3650 appliance port configuration

1 Ethernet port 0

2 Ethernet port 1 — Management port

3 Ethernet port 2 — Capture port 0

4 Ethernet port 3 — Capture port 1

Figure 1-3 Model 4400 appliance port configuration

1 Ethernet port 0

2 Ethernet port 1 — Management port

3 Ethernet port 3 — Capture port 1 — note reversed configuration

4 Ethernet port 2 — Capture port 0 — note reversed configuration

By default, each appliance is configured with the IP address 192.168.1.2, but a new IP address and

other network parameters are required to integrate it into the network.

Setting up the hardware

Connect a management console

1

McAfee Data Loss Prevention 9.2.1 Installation Guide

9

You must connect a laptop to the management port so you can convey this information to the

appliance. Assign the laptop an IP address that is different, but on the same subnet, so it can access

the management port.

Task

1

Connect a laptop to the management port of the appliance using the supplied Ethernet cable.

2

Change the laptop to an address in the 192.168.1.X/24 IP range — for example, 192.168.1.10.

3

Open a web browser and connect to the DLP appliance.

https://192.168.1.2

The DLP user interface starts.

4

Log on to the McAfee DLP appliance.

The default logon is admin/mcafee.

The End User License Agreement appears.

5

Select the license agreement checkbox and click I Accept.

The Setup Wizard starts.

6

On the Network Configuration page, enter all of the IP addresses, and the host and domain names

needed to integrate the appliance into the network.

If you are configuring a McAfee DLP Manager, skip to the next topic.

7

Advance through the Setup Wizard pages to the Review page.

The interim pages will be completed only on the McAfee DLP Manager appliance.

8

Click Submit, then Exit Wizard.

When this step is complete, the appliance will have a new IP address and will be integrated into the

network. Restarting is not necessary.

If you have configured McAfee DLP Discover or McAfee DLP Prevent appliances, setup is complete. If

you are configuring McAfee DLP Manager, proceed to the next step. If you are configuring McAfee DLP

Monitor, proceed to the following step.

Configure McAfee DLP Manager

When you configure McAfee DLP Manager, you must provide additional information after the network

configuration is completed.

Before you begin

You must have completed the network settings required on the Network Configuration page of

the Setup Wizard.

Task

1

On the Time Configuration page, change the time zone.

2

Select Manual to set NTP to local time.

On this first configuration, you will not yet be able to set the NTP server because the default IP

address (192.168.1.2) will not allow it to be located. The NTP server can be defined only when the

system is restarted and integrated into the network.

1

Setting up the hardware

Configure McAfee DLP Manager

10

McAfee Data Loss Prevention 9.2.1 Installation Guide

3

On the Policy Activation page, select the checkboxes of the policies that will generate incidents that

are relevant to your protection strategy.

If you are in a region that is not listed, you will be able to activate policies that are directly relevant

to your location after the system is installed.

4

On the Administrator Setup page, enter the email address of the primary administrator and change the

password from the default.

5

On the Email and Email Server Setting page, enter the IP address or host name of the email server.

6

On the Review page, verify your settings, click Cancel, or click Previous to change them.

7

When you have confirmed your settings, click Submit, then Exit Wizard.

At this point, the McAfee DLP Manager setup is almost complete. After all other products are

integrated into the network, sync McAfee DLP Manager to the network by completing the final step

in this document.

Select an integration mode for McAfee DLP Monitor

McAfee DLP Monitor must be physically integrated into the network so it can capture traffic. There are

two integration modes: use of a mirror (SPAN) port on a LAN switch, or placement of a network tap

between the network and the appliance.

SPAN port configuration

A SPAN (Switched Port Analyzer) port configuration enables monitoring by transparently copying traffic

from source ports to the destination port to which McAfee DLP Monitor is connected.

If two capture ports are used, two traffic sources (for example, different subnets) must be used.

Certain switch models permit the use of a “remote SPAN”, or “RSPAN” capability, which allows ports

from multiple switches to be mirrored to the port to which McAfee DLP Monitor is connected. If you

want to mirror multiple ports on multiple switches to your DLP appliance, contact the switch vendor for

details on configuring RSPAN.

Figure 1-4 Span port configuration

1 Capture ports

2 WAN router traffic mirrored to McAfee DLP Monitor port

3 LAN

4 LAN switch

5 WAN

Setting up the hardware

Select an integration mode for McAfee DLP Monitor

1

McAfee Data Loss Prevention 9.2.1 Installation Guide

11

This method requires a change on the LAN switch, but no downtime is required because network

traffic is not disrupted.

With this configuration, some packets might be dropped under heavy loads. As a result, the number of

packets seen by McAfee DLP Monitor might not match the number seen by the ports being monitored.

Integrate the appliance using a SPAN port

Task

1

Connect McAfee DLP Monitor to a network switch using a console cable or network connection

(such as Telnet or SSH).

Note the port used to connect the appliance to the LAN switch, and the port used by the WAN

router.

2

Apply the appropriate SPAN port configuration.

3

Using interface show commands on the switch, verify that traffic is being received on the switch

port to which McAfee DLP Monitor is connected.

4

Save the configuration on the switch.

Common configuration

If a SPAN port is configured on a Cisco switch, the WAN router would be connected to

interface "GigabitEthernet1/0/1". The DLP appliance would be connected to interface

"GigabitEthernet1/0/2".

Switch: configure terminal

Switch(config)# interface GigabitEthernet1/0/2

Switch(config‑if)# port monitor GigabitEthernet1/0/1

Switch(config‑if)# end

Switch# show port monitor

Monitor Port Port being monitored

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑

GigabitEthernet1/0/2 GigabitEthernet1/0/1

Switch# write memory

1

Setting up the hardware

Select an integration mode for McAfee DLP Monitor

12

McAfee Data Loss Prevention 9.2.1 Installation Guide

Network tap configuration

A network tap configuration enables monitoring by injecting a tap in between two network devices

(generally the LAN switch and the WAN router) using additional cabling, then connecting the tap to

McAfee DLP Monitor.

The network tap captures traffic through a tap that is attached to the LAN switch and WAN router

through two network ports. Traffic from these ports flows directly to the capture ports on McAfee DLP

Monitor.

In environments where there is a firewall or a series of devices separating the LAN switch from the WAN

router, the network tap should be installed between the LAN switch and the first device.

Figure 1-5 Network tap configuration

1 Capture ports

2 Analyzer ports

3 Network tap

4 LAN

5 LAN switch

6 Router

7 WAN

This method requires physical disconnection and reconnection of network cables, so it disrupts traffic.

A service window is required.

With this configuration, full traffic capture is done even under heavy load conditions.

Network tap types

Network taps are available in copper or fiber media.

Regeneration taps for both types can be used to extend monitoring to multiple ports. When these taps

are used, signals are regenerated before sending a copy of the packets to the monitor port.

Table 1-1 Network tap types

Network tap type Description

Copper and copper

regenerative

These taps use twisted pair copper cabling (preferably CAT6 twisted

pair).

Fiber and fiber regenerative These taps use multimode fiber cabling with an LC connector on one

end (which connects to a capture port on the appliance) and an SC

connector on the other (which connects to a port on the tap).

Setting up the hardware

Select an integration mode for McAfee DLP Monitor

1

McAfee Data Loss Prevention 9.2.1 Installation Guide

13

Integrate the appliance using a network tap

Task

1

Disconnect the cable between your WAN router and your LAN switch.

2

Connect Monitor Port A of the network tap to Capture Port 0 on McAfee DLP Monitor.

3

Connect Monitor Port B of the network tap to Capture Port 1 on McAfee DLP Monitor.

4

Connect Network Port A of the network tap to a router inside the firewall.

5

Connect Network Port B of the network tap to the LAN switch.

Complete the setup

Add the NTP server to sync McAfee DLP Manager to the network.

Task

1

Open a web browser and enter the assigned IP address in the address bar to restart McAfee DLP

Manager.

2

Click the System tab and select the Configure link.

3

Scroll down to the Time section and enter the NTP server.

pool.ntp.org

4

Click Time at Server to verify the current time.

5

Click Update.

Configuration is complete. If you want to integrate the DLP system into McAfee

®

ePolicy Orchestrator

®

4.5 or 4.6, you can do it now.

1

Setting up the hardware

Complete the setup

14

McAfee Data Loss Prevention 9.2.1 Installation Guide

2

Installing or upgrading the software on

4400 appliances

A McAfee DLP installation on the 4400 contains two released images, each of which contains an

operating system (except for the kernal) and DLP software.

Primary and secondary images are initially duplicate installations. When the system is upgraded, the

primary and secondary disks can contain different versions of the same product.

The system automatically boots from the latest installed version.

Contents

Download the 4400 archive

Boot options

Install a fresh image on 4400 appliances

Upgrade the products on 4400 appliances

Apply a hotfix

Convert an installation to another McAfee DLP product

Restoring the drives

Download the 4400 archive

To prepare for installation on the 4400, download the software from the Service Portal.

Before you begin

Locate the grant number you received after purchasing the product.

McAfee DLP Manager is pre‑installed on the model 4400 appliance. Install the other McAfee DLP

products as needed.

Downloadable archives all have legacy names preceded by i, although the product names have

changed. In particular, note that McAfee DLP Monitor is also known as iguard.

Task

1

Open the McAfee support page by typing support.mcafee.com into the address bar of a web

browser.

2

From the Products & Solutions menu, select Product Downloads, or locate and click the link under the

Corporate Support heading.

3

In the Download My Products field, enter your grant number.

4

Scroll down the page, then select the McAfee Network DLP product.

2

McAfee Data Loss Prevention 9.2.1 Installation Guide

15

5

From the product page, select the software version, and confirm acceptance of the license

agreement.

The downloads page appears.

6

In the Software Downloads tab, select and save the appropriate *.tgz file to your Windows‑based

computer.

The software is saved in the Downloads folder.

Boot options

Unlike the legacy DLP appliances, the model 4400 hardware platform runs the McAfee Linux Operating

System (MLOS). It contains a boot loader package that allows users to switch between installations.

McAfee DLP uses Gnu GRUB (GRand Unified Bootloader) to install the primary and secondary images

on the model 4400 appliances.

Figure 2-1 GRand Unified Bootloader

The default Disk Boot option is used only to boot the operating system of the appliance.

During the upgrade process, the configuration data in the /data directory and the kernel/boot loader

information in the boot directory are copied over to the new installation.

Table 2-1 Boot options

Option Definition

McAfee NDLP Disk Boot

Reboots the system from the operating system disk. Does not reinstall

the operating system or the product software.

McAfee NDLP Primary Image

Install

Loads the primary image to the system. Replaces the existing operating

system and product software, but retains the data in the /data and /

boot directories.

McAfee NDLP Secondary Image

Install

Loads the secondary image to the system. Replaces the existing

operating system and product software, but retains the data in the /data

and /boot directories.

2

Installing or upgrading the software on 4400 appliances

Boot options

16

McAfee Data Loss Prevention 9.2.1 Installation Guide

Set up the next boot option

After you install an image, the system automatically assigns the next boot to the image that was

installed. In rare instances, you might want to override that assignment by configuring the next boot

to a different disk.

Using this command has the same effect as changing the boot option using the GRub menu.

Take this step only if you have a specific need that cannot be addressed by the current configuration.

Task

1

Log on to the appliance as root.

2

Go to the installation directory.

# cd /data/install

3

Run the setnextboot script to select one of three boot options: primary, secondary, or boot from

the operating system on the appliance.

# ./setnextboot [reboot_only | pri | sec]

The script sets up the selected option. When the option is set, a message appears stating which

image will boot next.

4

Restart the system.

Install a fresh image on 4400 appliances

To install a fresh image, install on both primary and secondary disks.

Before you begin

Download the product archive and copy it to the appliance.

Task

1

Log on to the appliance as root.

2

Copy the archive to the appliance.

• If you downloaded the archive to a Windows‑based computer, use WinSCP.

• If you are copying the archive from a Linux server, use the SCP command scp ‑rp <package

number> root@<name or ip address>:<directory>

3

Make an installation directory.

# mkdir /data/install

4

From the directory you downloaded the archive to, extract the contents of the archive, using the ‑C

option to expand it into the /data/install directory.

# tar xvzf ndlp_<product>.tgz ‑C /data/install

5

Go to the /data/install directory.

# cd /data/install

Installing or upgrading the software on 4400 appliances

Install a fresh image on 4400 appliances

2

McAfee Data Loss Prevention 9.2.1 Installation Guide

17

6

Run the installation script.

Before you type in the command, run pwd to establish that you are in the correct product directory.

You must be sure that you are running the updated scripts in the upgrade archive that you just

downloaded and extracted.

iGuard was the original name of McAfee DLP Monitor, but the archives have not been renamed.

# ./install_new_full <product> .

The product image installs on the primary and secondary disks.

7

Restart the system.

# reboot

Restarting the system might take 10–15 minutes.

8

Log on to the McAfee DLP device as root, go to the installation directory, and verify the installation

with the command:

# cat /data/stingray/etc/version

If the Release field contains 9.2.1, installation is complete.

Upgrade the products on 4400 appliances

To upgrade a product on the 4400 appliance, you must install the new image on the disk that is not

used by the previous installation. This ensures that the original image can still be accessed after the

upgrade is complete. The system automatically boots from the latest image.

Before you begin

Download the product archive and copy it to the appliance.

Stop all scans and search tasks before upgrading, and wait until they are completely stopped before

upgrading.

If you want to do a backup before upgrading to 9.2.1 on a 4400 appliance that is running McAfee Data

Loss Prevention Manager 9.2.0 or one of the standalone McAfee DLP appliances, you must first apply

Hotfix 754037_45668_01.

Without a backup, the data, settings, and configuration on your 4400 might be lost if there is a system

failure.

The install_to_pri and install_to_sec scripts install the upgrade. After the process runs, the

existing configuration and database are copied to the new image.

If you use the wrong script, you will write over your existing installation.

Task

1

Log on as root to the model 4400 appliance.

2

Installing or upgrading the software on 4400 appliances

Upgrade the products on 4400 appliances

18

McAfee Data Loss Prevention 9.2.1 Installation Guide

2

Copy the archive to the appliance.

• If you downloaded the archive to a Windows‑based computer, use WinSCP.

• If you are copying the archive from a Linux server, use the SCP command scp ‑rp <package

number> root@<name or ip address>:<directory>

3

Make an installation directory.

# mkdir /data/install

4

Find out which version is currently installed.

# cat /data/stingray/etc/version

5

Run the system_info utility to determine whether the system is running the product from the

primary or secondary image, so that you can decide where to install the update.

# /data/stingray/ksh/system_info

Install the update on the disk that is not used. For example, if system_info returns the message

"The system is currently running <product> from the primary image," install the update on the

secondary disk with install_to_sec.

6

From the directory you downloaded the archive to, extract the contents of the archive, using the ‑C

option to expand it into the /data/install directory.

# tar xvzf ndlp_<product>.tgz ‑C /data/install

7

Go to the /data/install directory.

# cd /data/install

8

Run the installation script.

Before you type the command, run pwd to establish that you are in the correct product directory. You

must be sure that you are running the updated scripts in the upgrade archive that you just

downloaded and extracted.

iGuard was the original name of McAfee DLP Monitor, but the archives have not been renamed, and

each product name is preceded by "i" to maintain the original naming convention.

# ./install_to_pri <product> .

or

# ./install_to_sec <product> .

The product image installs on the primary or secondary disk. When the upgrade is complete, a

message appears stating which image will boot next.

9

Restart the system.

# reboot

Restarting the system might take 10–15 minutes.

10

Log on to the McAfee DLP device as root, go to the installation directory, and verify the installation

with the command:

# cat /data/stingray/etc/version

If the Release field contains 9.2.1, installation is complete.

11

Install Hotfix 793756_46026 on all devices.

Installing or upgrading the software on 4400 appliances

Upgrade the products on 4400 appliances

2

McAfee Data Loss Prevention 9.2.1 Installation Guide

19

Apply a hotfix

Apply a hotfix by running a script that installs the hotfix.

Before you begin

Download the product hotfix archive and copy it to the appliance.

Task

1

Log on to the appliance as root.

2

Copy the archive to the appliance.

• If you downloaded the archive to a Windows‑based computer, use WinSCP.

• If you are copying the archive from a Linux server, use the SCP command scp ‑rp <hotfix

_package> root@<name or ip address>:<directory>

3

Make an installation directory.

# mkdir /data/hotfix

4

From the directory you downloaded the archive to, extract the contents of the archive, using the ‑C

option to expand it into the /data/hotfix directory.

# tar xvzf hotfix_xxxxxx_yyyy_zz.tar.gz ‑C /data/hotfix

5

Go to the /data/hotfix directory.

# cd /data/hotfix/xxxxxx

6

(Optional) Open the README file to see the hotfix details.

7

Run the installation script.

# ./install_hotfix

8

Restart the Stingray service.

# service stingray restart

Convert an installation to another McAfee DLP product

The 4400 appliance ships with McAfee DLP Manager, but that installation can be converted to another

Data Loss Prevention product. However, only one product can be installed on the appliance, so the

primary and secondary images must both be installed with that product.

Before you begin

Download the product archive and copy it to the appliance.

Task

1

Log on to the appliance as root.

2

Go to the installation directory.

# cd /data/install

2

Installing or upgrading the software on 4400 appliances

Apply a hotfix

20

McAfee Data Loss Prevention 9.2.1 Installation Guide

Page is loading ...

McAfee DTP-1650-MGRA - Network DLP Manager 1650 Appliance Installation guide

This manual is also suitable for

McAfee DTP-1650-MGRA - Network DLP Manager 1650 Appliance Installation guide

Related papers

Other documents