Symantec 7161 Implementation Manual

Type
Implementation Manual

This manual is also suitable for

Symantec™ Network Security
7100 Series Implementation
Guide
2
Symantec Network Security 7100 Series
Implementation Guide
The software described in this book is furnished under a license agreement and may be used only in
accordance with the terms of the agreement.
PN: 10268962
Copyright Notice
Copyright © 2004 Symantec Corporation.
All Rights Reserved.
Any technical documentation that is made available by Symantec Corporation is the copyrighted work
of Symantec Corporation and is owned by Symantec Corporation.
NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec
Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the
information contained therein is at the risk of the user. Documentation may include technical or other
inaccuracies or typographical errors. Symantec reserves the right to make changes without prior
notice.
No part of this publication may be copied without the express written permission of Symantec
Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.
Trademarks. Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server,
and Norton AntiVirus are U.S. registered trademarks of Symantec Corporation. Symantec AntiVirus,
Symantec Enterprise Security Architecture, and Symantec Security Response are trademarks of
Symantec Corporation.
Other brands and product names mentioned in this manual may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Windows is a registered trademark, and 95, 98, NT and 2002 are trademarks of Microsoft Corporation.
Pentium is a registered trademark of Intel Corporation. Sun is a registered trademark, and Java, Solaris,
Ultra, Enterprise, and SPARC are trademarks of Sun Microsystems. UNIX is a registered trademark of
UNIX System Laboratories, Inc. Cisco and Catalyst are registered trademarks of Cisco Systems, Inc.
Foundry is a registered trademark of Foundry Networks. Juniper is a registered trademark of Juniper
Networks, Inc. iButton is a trademark of Dallas Semiconductor Corp. Dell is a registered trademark of
Dell Computer Corporation. Check Point and OPSEC are trademarks and FireWall-1 is a registered
trademark of Check Point Software Technologies, Ltd. Tripwire is a registered trademark of Tripwire,
Inc.
Symantec Network Security software contains/includes the following Third Party Software from
external sources:
“bzip2” and associated library “libbzip2,” Copyright © 1996-1998, Julian R Seward. All rights reserved.
(http://sources.redhat.com/bzip2).
“Castor,”ExoLab Group, Copyright 1999-2001 © 199-2001 Intalio, Inc. All rights reserved. (http://
www.exolab.org).
Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
3
Technical support
As part of Symantec Security Response, the Symantec global Technical Support
group maintains support centers throughout the world. The Technical Support
group’s primary role is to respond to specific questions on product feature/
function, installation, and configuration, as well as to author content for our
Web-accessible Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering as well as Symantec Security Response to provide
Alerting Services and Virus Definition Updates for virus outbreaks and security
alerts.
Symantec technical support offerings include:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
Telephone and Web support components that provide rapid response and
up-to-the-minute information
Upgrade insurance that delivers automatic software upgrade protection
Content Updates for virus definitions and security signatures that ensure
the highest level of protection
Global support from Symantec Security Response experts, which is
available 24 hours a day, 7 days a week worldwide in a variety of languages
Advanced features, such as the Symantec Alerting Service and Technical
Account Manager role, offer enhanced response and proactive security
support
Please visit our Web site for current information on Support Programs. The
specific features available may vary based on the level of support purchased and
the specific product that you are using.
Licensing and registration
If the product that you are implementing requires registration and/or a license
key, the fastest and easiest way to register your service is to access the
Symantec licensing and registration site at www.symantec.com/certificate.
Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html,
select the product that you wish to register, and from the Product Home Page,
select the Licensing and Registration link.
Contacting Technical Support
Customers with a current support agreement may contact the Technical
Support group via phone or online at www.symantec.com/techsupp.
Customers with Platinum support agreements may contact Platinum Technical
Support via the Platinum Web site at www-secure.symantec.com/platinum/.
4
When contacting the Technical Support group, please have the following:
Product release level
Hardware information
Available memory, disk space, NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description
Error messages/log files
Troubleshooting performed prior to contacting Symantec
Recent software configuration changes and/or network changes
Customer Service
To contact Enterprise Customer Service online, go to www.symantec.com, select
the appropriate Global Site for your country, then choose Service and Support.
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information on product updates and upgrades
Information on upgrade insurance and maintenance contracts
Information on Symantec Value License Program
Advice on Symantec's technical support options
Nontechnical pre-sales questions
Missing or defective CD-ROMs or manuals
SYMANTEC NETWORK SECURITY APPLIANCE (7100 SERIES)
LICENSE AND WARRANTY AGREEMENT
SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES
(“SYMANTEC”) IS WILLING TO LICENSE THE SOFTWARE
INCLUDED WITH THE APPLIANCE YOU HAVE PURCHASED
TO YOU AS AN INDIVIDUAL, THE COMPANY, OR THE LEGAL
ENTITY THAT WILL BE UTILIZING THE SOFTWARE
(REFERENCED BELOW AS “YOU OR YOUR”) AND TO
PROVIDE WARRANTIES ON THE APPLIANCE ONLY ON THE
CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS
LICENSE AND WARRANTY AGREEMENT. READ THE TERMS
AND CONDITIONS OF THIS LICENSE AND WARRANTY
AGREEMENT CAREFULLY BEFORE USING THE APPLIANCE.
THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN
YOU AND SYMANTEC. BY OPENING THIS PACKAGE,
BREAKING THE SEAL, CLICKING ON THE “AGREE” OR “YES”
BUTTON OR OTHERWISE INDICATING ASSENT
ELECTRONICALLY, REQUESTING A LICENSE KEY OR USING
THE SOFTWARE AND THE APPLIANCE, YOU AGREE TO THE
TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO
NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK ON
THE “I DO NOT AGREE” OR “NO” BUTTON IF APPLICABLE
AND DO NOT USE THE SOFTWARE AND THE APPLIANCE.
1. Software License:
Except for the software, if any, described in the Excluded
Software section at the end of this agreement (the “Excluded
Software”), the software (the “Software”) which accompanies
the appliance You have purchased (the “Appliance”) is the
property of Symantec or its licensors and is protected by
copyright law. Except for the Excluded Software, You agree
and acknowledge that You must purchase a separate license for
each Software functionality which You intend to use in
connection with the Appliance, and activate such Software
functionalities as designated by Symantec, prior to using the
Appliance. While Symantec continues to own the Software,
You will have certain rights to use the Software after Your
acceptance of this license. This license governs any releases,
revisions, or enhancements to the Software that the Licensor
may furnish to You as well as the copy of the Software
provided to You on a CD-ROM or other media in connection
with the Appliance (the “Recovery Software”). Except as may
be modified by a Symantec license certificate, license coupon,
or license key (each a “License Module”) which accompanies,
precedes, or follows this license, and as may be further defined
in the user documentation accompanying the Appliance and/or
the Software, Your rights and obligations with respect to the
use of this Software are as follows:
You may:
A. use the Software solely as part of the Appliance for no more
than the number of users as have been licensed to You by
Symantec under a License Module;
B. use the Recovery Software solely to restore the Appliance to
its original factory functionality in the event the Software
preloaded on the Appliance is corrupted or becomes unusable;
C. make copies of the printed documentation which
accompanies the Appliance as necessary to support Your
authorized use of the Appliance; and
D. after written notice to Symantec and in connection with a
transfer of the Appliance, transfer the Software on a
permanent basis to another person or entity, provided that You
retain no copies of the Software, Symantec consents to the
transfer and the transferee agrees in writing to the terms and
conditions of this agreement.
You may not:
A. sublicense, rent or lease any portion of the Software; reverse
engineer, decompile, disassemble, modify, translate, make any
attempt to discover the source code of the Software, or create
derivative works from the Software;
B. use the Recovery Software for any purpose other than to
restore the Appliance to the original factory functionality;
C. use, if You received the Software distributed on an Appliance
containing multiple Symantec products, any Symantec
software on the Appliance for which You have not received a
permission in a License Module; or
D. use the Software in any manner not authorized by this
license.
2. Content Updates:
Certain Symantec software products utilize content that is
updated from time to time (e.g., antivirus products utilize
updated virus definitions; content filtering products utilize
updated URL lists; some firewall products utilize updated
firewall rules; vulnerability assessment products utilize
updated vulnerability data, etc.; collectively, these are referred
to as “Content Updates”). You may obtain Content Updates for
each Software functionality which You have purchased and
activated for use with the Appliance for any period for which
You have (i) purchased a subscription for Content Updates for
such Software functionality; (ii) entered into a support
agreement that includes Content Updates for such Software
functionality; or (iii) otherwise separately acquired the right to
obtain Content Updates for such Software functionality. This
license does not otherwise permit You to obtain and use
Content Updates.
3. Limited Warranty:
Symantec warrants that the media on which the Recovery
Software is distributed will be free from defects for a period of
thirty (30) days from the date of original purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, replace any
defective media returned to Symantec within the warranty
period or refund the money You paid for the Recovery
Software.
Symantec warrants that the Software will perform on the
Appliance in substantial compliance with the written
documentation accompanying the Appliance for a period of
thirty (30) days from the date of original purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, repair or
replace any defective Software returned to Symantec within
the warranty period or refund the money You paid for the
Appliance.
Symantec warrants that the hardware component of the
Appliance (the “Hardware”) shall be free from defects in
material and workmanship under normal use and service and
substantially conform to the written documentation
accompanying the Appliance for a period of three hundred
sixty-five (365) days from the date of original( purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, repair or
replace any defective Hardware returned to Symantec within
the warranty period or refund the money You paid for the
Appliance.
The warranties contained in this agreement will not apply to
any Software or Hardware which:
A. has been altered, supplemented, upgraded or modified in
any way; or
B. has been repaired except by Symantec or its designee.
Additionally, the warranties contained in this agreement do
not apply to repair or replacement caused or necessitated by:
6
(i) events occurring after risk of loss passes to You such as loss or damage during shipment; (ii) acts of God including without
limitation natural acts such as fire, flood, wind earthquake, lightning or similar disaster; (iii) improper use, environment,
installation or electrical supply, improper maintenance, or any other misuse, abuse or mishandling; (iv) governmental actions or
inactions; (v) strikes or work stoppages; (vi) Your failure to follow applicable use or operations instructions or manuals; (vii) Your
failure to implement, or to allow Symantec or its designee to implement, any corrections or modifications to the Appliance made
available to You by Symantec; or (viii) such other events outside Symantec’s reasonable control.
Upon discovery of any failure of the Hardware, or component thereof, to conform to the applicable warranty during the applicable
warranty period, You are required to contact us within ten (10) days after such failure and seek a return material authorization
(“RMA”) number. Symantec will promptly issue the requested RMA as long as we determine that You meet the conditions for
warranty service. The allegedly defective Appliance, or component thereof, shall be returned to Symantec, securely and properly
packaged, freight and insurance prepaid, with the RMA number prominently displayed on the exterior of the shipment packaging
and with the Appliance. Symantec will have no obligation to accept any Appliance which is returned without an RMA number.
Upon completion of repair or if Symantec decides, in accordance with the warranty, to replace a defective Appliance, Symantec will
return such repaired or replacement Appliance to You, freight and insurance prepaid. In the event that Symantec, in its sole
discretion, determines that it is unable to replace or repair the Hardware, Symantec will refund to You the F.O.B. price paid by You
for the defective Appliance. Defective Appliances returned to Symantec will become the property of Symantec.
Symantec does not warrant that the Appliance will meet Your requirements or that operation of the Appliance will be uninterrupted
or that the Appliance will be error-free.
In order to exercise any of the warranty rights contained in this Agreement, You must have available an original sales receipt or bill
of sale demonstrating proof of purchase with Your warranty claim.
THE ABOVE WARRANTIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY
HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE.
4. Disclaimer of Damages:
SOME STATES AND COUNTRIES, INCLUDING MEMBER COUNTRIES OF THE EUROPEAN ECONOMIC AREA, DO NOT ALLOW THE
LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE BELOW LIMITATION OR
EXCLUSION MAY NOT APPLY TO YOU.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH
HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS LICENSORS BE LIABLE TO YOU FOR ANY
SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT
OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
IN NO CASE SHALL SYMANTEC'S OR ITS LICENSORS’ LIABILITY EXCEED THE PURCHASE PRICE FOR THE APPLIANCE. The
disclaimers and limitations set forth above will apply regardless of whether You accept the Software or the Appliance.
5. U.S. Government Restricted Rights:
RESTRICTED RIGHTS LEGEND. All Symantec products and documentation are commercial in nature. The software and software
documentation are “Commercial Items”, as that term is defined in 48 C.F.R. section 2.101, consisting of “Commercial Computer
Software” and “Commercial Computer Software Documentation”, as such terms are defined in 48 C.F.R. section 252.227-7014(a)(5)
and 48 C.F.R. section 252.227-7014(a)(1), and used in 48 C.F.R. section 12.212 and 48 C.F.R. section 227.7202, as applicable.
Consistent with 48 C.F.R. section 12.212, 48 C.F.R. section 252.227-7015, 48 C.F.R. section 227.7202 through 227.7202-4, 48 C.F.R.
section 52.227-14, and other relevant sections of the Code of Federal Regulations, as applicable, Symantec's computer software and
computer software documentation are licensed to United States Government end users with only those rights as granted to all other
end users, according to the terms and conditions contained in this license agreement. Manufacturer is Symantec Corporation,
20330 Stevens Creek Blvd., Cupertino, CA 95014.
6. Export Regulation:
You agree to comply strictly with all applicable export control laws, including the US Export Administration Act and its associated
regulations and acknowledge Your responsibility to obtain licenses as required to export, re-export or import the Appliance. Export
or re-export of the Appliance to Cuba, North Korea, Iran, Iraq, Libya, Syria or Sudan is prohibited.
7. General:
If You are located in North America or Latin America, this Agreement will be governed by the laws of the State of California, United
States of America. Otherwise, this Agreement will be governed by the laws of England. This Agreement and any related License
Module is the entire agreement between You and Symantec relating to the Appliance and: (i) supersedes all prior or
contemporaneous oral or written communications, proposals and representations with respect to its subject matter; and (ii) prevails
over any conflicting or additional terms of any quote, order, acknowledgment or similar communications between the parties. This
Agreement may only be modified by a License Module or by a written document which has been signed by both You and Symantec.
This Agreement shall terminate upon Your breach of any term contained herein and You shall cease use of and destroy all copies of
the Software and shall return the Appliance to Symantec. The disclaimers of warranties and damages and limitations on liability
shall survive termination. Should You have any questions concerning this Agreement, or if You desire to contact Symantec for any
7
reason, please write: (i) Symantec Customer Service, 555 International Way, Springfield, OR 97477, USA, or (ii) Symantec Customer
Service Center, PO BOX 5689, Dublin 15, Ireland.
8. Excluded Software:
The Excluded Software consists of the open source code software known as Linux included with the Appliance. All Excluded
Software is licensed under the GNU General Public License, Version 2, June 1991, a copy of which is included with the user
documentation for the Appliance. The license entitles You to receive a copy of the source code for Linux only upon request at a
nominal charge. If You are interested in obtaining a copy of such source code, please contact Symantec Customer Service at one of
the above addresses for further information.
8
Contents
Chapter 1 Introduction
About the Symantec Network Security 7100 Series ......................................... 9
About the core software ..............................................................................10
About the detection architecture ..............................................................10
About the management system ................................................................. 10
About the 7100 Series models ....................................................................11
About this guide ................................................................................................... 11
About the documentation set ............................................................................ 13
About the Web sites .............................................................................................14
Verifying the materials .......................................................................................14
Chapter 2 Introducing the 7100 Series components
About the 7100 Series components ..................................................................17
About 7100 Series models ..................................................................................17
Model 7120 .................................................................................................... 18
Model 7160 .................................................................................................... 19
Model 7161 .................................................................................................... 20
About core components ...................................................................................... 21
LCD panel ...................................................................................................... 22
LED lights ......................................................................................................24
Serial port .....................................................................................................25
USB ports ...................................................................................................... 25
Compact flash adapter ................................................................................ 25
About additional components ............................................................................ 27
Removable disk drive ..................................................................................27
Dual redundant power supplies ................................................................. 28
Chapter 3 Deploying the 7100 Series
About deploying the 7100 Series ....................................................................... 29
Deployment options ............................................................................................29
Bandwidth licensing options ......................................................................30
Passive mode ................................................................................................30
In-line mode ..................................................................................................31
Blocking and alerting ..........................................................................31
In-line pairs ........................................................................................... 32
2 Contents
Deployment using in-line mode ........................................................ 33
Comparing in-line mode to passive mode ........................................ 33
Interface grouping ....................................................................................... 33
Fail-open ....................................................................................................... 35
About the In-line Bypass unit ............................................................ 35
The 2 In-line Bypass unit .................................................................... 36
The 4 In-line Bypass unit .................................................................... 36
Port groups and the management port on the bypass unit ........... 37
Online and bypass modes ................................................................... 38
Link parameters on bypass unit interfaces ..................................... 38
Front panel LEDs on the bypass unit ................................................ 39
Rear panel LEDs on the bypass unit ................................................. 40
Clustering ...................................................................................................... 41
External IDS products ................................................................................. 42
Network Security console accessibility ............................................................ 42
SESA server accessibility .................................................................................... 42
Symantec LiveUpdate accessibility .................................................................. 43
Chapter 4 Installing the 7100 Series
About installing the 7100 Series ....................................................................... 45
Rack mounting ..................................................................................................... 46
Mounting the appliance to a two-post rack ............................................. 46
Mounting the appliance to a four-post rack ............................................ 47
Cabling ................................................................................................................... 49
Cabling for model 7120 ............................................................................... 49
Connecting the management, reset, and serial ports .................... 50
Cabling for passive mode monitoring ............................................... 50
Cabling for in-line mode monitoring ................................................ 50
Cabling a bypass unit for fail-open ................................................... 51
Powering the 7120 on or off ............................................................... 54
Cabling for model 7160 ............................................................................... 54
Connecting the management, reset, and serial ports .................... 55
Cabling for passive mode monitoring ............................................... 56
Cabling for in-line mode monitoring ................................................ 56
Cabling a bypass unit for fail-open ................................................... 57
Powering the 7160 on or off ............................................................... 62
Cabling for model 7161 ............................................................................... 62
Connecting the management, reset, and serial ports .................... 63
Cabling for passive mode monitoring ............................................... 64
Cabling for in-line mode monitoring ................................................ 64
Powering the 7161 on or off ............................................................... 66
Chapter 5 Initializing Symantec Network Security
3Contents
About initializing Symantec Network Security .............................................. 67
LCD panel initial configuration ......................................................................... 68
Using the LCD panel to configure a master node ...................................69
Using the LCD panel to configure a slave node .......................................72
Serial console initial configuration .................................................................. 76
Starting a serial console ............................................................................. 77
Configuring a master node using the serial console .............................. 77
Configuring a slave node using the serial console ..................................80
Compact flash initial configuration .................................................................. 83
Default login accounts ........................................................................................84
Chapter 6 Starting the Network Security console
About the Network Security console ................................................................ 85
Network Security console requirements ..........................................................85
Console requirements on Windows ..........................................................86
Console requirements on Linux .................................................................86
Installing the console ..........................................................................................86
Installing the Java Runtime Environment ...............................................87
Installing the console on Windows ........................................................... 87
Installing the console on Linux .................................................................88
Launching the console ........................................................................................88
Using the correct administration IP address ..........................................89
Launching the console on Windows ......................................................... 89
Launching the console on Linux ................................................................ 89
Chapter 7 Licensing
About licensing .................................................................................................... 91
Bandwidth licensing options ..............................................................92
Installing licenses ................................................................................................ 92
Requesting a license file ............................................................................. 94
Determining the serial numbers ....................................................... 94
Determining the Symantec System ID ............................................. 94
Requesting the license file .................................................................. 95
Installing a license file ................................................................................ 96
Installing a license file on a master node .........................................96
Installing a license file on a slave node ............................................ 96
Checking the license status ................................................................................ 97
Adding to licenses ................................................................................................98
Understanding excessive traffic ................................................................ 98
Requesting an additive license .................................................................. 98
Installing the additive license file ............................................................. 99
Calling for help ..................................................................................................... 99
4 Contents
Chapter 8 Configuring nodes and interfaces
About configuring nodes and interfaces ........................................................101
Configuring appliance nodes ...........................................................................102
About appliance node fields .....................................................................102
Node Options tab fields .....................................................................103
Advanced Network Options tab fields ............................................104
Adding or editing an appliance node ......................................................105
Configuring appliance interfaces ....................................................................106
Configuring monitoring interfaces .........................................................107
About monitoring interface fields ...................................................107
Editing a monitoring interface ........................................................108
Configuring an in-line pair .......................................................................109
About in-line pair fields ....................................................................109
Adding or editing an in-line pair .....................................................111
Configuring an interface group ...............................................................112
About interface group fields ............................................................112
Adding or editing an interface group .............................................113
Chapter 9 Configuring detection and response
About detection and response .........................................................................115
Starting a sensor on an appliance interface ..................................................115
About protection policies .........................................................................116
Creating and applying protection policies .....................................................116
Viewing a protection policy .....................................................................117
Setting policies to interfaces ...................................................................118
Unapplying or removing policies from interfaces ...............................118
Enabling/disabling blocking on in-line pairs ........................................119
Adding a new protection policy ...............................................................119
Cloning existing protection policies .......................................................119
Modifying custom protection policies ....................................................120
Using Search Events ..................................................................................120
Setting logging or blocking on events in a policy .................................121
Deleting custom protection policies .......................................................123
About response rules .........................................................................................124
Adding response rules ..............................................................................124
Deleting response rules ............................................................................126
Chapter 10 Monitoring and reporting events and status
About monitoring and reporting events and status .....................................127
Viewing events and incidents ..........................................................................128
Viewing incident data ...............................................................................128
Viewing incident details ...........................................................................128
5Contents
Viewing event details ................................................................................129
Managing incident data ............................................................................129
Generating reports ............................................................................................129
Monitoring appliance status ............................................................................130
Viewing status on the LEDs ......................................................................130
Viewing status on the LCD screen ...........................................................131
Viewing status on the Network Security console .................................132
Node status parameters ....................................................................132
Interface status parameters .............................................................133
In-line pair status parameters .........................................................134
Interface group status parameters .................................................136
Chapter 11 Maintaining and administering the 7100 Series
About maintaining and administering the appliance ..................................137
Managing log files and backups ......................................................................138
Rotating log files with SCP .......................................................................138
Generating SSH keys .........................................................................138
Using SCP to rotate log files .............................................................139
Backing up and restoring ..........................................................................140
Backing up a configuration ..............................................................141
Restoring a configuration .................................................................141
About the compact flash ...........................................................................142
Making a non-bootable compact flash card ...........................................143
Making a non-bootable CF card on Windows ................................143
Making a non-bootable CF card on Linux ......................................143
Using the compact flash for backup and restore ..................................144
Using the compact flash for backup ...............................................145
Using the compact flash for restore ...............................................145
Saving initial configuration .....................................................................146
Saving initial configuration to compact flash ...............................146
Viewing a configuration file .....................................................................147
Using the compact flash during re-imaging and upgrading ...............148
Restarting, rebooting, and powering off ........................................................148
Stopping, starting, and restarting Symantec Network Security ........148
Stopping Network Security from the LCD .....................................149
Stopping Network Security from the serial console ....................149
Starting Network Security from the LCD .......................................150
Starting Network Security from the serial console ......................150
Restarting Network Security from the Network Security console 150
Restarting Network Security from the serial console ..................151
Rebooting the appliance ...........................................................................151
Rebooting the appliance from the Network Security console ....151
Rebooting the appliance from the LCD ..........................................151
6 Contents
Rebooting the appliance from the serial console .........................152
Powering off the appliance ......................................................................152
Powering off the appliance from the LCD ......................................152
Powering off the appliance from the serial console .....................153
Using the LCD run menu ..................................................................................154
Running commands on the LCD run menu ............................................155
Unlocking the LCD panel ..........................................................................155
Enabling or disabling LCD locking ..........................................................156
Changing the IP address ...........................................................................156
Using the serial console ....................................................................................158
About serial console commands ..............................................................158
Changing passwords ..................................................................................160
Changing the root password ............................................................160
Changing the secadm password ......................................................161
Installing the SESA bridge .......................................................................161
Preparing to use SESA ......................................................................161
Running install-bridge ......................................................................163
Uninstalling the SESA bridge ..................................................................164
Starting the SESA agent manually ..........................................................165
Stopping the SESA agent manually ........................................................165
Chapter 12 Re-imaging and unconfiguring
About re-imaging and unconfiguring .............................................................167
Unconfiguring Symantec Network Security .................................................168
Running Unconfigure in the Network Security console ......................168
Running Unconfig SNS on the LCD ........................................................169
Running unconfigure on the serial console ...........................................170
Preparing for re-imaging ..................................................................................170
Saving your configuration ........................................................................170
Creating a bootable compact flash ..........................................................171
Creating a bootable compact flash via the serial console ............171
Creating a bootable compact flash using the Imaging Server ....172
Setting up an Imaging Server ..........................................................................173
Setting up an automatic Imaging Server ...............................................173
Setting up a standard Imaging Server ....................................................174
Installing the Recovery Software CD onto the Imaging Server ..175
Connecting the Imaging Server to the appliance .................................176
Connecting the Imaging Server to a 7120 ......................................177
Connecting the Imaging Server to a 7160 ......................................177
Connecting the Imaging Server to a 7161 ......................................178
Re-imaging the appliance .................................................................................178
Upgrading the console application .................................................................181
About migration .................................................................................................181
7Contents
Appendix A Troubleshooting
About troubleshooting ......................................................................................183
Accessing troubleshooting information ........................................................183
Appendix B Specifications and safety
Product Specifications ......................................................................................185
Safety guidelines ................................................................................................186
Product certifications .......................................................................................188
Appendix C Service Manual
About the removable hard drive ......................................................................191
Removing the hard drive ..................................................................................192
Index
8 Contents
Chapter
1
Introduction
This chapter includes the following topics:
About the Symantec Network Security 7100 Series
About this guide
About the documentation set
About the Web sites
Verifying the materials
About the Symantec Network Security 7100 Series
Symantec Network Security 7100 Series appliances provide real-time network
intrusion prevention and detection to protect critical enterprise assets from the
threat of known, unknown (zero-day), and denial of service (DoS) attacks.
Designed to monitor multiple network segments at multi-gigabit speeds, the
7100 Series combines superior detection and prevention capabilities with
flexible deployment options and ease of installation.
Network Security 7100 Series are highly scalable, purpose built appliances that
meet a range of needs for aggregate network bandwidth from 50 Mbps to 2 Gbps
across as many as eight network segments. They provide zero-day protection
against the latest threats and automated real-time blocking of malicious
activity. With intrusion prevention and detection built into a single network
security appliance, users can easily switch between deployment modes based on
their security policy.
Network Security 7100 Series appliances reduce the total cost of implementing a
complete network security solution through:
Simplified and rapid deployment
Centralized management
10 Introduction
About the Symantec Network Security 7100 Series
Cohesive, streamlined security content, service, and support
About the core software
The 7100 Series appliances run Symantec Network Security 4.0 software, which
provides detection, analysis, management, storage, and response functionality.
The standard software and the appliance version utilize the core functionality in
the same way, and most procedures apply to both. In addition to the full
software functionality at its core, the appliance provides unique features, such
as in-line mode and interface grouping.
About the detection architecture
The 7100 Series appliances employ the new and innovative network threat
mitigation architecture that combines anomaly, signature, statistical, and
vulnerability detection techniques into an Intrusion Mitigation Unified Network
Engine (IMUNE). IMUNE proactively prevents and provides immunity against
malicious attacks, including:
Denial of service attempts
Intrusions and malicious code
Network infrastructure attacks
Application exploits
Scans and reconnaissance activities
Backdoors
Buffer overflow attempts
Blended threats like MS Blaster and SQL Slammer
About the management system
Symantec Network Security 7100 Series appliances are centrally managed via
the Symantec Network Security 4.0 Management Console, a powerful and
scalable security management system. The management console supports large,
distributed enterprise deployments and provides:
Comprehensive configuration
Policy management
Real-time threat analysis
Enterprise reporting
Flexible visualization
11Introduction
About this guide
The Network Security Management System automates the process of delivering
security and product updates to the 7100 Series appliances using Symantec Live
Update to provide real-time protection against the latest threats.
In addition, the Network Security Management System can be used to expand
the intrusion protection umbrella using the Symantec Network Security Smart
Agents to provide enterprise-wide, multi-source intrusion management by
aggregating, correlating, and responding to events from multiple Symantec and
third-party host and network security products.
About the 7100 Series models
The Symantec Network Security 7100 Series is available in three models that
provide both intrusion prevention and intrusion detection in a single appliance:
The 7120:
Monitors up to four 10/100 Base-T network segments
Provides a maximum bandwidth license of 200 Mbps
The 7160:
Monitors up to eight 10/100/1000 Base-T network segments
Provides a maximum bandwidth license of 2 Gbps
Provides in-line mode maximum bandwidth of 1 Gbps
The 7161:
Monitors up to four 1000 Base-SX fiber optic network segments
Monitors up to four 10/100/1000 Base-T network segments
Provides a maximum bandwidth license of 2 Gbps
Provides in-line mode maximum bandwidth of 1 Gbps
About this guide
This manual is intended for system managers or administrators responsible for
administering the Symantec Network Security 7100 Series, and is organized as
follows:
Table 1-1 Implementation Guide structure
Chapter Title Content
Chapter 2 Introducing the 7100 Series
components
Describes the externally visible hardware
components in each model of the
Symantec Network Security 7100 Series.
12 Introduction
About this guide
Chapter 3 Deploying the 7100 Series Discusses what to consider when deciding
how best to deploy the 7100 Series.
Chapter 4 Installing the 7100 Series Describes how to physically install the
appliance, including rack-mounting,
cabling, and connecting to an In-line
Bypass unit for fail-open.
Chapter 5 Initializing Symantec Network
Security
Describes the initial configuration
procedures using LCD, serial console, and
compact flash.
Chapter 6 Starting the Network Security
console
Describes how to install and launch the
Symantec Network Security console.
Chapter 7 Licensing Describes licensing options and how to
install a license, check license status, and
renew or add bandwidth to a license.
Chapter 8 Configuring nodes and
interfaces
Describes how to add and edit 7100 Series
nodes and interfaces, including in-line
pairs and interface groups.
Chapter 9 Configuring detection and
response
Describes how to start sensors by
configuring and applying protection
policies. Also describes how to add and
edit response rules.
Chapter 10 Monitoring and reporting
events and status
Describes how to view incidents and
events, and how to generate reports.
Describes several methods of monitoring
status.
Chapter 11 Maintaining and administering
the 7100 Series
Describes maintenance and
administration tasks, including backup
and restore, restarting software and
hardware, using the LCD run menu, and
using the serial console. Includes a
section on setting up SESA.
Chapter 12 Re-imaging and unconfiguring Describes how to unconfigure Symantec
Network Security and how to re-image the
appliance. Discusses upgrading the
Network Security console. Discusses
migration from an existing Symantec
supported IDS platform to the Symantec
Network Security 7100 Series.
Table 1-1 Implementation Guide structure
Chapter Title Content
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214

Symantec 7161 Implementation Manual

Type
Implementation Manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI