McAfee IIP-M80K-ISAA - Network Security Platform M-8000 Quick start guide
- Type
- Quick start guide
IntruShield
®
M-8000 Quick Start Guide
Setting up an M-8000 sensor
This Quick Start Guide explains how to quickly set up and activate
your McAfee IntruShield M-8000 sensor in in-line mode. Cabling the
sensor’s XFP (10 Gigabit Small Form-factor Pluggable) and SFP
(Small Form-factor Pluggable) Gigabit Ethernet Monitoring ports for
in-line mode enables you to configure the sensor to drop attacks
before they reach their target
Note: If you are setting up your sensor in SPAN or Tap mode, see
the sensor’s Product Guide for cabling instructions.
All product documentation referenced in this Quick Start Guide is
found on the McAfee Documentation Service Portal.
The sensor front panel
Figure 1: Sensor Components
Item Description
1 Power supply A (2—included)
2 Power supply B (2—optional; sold separately)
3 RS-232C Control port (2)
4 RS-232C Auxiliary port (2)
5 RJ-11 Fail-Open Control ports (14)
6 SFP Gigabit Ethernet Monitoring ports (16)
7 XFP 10 Gigabit Ethernet Monitoring ports (12)
8 Compact Flash port (2)
9 RJ-45 Response port (1)
10 10/100/1000 Management port (1)
11 Interconnect ports (6)
IntruShield setup overview
STEP 1: Set up your sensor — In step one, you will perform the
following tasks.
Position the sensor — Attach rails and mounting ears; install
interface modules and, optionally, any redundant power
supplies; install the sensor in a rack.
Cable the Management and Console ports — Connect the
sensor to a console you will use for configuration.
Cable the Monitoring ports — Cable the sensor to monitor a
segment of network traffic in-line.
Cable the Interconnect ports— Connect the primary sensor to
the secondary sensor.
STEP 2: Add the sensor to your Manager — In this step, you will
install the Manager software on your Manager server and then
configure the sensor to communicate with the Manager.
STEP 3: Configure the sensor — In this step, you will configure the
sensor to communicate with the Manager.
Configure the sensor — Configure the sensor with network
information, and establish secure communication with the
Manager.
Verify successful installation — Perform some tasks to verify
communication between the sensor and the Manager.
STEP 1: Set up your sensor
Position the sensor
Details on all of the tasks in Step 1 are available in the
IntruShield Sensor
Configuration Guides
and in the IntruShield Sensor Product Guide for your
sensor model. Also see
IntruShield Slide Rail Assembly Procedure.
1. Release the rails and attach inner rails (of a three-in-one set) to
the chassis by fastening it with the screws provided.
Figure 2: Chassis-to-rail attachment
2. Attach L-shape and external rails to the rack frame.
Figure 3: Mounted rails
3. Install the primary sensor into a rack and mount ears. You can
also mid-mount the sensor (optional).
Figure 4: Rack-mount the sensor
Figure 5: Mid-mount the sensor
4. Install the redundant power supply (optional).
Figure 6: Insert power supply
5. Install modules in the sensor's Monitoring ports.
Figure 7: Install the interface module
6. Repeat Steps 1 through 5 for the secondary sensor.
Cable the Management and Console ports
Make sure the sensor is powered OFF before attaching cables.
Figure 8: Sensor setup
1. Plug a Category 5e Ethernet cable in the (Management) Mgmt
port of M-8000 P.
2. Plug the other end of the cable into the network device connected
to your Manager server.
3. Plug the DB9 Console cable supplied in the sensor box into the
Console port (labeled Console on the sensor front panel) of
M-8000 P.
Note: You can use the Console port on the secondary sensor,
M-8000 S, for a flash recovery process or to troubleshoot.
4. Connect the other end of the Console port cable directly to a COM
port of the PC or terminal server you will be using to configure the
sensor (for example, a PC running correctly configured Windows
Hyperterminal software). You must connect directly to the console
for initial configuration; you cannot configure the sensor remotely.
The required settings for Hyperterminal are:
Name Setting
Baud rate 38400
Number of Bits 8
Parity None
Stop Bits 1
Control Flow None
5. Plug the female end of a power cable into the power inlet and plug
the other end into a power source. The sensor ships with standard
US power and international cables.
Note: The M-8000 does not have a power switch; you need only
plug the power cable into a power source.
Cable the Monitoring ports
This procedure describes how to cable a sensor to run in in-line mode.
1. Plug the cable appropriate for use with your XFP or SFP module
into one of the Monitoring ports labeled xA (for example, 1A).
Note: McAfee supports only those SFP/XFP modules purchased
through McAfee or from a McAfee-approved vendor.
Note: Do not use XC ports. These ports are reserved for
interconnection between the primary (M-8000 P) and secondary
(M-8000 S) sensors.
2. Plug another cable into the peer of the port used in Step 1. This
port will be labeled xB (for example, 1B).
3. Connect the other end of each cable to the network devices that
you want to monitor. (For example, if you plan to monitor traffic
between a switch and a router, connect the cable connected to 1A
to the router and the one connected to 1B to the switch.)
Figure 9: Cable sensor for in-line mode
Note: For instructions on how to cable the sensor to run in other
operating modes, see the
IntruShield Sensor Product Guide
for your
sensor model.
Cable the interconnect ports
This procedure describes how to connect the primary sensor to the
secondary sensor.
1. Plug the supplied Ethernet cable into the XC1 port of the primary
sensor.
2. Connect the other end of the Ethernet cable used in Step 1 into
the XC4 port of the secondary sensor.
3. Insert the supplied XFP modules into the XC2, XC3, XC5, and
XC6 ports on the primary and secondary sensors.
Note: McAfee supports only those XFP modules purchased
through McAfee or from a McAfee-approved vendor.
4. Plug one end of an LC-LC fiber-optic cable into the XC2 port of the
primary sensor and connect the other the cable to the XC5 port of
the secondary sensor.
5. Plug one end of an LC-LC fiber-optic cable into the XC3 port of the
primary sensor and connect the other the cable to the XC6 port of
the secondary sensor.
Figure 10: Cable primary sensor to secondary sensor
STEP 2: Add the sensor to your Manager
Install the Manager software
For detailed instructions, refer to the Manager Installation Guide.
Note: You must have Administrator privileges on the target Windows
server to install the Manager software.
A MySQL database is included with the Manager and is installed
(embedded) automatically on your target Windows server during this
process.
1.
Prepare the system according to the requirements outlined in the
Manager Installation Guide and the IntruShield Release Notes.
2.
Close all open applications.
3. Insert the Manager CD into the appropriate drive of the Windows
server you will use as your Manager server. Follow the instructions
in the Installation Wizard as it guides you through the entire
process.
4. Obtain your Manager license via your Support account. Copy the
IntruShieldLicense.jar file to the following location:
installDrive:>installDirectory\IntruShield\config
Note: If you do not have your license file, request one by sending
e-mail to [email protected].
Start the Manager
Click Start > Programs > IntruShield > IntruShield Security Manager.
Add the sensor to the Manager
The Manager starts, displaying the IntruShield Security Manager
(ISM) Login page.
1. Log in. Default Login ID is admin; the default password is
admin123.
Figure 11: Manager login
2. Click
Configure
.
Figure 12: Configure the sensor
3. Click
Manager > Licenses > M-Series
to select and import the
<sensormodel>IntruShieldLicense_<serialnumber>.jar file.
Tip: This screen is where you manage your sensor licenses by
adding and deleting licenses as necessary.
4. Click
Sensors > Manage Sensors
, and then click
Add
.
Figure 13: Add the sensor
5. Type information in the appropriate fields and click
Submit
.
Figure 14: Update the Manager with new sensor
STEP 3: Configure the sensor
Configure sensor information
Configure the sensor with the network information, a name, and the
shared secret key that the sensor uses to establish secure
communication with the Manager. Use the name and key values you
set in Step 2.
Tip: The first time you configure a sensor, you must have physical
access to the sensor.
Note: You configure the M-8000 sensor using the CLI of the primary
sensor (M-8000 P).
At any time during configuration, you can type a question mark (?) to
get help on the sensor command-line interface (CLI) commands. For
a list of all commands, type commands.
1. Log on to the primary sensor using the terminal connected to the
Console port.
2. At the prompt, log on using the default sensor username (admin)
and password (
admin123
).
3. Optional, but recommended. Change the sensor password:
At the prompt, type: passwd
The sensor prompts you to enter the new password and prompts
you for the old password.
Note: A password must contain between 8 and 25 characters, is
case-sensitive, and can consist of any alphanumeric character or
symbol.
4. Set the name of the sensor:
Tip: You can enter the setup command at the prompt and this will
automatically prompt you to provide the information shown in
items 4 through 7 and item 10. Or, you use the set command
instead. If you use the set command, you must manually enter the
complete command syntax as shown in items 4 through 7 and
item 10.
At the prompt, type:
set sensor name <WORD>
Example: set sensor name HR_sensor1
Note: The sensor name is a case-sensitive character string up to
25 characters. The string can include hyphens, underscores, and
periods, and must begin with a letter.
5. If the sensor is not on the same network as the Manager, set the
address of the default gateway:
At the prompt, type: set sensor gateway <A.B.C.D>
Example: set sensor gateway 192.168.3.68
6. Set the IP address of the Manager server:
At the prompt, type: set manager ip <A.B.C.D>
Example: set manager ip 192.168.2.8
7. Set the IP address and subnet mask of the sensor:
At the prompt, type: set sensor ip <A.B.C.D> <E.F.G.H>
Example: set sensor ip 192.168.2.12 255.255.255.0
Note: Specify an IP address using four octets separated by
periods: X.X.X.X, where X is a number between 0 and 255,
followed by a subnet mask in the same format.
8. If prompted, reboot the sensor:
Type: reboot
Note: The sensor can take up to five minutes to complete its
reboot.
9. Ping the Manager from the sensor to determine if your
configuration settings to this point have successfully established
the sensor on the network:
At the prompt, type: ping <manager IP address>
If the ping is successful, continue with the following steps. If not,
type show to verify your configuration settings and check that the
information is correct.
10. Set the shared secret key value for the sensor:
At the prompt, type: set sensor sharedsecretkey.
The sensor then prompts you to enter and, subsequently, confirm
the shared secret key value.
Note:
This value is used to establish a trust relationship between
the sensor and the Manager. The secret key value can be
between 8 and 25 characters of any ASCII text. The shared key
value is case-sensitive. Make sure the value matches the shared
secret key value you provided in the Manager interface.
11. To verify the configuration information, type show. Check that all
information is correct.
12. To exit the session, type exit.
Verify successful installation
A handshake process begins between the sensor and the Manager.
The devices will take a few seconds to establish communication.
Perform the following steps to verify successful communication
between the sensor and the Manager.
1. In the sensor CLI, type: status. The status report appears similar
to this
2. Return to the Manager. In the ISM Home page, view the Manager
status in the
System Health
section. Manager status should be up,
and sensor status should be active.
3. From the
ISM Home page
, click
Configure
to open the
Configuration
page.
4. Select your added sensor:
Sensors > Sensor_Name
. The ports for
this sensor appear under the Sensor_Name node.
Note: “Sensor_Name” indicates the name of the sensor you
added.
Figure 15: Sensor and ports
5. A policy named
Default Inline IPS
is active upon sensor addition. To
view this policy, click Policies > IPS Policy Editor. Select Default Inline
IPS from the list and then click View/Edit.
Note: The
Default Inline IPS
policy contains attacks already
configured with a “blocking” sensor response action; if any attack
in the policy is triggered, the sensor automatically blocks the
attack. To tune this or any other McAfee-provided policies, you
can
clone
the policy and then customize it as described in the
Policies Configuration Guide.
6. Click
Sensor_Name > Configure Ports
.
7. Click the button representing the ports on the sensor that you
cabled in STEP1, Cable the Monitoring ports (on page 2
). Ensure
that your port settings match the cabling (for example, In-line
mode).
You’re up and the running!
Your sensor is actively monitoring connected segments and
communicating with the Manager for administration and management
operations.
Check the
ISM home page
for alert statistics as attacks are detected.
These are displayed in the Unacknowledged Alert Summary area of
the ISM Home page.
Launch the Alert Manager from the Home page by clicking Real-time
Alert Manager
to see alert details.
Read the
Intrushield Getting Started Guide
for an overview of the
system. For detailed usage instructions, see the Intrushield Sensor
Configuration Guide—using ISM
, or click the
Detailed Help
buttons in
the upper-right corner of each window in the Manager.
Having problems? Check the
Intrushield Troubleshooting Guide
for
troubleshooting information. Note that most deployment problems
stem from configuration mismatches the sensor and the network
devices to which it is connected. Check your duplex and
auto-negotiation settings on both devices to ensure and stood are
synchronized.
If you need to contact Technical Support, go to
https://mysupport.mcafee.com
.
Contacting Technical Support
On-line
Contact McAfee Technical Support
http://mysupport.mcafee.com.
Registered customers can obtain up-to-date documentation,
technical bulletins, and quick tips on McAfee's 24x7
comprehensive KnowledgeBase. In addition, customers can
also resolve technical issues with the online case submit,
software downloads, and signature updates.
Phone
Technical Support is available 7:00 A.M. to 5:00 P.M. PST
Monday-Friday. Extended 24x7 Technical Support is available
for customers with Gold or Platinum service contracts. Global
phone contact numbers can be found at McAfee Contact
Information
http://www.mcafee.com/us/about/contact/index.html page.
Note: McAfee requires that you provide your GRANT ID and
the serial number of your system when opening a ticket with
Technical Support. You will be provided with a user name and
password for the online case submission.
700-2080-00-G
Copyright ® 2001 - 2009 McAfee, Inc. All Rights Reserved.
-
1
-
2
-
3
-
4
McAfee IIP-M80K-ISAA - Network Security Platform M-8000 Quick start guide
- Type
- Quick start guide
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
McAfee IIP-M65K-ISAA - Network Security Platform M-6050 Quick start guide
-
-
-
-
Cisco 6050 User manual
-
-
-
-
-
