McAfee Network Security Platform 6.1 Upgrade Manual

Type
Upgrade Manual

This manual is also suitable for

Upgrade Guide
McAfee
®
Network Security Platform 6.1
COPYRIGHT
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
Contents
1 Preface 5
About this guide ..................................5
Audience ..................................5
Conventions .................................5
Finding product documentation ............................6
1 Overview 7
2 Managing a Heterogeneous Environment 9
What are heterogeneous environments .........................9
When would you need a heterogeneous environment? ...................10
Upgrade paths to a heterogeneous environment .....................10
Sample Scenarios .............................. 11
Feature-support matrix for heterogeneous environments ..................18
3 Upgrading the Central Manager 23
Reviewing the upgrade requirements ..........................23
Minimum required Central Manager version ....................23
Central Manager system requirements ......................23
Central Manager license file requirement .....................24
Preparing for the upgrade ..............................24
Backing up Network Security Platform data ....................25
Reviewing the Upgrade Considerations ......................25
Central Manager and OS upgrade ...........................26
Approach 2: Using a new hardware .......................27
MDR Central Manager upgrade ............................27
Stand-alone Central Manager upgrade .........................28
Upgrading the Signature Set for the Central Manager ................30
4 Upgrading the Manager 31
Reviewing the upgrade requirements ..........................31
Minimum required Manager version .......................31
Manager system requirements .........................31
Manager license file requirement ........................ 32
Preparing for the upgrade ..............................32
Reviewing the Upgrade Considerations ......................33
Backing up Network Security Platform data ....................35
MDR Manager upgrade ............................... 36
Manager and OS upgrade ..............................37
Approach 2: Using a new hardware .......................38
Stand-alone Manager upgrade ............................ 39
Running additional scripts ...........................40
5 Performing Signature Set and Sensor Software upgrade 43
Difference between an update and an upgrade ......................43
McAfee
®
Network Security Platform 6.1 Upgrade Guide
3
Sensor upgrade requirements .............................43
Reviewing the upgrade considerations .........................44
Updating Sensor software image ........................... 44
Sensor software upgrade: Manager vs. TFTP server .................46
Sensor Software and Signature Set Upgrade using Manager 6.0 ............46
Sensor software upgrade using a TFTP server ...................48
Updating Sensor software in a failover pair ....................50
6 Performing NTBA Appliance software upgrade 53
7 Information on downgrade 55
Index 57
Contents
4
McAfee
®
Network Security Platform 6.1 Upgrade Guide
Preface
Contents
About this guide
Finding product documentation
About this guide
This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators — People who implement and enforce the company's security program.
Conventions
This guide uses the following typographical conventions and icons.
Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.
Bold Text that is strongly emphasized.
User input or Path Commands and other text that the user types; the path of a folder or program.
Code
A code sample.
User interface
Words in the user interface including options, menus, buttons, and dialog
boxes.
Hypertext blue A live link to a topic or to a website.
Note: Additional information, like an alternate method of accessing an option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.
McAfee
®
Network Security Platform 6.1 Upgrade Guide
5
Finding product documentation
McAfee provides the information you need during each phase of product implementation, from
installation to daily use and troubleshooting. After a product is released, information about the product
is entered into the McAfee online KnowledgeBase.
Task
1
Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2
Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1
Click Product Documentation.
2
Select a product, then select a version.
3
Select a product document.
KnowledgeBase
Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.
Preface
Finding product documentation
6
McAfee
®
Network Security Platform 6.1 Upgrade Guide
1
Overview
This guide provides information on how to upgrade your McAfee
®
Network Security Platform setup
[formerly McAfee
®
IntruShield
®
Network Intrusion Prevention System] from 5.1 or an earlier version of
6.0 to the latest 6.0 version. To upgrade to an earlier version of 6.0, also see the corresponding
Release Notes. The upgrade involves the following three phases that you need to complete in the
same order:
1
If applicable, McAfee
®
Network Security Central Manager upgrade
2
McAfee
®
Network Security Manager upgrade
3
McAfee
®
Network Security Sensor software upgrade
4
If applicable, Network Threat Behavior Analysis Appliance upgrade from an earlier 6.0 version to
the latest
As with any upgrade, McAfee strongly recommends that you always first try the upgrade on a test
environment.
You would need to refer to the following documents during the upgrade process:
Manager Installation Guide
Manager Server Configuration Guide
Troubleshooting Guide
Custom Attack Definitions Guide
IPS Configuration Guide
System Status Monitoring Guide
Addendum II to 6.0 Documentation
An upgrade from 6.1 Beta to 6.0 is not supported. To use Network Security Platform 6.0 in your 6.1
Beta setup, uninstall 6.1 and then install 6.0.
1
McAfee
®
Network Security Platform 6.1 Upgrade Guide
7
1
Overview
8
McAfee
®
Network Security Platform 6.1 Upgrade Guide
2
Managing a Heterogeneous Environment
The latest 6.0 version of Network Security Platform, enables you to manage a heterogeneous
environment of Managers and Sensors. If you do not require to manage a heterogeneous
environment, you can skip this chapter. To know more about heterogeneous environments, see What
are heterogeneous environments.
Contents
What are heterogeneous environments
When would you need a heterogeneous environment?
Upgrade paths to a heterogeneous environment
Feature-support matrix for heterogeneous environments
What are heterogeneous environments
Typically, the Manager and the Sensors that it Managers are of the same major version. For example,
a 6.0 Manager manages Sensors running on Sensor software 6.0.x.x. Similarly, a Central Manager and
the corresponding Managers are all of the same major version. This document refers to these as
homogeneous environments.
This document refers to the following as heterogeneous environments:
The Central Manager and the corresponding Managers are of different successive major versions.
For example, a 6.0 Central Manager manages 6.0 Managers and 5.1 Managers.
The Manager and the corresponding Sensors are of different successive major versions. For
example, some Sensors are on 5.1.x.x and the rest are on 6.0.x.x, all managed by a 6.0 Manager.
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
9
Notes:
A Manager must always be of the same or higher version than the corresponding Sensors.
Therefore, a 5.1 Manager managing 6.0 Sensors is not a valid scenario. Similarly, the Central
Manager must be of the same or higher version than the corresponding Managers.
Heterogeneous environments are supported only across two successive major versions. For
example, a 6.0 Manager can manage Sensors on 5.1.x.x and 6.0.x.x but not Sensors on 4.1.x.x.
Similarly, Central Manager 6.0 can manage 6.0 and 5.1 Managers but not 4.1 Managers.
In Network Security Platform 6.0, Central Managers and Managers support heterogeneous
environments only from version 6.0.7.x and above.
To use the information in this section, familiarize yourself with the following terms:
Homogeneous Manager environment: The Central Manager and all the Managers are of the same
major version.
Heterogeneous Manager environment: At least one Manager is of a lesser major version than the
Central Manager. For example, a 6.0 Central Manager that manages 6.0 and 5.1 Managers.
Homogeneous Sensor environment: The Manager and all the Sensors are of the same major version.
Heterogeneous Sensor environment: At least one Sensor is of a lesser major version than the
Manager. For example, a 6.0 Manager managing 5.1 and 6.0 Sensors. Recall that a 6.0 Manager
managing 4.1 Sensors is not a valid scenario.
When would you need a heterogeneous environment?
Support for managing a heterogeneous environment is typically for large deployments where upgrade
of the Managers or the Sensors happens in phases. Consider a deployment of over a hundred Sensors
that are on 5.1.x.x. As part of the upgrade process, you first upgrade the Manager as well as a few of
the Sensors to 6.0. However, you may still need to make configuration changes and manage the 5.1
Sensors using the upgraded 6.0 Manager. You may also want to add some new 5.1 Sensors to the
upgraded 6.0 Manager. These are possible with a Manager version that supports a heterogeneous
Sensor environment.
McAfee strongly advises that you use the heterogeneous support feature only as an interim
arrangement until you upgrade all your Managers and Sensors to the latest version. This enables you
to make use of the latest features in Network Security Platform. For example, in case of M-series
Sensors, the SSL Decryption feature is available only from 6.0.x.x. So, in your heterogeneous Sensor
environment, you can configure and manage the 5.1 and 6.0 M-series Sensors alike but only the 6.0
M-series Sensors can decrypt SSL traffic for inspection.
In release 6.0, the names of some of the features have been changed for a better user-experience.
Before you proceed further, familiarize yourself with these changes. See Reviewing the upgrade
requirements, Upgrade Guide.
See also
Reviewing the upgrade requirements on page 31
Upgrade paths to a heterogeneous environment
This section provides some example scenarios to help you understand the possible upgrade paths to a
heterogeneous environment. Correlate these scenarios with yours to derive an upgrade path for your
deployment.
2
Managing a Heterogeneous Environment
When would you need a heterogeneous environment?
10
McAfee
®
Network Security Platform 6.1 Upgrade Guide
Sample Scenarios
The following are the list of sample scenarios. Proceed to the one that matches your deployment.
Though the sample scenarios predominantly feature only the I-series and M-series Sensors, a 6.0
Manager can manage the N-450 and Network Threat Behavior Analysis (NTBA) appliances as well.
Scenarios involving the Central Manager
The following scenarios involve the Central Manager. If you do not have a Central Manager deployed,
you can proceed to Scenarios involving the Manager.
Upgrade from a homogeneous 5.1 Manager environment to a heterogeneous 6.0 Manager
environment:
Scenario 1: MDR setup
Scenario 2: Standalone setup
Upgrade from a heterogeneous 5.1 Manager environment to a heterogeneous 6.0 Manager
environment:
Scenario 3: MDR setup
Scenario 4: Standalone setup
Upgrade requirements for the scenarios listed above
The Central Manager must be of version 5.1.11.22 or above. See the 4.1 to 5.1 Upgrade Guide for
information on how to upgrade the Central Manager to a 5.1 version.
As a best practice, upgrade any 4.1 Managers to 5.1.11.22 or a higher 5.1 version. Also, upgrade
the 4.1 Sensors to the corresponding 5.1 version. So, before you begin your 6.0 upgrade, ensure
there are no 4.1 Managers or Sensors in your deployment.
See also
Scenarios involving the Manager on page 15
Scenario 2 on page 12
Scenario 3 on page 13
Scenario 4 on page 14
Scenario 1
This scenario is about an upgrade from a homogeneous 5.1 Manager environment to a heterogeneous
6.0 Manager environment managed by an MDR pair of Central Managers.
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
11
The upgrade path for this scenario is as follows:
1
Upgrade the Central Manager MDR pair to the latest 6.0 version. See Upgrading the Central
Manager.
2
Upgrade the required Manager MDR pairs to the latest 6.0 version. See Upgrading the Manager.
3
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
See also
Upgrading the Central Manager on page 3
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 2
This scenario is about an upgrade from a homogeneous 5.1 Manager environment to a heterogeneous
6.0 Manager environment managed by a standalone Central Manager.
2
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
12
McAfee
®
Network Security Platform 6.1 Upgrade Guide
The upgrade path for this scenario is as follows:
1
Upgrade the standalone Central Manager to the latest 6.0 version. See Upgrading the Central
Manager.
2
Upgrade the required Managers to the latest 6.0 version. See Upgrading the Manager.
3
Upgrade the required Sensors managed by the 6.0 Managers. See Performing Signature Set and
Sensor Software Upgrade.
See also
Upgrading the Central Manager on page 3
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 3
This scenario is about an upgrade from a heterogeneous 5.1 Manager environment to a heterogeneous
6.0 Manager environment managed by an MDR pair of Central Managers.
The upgrade path for this scenario is as follows:
1
Upgrade all the 4.1 Managers to 5.1.11.22 or above. However, note that the Central Manager must
be of the same or higher version than the Managers. See the 4.1 to 5.1 Upgrade Guide for the details.
2
After you upgrade the 4.1 Managers to 5.1, ensure they are up and functioning as configured.
3
Upgrade the 4.1 Sensors to the relevant 5.1 version. See the 4.1 to 5.1 Upgrade Guide for details.
4
After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the
Sensors are up and functioning as configured.
Make sure there are no 4.1 Managers or Sensors when you begin to upgrade to 6.0.
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
13
5
Upgrade the Central Manager MDR pair to the latest 6.0 version. See Upgrading the Central
Manager.
6
Upgrade the required Manager MDR pairs to the latest 6.0 version. See Upgrading the Manager.
7
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
See also
Upgrading the Central Manager on page 3
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 4
This scenario is about an upgrade from a heterogeneous Manager environment in 5.1 to a
heterogeneous Manager environment in 6.0, managed by a standalone Central Manager.
The upgrade path for this scenario is as follows:
1
Upgrade all the 4.1 Managers to 5.1.11.22 or above. However, note that the Central Manager must
be of the same or higher version than the Managers. See the 4.1 to 5.1 Upgrade Guide for the details.
2
After you upgrade the 4.1 Managers to 5.1, ensure they are up and functioning as configured.
3
Upgrade the 4.1 Sensors to the relevant 5.1 version. See the 4.1 to 5.1 Upgrade Guide for details.
4
After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the
Sensors are up and functioning as configured.
Make sure there are no 4.1 Managers or Sensors when you begin to upgrade to 6.0.
2
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
14
McAfee
®
Network Security Platform 6.1 Upgrade Guide
5
Upgrade the standalone Central Manager to the latest 6.0 version. See Upgrading the Central
Manager.
6
Upgrade the required Managers to the latest 6.0 version. See Upgrading the Manager.
7
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
See also
Upgrading the Central Manager on page 3
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenarios involving the Manager
Upgrade requirements for the scenarios listed in this section
The Manager must be of version 5.1.11.22 or above. See the 4.1 to 5.1 Upgrade Guide for
information on how to upgrade the Manager to a 5.1 version.
As a best practice, upgrade any 4.1 Sensors to the corresponding 5.1 version. So, before you begin
your upgrade to 6.0, ensure there are no 4.1 Sensors in your deployment.
The following are the scenarios in this section:
Upgrade from a homogeneous Sensor environment in 5.1 to a heterogeneous Sensor environment
in 6.0:
Scenario 5: MDR setup
Scenario 6: Standalone Manager setup
Upgrade from a heterogeneous Sensor environment in 5.1 to a heterogeneous Sensor environment
in 6.0:
Scenario 7: MDR setup
Scenario 8: Standalone Manager setup
If the Manager is of version 6.0.7.x or above, then I-series Sensors do not support NAC regardless of
the Sensor software version.
See also
Scenario 5 on page 16
Scenario 8 on page 18
Scenario 6 on page 16
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
15
Scenario 5
This scenario is about an upgrade from a homogeneous Sensor environment in 5.1 to a heterogeneous
Sensor environment in 6.0, managed by an MDR pair of Managers.
The upgrade path for this scenario is as follows:
1
Upgrade the Manager MDR pair to the latest 6.0 version. See Upgrading the Manager.
2
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
See also
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 6
This scenario is about an upgrade from a homogeneous Sensor environment in 5.1 to a heterogeneous
Sensor environment in 6.0, managed by a standalone Manager.
2
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
16
McAfee
®
Network Security Platform 6.1 Upgrade Guide
The upgrade path for this scenario is as follows:
1
Upgrade the standalone Manager to the latest 6.0 version. See Upgrading the Manager.
2
Upgrade the required Sensors to the relevant 6.0 version. See Performing Signature Set and
Sensor Software Upgrade.
See also
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 7
This is about an upgrade from a heterogeneous Sensor environment in 5.1 to a heterogeneous Sensor
environment in 6.0, managed by an MDR pair of Managers.
The upgrade path for this scenario is as follows:
1
Upgrade all the 4.1 Sensors to a relevant 5.1 software version. See the 4.1 to 5.1 Upgrade Guide
for details.
Make sure there are no 4.1 Sensors added to the Managers when you begin to upgrade to 6.0; else,
the Manager upgrade will fail.
2
After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the
Sensors are up and functioning as configured.
3
Upgrade the Manager MDR pair to the latest 6.0 version. See Upgrading the Manager.
4
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
Managing a Heterogeneous Environment
Upgrade paths to a heterogeneous environment
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
17
See also
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Scenario 8
This is about an upgrade from a heterogeneous Sensor environment in 5.1 to a heterogeneous Sensor
environment in 6.0, managed by a standalone Manager.
The upgrade path for this scenario is as follows:
1
Upgrade all the 4.1 Sensors to a relevant 5.1 software version. See the 4.1 to 5.1 Upgrade Guide
for details.
Make sure there are no 4.1 Sensors added to the Manager when you begin to upgrade to 6.0; else,
the Manager upgrade will fail.
2
After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the
Sensors are up and functioning as configured.
3
Upgrade the standalone Manager to the latest 6.0 version. See Upgrading the Manager.
4
Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor
Software Upgrade.
See also
Upgrading the Manager on page 3
Performing Signature Set and Sensor Software upgrade on page 3
Feature-support matrix for heterogeneous environments
This section provides the feature-support matrix and the points that you should note when you work in
a heterogeneous environment in Network Security Platform 6.0. The following table contains the
major feature x Sensor software version x Sensor model matrix:
2
Managing a Heterogeneous Environment
Feature-support matrix for heterogeneous environments
18
McAfee
®
Network Security Platform 6.1 Upgrade Guide
Feature Name Latest 5.1 Sensor
software
Latest 6.0 Sensor
software
Additional Information
I-series M-series I-series M-series
Integration with
Artemis
No No No Yes See the Integration Guide.
SSL Decryption Yes No Yes Yes Not supported by I-1200,
I-1400, M-1250, and M-1450.
See the IPS Configuration
Guide.
Configuring a
Sensor as an
NTBA Exporter
No No No Yes See the NTBA Appliance
Administrator's Guide.
Port-based
Attack Filter
No No Yes Yes See the note below this table.
Also, see the IPS Configuration
Guide.
Custom Attacks
in Snort format
No No Yes Yes See the Custom Attacks Guide.
Smart Blocking No No Yes Yes See the IPS Configuration
Guide.
Parsing of jumbo
frames
No No No Yes Not supported by M-1250,
M-1450, and M-2750. See the
IPS Configuration Guide.
Attack
Compilation
No No Yes Yes See the IPS Configuration
Guide.
Scanning
Exceptions
No No No Yes Not supported by M-1250 and
M-1450. See the IPS
Configuration Guide.
Attack Scanning No No No Yes See the IPS Configuration
Guide.
Active FO kit No Yes No Yes See the Active FO Kit Guides.
Not applicable to M-1250 and
M-1450.
Data packet
capture by a
Sensor port
No No No Yes See the IPS Configuration
Guide.
Stateless
inspection
No No No Yes Option available in the TCP
Flow Violation drop-down in
the TCP Settings page. See the
IPS Configuration Guide.
DHCP Inline NAC No Yes No Yes I-series Sensors do not support
NAC if the Manager is
upgraded to 6.0.7.x or above.
See the NAC Configuration
Guide.
Standard Inline
NAC
No Yes No Yes I-series Sensors do not support
NAC if the Manager is
upgraded to 6.0.7.x or above.
See the NAC Configuration
Guide.
OOB NAC No No No No You need Manager 6.0.3.x or
above with N-450 6.0.3.x.
See the NAC Configuration
Guide.
Managing a Heterogeneous Environment
Feature-support matrix for heterogeneous environments
2
McAfee
®
Network Security Platform 6.1 Upgrade Guide
19
Notes
IPS Quarantine: You can configure a Sensor to quarantine an attacking host perpetually until you
explicitly release it from quarantine. This feature is available for the I-series and M-series Sensors
that are on the latest 6.0 Sensor software. For more information, see the discussion on Release
Logic in the IPS Configuration Guide.
Attack Filters: In Network Security Platform 6.0, Alert Filter is renamed as Attack Filter with no
functional difference. However, only the latest 6.0 Sensor software for both I and M-series support
port-based Attack Filters. That is, you can assign Attack Filters to the all Sensors in your
deployment. But, the port-based Attack Filters, if any, are not applied on the 5.1 Sensors when you
do a configuration update.
The port-based Attack Filters created in Central Manager 6.0 are viewable only in 6.0 Managers.
Snort-based Custom Attacks: Custom Attacks converted from the Snort format are not applied on
the 5.1 Sensors when you do a configuration update.
Blocking Option: You can customize the blocking setting for every attack in the Sensor Actions
section of the Edit Attack Detail for Attack page. You must explicitly set the blocking option for
Sensors on 5.1 and 6.0 software. Therefore, for a heterogeneous Sensor environment, you must
specify the blocking option for both 5.1 and 6.0 Sensors. Note that 6.0 Sensors support Smart
Blocking as well. Suppose you have only 5.1 Sensors in your deployment. So, you specify only
blocking option only for the 5.1 Sensors and disabled blocking for 6.0 Sensors. However, when you
upgrade a Sensor to 6.0, that Sensor will not block the attacks.
Note that 6.0 Sensors support Smart Blocking. In this case, the attacks are blocked based on their
Benign Trigger Probability. That is, the attack is blocked if the chances for it to be a false-positive
are less.
For information on the Blocking Option, Smart Blocking, and the Edit Attack for Attack page, see the
IPS Configuration Guide.
Scanning Exception:
This note is applicable only for M-2750, M-3050, M-4050, M-6050, and M-8000 Sensors.
Prior to release 6.0.7.x, you use the following CLI commands to configure Layer 2 forward settings:
layer2 forward tcp
layer2 forward udp
layer2 forward vlan
layer2 forward clear
2
Managing a Heterogeneous Environment
Feature-support matrix for heterogeneous environments
20
McAfee
®
Network Security Platform 6.1 Upgrade Guide
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58

McAfee Network Security Platform 6.1 Upgrade Manual

Type
Upgrade Manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI