McAfee IIP-M80K-ISAA - Network Security Platform M-8000 Product Manual
Intrushield ips
Hide thumbs
Also See for IIP-M80K-ISAA - Network Security Platform M-8000:
- Quick start manual (4 pages)
Related Manuals for McAfee IIP-M80K-ISAA - Network Security Platform M-8000
Summary of Contents for McAfee IIP-M80K-ISAA - Network Security Platform M-8000
- Page 1 M-8000 Sensor Product Guide revision 2.0 McAfee® IntruShield® IPS IntruShield M-8000 Sensor version 4.1 McAfee ® Network Protection Industry-leading intrusion prevention solutions...
- Page 2 VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
-
Page 3: Table Of Contents
Contents Preface ......................v Introducing McAfee IntruShield IPS ....................v About this guide..........................v Audience ............................v Contents of this guide........................vi Contacting Technical Support .......................vi Related documentation .........................vi Conventions used in this guide ....................vii Chapter 1 Overview..................1 About IntruShield sensors ......................1 Sensor functionality ........................ - Page 4 Cabling for in-line ........................21 Cabling for TAP mode ......................... 21 Cabling for SPAN or hub mode ....................22 Cabling the Failover interconnection ports .................. 22 Using Fail-Open hardware ......................23 Chapter 5 Troubleshooting ............... 24 Appendix A Sensor Technical Specifications......... 25...
-
Page 5: Preface
Preface This preface provides a brief introduction to McAfee IntruShield, discusses the information in this document, and explains how this document is organized. It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support. -
Page 6: Contents Of This Guide
Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page. McAfee requires that you provide your GRANT ID and the serial number of Note: your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission. -
Page 7: Conventions Used In This Guide
McAfee® IntruShield® IPS 4.1 M-8000 Sensor Product Guide Conventions used in this guide • Sensor Configuration Guide—using CLI • Sensor Configuration Guide—using the Wizard For information to assist you planning for IntruShield IPS deployment and operation, see the following related documents: •... - Page 8 McAfee® IntruShield® IPS 4.1 M-8000 Sensor Product Guide Conventions used in this guide Convention Example Information that you must read Caution: before beginning a procedure or that alerts you to negative consequences of certain actions, such as loss of data is denoted using this notation.
-
Page 9: Chapter 1 Overview
H A P T E R Overview This chapter provides an introduction to IntruShield sensors. About IntruShield sensors IntruShield sensors are high-performance, scalable, and flexible content processing appliances built for the accurate detection and prevention of intrusions, misuse, and distributed denial of service (DDoS) attacks. IntruShield sensors are specifically designed to handle traffic at wire speed, efficiently inspect and detect intrusions with a high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment. -
Page 10: M-8000 Key Features
McAfee® IntruShield® IPS 4.1 Overview M-8000 Sensor Product Guide M-8000 key features The IntruShield sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information on IntruShield, see the Getting Started Guide Following is an example of a network topology using Gigabit Ethernet throughput. In the illustration, IntruShield provides IPS and Alert Viewer protection to outsourced servers. -
Page 11: Ports
McAfee® IntruShield® IPS 4.1 Overview M-8000 Sensor Product Guide M-8000 physical description dull-duplex Ethernet segments or sixteen 1 Gigabit SPAN ports transmitting aggregated traffic. Ports The M-8000 sensor consists of two 2RU units and is equipped with the following components:... - Page 12 (included). Power supply A is included with each sensor. The supply uses a standard IEC port (IEC320-C13). The supply uses a standard IEC port (IEC320-C13). McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire). International customers must procure a country-...
-
Page 13: Front Panel Leds
(optional, purchased separately). Power supply B is a hot- swappable, redundant power supply. This power supply also uses a standard IEC320-C13 port, and you can use the McAfee-provided cable or acquire one that meets your specific needs. which are used to connect the primary Two RJ-45 10/100/1000 Interconnect ports, sensor to the secondary sensor. - Page 14 McAfee® IntruShield® IPS 4.1 Overview M-8000 Sensor Product Guide M-8000 physical description Status Description Gigabit Ports Act Amber Data transferring. No data transferring. Gigabit Ports Link Green The link is connected. The link is disconnected. Response Port Speed Green The port speed is 1000 Mbps.
-
Page 15: Chapter 2 Before You Install
• The sensor appliance is not a general purpose workstation. • McAfee prohibits the use of the sensor appliance for anything other than operating the IntruShield IPS. • McAfee prohibits the modification or installation of any hardware or software in the sensor appliance that is not part of the normal operation of the IntruShield IPS. -
Page 16: Working With Fiber-Optic Ports
• two power supplies. • four CD-ROMs containing the sensor software and on-line documentation. • power cords. McAfee provides a standard and international power cables. • two sets of rack mounting rails. • two set of rack mounting ears. •... -
Page 17: Unpacking The Sensor
McAfee® IntruShield® IPS 4.1 Before You Install M-8000 Sensor Product Guide Unpacking the sensor Unpacking the sensor To unpack the sensor: Open crate. Remove the first accessory box. Verify you have received all parts. These parts are listed on the packing list and in Contents of the sensor box. -
Page 18: Chapter 3 Setting Up An M-8000
H A P T E R Setting up an M-8000 This chapter describes the process of setting up a sensor to prepare it for configuration. Setup Overview Setting up a sensor involves the following steps: Positioning the sensor. (See below.) Installing interface modules (SFP and XFP). -
Page 19: Mounting A Sensor In A Rack
Before you mount the sensor in the rack, make sure that power is OFF. Caution: Remove the power cable and all network interface cables from the sensor Because of the weight of the appliance, McAfee recommends that two people Note: place the chassis into the rail cabinet. -
Page 20: Using The Redundant Power Supply
Using the redundant power supply A basic configuration of the M-8000 includes one hot swappable supply. You may install a second hot-swappable power supply (purchased separately from McAfee) for redundancy. Each of these modules has one handle for insertion or extraction from the unit as well as a release latch. -
Page 21: Removing The Power Supply
For true redundant operation with the optional redundant power supply, Note: McAfee recommends that you plug each supply into a different power circuit. For optimal protection, use uninterruptable power sources. Removing the power supply To remove a power supply from the M-8000 (Optional—the power supplies are hot-... -
Page 22: Using Small-Factor Pluggable Modules
SFP optical interfaces are less than half the size of GBIC interfaces. To ensure compatibility, McAfee supports only those SFP and XFP modules Note: purchased through McAfee or from a McAfee-approved vendor. For a list of approved vendors, see the on-line KnowledgeBase, https://support.mcafee.com. https://mysupport.mcafee.com These installation instructions provide information for installing an SFP and an XFP module that uses a bail clasp for securing the module in place in the sensor. -
Page 23: Installing A Module
McAfee® IntruShield® IPS 4.1 Setting up an M-8000 M-8000 Sensor Product Guide Using Small-factor Pluggable modules Figure 5: SFP Module XFP module The supported XFP module is a robust Small Form Factor Pluggable, operating at 850nm, for up to 10 Gigabits per second on SONET/SDH, Fibre Channel, Gigabit Ethernet and other applications. -
Page 24: Removing A Module
The M-8000 sensor has no power switch. The sensor powers on as soon as one of its power cables is connected to a power source. Powering off the sensor McAfee recommends that you use the shutdown CLI command to halt the sensor before powering it down. For more information on CLI commands, see Sensor... -
Page 25: Chapter 4 Attaching Cables To The M-8000
The Console port on M-8000 P is used for setup and configuration of the sensor. You can use the Console port on M-8000 S to recover the flash image. For console connections, plug the DB9 Console cable supplied by McAfee into port (labeled on the sensor front panel) on M-8000 P. -
Page 26: Cabling The Response Port
Connect the other end of the cable to the network device (for example, hub, switch, router) that in turn connects to the Manager server. To isolate and protect your management traffic, McAfee strongly Note: recommends using a separate, dedicated management subnet to interconnect the... -
Page 27: Cabling The Interconnect Ports
Insert the supplied XFP modules into the XC2, XC3, XC5, and XC6 ports on the primary and secondary sensors. McAfee supports the use only of McAfee-supplied modules or modules Note: from approved vendors. Plug one end of an LC-LC fiber-optic cable into the XC2 port of the primary sensor and connect the other end of the cable to the XC5 port of the secondary sensor. -
Page 28: Default Monitoring Port Speed Settings
McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-8000 M-8000 Sensor Product Guide Cabling the Monitoring port Port Pairs Transceiver Type Sensor 1A and 1B M-8000 P 2A and 2B M-8000 P XC2 and XC3 M-8000 P 3A and 3B... -
Page 29: Cable Types For Routers, Switches, Hubs, And Pcs
McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-8000 M-8000 Sensor Product Guide Cabling for in-line Monitoring Ports Operating Mode Speed/Duplex Setting In-line Auto-negotiation is ON Cable types for routers, switches, hubs, and PCs The cabling instructions in this chapter •... -
Page 30: Cabling For Span Or Hub Mode
McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-8000 M-8000 Sensor Product Guide Cabling for SPAN or hub mode Plug the cable appropriate for use with your Gigabit Ethernet port into one of the ports labeled xA (for example, 1A). -
Page 31: Using Fail-Open Hardware
McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-8000 M-8000 Sensor Product Guide Using Fail-Open hardware Using Fail-Open hardware The standard Gigabit Fail-Open Kit and the 10 Gigabit Fail-Open Kit (sold separately) minimizes the potential risks of in-line IntruShield sensor failure on critical network links. -
Page 32: Chapter 5 Troubleshooting
H A P T E R Troubleshooting This section lists some common installation problems and their solutions. Problem Possible Cause Solution LED is off. The control cable has been Check the control cable and ensure it disconnected. is properly connected to both the sensor and the Bypass Switch. -
Page 33: Appendix A Sensor Technical Specifications
P P E N D I X Sensor Technical Specifications The following table lists the specifications for each M-8000 sensor (M-8000 P and M- 8000 S). Sensor Specifics Description Dimensions Without mounting ears/rails/cable management: • width: 16.75 in. (41.91 cm) •...