Chapter 5 Failover: Configure Two Sensors In Inline Mode; Create A Failover Pair - McAfee M-1250 - Network Security Platform Manual
Network protection
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Configuration manual (259 pages) ,
- Upgrade manual (58 pages) ,
- Deployment manual (36 pages)
Table of Contents
Advertisement
C
5
H A P T E R
Failover: configure two Sensors in inline mode
In a failover configuration, the two Sensors are placed inline, connected to each other via
cables, and configured to act as a Failover Pair. All traffic is copied and shared between
them in order to maintain state. Sensor A copies the packets received on its monitoring
ports to Sensor B using the interconnection ports and vice versa. Since both Sensors see
all traffic and build state based on it, their state information is synchronized at all times.
All packets are seen by both Sensors (when both are operational); however, only one
Sensor in the pair raises an alert whenever an attack is detected.
When deploying the two Sensors in failover mode, you must ensure the following:
•
The Sensor interconnection ports must be cabled appropriately so the two Sensors
can communicate.
•
Both Sensors must be of the identical model type, and have the same signature set
and software loaded. (One of the two Sensors may be a "Fail-over (FO)" Sensor
model, which is a fully functional Sensor limited to operation as part of a failover pair;
it cannot operate standalone.)
•
Additionally, all ports on both the Sensors must be configured to run in inline mode.
Note:
The exceptions are the ports that will be used for the heartbeat. For example,
on the I-2700, you do not need to explicitly configure ports 4A/4B to run in inline
mode because 4A will be automatically configured for the heartbeat and 4B will be
disabled when the failover pair is created.
Create a Failover Pair
You can create a Failover Pair using McAfee
System Configuration tool. Failover Pair creation happens in real time; there is no need to
explicitly update the configuration.
Note 1:
By design, the configuration of the primary Sensor is copied to the
secondary Sensor, overwriting the original configuration on the secondary. If you
intend to configure both Sensors to fail-closed or fail open, you need only configure
the ports on the Sensor you intend to designate as the primary during the Failover
Pair creation.
Note 2:
If you intend to have one Sensor fail-closed and the other fail open,
however, you must revisit the
Pair creation and make the appropriate changes.
®
Network Security Manager (Manager)
Port Configuration
page of each Sensor after Failover
11
Advertisement
Table of Contents
