Enabling Ssl Decryption - McAfee M-1250 - Network Security Platform Configuration Manual

Ips configuration guide version 5.1

Hide thumbs Also See for M-1250 - Network Security Platform:

Upgrade manual (58 pages)

Deployment manual (36 pages)

Manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

page of 259

/ 259
Contents
Table of Contents
Bookmarks

Table of Contents

McAfee® Network Security Platform 5.1

The IPS Sensor_Name node

internal network. Similarly, when the response HTTP traffic passing port 1A from the

internal network, exceeds the configured rate limiting value of 5120 Kbps, the Sensor rate

limits the traffic by dropping excess data packets. Only the configured traffic bandwidth

value of 5120 Kbps is allowed to pass through port 1A to the Internet.

Network Scenario for DiffServ tagging

Consider a network scenario where the internal network of a University is connected to the

internet, and Network Security Platform and the router are deployed as shown in the below

diagram.

Figure 203: Scenario For DiffServ Tagging

Suppose you want to prioritize the HTTP and P2P traffic coming from the University

network to the internet. To prioritize the traffic, you can configure the Sensor for DiffServ or

VLAN tagging. The role of the Network Security Sensor is just to tag the packets and pass

it on to an external network device (here router) for DiffServ or VLAN classification.

Suppose you want to give high priority to the HTTP traffic coming from the University

network to the internet. You can configure the Sensor port 1B with a DiffServ rule, in which

the DiffServ field is set to a value, say 60, for HTTP traffic. When the HTTP traffic from the

University network reaches Sensor port 1B, the Sensor tags the packet headers with the

DiffServ field value specified in the configuration (60, in this example). The tagged packets

are sent to the router, which is configured to do DiffServ categorization. Now the traffic is

prioritized as per the DiffServ priority defined in the router. Note that the Sensor only tags

the incoming traffic and passes it on to the external network device (in this case, it is the

router) which further performs the DiffServ classification.

Similarly, to provide low priority to the P2P traffic coming from the University network to the

internet, you can configure port 1B of the Sensor with a DiffServ rule, in which the DiffServ

field is set to a value, say 5. When the P2P traffic from the University network reaches

Sensor port 1B, the Sensor tags the packet headers with the DiffServ field value specified

in the configuration (5, in this example). The tagged packets then reach the router which

performs DiffServ classification and prioritization, based on the rules configured in the

router.