Configuring At The Interface Level - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
Deleting SSL key files from Manager
To delete escrowed SSL key files from Manager, do the following:
1
2
3
4

Configuring at the interface level

Configuring at the interface level involves enabling McAfee-NAC-based response action
for the ports. For ports deployed in inline mode, you can enable McAfee NAC forwarding,
Network Security Platform quarantine and remediation for each port in a port-pair. For
ports deployed in tap and SPAN modes, you can only enable McAfee NAC forwarding.
If a McAfee-NAC-enabled attack is detected passing through a port for which you have
enabled McAfee NAC forwarding, then the Network Security Sensor alerts the
corresponding McAfee NAC server with the details of the attack. This also depends
whether you have enabled McAfee NAC notification at the policy level.
Warning:
them. Network Security Sensors forward details of attacking hosts, including their
MAC addresses, to the McAfee NAC server. However, if there is a Layer 3 device
between the Network Security Sensor and an attacking host, then the device
rewrites the source MAC address with its own. That is, the Network Security Sensor
will receive the MAC address of the device as the source MAC address instead of
the MAC address of the attacking host. Because of this reason, you should not
enable alert forwarding to the McAfee NAC server for the Sensor ports that are
connected to only Layer 3 devices. If a port is connected to a mixture of Layer 3 and
Layer 2 devices, then you should include the MAC addresses of the Layer 3 devices
in the Excluded MAC address list so that these devices are not quarantined by
McAfee NAC.
To enable or disable McAfee NAC forwarding for the ports in a Sensor:
1
2
Sensor_Name > SSL Decryption > Key Management
Click
Select the radio button in the
Next
Click .
Delete
Click . Confirm the deletion.
McAfee NAC uses the MAC addresses of attacking hosts to quarantine
Sensors > Sensor_Name > NAC > Port Settings
Select
NAC
.
In the Enable Port Settings page, you can view the McAfee NAC configuration details
as well as Network Security Sensor quarantine details of the ports in the Sensor. For
information on Network Security Sensor quarantine details, Updating Quarantine and
Sensor Configuration Guide.
Remediation Status,
Select a port by clicking the check box adjacent to the Port column and then select or
Quarantine, Remediate,
clear the
To just forward the attack details to McAfee NAC, select only
To forward the attack details to McAfee NAC and also quarantine the attacking
host based on McAfee NAC response, select
Remediate,
Select if required.
.
Update
column for the desired Sensor.
Sensors > Sensor_Name > Interface_Name >
or
Enable McAfee NAC
and based on your requirements:
Quarantine
208
The IPS Sensor_Name node
Enable McAfee NAC
.
Enable McAfee NAC
and .