1. Manuals
  2. Brands
  3. Source fire Manuals
  4. Firewall
  5. Sourcefire 3D System
  6. Installation manual

Source fire Sourcefire 3D System Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Sourcefire 3D System
Installation Guide
Version 5.2
Sourcefire 3D System Installation Guide
1
Version 5.2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Sourcefire 3D System and is the answer not in the manual?

Questions and answers

Summary of Contents for Source fire Sourcefire 3D System

  • Page 1 Sourcefire 3D System Installation Guide Version 5.2 Sourcefire 3D System Installation Guide Version 5.2...
  • Page 2 Terms of Use Applicable to the User Documentation The legal notices, disclaimers, terms of use, and other information contained herein (the "terms") apply only to the information discussed in this documentation (the "Documentation") and your use of it. These terms do not apply to or govern the use of websites controlled by Sourcefire, Inc.

  • Page 3: Table Of Contents

    Table of Contents Chapter 1: Introduction to the Sourcefire 3D System ....... 8 Sourcefire 3D System Appliances ................ 9 Defense Centers..................9 Managed Devices .................. 10 Understanding Appliance Series, Models, and Capabilities....10 Sourcefire 3D System Components ..............16 Licensing the Sourcefire 3D System ..............19 Using Legacy RNA Host and RUA User Licenses .........
  • Page 4 Detecting Intrusions on Other Points of Entry........51 Deploying in Multi-Site Environments............ 53 Integrating Managed Devices within Complex Networks ..... 55 Chapter 3: Installing a Sourcefire 3D System Appliance ....... 57 Included Items ....................58 Security Considerations ..................58 Identifying the Management Interfaces ............. 58 Sourcefire Defense Center 750 .............
  • Page 5 Table of Contents Chapter 4: Setting Up a Sourcefire 3D System Appliance ..... 86 Understanding the Setup Process ..............87 Setting Up a Series 2 Appliance or Series 3 Defense Center ....88 Setting Up a Series 3 Device ..............89 Configuring Network Settings Using a Script .............
  • Page 6 Waste Electrical and Electronic Equipment Directive (WEEE)......238 Appendix A: Power Requirements for Sourcefire Devices ..... 240 Warnings and Cautions ..................240 Interface Connections................240 Static Control ..................241 3D7010/7020/7030.................... 241 Installation.................... 241 Grounding/Earthing Requirements ............242 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 7 Included Items ....................257 Identifying the Module Parts ................258 Before You Begin ....................259 Removing a Module or Slot Cover ..............259 Inserting a Module or Slot Cover ..............260 Glossary ........................264 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 8 VPN endpoints. The Sourcefire Defense Center® provides a centralized management console and database repository for the Sourcefire 3D System. Managed devices installed on network segments monitor traffic for analysis. Devices in a passive deployment monitor traffic flowing across a network, for example, using a switch SPAN, virtual switch, or mirror port.

  • Page 9: Chapter 1: Introduction To The Sourcefire 3D System

    For detailed information, see the Sourcefire 3D System Virtual Installation Guide. The topics that follow introduce you to the Sourcefire 3D System and describe its key components: •...

  • Page 10: Managed Devices

    Understanding Appliance Series, Models, and Capabilities Version 5.2 of the Sourcefire 3D System is available on two series of physical appliances, as well as virtual appliances. Many Sourcefire 3D System capabilities are appliance dependent. For more information, see: •...

  • Page 11: Sourcefire 3D System Appliances Chapter

    Series 3 devices: switching, routing, NAT, and so on. When running Version 5.2, DC1000 and DC3000 Series 2 Defense Centers support all the features of the Sourcefire 3D System; the DC500 has more limited capabilities. Series 3 Appliances Series 3 is the third series of Sourcefire physical appliances.

  • Page 12: Virtual Appliances

    Also, virtual devices do not have web interfaces. For detailed information on virtual appliances, see the Sourcefire 3D System Virtual Installation Guide. Appliances Delivered with Version 5.2 The following table lists the appliances that Sourcefire delivers with Version 5.2 of the Sourcefire 3D System.

  • Page 13: Supported Capabilities By Appliance Model

    198 for more information. Supported Capabilities by Appliance Model Many Sourcefire 3D System capabilities are appliance dependent. The table below matches the major capabilities of the system with the appliances that support those capabilities, assuming you have the correct licenses installed and applied.
  • Page 14 Introduction to the Sourcefire 3D System Chapter 1 Sourcefire 3D System Appliances Supported Capabilities by Appliance Model (Continued) EATURE ERIES ERIES ERIES ERIES IRTUAL IRTUAL EVICE EFENSE EVICE EFENSE EVICE EFENSE ENTER ENTER ENTER access control: literal   ...
  • Page 15 Introduction to the Sourcefire 3D System Chapter 1 Sourcefire 3D System Appliances Supported Capabilities by Appliance Model (Continued) EATURE ERIES ERIES ERIES ERIES IRTUAL IRTUAL EVICE EFENSE EVICE EFENSE EVICE EFENSE ENTER ENTER ENTER device clustering    ...

  • Page 16: Sourcefire 3D System Components

    Where needed, Sourcefire documentation outlines the requirements for each feature and task. Redundancy and Resource Sharing The redundancy and resource-sharing features of the Sourcefire 3D System allow you to ensure continuity of operations and to combine the processing resources of multiple physical devices: •...
  • Page 17 Chapter 1 Sourcefire 3D System Components Network Traffic Management The Sourcefire 3D System’s network traffic management features allow Series 3 devices to act as part of your organization’s network infrastructure. You can: • configure a Layer 2 deployment to perform packet switching between two or more network segments •...
  • Page 18 Introduction to the Sourcefire 3D System Chapter 1 Sourcefire 3D System Components • advanced settings, such as preprocessors and other detection and performance features • preprocessor rules that allow you to generate events for associated preprocessors and preprocessor options File Tracking, Control, and Malware Protection To help you identify and mitigate the effects of malware, the Sourcefire 3D System’s file control, network file trajectory, and advanced malware protection...

  • Page 19: Licensing The Sourcefire 3D System

    Licensing the Sourcefire 3D System Licensing the Sourcefire 3D System You can license a variety of features to create an optimal Sourcefire 3D System deployment for your organization. You must use the Defense Center to control licenses for itself and the devices it manages.
  • Page 20 Introduction to the Sourcefire 3D System Chapter 1 Licensing the Sourcefire 3D System Control A Control license allows managed devices to perform user and application control. It also allows devices to perform switching and routing (including DHCP relay), NAT, and to cluster devices and stacks. A Control license requires a Protection license.
  • Page 21 Although the DC500 can manage devices with Protection and Control licenses, you cannot perform Security Intelligence filtering or user control. For detailed information on licensing, see the Licensing the Sourcefire 3D System chapter in the Sourcefire 3D System User Guide.

  • Page 22: Using Legacy Rna Host And Rua User Licenses

    Licensing the Sourcefire 3D System Using Legacy RNA Host and RUA User Licenses In Version 4.10.x of the Sourcefire 3D System, RNA Host and RUA User feature licenses determined your monitored host and user limits, respectively. If your Defense Center was previously running Version 4.10.x, you can use your legacy host and user licenses instead of a FireSIGHT license.

  • Page 23: Security, Internet Access, And Communication Ports

    Note, however, that Sourcefire appliances are configured to directly connect to the Internet. Specific features of the Sourcefire 3D System require this direct connection, and others support use of a proxy server. Additionally, the system requires that certain ports remain open for basic intra-appliance communication, as well as to allow you to access appliances’...

  • Page 24: Open Communication Ports Requirements

    Internet access. Open Communication Ports Requirements The Sourcefire 3D System requires that ports 443 (inbound) and 8305 (inbound and outbound) remain open for basic intra-appliance communication, as well as to allow you to access appliances’ web interfaces.
  • Page 25 By default, several other ports are open to allow the system to take advantage of additional features and functionality. The following table lists these ports. Note that DHCP is disabled by default on ports 67 and 68. Sourcefire 3D System Open Communication Ports Requirements ORTS ESCRIPTION...
  • Page 26 Introduction to the Sourcefire 3D System Chapter 1 Security, Internet Access, and Communication Ports Sourcefire 3D System Open Communication Ports Requirements (Continued) ORTS ESCRIPTION ROTOCOL IRECTION PEN THE PORT TO 1500, 2000 database Inbound access the Defense Center if external access database access is enabled.

  • Page 27: Chapter 2: Understanding Deployment

    HAPTER NDERSTANDING EPLOYMENT The Sourcefire 3D System can be deployed to accommodate the needs of each unique network architecture. The Defense Center provides a centralized management console and database repository for the Sourcefire 3D System. Devices are installed on network segments to collect traffic connections for analysis.

  • Page 28: Understanding Deployment Options

    50 for more information. Understanding Interfaces The sections that follow describe how different interfaces affect the capabilities of the Sourcefire 3D System. In addition to passive and inline interfaces, you can Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 29: Passive Interfaces

    Configurable bypass inline sets allow you to select how your traffic is handled if your hardware fails completely (for example, the device loses power). You may determine that connectivity is critical on one network segment, and, on another Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 30: Switched Interfaces

    A virtual switch uses the media access control (MAC) address from a host to determine where to send packets. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 31: Routed Interfaces

    To use a virtual switch on your device, create physical switched interfaces and then follow the instructions for Setting Up Virtual Switches in the Sourcefire 3D System Guide. Routed Interfaces : Control...

  • Page 32: Hybrid Interfaces

    TCP enforcement for maximum TCP security. To use a virtual router on your device, create physical routed interfaces on your device and then follow the instructions for Setting Up Virtual Routers in the Sourcefire 3D System User Guide. Hybrid Interfaces...

  • Page 33: Using A Hub

    Managed devices offer multi-port options that recombine the two sides of the conversation so that the entire traffic stream is evaluated by the decoders, the preprocessors, and the detection engine. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 34: Cabling Inline Deployments On Copper Interfaces

    In most cases you should use one straight-through cable and one crossover cable to connect the device to the two endpoints. Straight-Through Bypass Connection Cabling Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 35 X indicates a crossover cable or managed device bypass connection. Note that every network environment is likely to be unique, with endpoints that have different combinations of support for Auto-MDI-X. The easiest way to Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 36: Special Cases

    If your network environment requires that you turn off the Auto Negotiate option on the Network Interface page, then you must specify the correct MDI/MDIX option for your inline network interfaces. See Configuring Inline Interfaces in the Sourcefire 3D System User Guide for more information. Special Cases Connecting 8000 Series Devices 8000 Series managed devices do not support half duplex network links;...

  • Page 37: Deploying With A Virtual Switch

    When you replace your physical switch with a virtual switch, you are limited only by your bandwidth and the level of complexity you want to introduce to your deployment. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 38: Deploying With A Virtual Router

    For more information on configuring switched interfaces and virtual switches, see Setting Up Virtual Switches in the Sourcefire 3D System User Guide. Deploying with a Virtual Router : Control...
  • Page 39 In this example, the managed device contains a virtual router to allow traffic to travel between the computers on network 172.16.1.0/20 and the servers on network 192.168.1.0/24 (indicated by the blue and green lines). A third interface Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 40: Deploying With Hybrid Interfaces

    (indicated by the red and orange lines). For more information, see Setting Up Virtual Routers in the Sourcefire 3D System User Guide. Deploying with Hybrid Interfaces...

  • Page 41: Deploying A Gateway Vpn

    The secure tunnel between the gateways protects communication between them. You configure the Sourcefire 3D System to build secure VPN tunnels from the virtual routers of Sourcefire managed devices to remote devices or other third-party VPN endpoints using the Internet Protocol Security (IPSec) protocol suite.

  • Page 42: Deploying With Policy-Based Nat

    The number of VPN-enabled managed devices you deploy in this configuration controls the level of redundancy. For more information on gateway VPN configuration and deployments, see Gateway VPN in the Sourcefire 3D System User Guide. Deploying with Policy-Based NAT : Control...

  • Page 43: Deploying With Access Control

    The following section describes how access control can function in your deployment. See the Sourcefire 3D System User Guide for more information on this feature. An access control policy determines how the system handles traffic on your network.
  • Page 44 DMZ, the internal network, the core, mobile access, and remote networks. The diagram below illustrates traffic flow through the Sourcefire 3D System, and provide some details on the types of inspection performed on that traffic. Note that the system does not inspect fast-pathed or blacklisted traffic.
  • Page 45 Internet that originate from a compromised server in the DMZ. Monitoring network traffic using Network Discovery can help you monitor these exposed servers for changes (for example, an unexpected service suddenly appearing) that could indicate a compromised server in the DMZ. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 46 Although this segment must be readily available for your business to function, it must be tightly restricted controlled. Access control should ensure that these assets cannot be reached by those network segments with the highest risk, such Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 47 Your policy can reduce your risk by rigidly limiting how users, network, and applications access core resources. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 48: Using A Multi-Port Managed Device

    When you connect the multi-port adapter card on the managed device to the tap, the managed device is able to combine the traffic into a single data stream so that it can be analyzed. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 49 You can use the virtual switch to replace both the tap and the switch in your deployment. Note that if you replace the tap with a virtual switch, you lose the tap packet delivery guarantee. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 50: Complex Network Deployments

    Integrating with VPNs on page 51 • Detecting Intrusions on Other Points of Entry on page 51 • Deploying in Multi-Site Environments on page 53 • Integrating Managed Devices within Complex Networks on page 55 Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 51: Integrating With Vpns

    (either inside the firewall, outside the firewall, or both) and on network segments that are important to the integrity and confidentiality of your business data. The following diagram shows Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 52 Understanding Deployment Chapter 2 Complex Network Deployments how managed devices can be installed at key locations on a complex network with multiple entry points. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 53: Deploying In Multi-Site Environments

    Many organizations want to extend intrusion detection across a geographically disparate enterprise and then analyze all the IPS data from one location. The Sourcefire 3D System supports this by offering the Defense Center, which aggregates and correlates events from managed devices deployed throughout the organization’s many locations.
  • Page 54 Understanding Deployment Chapter 2 Complex Network Deployments the managed devices over a VPN or with some other secure tunneling protocol as shown in the following diagram. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 55: Integrating Managed Devices Within Complex Networks

    NAT devices, and VPNs exist, in addition to information about using the Sourcefire Defense Center to manage multiple managed devices and the deployment and management of managed devices in a multi-site environment. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 56 Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 57: Chapter 3: Installing A Sourcefire 3D System Appliance

    PPLIANCE Sourcefire appliances are easily installed on your network as part of a larger Sourcefire 3D System deployment. You install devices on network segments to inspect traffic and generate intrusion events based on the intrusion policy applied to it. This data is transmitted to a Defense Center, which manages one or more devices to correlate data across your full deployment, and coordinate and respond to threats to your security.

  • Page 58: Included Items

    Before you install your appliance, Sourcefire recommends that you consider the following: • Locate your Sourcefire 3D System appliance in a lockable rack within a secure location that prevents access by unauthorized personnel. Place a desktop device (3D500/1000/2000) within a secure location that prevents access by unauthorized personnel.

  • Page 59: Sourcefire Defense Center 750

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Management Interfaces • Sourcefire 3D500/1000/2000 on page 60 • Sourcefire 7000 Series on page 60 • Sourcefire 8000 Series on page 61 Sourcefire Defense Center 750 The DC750 is available as a 1U appliance.

  • Page 60: Sourcefire Defense Center 3500

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Management Interfaces Sourcefire Defense Center 3500 The DC3500 is available as a 1U appliance. The following illustration of the rear of the chassis indicates the location of the management interface.

  • Page 61: Sourcefire 8000 Series

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The 3D7110/7120 and the 3D7115/7125 are available as 1U appliances. The following illustration of the rear of the chassis indicates the location of the management interface. Management Interface Sourcefire 8000 Series The 3D8120/8130/8140 is available as a 1U appliance.

  • Page 62: Sourcefire 3D500/1000/2000

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The following sections describe the sensing interfaces for each managed device. For information on connection types, see Understanding Interfaces on page 28. • To locate the sensing interfaces on the 3D500/1000/2000, see...

  • Page 63: Sourcefire 7000 Series

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces Sourcefire 7000 Series The Sourcefire 7000 Series is available in the following configurations: • 1U device one-half the width of the rack tray with eight copper interfaces, each with configurable bypass capability.
  • Page 64 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces 3D7110/7120 The 3D7110/7120 is delivered with eight copper port sensing interfaces, or eight fiber port sensing interfaces, each with configurable bypass capability. The following illustration of the front of the chassis indicates the location of the sensing interfaces.
  • Page 65 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces Eight-Port 1000BASE-SX Fiber Configurable Bypass Activity LED Link LED Bypass LED The eight-port 1000BASE-SX fiber configurable bypass configuration uses LC-type (Local Connector) optical transceivers. You can use these connections to passively monitor up to eight separate network segments.
  • Page 66 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces Four 1000BASE-T Copper Interfaces Link LED Activity LED Bypass LED You can use the copper interfaces to passively monitor up to four separate network segments. You can also use paired interfaces in inline or inline with bypass mode to deploy the device as an intrusion prevention system on up to two networks.

  • Page 67: Sourcefire 8000 Series

    Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces SFP Sockets Activity LED Link LED Sourcefire 8000 Series The Sourcefire 8000 Series is available as a 1U device with a 10G network switch or a 2U device with either a 10G or a 40G network switch. This device can be shipped fully assembled, or you can install the network modules (NetMods) that contain the sensing interfaces.
  • Page 68 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The following illustrations of the front of the chassis indicates the location of the module slots that contain the sensing interfaces. 81xx Family Front Chassis View Module Slots...
  • Page 69 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The 8000 Series can be delivered with the following modules without configurable bypass capability: • a quad-port 1000BASE-T copper interface without bypass capability. See Quad-Port 1000BASE-T Copper Non-Bypass NetMod on page 72 for more information.
  • Page 70 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The quad-port 1000BASE-SX fiber configurable bypass configuration uses LC-type (Local Connector) optical transceivers. You can use this configuration to passively monitor up to four separate network segments. You also can use paired interfaces in inline or inline with bypass mode, which allows you to deploy the managed device as an intrusion prevention system on up to two separate networks.
  • Page 71 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces Dual-Port 40GBASE-SR4 Fiber Configurable Bypass NetMod Activity LED Port Link LED Bypass LED The dual-port 40GBASE-SR4 fiber configurable bypass configuration uses MPO (Multiple-Fiber Push On) connector optical transceivers.
  • Page 72 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces Quad-Port 1000BASE-T Copper Non-Bypass NetMod Link LED Activity LED You can use these connections to passively monitor up to four separate network segments. You also can use paired interfaces in inline configuration on up to two network segments.
  • Page 73 Installing a Sourcefire 3D System Appliance Chapter 3 Identifying the Sensing Interfaces The quad-port 10GBASE fiber non-bypass configuration uses LC-type (Local Connector) optical transceivers with either MMSR or SMLR interfaces. WARNING! The quad-port 10G BASE non-bypass NetMod contains non-removable small form-factor pluggable (SFP) transceivers. Any attempt to remove the SFPs can damage the module.

  • Page 74: Using Devices In A Stacked Configuration

    Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration Using Devices in a Stacked Configuration You can increase the amount of traffic inspected on network segments by combining the resources of identically configured devices in a stacked configuration.

  • Page 75: Connecting The 3D8140

    Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration Connecting the 3D8140 You can connect two 3D8140s in a stacked configuration. You must use one 8000 Series stacking cable to create the physical connection between the primary device and the secondary device.
  • Page 76 Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration Install the devices in your rack so you can easily connect the cables between the stacking modules. You can install the secondary devices above or below the primary device.
  • Page 77 Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration 3D8270 - 3D8250 (40G) Primary Device and Two Secondary Devices The following example shows a 3D8270, which includes a 40G-capable 3D8250 primary device and two dedicated secondary devices. One secondary device is installed above the primary device and the other is installed below the primary device.
  • Page 78 Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration installed above the primary device and two secondary devices are installed below the primary device. Secondary Primary Secondary Secondary To connect a 3D8250 secondary device: Use an 8000 Series stacking cable to connect the left interface on the stacking module on the primary device to the left interface on the stacking module on the secondary device.

  • Page 79: Using The 8000 Series Stacking Cable

    Installing a Sourcefire 3D System Appliance Chapter 3 Using Devices in a Stacked Configuration Using the 8000 Series Stacking Cable The 8000 Series stacking cable has identically-keyed ends, each with a latch to secure the cable in the device and a latch release tab.

  • Page 80: Installing The Appliance In A Rack

    Stacked Devices in the Sourcefire 3D System User Guide. Installing the Appliance in a Rack The Sourcefire 3D System is delivered on different hardware platforms. You can rack-mount all Sourcefire appliances, including the 3D500/1000/2000 desktop devices (with purchase of a 1U mounting kit). When you install an appliance, you must also make sure that you can access the appliance’s console.
  • Page 81 Installing a Sourcefire 3D System Appliance Chapter 3 Installing the Appliance in a Rack By default, Sourcefire appliances direct initialization status, or init, messages to the VGA port. If you want to use the physical serial port or SOL to access the console, Sourcefire recommends you redirect console output to the serial port after you complete initial setup.

  • Page 82: Redirecting Console Output

    Cabling Inline Deployments on Copper Interfaces page 34. Continue with the next chapter, Setting Up a Sourcefire 3D System Appliance on page 86. Redirecting Console Output By default, Sourcefire appliances direct initialization status, or init, messages to the VGA port. If you restore an appliance to factory defaults and delete its license and network settings, the restore utility also resets console output to VGA.

  • Page 83: Testing An Inline Bypass Interface Installation

    Installing a Sourcefire 3D System Appliance Chapter 3 Testing an Inline Bypass Interface Installation Console Redirection Options (Continued) VGA (D PPLIANCE EFAULT HYSICAL ERIAL Series 2 Defense Centers tty0 ttyS0 all Series 3 appliances tty0 ttyS0 ttyS0 Note that while all Series 3 appliances support LOM, 7000 Series devices do not support LOM and physical serial access at same time.
  • Page 84 Ensure that the interface set type for the appliance is configured for inline bypass mode. See Configuring Inline Sets in the Sourcefire 3D System User Guide for instructions on configuring an interface set for inline bypass mode. Set all interfaces on the switch, the firewall, and the device sensing interfaces to auto-negotiate.
  • Page 85 You can also shut down the device using its web interface; see the Managing Devices chapter in the Sourcefire 3D System User Guide. As most devices power off, they emit an audible click sound. The click is the sound of relays switching and the device going into hardware bypass.

  • Page 86: Chapter 4: Setting Up A Sourcefire 3D System Appliance

    IMPORTANT! If you are not already familiar with the setup process, Sourcefire strongly recommends you read this section first. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 87: Understanding The Setup Process

    The procedures in this chapter explain how to set up an appliance without powering it down. However, if you need to power down for any reason, use the procedure in the Managing Devices chapter in the Sourcefire 3D System User Guide, the...

  • Page 88: Setting Up A Series 2 Appliance Or Series 3 Defense Center

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Understanding the Setup Process Information You have, at minimum, the information needed to allow the appliance to communicate on your management network: an IPv4 or IPv6 management IP address, a netmask or prefix length, and a default gateway.

  • Page 89: Setting Up A Series 3 Device

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Understanding the Setup Process To set up any Series 2 appliance or a Series 3 Defense Center: : Admin CCESS If you are using a keyboard and monitor, run a script that helps you configure settings to allow the appliance to communicate on your management network;...

  • Page 90: Configuring Network Settings Using A Script

    Complete this step by running a script at the console. The Sourcefire 3D System provides a dual stack implementation for both IPv4 and IPv6 management environments. First, the script prompts you to configure (or disable) IPv4 management settings, then IPv6. For IPv6 deployments, you can retrieve settings from a local router.

  • Page 91: Performing Initial Setup On A Series 3 Device Using The Cli

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Performing Initial Setup on a Series 3 Device Using the CLI Log out of the appliance. Your next step depends on the appliance: • To complete the setup of a managed device using its web interface,...

  • Page 92: Registering A Series 3 Device To A Defense Center Using The Cli

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Performing Initial Setup on a Series 3 Device Using the CLI Configure network settings for the device. First configure (or disable) IPv4 management settings, then IPv6. If you manually specify network settings, you must: •...

  • Page 93: Initial Setup Page: Devices

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Devices In most cases, you must provide the Defense Center’s hostname or the IP address along with the registration key, for example: configure manager add DC.example.com my_reg_key However, if the device and the Defense Center are separated by a NAT device,...
  • Page 94 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Devices sets, and zones that the system creates, as well as the policies that it initially applies to managed devices. To complete the initial setup on a physical managed device using its web interface:...
  • Page 95 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Devices Log out of the device. The device is ready to be added to its managing Defense Center. IMPORTANT! If you connected directly to the device using an Ethernet cable, disconnect the computer and connect the device’s management interface to...

  • Page 96: Network Settings

    If you already configured the device’s network settings, this section of the page may be pre-populated. The Sourcefire 3D System provides a dual stack implementation for both IPv4 and IPv6 management environments. You must specify the management network protocol (IPv4, IPv6, or Both). Depending on your choice, the setup page displays...

  • Page 97: Series 3 Device Lcd Panel Configuration

    If the device and Defense Center are separated by a network address translation (NAT) device, defer device registration until after you complete the initial setup. See the Managing Devices chapter in the Sourcefire 3D System User Guide for more information.

  • Page 98: Time Settings

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Devices Time Settings You can set the time for a device either manually or via network time protocol (NTP) from an NTP server, including the Defense Center. Sourcefire recommends that you use the Defense Center as the NTP server for its managed devices.
  • Page 99 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Devices In an inline deployment, you can also perform network-based advanced malware protection (AMP), file control, Security Intelligence filtering, and network discovery. Although you can select the inline mode for any device, keep in mind that inline sets using the following interfaces lack bypass capability: •...

  • Page 100: Initial Setup Page: Defense Centers

    If the zone does not exist, the system creates it and adds the interfaces. For detailed information on interfaces, inline sets, and security zones, see the Sourcefire 3D System User Guide. Automatic Backups The device provides a mechanism for archiving data so that configuration and event data can be restored in case of failure.
  • Page 101 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Defense Centers The setup process also allows you to register and license devices. Before you can register a device, you must complete the setup process on the device itself, as well as add the Defense Center as a remote manager, or the registration will fail.

  • Page 102: When You Are Finished, Click Apply

    The Defense Center is ready to use. See the Sourcefire 3D System User Guide for more information on configuring your deployment. Continue with Next Steps on page 109.

  • Page 103: Network Settings

    If you already configured the network settings, this section of the page may be pre-populated. The Sourcefire 3D System provides a dual stack implementation for both IPv4 and IPv6 management environments. You must specify the management network protocol (IPv4, IPv6, or Both). Depending on your choice, the setup page...

  • Page 104: Time Settings

    Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Defense Centers Time Settings You can set the time for a Defense Center either manually or via network time protocol (NTP) from an NTP server. You can also specify the time zone used on the local web interface for the admin account.

  • Page 105: Recurring Geolocation Updates

    Defense Center. License Settings You can license a variety of features to create an optimal Sourcefire 3D System deployment for your organization. A FireSIGHT license on the Defense Center is required to perform host, application, and user discovery. Additional Version 5.2...
  • Page 106 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Defense Centers model-specific licenses allow your managed devices to perform a variety of functions. Because of architecture and resource limitations, not all licenses can be applied to all managed devices; see...
  • Page 107 Add licenses one at a time. Device Registration A Defense Center can manage any device, physical or virtual, currently supported by the Sourcefire 3D System. You can add most pre-registered devices (see Remote Management on page 97) to the Defense Center during the initial setup process.
  • Page 108 Setting Up a Sourcefire 3D System Appliance Chapter 4 Initial Setup Page: Defense Centers each device depends on the detection mode (see Detection Mode on page 98) you chose when configuring the device, as listed in the following table. Default Access Control Policy Applied Per Detection Mode...

  • Page 109: Next Steps

    For detailed information on any the tasks described in the following sections, as well as information on how you can begin to configure your deployment, see the Sourcefire 3D System User Guide. TIP! If you want to use a serial or LOM/SOL connection to access your appliance’s console, you should redirect console output;...
  • Page 110 You should update the system software on your appliances before you begin any deployment. Sourcefire recommends that all the appliances in your deployment run the most recent version of the Sourcefire 3D System. If you are using them in your deployment, you should also install the latest intrusion rule updates, VDB, and GeoDB.

  • Page 111: Chapter 5: Using The Lcd Panel On A Series 3 Device

    Allowing reconfiguration using the LCD panel can present a security risk. You need only physical access, not authentication, to configure s using the LCD panel. For more information, see Using the LCD Panel on a Series 3 Device on page 111. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 112: Understanding Lcd Panel Components

    The device must be powered on to use the LCD panel. For information on how to safely power on or shut down the device, see the Managing Devices chapter in the Sourcefire 3D System User Guide. Understanding LCD Panel Components...

  • Page 113: Using The Lcd Multi-Function Keys

    TIP! The function of a symbol, and therefore the key map, varies according the LCD panel mode. If you do not get the result you expect, check the mode of the LCD panel. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 114: Idle Display Mode

    In Idle Display mode, the panel alternates (at five second intervals) between displaying the CPU utilization and free memory available and the chassis serial number. A sample of each display might look like this: CPU: 50% FREE MEM: 1024 MB Serial Number: 3D99-101089108-BA0Z Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 115: Network Configuration Mode

    Network Configuration Mode The Sourcefire 3D System provides a dual stack implementation for both IPv4 and IPv6 management environments. In Network Configuration mode, you can use the LCD panel to configure the s for a Series 3 device’s management interface: the IP address, subnet mask or prefix, and default gateway.
  • Page 116 Press the check mark key to accept the changes to the IP address. For IPv4, the LCD panel displays the following: Subnet Mask: 000.000.000.000 For IPv6, the LCD panel displays the following: Prefix: 000.000.000.000 Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 117: Allowing Network Reconfiguration Using The Lcd Panel

    TIP! For information on the other options on this page, see the Sourcefire 3D System User Guide. Click Save. The s are changed. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 118: System Status Mode

    Allows you to adjust the contrast of the LCD display. To enter System Status mode and view monitored system information: In Idle Display mode, press any multi-function key to enter the main menu. The main menu appears: Network Config System Status  Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 119: Information Mode

    The LCD panel’s Information mode displays identifying system information such as the device’s chassis serial number, IP address, model, and software and firmware versions. Sourcefire Support may require this information if you call for assistance. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 120 Depending on the option you chose, the LCD panel displays the information listed in the Information Mode Options table on page 120. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 121: Error Alert Mode

     Press the appropriate multi-function key as indicated on the LCD display. If you exit Error Alert mode before you resolve the error that triggered the alert, the LCD panel returns to Error Alert mode. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 122: Chapter 6: Hardware Specifications

    HAPTER ARDWARE PECIFICATIONS The Sourcefire 3D System is delivered on a variety of appliances to meet the needs of your organization. See the Rack and Cabinet Mounting Options page 122 for information on installing the appliance in a rack. The hardware specifications for each of the appliances are described in the following sections: •...

  • Page 123: Sourcefire Defense Centers

    The front of the DC750 (Rev 1) chassis contains the front panel controls. DC750 (Rev 1) Front Panel Controls The front of the DC750 (Rev 2) chassis contains the front panel controls. DC750 (Rev 2) USB Ports Front Panel Controls Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 124 Non-maskable interrupt NIC 1 activity status LED button NIC 2 activity status LED NIC 3 activity status LED NIC 4 activity status LED System status LED Reset button Power button with power LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 125 NIC activity Indicates activity between the system and the network: • A blinking green light indicates there is activity. • No light indicates there is no activity. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 126 The rear of the chassis contains the power supply and connection ports for the DC750 (Rev 1). DC750 (Rev 1) Management Interface Alternate eStreamer Interface Serial Port VGA Port Power Supply USB Ports Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 127 • If the light is on, the link is up. • No light indicates there is no link. Right (activity) Indicates activity on the port: • A blinking light indicates activity. • No light indicates there is no link. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 128 Operational after 24 in. (60 cm) free fall although cosmetic damage may be present; chassis weight of 40 to 80 lbs. (18 to 36 kg) +/- 12 kV for air discharge and 8 K for contact Airflow Front to back System cooling 1660 BTU/hour requirements Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 129: Sourcefire Dc1500

    The DC1500 is a 1U appliance. See the following sections for more information about the appliance: • DC1500 Chassis Front View on page 130 • DC1500 Chassis Rear View on page 132 • DC1500 Physical and Environmental Parameters on page 134 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 130 LEDs on the front panel. DC1500 Front Panel LEDs ESCRIPTION NIC 1 activity Indicates activity between the system and the network: NIC 2 activity • A blinking green light indicates activity. • No light indicates no activity. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 131 • A blue light indicates the ID button is pressed and a blue light is on at the rear of the appliance. • No light indicates the ID button is not pressed. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 132 • BIOS has disabled or mapped out some of the system memory DC1500 Chassis Rear View The rear of the chassis contains the connection ports and power supply. VGA Port Management Interface Power Supply Serial Port USB Ports Alternate eStreamer Interface Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 133 • If the light is on, the link is up. • No light indicates there is no link. Right (activity) Indicates activity on the port: • A blinking light indicates activity. • No light indicates there is no activity. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 134 600 W power supply for 120 VAC 9.5 Ampere maximum at 110 volts, 50/60 Hz 4.75 Ampere maximum at 220 volts, 50/60 Hz Operating temperature 50°F to 95°F (10°C to 35°C) Non-operating temperature -40°F to +158°F (-40°C to +70°C) Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 135: Sourcefire Dc3500

    DC3500 Chassis Front View The front of the chassis contains the hard drives and the front panel. Front Panel Hard Drives (RAID-1) The front of the appliance includes controls and LED displays for the front panel. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 136 • A blinking green light indicates the fixed disk drive is active. • An amber light indicates a fixed disk drive fault. • No light indicates there is no drive activity or the system is powered off. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 137 To power down safely, use the procedure in the Managing Devices ARNING chapter in the Sourcefire 3D System User Guide, or the shutdown -h now command from the Defense Center’s shell.
  • Page 138 Alternate eStreamer Provides an alternate interface for the eStreamer client interface Redundant power Provides power to the appliance through an AC power source supplies Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 139 Blinking green AC input is present; volts on standby, the power supply is switched off. Green The power supply is plugged in and on. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 140 USB power (port4) USB2_VBUS5 USB power (port 5) USB_ICH_P4N_CONN USB port 4 negative signal USB_ICH_P5N_CONN USB port 5 negative signal USB_ICH_P4P_CONN USB port 4 positive signal USB_ICH_P5P_CONN USB port 5positive signal Ground Ground Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 141 Operational after 24 in. (60 cm) free fall although cosmetic damage may be present; chassis weight of 40 to 80 lbs (18 to 36 kg) +/- 15KV (I/O port +/-8KV) per Intel environment test specification Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 142: Sourcefire Series 2 Devices

    144 • 3D500/1000/2000 Physical and Environmental Parameters on page 145 3D500, 3D1000, or 3D2000 Chassis Front View The front of the chassis contains the management and sensing interfaces. Management Interface Sensing Interfaces Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 143 TATUS ESCRIPTION The interface has link and is passing traffic. The interface pair is in bypass mode; that is, it has failed open. The interface pair is not an inline bypass interface set. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 144 Allows you to reboot the appliance without disconnecting it from the power supply. The following table describes the signal present on the DB-9 connector. 3D500, 3D1000, and 3D2000 Serial Port Pin Assignments IGNAL ESCRIPTION Carrier detect Received data Transmitted data Data terminal ready Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 145: 3D500/1000/2000 Physical And Environmental Parameters

    0°C to 40°C (32°F to 104°F) Non-operating -20°C to 75°C (-4°F to 167°F) temperature Non-operating humidity 5% to 90%, non-condensing at 45°C (113°F) Acoustic noise No noise Cooling requirements Designed to operate in an air-conditioned environment. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 146: Sourcefire 7000 Series Devices

    70xx Family Front View The front of the chassis contains the LCD panel, sensing interfaces, front panel, and management port. 70xx Family (Chassis: CHRY-1U-AC) Front View Front Panel LCD Panel Sensing Interfaces Management Port Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 147 3D7120 Front Panel Components on page 154. 70xx Family Front Panel A B C Front Panel Components Reset button System ID button System status LED Power button and LED Hard drive activity LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 148 Indicates whether the appliance has power: • A green light indicates that the appliance has power and the system is on. • No light indicates the system is shut down or does not have power. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 149 • one of the power supplies unplugged or not functional Sensing Interfaces The 70xx Family appliances are delivered with eight copper interfaces, each with configurable bypass capability. Eight-Port 1000BASE-T Copper Interfaces Link LED Activity LED Link LED Activity LED Bypass LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 150 If the light is off, there is no link. Right (activity) Indicates activity on the port. If the light is blinking, there is activity. If the light is off, there is no activity. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 151 Allows you to connect the appliance to the common bonding network. See the Power Requirements for Sourcefire Devices on page 240 for more information. 12V Power supply Provides a power connection to the device through an AC power source. connector Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 152 0 ft (sea level) to 5905 ft (0 to 1800 m) Cooling requirements 682 BTU/hour You must provide sufficient cooling to maintain the appliance within its required operating temperature range. Failure to do this may cause a malfunction or damage to the appliance. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 153: Sourcefire 3D7110 And 3D7120

    3D7110 and 3D7120 with Copper Interfaces (Chassis: GERY-1U-8-C-AC) LCD Panel USB 2.0 Port Front Panel Sensing Interfaces 3D7110 and 3D7120 with Fiber Interfaces (Chassis: GERY-1U-8-FM-AC) LCD Panel USB 2.0 Port Front Panel Sensing Interfaces Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 154 3D7110 and 3D7120 Front Panel 3D7110 and 3D7120 Front Panel Components USB 2.0 connector NIC1 activity LED Reset button Hard drive activity LED NIC2 activity LED ID button System status LED Power button and LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 155 • A green light indicates that the appliance has power and the system is on. • A blinking green light indicates that the appliance has power and is shut down. • If the light is off, the system does not have power. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 156 To power down safely, use the procedure in the Managing Devices ARNING chapter in the Sourcefire 3D System User Guide, or the system shutdown command from the CLI. Version 5.2...
  • Page 157 The interface pair is ready to enter bypass mode. Steady amber The interface pair has been placed in bypass mode and is not inspecting traffic. Blinking amber The interface pair is in bypass mode; that is, it has failed open. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 158 The interface pair is ready to enter bypass mode. Steady amber The interface pair has been placed in bypass mode and is not inspecting traffic. Blinking amber The interface pair is in bypass mode; that is, it has failed open. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 159 Redundant power supplies Provides power to the device through an AC power source. Power supply LEDs Indicates the status of the power supply. See 3D7110 and 3D7120 Power Supply LED on page 160. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 160 Blinking green AC input is present; volts on standby, the power supply is switched off. Green The power supply is plugged in and on. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 161 F to 95 Store the unit below 95% non-condensing relative humidity. Acclimate below maximum operating humidity at least 48 hours before placing the unit in service. Altitude 0ft (sea level) to 5905 ft (1800 m) Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 162: Sourcefire 3D7115 And 3D7125

    The front of the chassis contains the LCD panel, USB port, front panel, copper sensing interfaces, and SFP sockets. 3D7115 and 3D7125 (Chassis: GERY-1U-8-4C8S-AC) Front View SFP Sockets LCD Panel USB 2.0 Port Front Panel Copper Sensing Interfaces Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 163 3D7115 and 3D7125 Front Panel 3D7115 and 3D7125 Front Panel Components USB 2.0 connector NIC1 activity LED Reset button Hard drive activity LED NIC2 activity LED ID button System status LED Power button and LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 164 • A green light indicates that the appliance has power and the system is on. • A blinking green light indicates that the appliance has power and is shut down. • No light indicates the system does not have power. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 165 To power down safely, use the procedure in the Managing Devices ARNING chapter in the Sourcefire 3D System User Guide, or the system shutdown command from the CLI. 3D7115 and 3D7125 Sensing Interfaces...
  • Page 166 1G copper, 1G short range fiber, or 1G long range fiber. SFP transceivers do not have bypass capability and should not be used in intrusion prevention deployments. See Using SFP Transceivers on a 3D7115 or 3D7125 on page 251 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 167 If dark, there is no activity. For a passive interface: the light is non-functional. Bottom (link) For an inline or passive interface: the light is on when the interface has link. If dark, there is no link. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 168 The rear of the chassis contains the management interface, connection ports, grounding studs, and power supplies. 3D7115 and 3D7125 (Chassis: GERY-1U-8-4C8S-AC) Rear View Reserved USB 2.0 Ports Grounding Studs Power Supply LEDs Management Interface VGA Port Serial Port ID LED Redundant Power Supplies Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 169 • A blinking light indicates activity. • No light indicates there is no activity. Right (link) Indicates whether the link is up: • A light indicates the link is up. • No light indicates there is no link. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 170 Gigabit copper ethernet bypass-capable interfaces in a paired configuration Cable and distance: Cat5E at 50 m Copper 1000BASE-T SFP Gigabit copper ethernet non-bypass capable interfaces in a paired configuration Cable and distance: Cat5E at 50 m Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 171 0ft (sea level) to 5905 ft (1800 m) Cooling requirements 900 BTU/hour You must provide sufficient cooling to maintain the appliance within its required operating temperature range. Failure to do this may cause a malfunction or damage to the appliance. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 172: Sourcefire 8000 Series Devices

    The devices can be shipped fully assembled or you can install the modules. Assemble your device before installing the Sourcefire 3D System. See the assembly instructions shipped with your modules. Some 8000 Series devices can be stacked to increase the capability of the system.

  • Page 173: 8000 Series Chassis Front View

    82xx Family Chassis Front View The front view of the chassis contains the LCD panel, front panel, and seven module slots. 82xx Family (Chassis: CHAS-2U-AC/DC) Front View Front Panel LCD Panel Module Slots Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 174 8000 Series Chassis Rear View on page 178 8000 Series Front Panel The front panel for the 81xx Family and 82xx Family contain the same components. 81xx Family Front Panel A B C D E Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 175 A B C D 8000 Series Front Panel Components NIC activity LED Reset button Reserved ID button Hard drive activity LED Power button and LED System status LED USB 2.0 connector Non-maskable interrupt button Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 176 • No light indicates the ID button is not pressed. Power button and Indicates whether the system has power. • Green indicates that the system has power. • If the light is off, the system does not have power. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 177 To power down safely, use the procedure in the Managing Devices ARNING chapter in the Sourcefire 3D System User Guide, or the system shutdown command from the CLI.

  • Page 178: 8000 Series Chassis Rear View

    The rear view of the chassis contains power supplies, connection ports, and the management interface. 82xx Family (Chassis: CHAS-2U-AC/DC) Rear View USB 2.0 Ports Reserved Power Supply LEDs Redundant Power Supplies Serial Port VGA Port Management Interface Grounding Locations Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 179 • A blinking light indicates activity. • No light indicates there is no activity. Right (link) Indicates whether the link is up: • A light indicates the link is up. • No light indicates there is no link. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 180 8000 Series RJ45 to DB-9 Adapter Pin-Out DB-9 P RJ45 P IGNAL ESCRIPTION DCD/DSR Data carrier detect/data set ready Receive data Transmit data Data terminal ready Ground 4 & 5 No connection Request to send Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 181: 8000 Series Physical And Environmental Parameters

    SR is multimode fiber (850 nm) at 550 m (standard) Fiber 1000BASE-SX Quad-port fiber non-bypass interfaces 1000BASE-SX with LC connectors non-bypass NetMod Cable and distance: SX is multimode fiber (850 nm) at 550 m (standard) Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 182 7 .9” (20 cm). This minimum can only be used if you can ensure a supply of low temperature air at the front of the appliance. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 183 SR is multimode fiber (850 nm) at 550 m (standard) Fiber 1000BASE-SX Quad-port fiber non-bypass interfaces 1000BASE-SX with LC non-bypass NetMod connectors Cable and distance: SX is multimode fiber (850 nm) at 550 m (standard) Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 184 The minimum recommended clearance in the front and back is 7 .9” (20cm). This minimum can only be used if you can ensure a supply of low temperature air at the front of the appliance. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 185: 8000 Series Modules

    In addition, you can use a stacking module to connect two 3D8140 or up to four 3D8250 devices to combine their processing power and increase throughput. See Stacking Module on page 197 for more information. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 186 Steady green The interface has link and is passing traffic. Steady amber The interface has been intentionally brought down. Blinking amber The interface is in bypass mode; that is, it has failed open. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 187 Steady green The interface has link and is passing traffic. Steady amber The interface has been intentionally brought down. Blinking amber The interface is in bypass mode; that is, it has failed open. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 188 Dual-Port 10GBASE (MMSR or SMLR) Fiber Configurable Bypass NetMod The dual-port 10GBASE (MMSR or SMLR) fiber configurable bypass NetMod contains two fiber ports and link, activity, and bypass LEDs. Link LED Ports Activity LED Bypass LED Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 189 Steady green The interface has link and is passing traffic. Steady amber The interface has been intentionally brought down. Blinking amber The interface is in bypass mode; that is, it has failed open. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 190 (1310 nm typical) Maximum average -1 dBm -0.5 dBm launch power Minimum average -7 .3 dBm -8.2 dBm launch power Maximum average -1 dBm -0.5 dBm power at receiver Receiver sensitivity -9.9 dBm -14.4 dBm Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 191 Top (activity) The light flashes when the interface has activity. If dark, there is no activity. Bottom (link) The light is on when the interface has link. If dark, there is no link. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 192 Minimum distance: 0.5 m (2 ft) 40G optics are carried on eight fiber cables utilizing MPO connectors. Transmitter wavelength 840-860 nm (850 nm typical) Maximum average launch power 2.4 dBm Minimum average launch power -7 .8 dBm Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 193 The speed of the traffic on the interface is 10Mb or 100Mb. Link Green The speed of the traffic on the interface is 1Gb. Activity Blinking Green The interface has link and is passing traffic. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 194 LC duplex Bit rate 1000Mbps Baud rate/encoding/tolerance 1250Mbps / 8b/10b encoding Optical interface Multimode Operating distances 200 m (656 ft) for 62.5 μm/125 μm fiber 500 m (1640 ft) for 50 μm/125 μm fiber Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 195 If dark, there is no activity. Bottom For an inline interface: the light is on when the interface has link. If dark, there is no link. For a passive interface: the light is always on. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 196 (1310 nm typical) Maximum average -1 dBm -0.5 dBm launch power Minimum average -7 .3 dBm -8.2 dBm launch power Maximum average -1 dBm -0.5 dBm power at receiver Receiver sensitivity -9.9 dBm -14.4 dBm Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 197 • A blinking light indicates there is activity on the interface. • No light indicates there is no activity. Bottom Indicates whether the interface has link: • A light indicates the interface has link. • No light indicates there is no link. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 198: Chapter 7: Restoring A Sourcefire Appliance To Factory Defaults

    Setting up Lights-Out Management on page 219 Before You Begin Before you begin restoring your appliances to factory defaults, you should familiarize yourself with the expected behavior of the system during the restore process. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 199: Configuration And Event Backup Guidelines

    For more information about editing your device configuration to configure bypass, see the Managing Devices chapter of the Sourcefire 3D System User Guide. Understanding the Restore Process A Sourcefire appliance is either a traffic-sensing managed device or a managing Defense Center: There are several models of each appliance type;...
  • Page 200 3D2100/2500/3500/4500 devices. To interact with the appliance, use terminal emulation software such as HyperTerminal or XModem. The settings for this software are 9600 baud, 8 data bits, no parity checking, 1 stop bit, and no flow control. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 201: Obtaining The Restore Iso And Update Files

    Vulnerability Database (VDB). For more information, see the release notes for the update you want to apply, as well as the Updating System Software chapter in the Sourcefire 3D System User Guide. For your convenience, you can install system software and intrusion rule updates as part of the restore process on most appliances.
  • Page 202 For example, you would click 5.2.1 to view the updates and release notes for Version 5.2.1 of the Sourcefire 3D System. • To download a rule update, select Downloads > Rules & VDB > Rules. The most recent rule update is at the top of the page.

  • Page 203: Beginning The Restore Process

    The procedures in this chapter explain how to restore an appliance without powering it down. However, if you need to power down for any reason, use the procedure in the Managing Devices chapter in the Sourcefire 3D System User Guide, the...
  • Page 204 For all other appliances that use a serial connection, type at the prompt and press Enter. System_Restore prompt appears after the following choices: boot 0. Load with standard console 1. Load with serial console Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 205: Starting The Restore Utility Using Lights-Out Management

    LOM account, and password is the password for that account. Note that IPMItool prompts you for the password after you issue the command. sol activate Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 206 To continue, confirm the settings in a series of pages. The restore utility copyright notice appears. Press Enter to confirm the copyright notice and continue with Using the Interactive Menu to Restore an Appliance on page 207. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 207: Using The Interactive Menu To Restore An Appliance

    4 Download and Download the appropriate ISO image and Downloading the ISO and Update Mount ISO any system software or intrusion rule Files and Mounting the Image updates. Mount the ISO image. page 212 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 208 To use a previously saved configuration, start with menu option 6: Saving and Loading Restore Configurations on page 215. After you load the configuration, skip to menu option 4: Downloading the ISO and Update Files and Mounting the Image on page 212. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 209: Identifying The Appliance's Management Interface

    IP address, network mask or prefix length, and default gateway for the management interface. • If you select DHCP , the appliance automatically detects the IP address, network mask or prefix length, and default gateway for the management interface, then displays the IP address. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 210: Specifying Iso Image Location And Transport Method

    SCP server to its list of trusted hosts. You must accept to continue. Note that the restore utility will also look for update files in the ISO image directory. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 211: Updating System Software And Intrusion Rules During Restore

    For more information, see the release notes for the update you want to install, as well as the Updating System Software chapter in the Sourcefire 3D System User Guide. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 212: Downloading The Iso And Update Files And Mounting The Image

    From the main menu, select 4 Download and Mount ISO. When prompted, confirm your choice. If you are downloading from an SCP server, enter your password when prompted. The appropriate files are downloaded and mounted. The main menu appears again. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 213: Invoking The Restore Process

    (and delete any saved restore configurations). Then, confirm that you want to reboot from the updated drive. If you do not update the USB drive, the appliance reboots. You cannot restore the appliance using this drive. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 214 To perform the second or only pass through the restore process: : Admin CCESS From the main menu, select 5 Run the Install. Confirm that you want to restore the appliance and continue with the next step. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 215: Saving And Loading Restore Configurations

    : Any except DC1000/3000 UPPORTED EFENSE ENTERS For most appliances, you can use the restore utility to save a restore configuration to use if you need to restore the appliance again. Although the restore utility Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 216 The other options are restore configurations that you have saved. Select the configuration you want to use. The utility displays the settings in the configuration you are loading. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 217: Restoring A Dc1000 Or Dc3000 Using A Cd

    Changing settings after the restore and subsequent initial setup is often less time consuming than trying to reset them now. For more information, see Next Steps on page 218. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 218: Next Steps

    82. • If you want to use LOM, you must re-enable the feature as well as enable at least one LOM user; see Enabling LOM and LOM Users on page 221. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 219: Scrubbing The Contents Of The Hard Drive

    If you need to restore a Series 3 appliance to factory defaults and do not have physical access to the appliance, you can use Lights-Out Management (LOM) to perform the restore process. You cannot restore a Series 2 appliance using LOM. Only Series 3 appliances support LOM. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 220 • For IPMItool, type the command last. • For ipmiutil, type the command first. Therefore, for IPMItool: IP_address username command ipmitool -I lanplus -H Or, for ipmiutil: ipmiutil command -V4 -J3 -N IP_address username password Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 221: Enabling Lom And Lom Users

    Restoring a Sourcefire Appliance to Factory Defaults Chapter 7 Setting up Lights-Out Management For a full list of LOM commands supported by the Sourcefire 3D System, see the Configuring Appliance Settings chapter in the Sourcefire 3D System User Guide. IMPORTANT!

  • Page 222: Installing An Ipmi Utility

    Series 3 Defense Centers and 8000 Series devices can have up to 13 LOM users. 7000 Series devices can have up to eight LOM users. TIP! For detailed instructions on the following tasks, see the Configuring Appliance Settings chapter in the Sourcefire 3D System User Guide. To enable LOM: : Admin CCESS Select System >...
  • Page 223 For Windows environments, use ipmiutil, which you must compile yourself. If you do not have access to a compiler, you can use ipmiutil itself to compile. For more information, use your favorite search engine or see this site: http://ipmiutil.sourceforge.net/ Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 224: Chapter 8: Safety And Regulatory Information

    General Safety Guidelines Follow these rules to ensure general safety: Observe good housekeeping in the area of the machines during and after maintenance. At all times, keep the chassis area free from dust. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 225 14. There must be ample clearance on all sides of the chassis for the cooling air inlet and exhaust ports, as well as for access to the network interface modules (no less than 2 inches). Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 226: Safety Warning Statements

    Attach signal cables to connectors. Attach power cords to outlet. Turn device ON. To disconnect: Turn everything OFF . Remove power cords from outlet. Remove signal cables from connectors. Remove all cables from devices. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 227 Statement 6 CAUTION! Never remove the cover on a power supply or any part that has the following label attached. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 228 The following label indicates moving parts nearby. WARNING! Handling the cord on this product or cords associated with accessories sold with this product, will expose you to lead, a chemical known to the State of Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 229: Regulatory Information

    CE - Low Voltage Directive 73/23/EEE (Europe) • IRAM Certification (Argentina) • GB4943- CNCA Certification (China) • FCC (Class A Verification) - Radiated & Conducted Emissions (USA) • CISPR 22 - Emissions (International) Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 230: Sourcefire 3D500 Information

    Belarus Certification / License (Belarus) • RRL Certification (Korea) • IRAM Certification (Argentina) • CNCA Certification (China) • Ecology Declaration (International) Sourcefire 3D500 Information This appliance complies with the following electromagnetic compatibility (EMC) regulations: Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 231 NS/G/1234/J/100003 for indirect connection to public telecommunication systems in the United Kingdom. European Union EMC Directive conformance statement This product is in conformance with the protection requirements of European Council Directive EMC 2004/108/EC. Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 232: Sourcefire Series 3 Information

    ERIES AMILY PPLIANCES 7000 Series 70xx Family 3D7010 3D7020 3D7030 7000 Series 71xx Family 3D7110 3D7115 3D7120 3D7125 8000 Series 81xx Family 3D8120 3D8130 3D8140 8000 Series 82xx Family 3D8250 3D8260 3D8270 3D8290 Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 233 BSMI CNS 14336-1 • UL CB scheme • These Sourcefire units are also in conformity with: • Directive 2011/65/EU, Restriction of Hazardous Substances (RoHS) • Directive 1907/2006EC, Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 234 Class A CISPR 24:1997 Information Technology Equipment – Immunity Characteristics EN61000-3-2:2006 Power Line Harmonics EN61000-3-3:2008 Flicker and Voltage Fluctuations ANSI C63.4 Radio-Noise Emissions from Low-Voltage Electrical and Electronic Equipment EC Council Directive Safety 2001/95/EC Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 235 7000 Series Chassis Models - World-Wide and Korean Designations 3D D KC C EVICE ODEL ARDWARE HASSIS OREAN ERTIFICATION EGISTRATION UMBER 3D7010/7020/7030 CHRY-1U-AC KCC-REM-SFi-CHRY1UAC 3D7110/3D7120 GERY-1U-8-C-AC KCC-REM-SFi- GERY1U8CAC 3D7110/3D7120 GERY-1U-8-FM-AC KCC-REM-SFi- GERY1U8FMAC 3D7115/7125 GERY-1U-4C8S-AC KCC-REM-SFi- GERY1U4C8SAC Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 236 Slot 2: NM-C4-0 (or blank) (DC power) Slot 3: NM-FX4-0 (or blank) 3D8120 / 3D8130 / CHAS-1U-AC-0004 KCC-REM-SFi- Slot 1: SF-3D-CLST-MOD-0(or 3D8140 CHAS1UAC0004 blank) (AC power) Slot 2: NM-*R2-0 (or blank) Slot 3: NM-*R2-0 (or blank) Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 237 Series 3 models available in the Republic of Korea. 8000 Series NetMod Designation for Korea KC C ODEL OREAN ERTIFICATION EGISTRATION UMBER SF-3D-CLST-MOD-0 KCC-REM-SFi-SF3DCLSTMOD0 NM-C4-0 KCC-REM-SFi-NMC40 NM-FX4-0 KCC-REM-SFi-NMFX40 NM-SR2-0 KCC-REM-SFi-NMSR20 NM-LR2-0 KCC-REM-SFi-NMLR20 Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 238: Waste Electrical And Electronic Equipment Directive (Weee)

    Sourcefire is compliant with the Waste Electrical and Electronic Equipment Directive (WEEE), Directive 2002/96/EC, as amended by 2003/108/EC. European Union customers who wish to dispose of a Sourcefire product may send it to Sourcefire for proper disposal. Version 5.2 Sourcefire 3D System Installation Guide...
  • Page 239 Chapter 8 Waste Electrical and Electronic Equipment Directive (WEEE) For more information, contact: Sourcefire EMEA C/O Seko Benelux BV - Operations Valkweg 1 1118 EC Schiphol The Netherlands Tel: +31-(0)20-8201193 Fax: +31-(0)20-6583 359 Version 5.2 Sourcefire 3D System Installation Guide...

  • Page 240: Appendix A: Power Requirements For Sourcefire Devices

    GR-1089-CORE, Issue 4) and require isolation from the exposed OSP cabling. The addition of the primary protectors is not sufficient protection to connect these interfaces metallically to OSP wiring. Version 5.2 Sourcefire 3D System User Guide...

  • Page 241: Static Control

    242 for bonding locations, recommended terminals, and ground wire requirements. Installation The Sourcefire 3D System appliances must be installed in accordance with the requirements of Article 250 of NFPA 70, National Electric Code (NEC) Handbook and local electrical codes.

  • Page 242: Grounding/Earthing Requirements

    See Current on page 241. Bare conductors must be coated with antioxidant before crimp connections are made. Only copper cables can be used for grounding purposes. Version 5.2 Sourcefire 3D System User Guide...

  • Page 243: 3D7110/7120 And 3D7115/7125

    244 for bonding locations, recommended terminals, and ground wire requirements. Installation The Sourcefire 3D System must be installed in accordance with the requirements of Article 250 of NFPA 70, National Electric Code (NEC) Handbook and local electrical codes.

  • Page 244: Grounding/Earthing Requirements

    AWG, UL -recognized cords with NEMA 515P plug. Contact the factory about other power cords. Grounding/Earthing Requirements The Sourcefire 3D System must be grounded to the Common Bonding Network. Bonding Locations Ground bonding locations are provided on the rear of the chassis. M4 studs are provided.

  • Page 245: 3D8120/8130/8140 And 3D8250/8260/8270/8290

    249 for bonding locations, recommended terminals, ground wire requirements, and DC supplies. AC Installation The Sourcefire 3D System must be installed in accordance with the requirements of Article 250 of NFPA 70, National Electric Code (NEC) Handbook and local electrical codes.
  • Page 246 Use an external Surge Protection Device at the input of the network equipment where the Sourcefire 3D System is to be installed. Separate Circuit Installation If separate circuits are used, each one must be rated the full rating of the appliance.

  • Page 247: Dc Installation

    Use an external Surge Protection Device at the input of the network equipment where the Sourcefire 3D System is to be installed. Separate Circuit Installation If separate circuits are used, each circuit must be rated to the full rating of the appliance.
  • Page 248 Power feeds with more than one circuit per raceway must use 10 AWG wire. Note that the two separate feeds for the redundant supplies are two circuits and must use 10 AWG wire. Version 5.2 Sourcefire 3D System User Guide...

  • Page 249: Grounding/Earthing Requirements

    Appendix A 3D8120/8130/8140 and 3D8250/8260/8270/8290 Grounding/Earthing Requirements The Sourcefire 3D System must be grounded to the Common Bonding Network. Bonding Locations Ground bonding locations are provided on the rear of the chassis. M4 studs are provided. Outside-toothed lock washers are provided for attaching ring terminals.
  • Page 250 This ground lug must be attached. It is a M4 screw with an outside-toothed lock washer screw. The ground wire should be sized to match the breaker for the circuit. Version 5.2 Sourcefire 3D System User Guide...

  • Page 251: Appendix B: Using Sfp Transceivers On A 3D7115 Or 3D7125

    3D7115 and 3D7125 SFP Sockets and Transceivers The 3D7115 and 3D7125 contain eight small form-factor pluggable (SFP) sockets and can house up to eight SFP transceivers. 3D7115 and 3D7125 Front View SFP Sockets Version 5.2 Sourcefire 3D System User Guide...
  • Page 252 The accompanying LEDs to the left of the sockets display information on activity and link for each interface. See 3D7115 and 3D7125 SFP Socket Activity/Link LEDs on page 167 for more information. Sample SFP Transceivers Rear with Contacts Front with Bale Sample Fiber Sample Copper Version 5.2 Sourcefire 3D System User Guide...

  • Page 253: Inserting An Sfp Transceiver

    Note that sockets on the upper row face up and sockets on the lower row face down. Gently push the bale toward the transceiver to close the bale and engage the locking mechanism, securing the transceiver in place. Version 5.2 Sourcefire 3D System User Guide...

  • Page 254: Removing An Sfp Transceiver

    Appendix B Removing an SFP Transceiver Follow the procedure in Installing a Sourcefire 3D System Appliance page 57 to configure the port on the transceiver. Note that if you insert a transceiver into a device currently in operation, you must refresh the user interface on the Defense Center to view the change.

  • Page 255: Appendix C: Inserting And Removing 8000 Series Modules

    260 Module Slots on the 8000 Series Appliances The 8000 Series appliances can use the modules in the following slots: • 81xx Family on page 256 • 82xx Family on page 256 Version 5.2 Sourcefire 3D System User Guide...

  • Page 256: 81Xx Family

    Install one stacking module on the primary device and one stacking module on the secondary device. 82xx Family The 82xx Family appliances can use the modules in the following slots: 82xx Family Primary Device Slots 1-7: NetMods Slot S: Stacking modules Version 5.2 Sourcefire 3D System User Guide...

  • Page 257: Included Items

    If you need to upgrade your 3D8250, see the Sourcefire 8000 Series Device 40G Capacity Upgrade Guide. • quad-port 1000BASE-T copper non-bypass NetMod. For more information, Quad-Port 1000BASE-T Copper Non-Bypass NetMod on page 193. Version 5.2 Sourcefire 3D System User Guide...

  • Page 258: Identifying The Module Parts

    All modules contain the same parts, regardless of sensing interface, speed, or size of the module. Sample Module or Slot Cover (open) T8 Torx screw hole Lever hole Module slot EMI gasket Far end of latch Near end of latch Lever Latch Version 5.2 Sourcefire 3D System User Guide...

  • Page 259: Before You Begin

    Use proper electrostatic discharge (ESD) practices such as wearing wrist straps and using an ESD work surface when handling the modules. Store unused modules in an ESD bag or box to prevent damage. Version 5.2 Sourcefire 3D System User Guide...

  • Page 260: Inserting A Module Or Slot Cover

    Inserting a Module or Slot Cover Remove the existing module or slot cover to prepare the slot for a new module. Removing a Module or Slot Cover on page 259 for more information. Version 5.2 Sourcefire 3D System User Guide...
  • Page 261 Pull the lever away from the module to open the latch. The near end of the latch is visible. The far end of the latch is inside the module. Far end of latch (inside module) Near end of latch Version 5.2 Sourcefire 3D System User Guide...
  • Page 262 Far end of latch (engaged inside module slot) Near end of latch (engaged outside module slot) WARNING! Do not use excessive force. If the latch does not engage, remove and realign the module, and then try again. Version 5.2 Sourcefire 3D System User Guide...
  • Page 263 Press firmly on the screw hole to push the lever fully against the module to secure the latch. The lever is fully against the module, and the module is flush with the chassis. Insert and tighten the reserved T8 Torx screw into the lever. Screw Lever Version 5.2 Sourcefire 3D System User Guide...

  • Page 264: Glossary

    3D8250/8260/8270/8290 models). 8000 Series devices are generally more powerful than the 7000 Series devices. access control A feature of the Sourcefire 3D System that allows you to specify, inspect, and log the traffic that can traverse your network. Access control includes the intrusion detection and prevention,...
  • Page 265 443 (HTTPS), as well as the command line using port 22 (SSH). You can also add SNMP access using port 161. advanced malware Abbreviated AMP , the Sourcefire 3D System’s network-based malware detection protection malware cloud lookup feature.
  • Page 266 A pop-up menu, available on many of the pages in the web interface, that you can use as a shortcut for accessing other features in the Sourcefire 3D System. The contents of the menu depend on several factors, including the page you are...
  • Page 267 See clustering. device stacking See stacking. discovery A component of the Sourcefire 3D System that uses managed devices to monitor your network and provide you with a complete, persistent view of your network. Version 5.2 Sourcefire 3D System User Guide...
  • Page 268 A computer or mobile device where your users install a FireAMP Connector part of your organization’s advanced malware protection strategy. eStreamer A component of the Sourcefire 3D System that allows you to stream event data from a Defense Center or managed...
  • Page 269 A test of a particular performance aspect, such as CPU usage or available disk space, of the appliances in your deployment. Health modules, which you enable in a health policy, generate health events when the performance aspects they monitor reach a certain level. Version 5.2 Sourcefire 3D System User Guide...
  • Page 270 A device that is connected to a network and has a unique IP address. To the Sourcefire 3D System, a host is any identified host that is not categorized as a mobile device, bridge, router,...
  • Page 271 When the downed interface comes back up, the second interface automatically comes back up also. In other words, if the link state of a paired interface changes, the link state of the other interface changes automatically to match it. list Security Intelligence list. Version 5.2 Sourcefire 3D System User Guide...
  • Page 272 See device. management The network interface that you use to administer a Sourcefire 3D System interface appliance. In most deployments, the management interface is connected to an internal protected network. Compare with sensing interface.
  • Page 273 Using discovery, the system can identify network devices logical interfaces. In addition, in a Layer 3 deployment of the Sourcefire 3D System, you can configure routing with using a policy. NAT policy A policy that uses rules to perform routing with NAT.
  • Page 274 Your organization’s internal network that is protected from users of other networks by a device such as a firewall. Many of the intrusion rules delivered with the Sourcefire 3D System use variables to define the protected network and the unprotected (or outside) network. Protection license A license for...
  • Page 275 A simple static collection of IP addresses that you manually upload to the list Defense Center as a Security Intelligence object. Use lists to augment and fine-tune Security Intelligence feeds as well as the global blacklist and global whitelist. Version 5.2 Sourcefire 3D System User Guide...
  • Page 276 Because of resource, architecture, and licensing limitations, Series 2 appliances support a restricted set of Sourcefire 3D System features. Series 2 devices include the 3D500, 3D1000, 3D2000, 3D2100, 3D2500, 3D3500, 3D4500, 3D6500, and 3D9900. Series 2 Defense Centers include the DC500, DC1000, and DC3000.
  • Page 277 A general classification for a URL, such as malware or social networking. URL filtering A feature that allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, Version 5.2 Sourcefire 3D System User Guide...
  • Page 278 The level of access granted to a user of the Sourcefire 3D System. For example, you can grant different access privileges to the web interface for event...
  • Page 279 VDB to help you determine whether a particular host increases your risk of network compromise. VDB updates may contain new and updated vulnerabilities, as well as new and updated application detectors. Version 5.2 Sourcefire 3D System User Guide...
  • Page 280 Glossary zone web application A type of application that represents the content of, or requested URL for, HTTP traffic. widget dashboard widget. zone security zone. Version 5.2 Sourcefire 3D System User Guide...

Table of Contents