Summary of Contents for Lancope StealthWatch System
- Page 1 ® StealthWatch System Hardware Installation Guide (for StealthWatch System v6.7.0)
- Page 2 Installation Guide: StealthWatch System v6.7.0 Hardware © 2015 Lancope, Inc. All rights reserved. Document Date: March 19, 2015 Trademarks Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. Back...
-
Page 3: Table Of Contents
ONTENTS ........5 NTRODUCTION Overview . - Page 4 Mounting the Appliance ........24 Hardware Included with the Appliance .
-
Page 5: Ntroduction
NTRODUCTION VERVIEW This guide explains how to install StealthWatch System products. It describes the StealthWatch System components and how they are placed in the system, including the integration of the FlowSensors. Also, this guide describes the mounting and installation of the StealthWatch System hardware. -
Page 6: How To Use This Guide
In addition to this introduction, we have divided this guide into the following chapters, as well as an index: Chapter Description Pre-Configuration Describes the StealthWatch system components and Considerations their placement and the configuration of the firewall for communications Installation... -
Page 7: Common Abbreviations
Common Abbreviations The following abbreviations appear in this guide: Abbreviation Description Alternation Current Demilitarized Zone (a perimeter network) Domain Name Server/Service FlowCollector FlowSensor File Transfer Protocol HTTPS Hypertext Transfer Protocol (Secure) Hertz Internet Protocol Identity Services Engine Mbps Megabits per second Milliseconds Network Address Translation Network Interface Card... -
Page 8: Other Resources
Other Resources In addition to this guide, you may find these documents and online resources useful. Related Documents Please refer to your StealthWatch System Documentation CD for information about StealthWatch appliances and their installation and configuration. Except for the online Help, Additional information is available in the StealthWatch User Community section of the Lancope Web site (https://community.lancope.com/). -
Page 9: 2-Pre -Configuration Considerations
ONFIGURATION ONSIDERATIONS VERVIEW This chapter examines the considerations you should make before installing and configuring your StealthWatch appliances. It explains where to place StealthWatch system products and how to integrate them into your network. This chapter includes the following topics. StealthWatch Components Placement Considerations Configuring Your Firewall for Communications... -
Page 10: Stealthwatch Components
TEALTH ATCH OMPONENTS The StealthWatch system is made up of several hardware components that gather, analyze, and present information about your network to improve network performance and security. This section describes the major StealthWatch components. StealthWatch Management Console The StealthWatch Management Console (SMC) is the control center for StealthWatch. -
Page 11: Flowsensors
“Connecting to the Network” on page Identity Devices The StealthWatch system includes identity devices such as the StealthWatch IDentity appliance and the Cisco ISE (Identity Services Engine). These devices map IP addresses to user names by passively pulling user authentication information from user identity databases. -
Page 12: Placement Considerations
LACEMENT ONSIDERATIONS As shown in the figure below, StealthWatch system products can be strategically deployed to provide optimal coverage of key network segments throughout the network, whether in the internal network, at the perimeter, or in the DMZ. Placing the SMC... -
Page 13: Placing The Stealthwatch Flowcollector
FlowCollector, as well as any devices you plan to use to access the management interface. Note: When you place a FlowCollector outside a firewall, Lancope recommends that you turn off the setting “Accept traffic from any exporter.” Placing the StealthWatch FlowSensor... -
Page 14: Configuring Your Firewall For Communications
UDP 161 UDP 162 UDP389 UDP 514 UDP 2055 UDP 3514 UDP 6343 Communication Ports The following table shows how the ports are used in the StealthWatch system: From (Client) To (Server) Port Protocol Admin User PC All appliances TCP/443... - Page 15 From (Client) To (Server) Port Protocol Cisco ISE UDP/3514 SYSLOG External log UDP/514 SYSLOG sources FlowCollector TCP/443 HTTPS UDP Director (also FlowCollector - UDP/6343 sFlow known as sFlow FlowReplicator) UDP Director (also FlowCollector - UDP/2055* NetFlow known as NetFlow FlowReplicator) UDP Director (also UDP/514 SYSLOG...
- Page 16 TCP/25 SMTP SLIC TCP/443 User PC All appliances TCP/22 The following diagram shows the various connections used by the StealthWatch system. The ports marked as optional are ones that may be used according to your own network needs. Pre-Configuration Considerations...
-
Page 17: Integrating The Flowsensor Into Your Network
NTEGRATING THE ENSOR INTO ETWORK The StealthWatch FlowSensor is versatile enough to integrate with a wide variety of network topologies, technologies, and components. While not all network configura- tions can be discussed here, the examples may help you determine the best setup for your monitoring needs. -
Page 18: Using Electrical Taps
This section explains the following ways to use TAPs: Using Electrical TAPs Using Optical TAPs Using TAPs Outside Your Firewall Placing the FlowSensor Inside Your Firewall Note: In a network using TAPs, the FlowSensor can capture performance monitoring data only if it is connected to an aggregating TAP that is capturing both inbound and outbound traffic. -
Page 19: Using Taps Outside Your Firewall
StealthWatch management port to a switch or port outside of the firewall. WARNING: Lancope strongly recommends that you use a TAP for this connection so that failure of the device does not bring down your entire network. Pre-Configuration Considerations... -
Page 20: Placing The Flowsensor Inside Your Firewall
The following illustration shows an example of this configuration using an Ethernet electrical TAP. The management port must be connected to the switch or hub of the monitored network. This setup is similar to the setup that monitors traffic to and from your network. -
Page 21: Span Ports
To monitor traffic inside your firewall by using a TAP, insert the TAP or optical splitter between your firewall and the main switch or hub. A TAP configuration is shown below. An optical splitter configuration is shown below. SPAN Ports You can also connect the FlowSensor to a switch. - Page 22 Note: In all cases, Lancope recommends that you consult your switch manufacturer’s documentation to determine how to configure the switch mirror port and what traffic will be repeated to the mirror port.
-
Page 23: Nstallation
NSTALLATION VERVIEW This chapter includes the procedures for installing the StealthWatch hardware into your environment. This chapter includes the following topics: Mounting the Appliance Changing the Default User Passwords Connecting the Appliance to the Network Installation... -
Page 24: Mounting The Appliance
Airflow around the appliance and through the vents is unrestricted. Hardware Included with the Appliance The following hardware is included with StealthWatch System products: AC power cord Access keys (for front face plate) Rail kit for rack mounting, or mounting ears for smaller appliances... - Page 25 Management Monitoring Total Total Product Port Port(s) Copper Fiber-Optic FC 2000 1 Copper Up to 3 Copper FC 4000 1 Copper Up to 3 Copper FC 5000 en 1 Copper FC 5000 db 1 Copper FS 250 1 Copper Up to 2 Copper FS 1000 1 Copper Up to 3 Copper...
-
Page 26: Flowcollector 5000
Note: Enterprise The iDRAC ports can be used, but Lancope does not support it.. Use the supplied 10G SFP cable to connect these units at the port labeled eth2. Place these servers adjacent, vertically, to each other in the rack in order for the 10G SFP cable to reach. -
Page 27: Changing The Default User Passwords
HANGING THE EFAULT ASSWORDS This section describes how to connect to the appliance and then change the default user passwords. Connecting to the Appliance You can connect to the appliance in one of two ways: with a keyboard and monitor with a laptop (and a terminal emulator) Note: For new products, SSH is disabled. -
Page 28: Connecting With A Laptop
Connecting with a Laptop You can also connect to the appliance with a laptop, which must have a terminal emulator. To connect to an appliance with a laptop, complete these steps: Connect your laptop to the appliance using one of the following methods: Connect an RS232 cable from the serial port connector (DB9) on your laptop to the Console Port on the appliance. -
Page 29: Changing The Default Ip Addresses
Changing the Default IP Addresses Once you have connected to the appliance, you need to configure the IP addresses. The appliances already have default IP addresses, but you should configure them to suit your network. Log in to the System Configuration program by doing the following: Type sysadmin, and then press Enter. - Page 30 Type a new IP address based on your environment. Select OK, and then press Enter to continue. The IP netmask page opens with the default value. Do the following: Accept the default value or enter a new IP Netmask address based on your environment.
- Page 31 The Gateway Address page opens with the default gateway server IP address. Do the following: Accept the default value or enter a new one based on your environment. Select OK, and then press Enter to continue. The confirmation page opens. Review the information.
-
Page 32: Change The Sysadmin User Password
Continue with the next section, “Connecting the Appliance to the Network.” Change the sysadmin User Password To ensure that your network is secure, you should change the default sysadmin password for appliances. Note: Be sure that you have logged in as sysadmin to begin this procedure. To change the sysadmin password, complete the following steps: On the System Configuration menu, select Password and press Enter. - Page 33 A prompt for the current password appears below the menu. Type the current password, and then press Enter. The prompt for a new password appears. Type the new password, and then press Enter. Note: The password must be between 5 and 30 alphanumeric characters in length with no spaces.
-
Page 34: Change The Root User Password
Type the password again, and then press Enter. When your password is accepted, press Enter again to return to the System Configuration menu. Continue with the next section, “Change the root User Password.” Change the root User Password After you change the default sysadmin user password, you need to change the default root user password to protect the security of your network further. - Page 35 On the System Configuration menu, select Advanced, and then press Enter. The Advanced menu appears. Select RootShell, and then press Enter. A prompt for the root password appears. Type the current root password, and then press Enter. The root shell prompt appears.
- Page 36 Select Password, and then press Enter. The password prompt appears below the menu. Type the new root password, and then press Enter. A second prompt appears. Retype the new root password, and then press Enter. When your password change is successful, press Enter. You have now changed both of your default sysadmin and root passwords.This returns you to the System Configuration Console menu.
- Page 37 Select Cancel and press Enter. The System Configuration Console closes and the root shell prompt appears. Type exit and press Enter. The login prompt appears Press Ctrl+Alt to exit the Console environment. Continue with the next section, “Connecting the Appliance to the Network.”...
-
Page 38: Connecting The Appliance To The Network
ONNECTING THE PPLIANCE TO THE ETWORK The procedure to connect each appliance to the network is the same. The only difference for connection is type of appliance you have. To connect your appliance to the network, complete the following steps: Select your appliance from the types of servers shown below. -
Page 39: Udp Director 2000, Flowsensors 2000 And 3000
UDP Director 2000, FlowSensors 2000 and 3000 This appliance is the same as the previous one, but it also has two optional fiber optics ports. It is used for the FlowSensor 2000, the FlowSensor 3000, and the UDP Director (also known as FlowReplicator) 2000: Height: 1.68 inches (4.26 cm) Width: 18.99 inches (48.24 cm) with rack latches 17.08 (43.4 cm) without rack latches... -
Page 40: Flowcollector 4000
FlowCollector 4000 This appliance is used for the FlowCollector 4000 Height: 3.42 inches (8.67 cm) Heat Dissipation: 2,559 BTUs per hour Width: 17.53 inches (44.52 cm) Power: 2 redundant hot-swappable Depth: 26.17 inches (66.46 cm) 750W; Auto Ranging (100V ~ 250V) FlowCollector 5000 Engine This appliance is used for the FlowCollector 5000, which is paired with the FlowCollector 5000 database. -
Page 41: Flowcollector 5000 Database
FlowCollector 5000 Database. This appliance is used for the FlowCollector 5000 database, which is paired with the FlowCollector 5000 engine. Height: 3.42 inches (8.67 cm) Heat Dissipation: 2,891 BTUs per hour Width: 18.99 inches (48.24 cm) Power: 2 redundant hot-swappable Depth: 32.02 inches (81.33 cm) 750W;... -
Page 42: Smc 1010, Flowcollectors 1010 & 4010, Flowsensors 2010, 3010, 4010 And Udp Director 2010
SMC 1010, FlowCollectors 1010 & 4010, FlowSensors 2010, 3010, 4010 and UDP Director 2010 This appliance is used for the following models: SMC 1010 FlowCollector 1010, FlowCollector 4010 FlowSensor, 2010, FlowSensor 3010, FlowSensor 4010 UDP Director 2010 Height: 1.68 inches (4.3 cm) Heat Dissipation: 2,891 BTUs per hour Width: 17.09 inches (43.4 cm) Power: Redundant: 750W... -
Page 43: Connecting To The Network
Check that the LED on the front panel is on. Be sure to connect the appliance to a UPS. Both power supplies require power or else the system displays an error. To configure the appliance, see the StealthWatch System Hardware Configuration Guide. Installation... - Page 44 Installation...
- Page 46 ©2015 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other trademarks are registered or www.lancope.com unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. sw-hware-install-v0670-03192015...