Broadcom Symantec S550 Installation Manual
  1. Manuals
  2. Brands
  3. Broadcom Manuals
  4. Firewall
  5. Symantec S550
  6. Installation manual
Broadcom Symantec S550 Installation Manual

Broadcom Symantec S550 Installation Manual

Endpoint detection and response 4.5
Hide thumbs
Table of Contents

Advertisement

Quick Links

Symantec
Endpoint Detection and Response 4.5 Installation
Guide for the S550 appliance

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Symantec S550 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Broadcom Symantec S550

Summary of Contents for Broadcom Symantec S550

  • Page 1 ™ Symantec Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance...

  • Page 2: Table Of Contents

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Table of Contents Copyright statement..........................4 System Requirements..........................5 Symantec EDR version support for appliances......................5 Browser requirements for the EDR appliance console....................5 System requirements for Symantec Endpoint Protection integration............... 5 Planning for installation........................
  • Page 3 Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Appendix B: Hardward specifications....................43 Symantec S550 appliance specifications......................... 43 Appendix C: Re-installing Symantec EDR onto the S550..............45 Re-installing Symantec EDR onto the 550 appliance from a USB stick or DVD............45...

  • Page 4: Copyright Statement

    The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others.

  • Page 5: System Requirements

    System Requirements Symantec EDR version support for appliances The Symantec S550 appliance supports Symantec EDR 4.1 and later. Browser requirements for the EDR appliance console Browser requirements for the EDR appliance console lists the web browsers that are compatible with the EDR appliance console.
  • Page 6 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance • Windows 7 (64-bit only) • Windows 8 (64-bit only) • Windows Server 2008 • Windows Server 2012 • Windows Server 2012 R2 or later (recommended) See the Symantec Endpoint Protection documentation for SEPM system requirements.

  • Page 7: Planning For Installation

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Planning for installation Pre-installation checklist for physical appliances Pre-installation checklist lists the actions to complete and the information to have ready before you install a physical appliance. Table 2: Pre-installation checklist Action/Item Description...

  • Page 8: Physical Appliance Installation Worksheet

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Action/Item Description Decide on the operating role and operating mode. The operating configuration roles are as follows: • All-in-one • Management platform • Network scanner About operating roles, operating modes, and network connections About network configurations and port connections Obtain the license file and make sure that the license file is accessible.
  • Page 9 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Configuration Description Value to input Re-enter new password: Confirm the new password. Provide this information to the administrator installing the appliance in a secure method. Ensure that the password is retained in a secure location for archival purposes.
  • Page 10 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Configuration Description Value to input Add another route? [y/n] Yes to configure an additional IPv4 static ________ yes (up to three supported) route. No to go to the next prompt. ________.________.________.________ You can configure up to three IPv4 static ________.________.________.________...

  • Page 11: About Operating Roles, Operating Modes, And Network Connections

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Running the setup wizard Installation worksheet completed by: Name: _______________________________________ Date: _________________________ Provided to: EDR Administrator: _____________________________ Date: _________________________ About operating roles, operating modes, and network connections You configure each appliance for Symantec EDR with an operating role and an operating mode.
  • Page 12 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Symantec EDR operating modes and network connections describes the Symantec EDR modes that are available for the appliances and the network connections that are required for each role. You must assign a static IP address to each Symantec EDR network connection.

  • Page 13: About Selecting A Network Scanner

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance About selecting a network scanner The following factors determine the number of recommended network scanners. Hardware versus virtual Make this decision based on your current infrastructure. Users with extensive VMware investment might want to use virtual appliances.
  • Page 14 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance NOTE Port connections vary by appliance model, version, and role. Connect Network configuration Description Connect WAN to Connect LAN to Management to Simple port span/tap This configuration Port on your LAN switch Connect Monitor1 to Not used...

  • Page 15: Where To Place The Appliance In Your Network For Best Results

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Connect Network configuration Description Connect WAN to Connect LAN to Management to Inline with two firewalls, You can connect two Port on your LAN switch Internet firewall LAN port Port on your LAN switch two proxies, and two appliances to two appliances...
  • Page 16 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance You can use the management port for any of the following: • To access the EDR appliance console. • For communication to Symantec's servers (e.g., LiveUpdate, cloud-based sandboxing, Insight, telemetry, etc.). •...
  • Page 17 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance...
  • Page 18 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance...

  • Page 19: Required Firewall Ports

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance About network configurations and port connections Required firewall ports Depending on your network layout, you may need to open some ports on your firewall and edit your firewall rules. These changes let you access the important web addresses that are essential for Symantec Endpoint Detection and Response operations.
  • Page 20 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Table 7: Symantec EDR web and IP addresses Web addresses/IP Address Protocol Port Description • remotetunnel1.edrc.symantec.com HTTPS Permits Symantec Support remote access to • the Symantec EDR appliance. remotetunnel2.edrc.symantec.com •...
  • Page 21 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Table 8: Symantec EDR ports and settings Service Protocol Port From Description Back up FTP; SSH 20 TCP, UDP Management Configured FTP server: FTP ports 20, 21 platform or all-in- backup storage 21 TCP...
  • Page 22 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Service Protocol Port From Description EDR appliance console, Client connecting Management Command-line access for network scanners, and all- to manage an platform, an all-in-one appliance or in-one appliance scanner, or all-in- management platform.

  • Page 23: Proxy Recommendations

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Service Protocol Port From Description Active Directory LDAPS Management Active Directory This connection allows platform or all-in- server Symantec EDR to integrate one appliance with Active Directory for user authentication.

  • Page 24: Obtaining A Symantec Edr License File And Installing It

    When you purchase Symantec EDR, Broadcom sends you a fulfillment confirmation "Welcome" email that includes your serial number and a license key file attachment. If you did not receive a Broadcom Welcome letter or you cannot locate your license key file, click here to go to the Broadcom web site where you can access your license key file.

  • Page 25: Installing The Physical Appliance

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Installing the physical appliance S550 appliance installation workflow Step Action Description Complete all items in the Completing the pre-installation checklist ensures that you have everything you pre-installation checklist. need to install an appliance.

  • Page 26: Connecting The Cables On The S550 Appliance

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Connecting the cables on the S550 appliance Make sure the appliance is on a flat, level surface. If you would rather rack-mount the appliance first, first go to the following link: Rack-mounting the appliance Network cables are not included with the appliance.

  • Page 27: Powering On The S550 Appliance And Verifying The Leds

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Powering on the S550 appliance and verifying the LEDs If you are using copper ports, continue to step 4. 4. Do one of the following: • Inline Block or Inline Monitor mode: Connect port 2:0 to the server that hosts the firewall.

  • Page 28: Configuring The Serial Terminal Or Terminal Emulation Software

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 3. Verify the following as the appliance boots up: • The Power LED turns amber. • Near the end of the boot cycle, the Power LED alternates between amber and green, which indicates the appliance is in unconfigured state.
  • Page 29 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance • (2) Inner chassis rails • (2) Outer rack rails • (1) Kit for two-post mounting configurations 1. Disassemble the two side-rail assemblies by fully extending each side rail and sliding out the inner chassis rails. 2.
  • Page 30 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 3. Attach the rack rails to the rack. Insert the front of each rail in the rack while opening and then releasing the front latch. Repeat to attach the rear of the rails, extending or retracting the rails as necessary so they fit. Verify the rack rails are installed at the same rack height.
  • Page 31 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 4. Install the appliance in the rack. Align the inner rails (attached to the appliance) with the slide-rails in the rack and slide the appliance gently all the way into the rack until it clicks and locks in place. The appliance can be installed from either the front or rear of the rack.
  • Page 32 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 5. Optionally, to extend the appliance from the rack: a) Press the blue rack levers up to disengage the slide rail safety locks. b) While continuing to press the levers, gently pull or push the appliance so it extends out the front or rear of the rack. c) Remove pressure from the levers immediately so the rail safety locks engage in the fully-extended out position.

  • Page 33: Running Bootstrap

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Running bootstrap Running bootstrap to configure the appliance You'll need to open the console window to run bootstrap. During bootstrap, you are prompted to provide appliance configuration information. Your Symantec EDR administrator provides you this information on the Installation worksheet.
  • Page 34 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Name server (IPv4) []: Type the IP address of a name server that the appliance can use to resolve IP addresses. Configure another nameserver? [y/n] Type to add an additional name server or to use only one name server.

  • Page 35: Running The Setup Wizard

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Running the setup wizard Running the setup wizard The Symantec Endpoint Detection and Response setup wizard guides you through the mandatory configuration steps of an all-in-one or management platform device. During bootstrap, you assigned a static IP address to the management port of the appliance.

  • Page 36: Status_Check Command

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 5. Click Next. 6. Respond to the prompts on each screen to complete the mandatory configuration. Click Next to go to the next screen, or click Previous to return to a screen you completed. The following table describes the additional prompts in the setup wizard and how to respond to them.

  • Page 37: Post-Installation Tasks

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Post-installation tasks Completing setup tasks Tasks to complete Symantec Endpoint Detection and Response installation lists the tasks that Symantec recommends you take immediately after you complete the preliminary Symantec Endpoint Detection and Response installation. Click the context-sensitive help tokens in the EDR appliance console for more information about performing these tasks.

  • Page 38: Testing Symantec Edr For Successful Monitoring Or Blocking

    1. Open a web browser on a computer in the LAN that is connected to Symantec EDR. 2. On the Internet, go to the following URL: http://www.broadcom.com The Broadcom website should display normally without any messages. 3. On the Internet, go to the following URL: http://testatp.coe.org.uk 4.

  • Page 39: Accessing The Edr Appliance Console

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance 2. In the Network Interface Settings panel, click the toggle switch in the Scanning field to set scanning to the Off position. Click Ok if a warning dialog appears asking if you are sure that you want to disable scanning. With scanning disabled, the physical appliance should now operate in bypass mode.

  • Page 40: Appendix Materials

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Appendix Materials...

  • Page 41: Appendix A: Ports, Connectors, And Indicators On The Appliance

    Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Ports, connectors, and indicators on the appliance About appliance ports, connectors, and indicators Ports, connectors, and indicators on the Symantec EDR appliances describes the ports, connectors, and indicators on the back of Symantec EDR appliances.
  • Page 42 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Port, connector, or indicator Description Bypass NIC LED indicators Three pairs of LED indicators appear on the bypass NIC card. The Link/Activity pair is solid green and blinks green on activity when bypass mode is off. It is off when bypass mode is on.
  • Page 43 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Hardward specifications Symantec S550 appliance specifications Table 14: S550 appliance hardware specifications Specification SKU6 Skylake ® Xeon Gold 6140; 24.75M Cache (CD8067303405200) 2 x 18Core, 140W (2.30 GHz) 3.5"...
  • Page 44 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Specification SKU6 PCIe Carrier 3 dual half height None Super cap for Mezz card RMSP3AD160F IOC 16port Mez Card None ROC 16port Mez Card RAID Controller Intel(R)IntegratedRAIDModuleRMSP3AD160 None Default Option Cards (only one of the following delivered as Field Replaceable Unit) PE310G4BPI71-SR...
  • Page 45 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Re-installing Symantec EDR onto the S550 Re-installing Symantec EDR onto the 550 appliance from a USB stick or DVD Before you begin, ensure that the Symantec host is racked and the serial port is connected to a serial terminal. The serial connection is 9600 baud, 8 bit no parity.
  • Page 46 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance Unlocked Encrypted /dev/disk2 (disk image): TYPE NAME SIZE IDENTIFIER Apple_partition_scheme +24.2 MB disk2 Apple_partition_map 32.3 KB disk2s1 Apple_HFS Flash Player 24.2 MB disk2s2 /dev/disk3 (external, physical): TYPE NAME SIZE IDENTIFIER GUID_partition_scheme...
  • Page 47 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance /dev/disk1 (internal, virtual): TYPE NAME SIZE IDENTIFIER Apple_HFS SymMacSOE +499.0 GB disk1 Logical Volume on disk0s2 DDDDFDA9-6016-4FD7-8815-B4C1D7190788 Unlocked Encrypted /dev/disk2 (disk image): TYPE NAME SIZE IDENTIFIER Apple_partition_scheme +24.2 MB disk2 Apple_partition_map...
  • Page 48 Symantec ™ Endpoint Detection and Response 4.5 Installation Guide for the S550 appliance This procedure is the same for DVD or USB stick. 15. Select the option Test this media & install ATP. The install occurs automatically and can take up to 30 minutes. The host reboots after the installation is complete. Do not shut off the host until the login prompt appears.

Table of Contents