McAfee IIP-M65K-ISAA - Network Security Platform M-6050 Product Manual
  1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Accessories
  5. IIP-M65K-ISAA - Network Security Platform...
  6. Product manual
McAfee IIP-M65K-ISAA - Network Security Platform M-6050 Product Manual

McAfee IIP-M65K-ISAA - Network Security Platform M-6050 Product Manual

Intrushield® ips
Hide thumbs Also See for IIP-M65K-ISAA - Network Security Platform M-6050:
Table of Contents

Advertisement

Quick Links

McAfee® IntruShield® IPS
IntruShield M-6050 Sensor
version 4.1
McAfee
®
Network Protection
Industry-leading intrusion prevention solutions
M-6050 Sensor Product Guide
revision 2.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IIP-M65K-ISAA - Network Security Platform M-6050 and is the answer not in the manual?

Questions and answers

Related Manuals for McAfee IIP-M65K-ISAA - Network Security Platform M-6050

Summary of Contents for McAfee IIP-M65K-ISAA - Network Security Platform M-6050

  • Page 1 M-6050 Sensor Product Guide revision 2.0 McAfee® IntruShield® IPS IntruShield M-6050 Sensor version 4.1 McAfee ® Network Protection Industry-leading intrusion prevention solutions...
  • Page 2 VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

  • Page 3: Table Of Contents

    Contents Preface ......................v Introducing McAfee IntruShield IPS ....................v About this guide..........................v Audience ............................v Contents of this guide........................v Contacting Technical Support .......................vi Related documentation .........................vi Conventions used in this guide ....................vii Overview ......................1 About IntruShield sensors ......................1 Sensor functionality ........................
  • Page 4 Cabling for in-line ........................20 Cabling for TAP mode ......................... 21 Cabling for SPAN or hub mode ....................21 Cabling the Failover interconnection ports .................. 21 Using Fail-Open hardware ......................22 Troubleshooting ..................23 Sensor Technical Specifications ............... 24 Regulatory, Compliance, and Safety Information........25 Sensor Capacity ..................

  • Page 5: Preface

    Preface This preface provides a brief introduction to McAfee IntruShield, discusses the information in this document, and explains how this document is organized. It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support.

  • Page 6: Contacting Technical Support

    Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page. McAfee requires that you provide your GRANT ID and the serial number of Note: your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.

  • Page 7: Conventions Used In This Guide

    McAfee® IntruShield® IPS 4.1 Preface M-6050 Sensor Product Guide Conventions used in this guide • Special Topics Guide • Database Tuning • Best Practices • Denial-of-Service • Sensor High Availability • Custom Roles Creation • In-line Sensor Deployment • Virtualization •...
  • Page 8 McAfee® IntruShield® IPS 4.1 Preface M-6050 Sensor Product Guide Conventions used in this guide Convention Example Information that you must read to Warning: prevent injury, accidents from contact with electricity, or other serious consequences is denoted using this notation. Notes that provide related, but...

  • Page 9: Overview

    H A P T E R Overview This chapter provides an introduction to IntruShield sensors. About IntruShield sensors IntruShield sensors are high-performance, scalable, and flexible content processing appliances built for the accurate detection and prevention of intrusions, misuse, and distributed denial of service (DDoS) attacks. IntruShield sensors are specifically designed to handle traffic at wire speed, efficiently inspect and detect intrusions with a high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment.

  • Page 10: M-6050 Key Features

    McAfee® IntruShield® IPS 4.1 Overview M-6050 Sensor Product Guide M-6050 key features The IntruShield sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information on IntruShield, see the Getting Started Guide Following is an example of a network topology using Gigabit Ethernet throughput. In the illustration, IntruShield provides IPS and Alert Viewer protection to outsourced servers.

  • Page 11: Ports

    McAfee® IntruShield® IPS 4.1 Overview M-6050 Sensor Product Guide M-6050 physical description dull-duplex Ethernet segments or eight 1 Gigabit SPAN ports transmitting aggregated traffic. Ports The M-6050 is a 2RU unit and is equipped with the following components: Figure 2: M-6050 sensor...

  • Page 12: Front Panel Leds

    Power Supply B swappable, redundant power supply. This power supply also uses a standard IEC320-C13 port, and you can use the McAfee-provided cable or acquire one that meets your specific needs. The M-6050 does not have internal taps; it must be used with a third-party external tap to run in tapped mode.
  • Page 13 McAfee® IntruShield® IPS 4.1 Overview M-6050 Sensor Product Guide M-6050 physical description Status Description Pwr A (Power A) • Green Power Supply A is functioning. Amber Power Supply A is not functioning. • • Green Power Supply in AC mode.
  • Page 14 McAfee® IntruShield® IPS 4.1 Overview M-6050 Sensor Product Guide M-6050 physical description Status Description Fail-Open Control Port Green The link is enabled. Speed The link is disabled. Fail-Open Control Port Amber There is an error. Link There is no error.

  • Page 15: Before You Install

    • The sensor appliance is not a general purpose workstation. • McAfee prohibits the use of the sensor appliance for anything other than operating the IntruShield IPS. • McAfee prohibits the modification or installation of any hardware or software in the sensor appliance that is not part of the normal operation of the IntruShield IPS.

  • Page 16: Working With Fiber-Optic Ports

    • One power supply. • Two CD ROMS containing the sensor software and on-line documentation. • Power cords. McAfee provides a standard and international power cables. • One set of rack mounting rails. • One set of rack mounting ears.

  • Page 17: Unpacking The Sensor

    McAfee® IntruShield® IPS 4.1 Before You Install M-6050 Sensor Product Guide Unpacking the sensor Unpacking the sensor To unpack the sensor: Place the sensor box as close to the installation site as possible. Position the box with the text upright.

  • Page 18: Setting Up An M-6050

    H A P T E R Setting up an M-6050 This chapter describes the process of setting up a sensor to prepare it for configuration. Setup Overview Setting up a sensor involves the following steps: Positioning the sensor. (See below.) Installing interface modules (SFP and XFP).

  • Page 19: Mounting A Sensor In A Rack

    Before you mount the sensor in the rack, make sure that power is OFF. Caution: Remove the power cable and all network interface cables from the sensor Because of the weight of the appliance, McAfee recommends that two people Note: place the chassis into the rail cabinet.

  • Page 20: Using The Redundant Power Supply

    Slide in the power supply until it makes contact with the backplane, then push firmly to mate the connectors solidly with the backplane. For true redundant operation with the optional redundant power supply, Note: McAfee recommends that you plug each supply into a different power circuit. For optimal protection, use uninterruptable power sources.

  • Page 21: Removing The Power Supply

    SFP optical interfaces are less than half the size of GBIC interfaces. To ensure compatibility, McAfee supports only those SFP and XFP modules Note: purchased through McAfee or from a McAfee-approved vendor. For a list of approved vendors, see the on-line KnowledgeBase, https://support.mcafee.com. https://mysupport.mcafee.com These installation instructions provide information for installing an SFP and an XFP module that uses a bail clasp for securing the module in place in the sensor.

  • Page 22: Modules Description

    McAfee® IntruShield® IPS 4.1 Setting up an M-6050 M-6050 Sensor Product Guide Using Small Form-factor Pluggable modules module may be slightly different. Check the module manufacturer’s installation instructions for more details. For ease of installation, insert the module in the sensor while it is powered down and before placing it in a rack.

  • Page 23: Installing A Module

    McAfee® IntruShield® IPS 4.1 Setting up an M-6050 M-6050 Sensor Product Guide Power-on the sensor Installing a module To install a module with a bail clasp, follow these steps: Remove the module from its protective packaging. Ensure the module is the correct model for your network.

  • Page 24: Powering Off The Sensor

    The M-6050 sensor has no power switch. The sensor powers on as soon as one of its power cables is connected to a power source. Powering off the sensor McAfee recommends that you use the shutdown CLI command to halt the sensor before powering it down. For more information on CLI commands, see Sensor...

  • Page 25: Attaching Cables To The M-6050

    Follow the steps outlined in this chapter to connect cables to the various ports on your sensor. Cabling the Console port The Console port is used for setup and configuration of the sensor. For console connections, plug the DB9 Console cable supplied by McAfee into Console port (labeled Console on the sensor front panel).

  • Page 26: Cabling The Response Port

    McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-6050 M-6050 Sensor Product Guide Cabling the Response port Name Setting Baud rate 38400 Number of bits Parity None Stop bits Flow Control None Cabling the Response port The sensors’ Response ports are used to send responses to attacks; when operating in TAP or SPAN mode, for example, you cannot inject response packets via a tap.

  • Page 27: Cabling The Monitoring Port

    Connect the other end of the cable to the network device (for example, hub, switch, router) that in turn connects to the Manager server. To isolate and protect your management traffic, McAfee strongly Note: recommends using a separate, dedicated management subnet to interconnect the sensors and the Manager.

  • Page 28: Efault Monitoring Port Speed Settings

    McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-6050 M-6050 Sensor Product Guide Cabling for in-line You cannot configure, for example, IA and 2A to work together as a pair. Note: Figure 9: Port pair Default monitoring port speed settings Be sure that the switch/router ports connected to the sensor Monitoring ports match the sensor configuration.

  • Page 29: Cabling For Tap Mode

    McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-6050 M-6050 Sensor Product Guide Cabling for TAP mode Plug the cable appropriate for use with your Gigabit Ethernet into one of the ports labeled xA (for example, 1A). Plug another cable into the peer of the port used in Step 1. This port will be labeled xB (for example, 1B).

  • Page 30: Using Fail-Open Hardware

    McAfee® IntruShield® IPS 4.1 Attaching Cables to the M-6050 M-6050 Sensor Product Guide Using Fail-Open hardware To connect two M-6050s for failover: Plug the cable appropriate for use with your XFP module into port 4A of the active sensor. Connect the other end of the cable to port 4A of the standby sensor.

  • Page 31: Troubleshooting

    H A P T E R Troubleshooting This section lists some common installation problems and their solutions. Problem Possible Cause Solution LED is off. The control cable has been Check the control cable and ensure it disconnected. is properly connected to both the sensor and the Bypass Switch.

  • Page 32: Sensor Technical Specifications

    P P E N D I X Sensor Technical Specifications The following table lists the specifications of the M-6050 sensor. Sensor Specifics Description Dimensions Without mounting ears/rails/cable management: • Width: 16.75 in. (41.91 cm) • Height: 3.5 in. (8.89 cm) •...

  • Page 33: Regulatory, Compliance, And Safety Information

    P P E N D I X Regulatory, Compliance, and Safety Information The M-6050 meets the following standards: Sensor Regulatory, Safety, and Compliance Regulatory Products with the CE Marking are compliant with the 89/336/EEC and 73/23/EEC directives, which include the safety and EMC standards listed.
  • Page 34 McAfee® IntruShield® IPS 4.1 Regulatory, Compliance, and Safety Information M-6050 Sensor Product Guide Using Fail-Open hardware Sensor Regulatory, Safety, and Compliance SS IEC CISPR22: 1993, Singapore IDA Class A EN 55024: 1998 + A1:2001 + A2: 2003 - Emissions: •...

  • Page 35: Sensor Capacity

    P P E N D I X Sensor Capacity The following table lists the sensor's capacity to handle data operations within the following categories: Operation Type Maximum Capacity Concurrent connections 1,000,000 Connections established per sec. 25,000 Concurrent SSL Flows (2.1.x and later) 100,000 Number of SSL keys that can be stored on the sensor Virtual IDS sessions...

This manual is also suitable for:

Intrushield m-6050

Table of Contents