1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Firewall
  5. 10521148 - Network Security 7161
  6. Implementation manual

Symantec 10521148 - Network Security 7161 Implementation Manual

Network security 7100 series
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Symantec™ Network Security
7100 Series Implementation
Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 10521148 - Network Security 7161 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Symantec 10521148 - Network Security 7161

Summary of Contents for Symantec 10521148 - Network Security 7161

  • Page 1 Symantec™ Network Security 7100 Series Implementation Guide...
  • Page 2 Symantec reserves the right to make changes without prior notice. No part of this publication may be copied without the express written permission of Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014. Trademarks. Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server, and Norton AntiVirus are U.S.
  • Page 3 Technical support As part of Symantec Security Response, the Symantec global Technical Support group maintains support centers throughout the world. The Technical Support group’s primary role is to respond to specific questions on product feature/ function, installation, and configuration, as well as to author content for our Web-accessible Knowledge Base.
  • Page 4 Recent software configuration changes and/or network changes ■ Customer Service To contact Enterprise Customer Service online, go to www.symantec.com, select the appropriate Global Site for your country, then choose Service and Support. Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization ■...
  • Page 5 Appliance. Your sole remedy in the event of a breach of this may furnish to You as well as the copy of the Software warranty will be that Symantec will, at its option, replace any provided to You on a CD-ROM or other media in connection defective media returned to Symantec within the warranty with the Appliance (the “Recovery Software”).
  • Page 6 Appliance to You, freight and insurance prepaid. In the event that Symantec, in its sole discretion, determines that it is unable to replace or repair the Hardware, Symantec will refund to You the F.O.B. price paid by You for the defective Appliance.
  • Page 7 Appliance. The license entitles You to receive a copy of the source code for Linux only upon request at a nominal charge. If You are interested in obtaining a copy of such source code, please contact Symantec Customer Service at one of...

  • Page 9: Table Of Contents

    Contents Chapter 1 Introduction About the Symantec Network Security 7100 Series ......... 9 About the core software ................10 About the detection architecture .............. 10 About the management system ..............10 About the 7100 Series models ..............11 About this guide ....................11 About the documentation set ................
  • Page 10 Clustering ...................... 41 External IDS products ................. 42 Network Security console accessibility ............42 SESA server accessibility ..................42 Symantec LiveUpdate accessibility ..............43 Chapter 4 Installing the 7100 Series About installing the 7100 Series ............... 45 Rack mounting ..................... 46 Mounting the appliance to a two-post rack ..........
  • Page 11 Contents About initializing Symantec Network Security ..........67 LCD panel initial configuration ................. 68 Using the LCD panel to configure a master node ........69 Using the LCD panel to configure a slave node ........72 Serial console initial configuration ..............76 Starting a serial console ................
  • Page 12 4 Contents Chapter 8 Configuring nodes and interfaces About configuring nodes and interfaces ............101 Configuring appliance nodes ................102 About appliance node fields ..............102 Node Options tab fields ..............103 Advanced Network Options tab fields ..........104 Adding or editing an appliance node ............105 Configuring appliance interfaces ..............
  • Page 13 Viewing a configuration file ..............147 Using the compact flash during re-imaging and upgrading ....148 Restarting, rebooting, and powering off ............148 Stopping, starting, and restarting Symantec Network Security ..148 Stopping Network Security from the LCD ........149 Stopping Network Security from the serial console ....149 Starting Network Security from the LCD ........150...
  • Page 14 Chapter 12 Re-imaging and unconfiguring About re-imaging and unconfiguring ............. 167 Unconfiguring Symantec Network Security ..........168 Running Unconfigure in the Network Security console ...... 168 Running Unconfig SNS on the LCD ............169 Running unconfigure on the serial console ........... 170 Preparing for re-imaging ..................
  • Page 15 Contents Appendix A Troubleshooting About troubleshooting ..................183 Accessing troubleshooting information ............183 Appendix B Specifications and safety Product Specifications ..................185 Safety guidelines ....................186 Product certifications ..................188 Appendix C Service Manual About the removable hard drive ..............191 Removing the hard drive ..................192 Index...
  • Page 16 8 Contents...

  • Page 17: Chapter 1 Introduction

    Verifying the materials ■ About the Symantec Network Security 7100 Series Symantec Network Security 7100 Series appliances provide real-time network intrusion prevention and detection to protect critical enterprise assets from the threat of known, unknown (zero-day), and denial of service (DoS) attacks.

  • Page 18: About The Core Software

    Cohesive, streamlined security content, service, and support ■ About the core software The 7100 Series appliances run Symantec Network Security 4.0 software, which provides detection, analysis, management, storage, and response functionality. The standard software and the appliance version utilize the core functionality in the same way, and most procedures apply to both.

  • Page 19: About The 7100 Series Models

    About this guide The Network Security Management System automates the process of delivering security and product updates to the 7100 Series appliances using Symantec Live Update to provide real-time protection against the latest threats. In addition, the Network Security Management System can be used to expand...
  • Page 20 LCD run menu, and using the serial console. Includes a section on setting up SESA. Chapter 12 Re-imaging and unconfiguring Describes how to unconfigure Symantec Network Security and how to re-image the appliance. Discusses upgrading the Network Security console. Discusses...

  • Page 21: About The Documentation Set

    Lists topics covered in this guide, using index format. About the documentation set The documentation set for the Symantec Network Security 7100 Series includes: Symantec Network Security 7100 Series Implementation Guide (printed and ■ PDF). This guide explains how to install, configure, and perform key tasks on the Symantec Network Security 7100 Series.

  • Page 22: About The Web Sites

    Network Security 7100 Series, including limitations, workarounds, and troubleshooting tips. About the Web sites You can view the entire documentation set on the Symantec Network Security Web site. You can get up to date information from the Knowledge Base and patch sites: To view the documentation set, open http://www.symantec.com/techsupp/...
  • Page 23 Symantec Network Security Version 4.0 ■ Administration Guide Symantec Network Security 7100 Series ■ Implementation Guide Symantec Network Security 7100 Series Getting ■ Started Card Symantec Network Security 7100 Series Product ■ Specifications and Safety Information Printed documentation only for Symantec Network Security 716x Service Manual ■...
  • Page 24 16 Introduction Verifying the materials...

  • Page 25: Chapter 2 Introducing The 7100 Series Components

    LCD subsystem, compact flash, removable hard drive, and serial port make administration tasks easy and efficient. About 7100 Series models The Symantec Network Security 7100 Series appliance is available in three models. The specific hardware configuration for each model is described in the following sections: Model 7120 ■...

  • Page 26: Model 7120

    18 Introducing the 7100 Series components About 7100 Series models Model 7120 The 7120 is the Fast Ethernet model of the Symantec Network Security 7100 Series. It has six 10/100Base-T monitoring interfaces, and comes in a 1U configuration for a 19” rack.

  • Page 27: Model 7160

    Introducing the 7100 Series components About 7100 Series models Model 7160 The 7160 is the all gigabit copper Symantec Network Security 7100 Series model. It provides eight 10/100/1000Base-T monitoring interfaces, and comes in a 2U configuration for a 19” rack.

  • Page 28: Model 7161

    20 Introducing the 7100 Series components About 7100 Series models Table 2-2 7160 back panel components Diagram Component Description location name re1000g5 Monitoring interface; 10/100/1000Base-T re1000g6 Monitoring interface; 10/100/1000Base-T re1000g7 Monitoring interface; 10/100/1000Base-T eth8 RST0 reset interface for sending TCP resets to malicious or unwanted flows;...

  • Page 29: About Core Components

    Introducing the 7100 Series components About core components Table 2-3 describes the components on the 7161 back panel. Table 2-3 7161 back panel components Diagram Component Description location name Dual Connections for the AC power cords; two redundant power redundant supplies including four fans for cooling the appliance power supplies interior...

  • Page 30: Lcd Panel

    7160 core components LCD Panel LED Lights Compact Flash adapter USB Ports Serial Port LCD panel The LCD panel includes the LCD screen and six push buttons. These components are located on the front bezel of the Symantec Network Security 7100 Series...
  • Page 31 Introducing the 7100 Series components About core components appliance. There is no significant difference between the models in the arrangement of the LCD panel components. Table 2-4 describes the LCD panel components. Table 2-4 LCD panel components Diagram Component Description location name LCD screen...

  • Page 32: Led Lights

    24 Introducing the 7100 Series components About core components “Compact flash initial configuration” on page 83. After you configure the appliance and install Symantec Network Security, the LCD panel goes into status mode, in which it cycles through various system statistics. See “Monitoring appliance status”...

  • Page 33: Serial Port

    158. USB ports There are two USB ports on the back of every Symantec Network Security 7100 Series appliance. Either port can be used for the keep-alive connection to the optional In-line Bypass unit. The bypass unit provides fail-open capability when you configure the appliance for in-line mode.
  • Page 34 Backing up node logs, databases, and configuration information ■ Restoring node logs, databases, and configuration information ■ Upgrading to a major new version of Symantec Network Security ■ Upgrading to a major new version of the operating system ■ Booting from compact flash during appliance re-imaging or upgrading ■...

  • Page 35: About Additional Components

    The 7160 and 7161 have a hard drive that you can easily remove by means of a pullout panel on the bottom of the appliance. If you should ever need to ship your appliance to Symantec for support, this provides a convenient method of extracting the drive before shipping the appliance.

  • Page 36: Dual Redundant Power Supplies

    28 Introducing the 7100 Series components About additional components Dual redundant power supplies The 7160 and 7161 have dual redundant power supplies. The dual power supplies ideally connect to separate power sources. Dual redundant power supplies Each of the redundant power supplies has two internal power-main connections. In the event of a failure of one power-main, the other one continues to provide uninterrupted power.

  • Page 37: Chapter 3 Deploying The 7100 Series

    If your network exhibits asymmetric traffic patterns, you may want to configure interface grouping. If you deploy the appliance in-line, you can add fail-open capabilities. You can combine it in a cluster with other Symantec Network Security nodes, which may...

  • Page 38: Bandwidth Licensing Options

    In passive mode, Network Security detects attacks as they enter the monitored network. You can configure response rules to provide alerts, send TCP resets, execute scripts, or take other actions. See the Symantec Network Security Administration Guide for more information on response rules.

  • Page 39: In-Line Mode

    In-line blocking mode is an important tool for securing your network, because it allows you to stop attacks at the point of detection. Blocking mode on the 7100 Series utilizes Symantec Network Security’s powerful analysis software to identify both zero-day attacks and those with known signatures. You can find more information about Network Security’s analysis and detection capabilities...

  • Page 40: In-Line Pairs

    32 Deploying the 7100 Series Deployment options In-line pairs In-line mode requires two interfaces configured as an in-line pair. The interfaces in each in-line pair are pre-determined, and the Network Security console enforces the pairing. Figure 3-1 shows the interfaces designated for in-line pair 0 and pair 1 on the 7120.

  • Page 41: Deployment Using In-Line Mode

    49. Comparing in-line mode to passive mode Table 3-1 illustrates the differences and similarities between in-line mode and passive mode on the Symantec Network Security 7100 Series. Table 3-1 In-line mode compared to passive mode Feature or characteristic...
  • Page 42 You can configure up to four monitoring interfaces into one interface group. Symantec Network Security starts a single sensor for the group, with the result that all network traffic seen on any interface within the group is analyzed in the group context, as if the traffic were being seen on a single interface.

  • Page 43: Fail-Open

    Fail-open Fail-open refers to a configuration that allows network traffic to continue even if the Symantec Network Security 7100 Series appliance has a hardware or software failure that affects one or more of its in-line interface pairs. For in-line interface pairs on the appliance, fail-open is an option that requires the purchase and installation of another device called the Symantec Network Security In-line Bypass unit.

  • Page 44: The 2 In-Line Bypass Unit

    36 Deploying the 7100 Series Deployment options Table 3-2 Bypass unit features Feature 2 In-line Bypass 4 In-line Bypass unit unit 10/100/1000 Base-T (MDI) interfaces USB ports Both the 2 In-line Bypass unit and the 4 In-line Bypass unit are equipped with gigabit (10/100/1000) copper interfaces.

  • Page 45: Port Groups And The Management Port On The Bypass Unit

    Deploying the 7100 Series Deployment options Figure 3-5 4 In-line Bypass unit 1 - Serial port 5 - Port group 0 2 - Mgmt USB 6 - Port group 1 3 - Power Supply 1 7 - Port group 2 4 - Power Supply 2 8 - Port group 3 Port groups and the management port on the bypass unit...

  • Page 46: Online And Bypass Modes

    38 Deploying the 7100 Series Deployment options Table 3-3 Connections needed for deploying bypass unit Connection Bypass port Description The even-numbered App A Connects to the interface in the in-line pair that is interface on the associated with one side of the network. App A appliance always connects to the even-numbered interface (for example, re1000g0 or eth2).

  • Page 47: Front Panel Leds On The Bypass Unit

    Deploying the 7100 Series Deployment options result in link speed or duplex mismatches which could cause degraded performance or possible loss of connectivity. After connecting the bypass unit to a 7100 Series appliance, you should verify the link speed and duplex parameters for all interfaces in the port group. To verify the link parameters for Net A and Net B, log on to the connected network devices and display the status for the connected interfaces.

  • Page 48: Rear Panel Leds On The Bypass Unit

    40 Deploying the 7100 Series Deployment options Table 3-4 Bypass unit front panel LED descriptions Diagram LED label LED name Description location Port group 0 The P0 LED glows when port group 0 is operating in online mode. Port group 1 The P1 LED glows when port group 1 is operating in online mode.

  • Page 49: Clustering

    Mbps or 10 Mbps). Clustering You can combine the Symantec Network Security 7100 Series appliance with other nodes and appliances into a cluster. One node within the cluster functions as the master node, and the others act as slaves. You can access and configure all nodes in the cluster from the same Network Security console.

  • Page 50: External Ids Products

    Symantec Network Security Smart Agent software. Once the event data is received, the appliance analyzes it in the same way that it handles data from its own sensors. For more information, see the Symantec Network Security Administration Guide.

  • Page 51: Symantec Liveupdate Accessibility

    Symantec Network Security nodes. Your choice affects whether the 7100 Series node needs access to the Symantec Web site or only to a local server. For more information about LiveUpdate, see the Symantec Network Security...
  • Page 52 44 Deploying the 7100 Series Symantec LiveUpdate accessibility...

  • Page 53: Chapter 4 Installing The 7100 Series

    Cable it to other network devices ■ The Symantec Network Security 7100 Series is designed to be installed in a data center with other networking devices and servers. Its dimensions are suitable for a 19” rack. You must position it within cabling distance of any switches or other devices that access the network segments that you want to protect.

  • Page 54: Rack Mounting

    Rack mounting The Symantec Network Security 7100 Series comes with two metal L-brackets and eight screws for attaching the brackets to the appliance. Using the brackets, you can mount the appliance to a standard 19” two-post or four-post rack. This procedure is the same for all models.

  • Page 55: Mounting The Appliance To A Four-Post Rack

    Installing the 7100 Series Rack mounting Attach the bracket by inserting four of the provided screws through the slots in the bracket into the holes in the appliance casing. Tighten the screws completely. Attach the other L-bracket in the same way to the opposite side of the appliance.
  • Page 56 48 Installing the 7100 Series Rack mounting To mount the appliance to a four-post rack Place the long side of an L-bracket against one side of the appliance near either the front or the back of the appliance. Position the bracket so that its short flange is lined up with the front or back of the appliance.

  • Page 57: Cabling

    You need to connect cables to the monitoring ports, management port, reset ports, and power supply. Optionally, you may wish to cable the serial port and, if you have a Symantec Network Security In-line Bypass unit, a USB port.

  • Page 58: Connecting The Management, Reset, And Serial Ports

    50 Installing the 7100 Series Cabling Connecting the management, reset, and serial ports You need two Ethernet cables of an appropriate length to connect the management and reset ports to your network. Use the provided serial console cable to connect the serial port to your serial device.

  • Page 59: Cabling A Bypass Unit For Fail-Open

    Connect port 3 of the appliance to the other side of network 2. Cabling a bypass unit for fail-open This section describes how to install a Symantec Network Security In-line Bypass unit to provide fail-open capability. The 2 In-line Bypass unit is recommended for operation with the 7120 appliance.
  • Page 60 52 Installing the 7100 Series Cabling Figure 4-4 depicts a 2 In-line Bypass unit deployed with a 7120 and other network devices. Figure 4-4 2 In-line Bypass unit deployed with 7120 AppA AppB NetA NetB 2 In-line Bypass unit Port group 0 Port group 1 7120 0 - Port 0...
  • Page 61 Installing the 7100 Series Cabling implemented as 10/100/1000Base-T. Consult the documentation for your network devices to determine whether they require crossover connections. The following procedures do not anticipate the type of cable. It is up to you to select a crossover cable if your network device requires one. The link parameters, including speed and duplex mode, should be auto-negotiated between Net A and App A, and Net B and App B.

  • Page 62: Powering The 7120 On Or Off

    54 Installing the 7100 Series Cabling If the USB cable is not yet connected, plug one USB connector into either USB port on the 7120 appliance, and plug the other connector into the Mgmt USB port on the 2 In-line Bypass unit. Powering the 7120 on or off As the last step in the physical installation of the 7120 appliance, connect and turn on the power.

  • Page 63: Connecting The Management, Reset, And Serial Ports

    Installing the 7100 Series Cabling Cabling for passive mode monitoring ■ Cabling for in-line mode monitoring ■ Cabling a bypass unit for fail-open ■ Powering the 7160 on or off ■ Warning: To prevent a possible electric shock, do not connect the power until all other cabling is done.

  • Page 64: Cabling For Passive Mode Monitoring

    56 Installing the 7100 Series Cabling To connect the reset ports Connect the first reset port (RST0) on the appliance to a monitored network where you want to send TCP resets. Connect the second reset port (RST1) on the appliance to a monitored network where you want to send TCP resets.

  • Page 65: Cabling A Bypass Unit For Fail-Open

    Connect port 7 of the appliance to the other side of network segment 4. Cabling a bypass unit for fail-open This section describes how to install a Symantec Network Security In-line Bypass unit to provide fail-open capability. The 4 In-line Bypass unit is...
  • Page 66 58 Installing the 7100 Series Cabling Note: Only the 4 In-line Bypass unit is supported for use with model 7160. Figure 4-7 shows the 4 In-line Bypass unit. Figure 4-7 4 In-line Bypass unit The 4 In-line Bypass unit contains four port groups, each with four ports. Two ports, Net A and App A, are associated with one port of the 7160 in-line pair and the corresponding side of the network.
  • Page 67 Installing the 7100 Series Cabling Figure 4-8 4 In-line Bypass unit deployed with 7160 Port group 2 Port group 0 Port Port group 1 group 3 7160 0 - Port 0 10 - RST 2 1 - Port 1 11 - Management port 2 - Port 2 12 - Mgmt USB on bypass unit 3 - Port 3...
  • Page 68 60 Installing the 7100 Series Cabling Note: Follow the cabling instructions carefully to match each in-line interface pair with its associated port group on the bypass unit. Connect in-line pair 0 (ports 0/1 on the appliance) to port group 0 on the bypass unit. Connect in-line pair 1 on the 7160 to port group 1 on the bypass unit.
  • Page 69 Installing the 7100 Series Cabling To cable in-line pair 1 with port group 1 Shut down the 7160 appliance if it is running. On the bypass unit, connect Net A of port group 1 to one side of the network. Connect App A of port group 1 to port 2 on your appliance.

  • Page 70: Powering The 7160 On Or Off

    62 Installing the 7100 Series Cabling Powering the 7160 on or off As the last step in the physical installation of the 7160 appliance, connect and turn on the power. When the appliance powers on, you should hear the hard drive spin up and the fans turn on, and see the LEDs and LCD screen light up.

  • Page 71: Connecting The Management, Reset, And Serial Ports

    Installing the 7100 Series Cabling The following topics are covered here: Connecting the management, reset, and serial ports ■ Cabling for passive mode monitoring ■ Cabling for in-line mode monitoring ■ Powering the 7161 on or off ■ Warning: To prevent a possible electric shock, do not connect the power until all other cabling is done.

  • Page 72: Cabling For Passive Mode Monitoring

    64 Installing the 7100 Series Cabling To connect the management port Connect the management port (port 11) on the appliance to your ◆ management network. To connect the reset ports Connect the first reset port (port 8) on the appliance to a monitored network where you want to send TCP resets.
  • Page 73 Installing the 7100 Series Cabling 6/7). You can use the remaining ports for monitoring other network segments in passive mode. Figure 4-10 depicts a 7161 using in-line mode to monitor four network segments. Figure 4-10 7161 using in-line mode Network Network Network Network...

  • Page 74: Powering The 7161 On Or Off

    66 Installing the 7100 Series Cabling Powering the 7161 on or off As the last step in the physical installation of the 7161 appliance, connect and turn on the power. When the appliance powers on, you should hear the hard drive spin up and the fans turn on, and see the LEDs and LCD screen light up.

  • Page 75: Chapter 5 Initializing Symantec Network Security

    Default login accounts ■ About initializing Symantec Network Security Initial configuration of the Symantec Network Security 7100 Series appliance is quick and straightforward. The configuration process prompts you for information, after which Symantec Network Security is installed on the 7100 Series node.

  • Page 76: Lcd Panel Initial Configuration

    LCD panel to select your choice. To use the serial console method, you can access the appliance directly from the serial console by logging in using the default username (secadm) and password (Symantec). LCD panel initial configuration...

  • Page 77: Using The Lcd Panel To Configure A Master Node

    Initializing Symantec Network Security LCD panel initial configuration Procedures for configuring a master or slave node are provided in the sections below. Using the LCD panel to configure a master node ■ Using the LCD panel to configure a slave node ■...
  • Page 78 70 Initializing Symantec Network Security LCD panel initial configuration For: Local IP Address [000]000.000.000 use the arrow buttons to enter the local IP address for the appliance. Use the up or down buttons to scroll through the numbers for each three-digit part of the address.
  • Page 79 Initializing Symantec Network Security LCD panel initial configuration Warning: Randomly choose a unique number between 1025 and 65535. A random, unique QSP port number prevents profiling by intruders. All slave nodes must use the same QSP port number that the master node uses.

  • Page 80: Using The Lcd Panel To Configure A Slave Node

    This section contains the procedure for initial configuration of a slave node by using the LCD panel. Note: A Symantec Network Security 7100 Series appliance can only be deployed as a slave node to another 7100 Series appliance or to a master node running...
  • Page 81 Initializing Symantec Network Security LCD panel initial configuration For more information about master and slave nodes, see the Symantec Network Security Administration Guide. If you wish to configure your appliance as a master node, see “Using the LCD panel to configure a master node”...
  • Page 82 74 Initializing Symantec Network Security LCD panel initial configuration use the arrow buttons to enter the default gateway for the local subnet. The default gateway is the router on the local network. Press e. For: Master Node? [Yes] No use the arrow buttons to move the cursor to No.
  • Page 83 Initializing Symantec Network Security LCD panel initial configuration Warning: The Master Node Pswd you input here must match the Master Node Sync Password you enter when adding the slave node object to the topology tree in the Network Security console. See “Configuring appliance...

  • Page 84: Serial Console Initial Configuration

    17 For: Reboot Now? [Yes] No press e to reboot the appliance and start Symantec Network Security. Serial console initial configuration You can use a serial terminal application with VT100 emulation for the initial configuration of your Symantec Network Security 7100 Series appliance. Each...

  • Page 85: Starting A Serial Console

    Initializing Symantec Network Security Serial console initial configuration serial console stays on while the appliance is running. To use it you must enter the correct login and password, which have default values for initial configuration. Some required information depends on whether you are adding the appliance as a master or a slave node.
  • Page 86 78 Initializing Symantec Network Security Serial console initial configuration To configure your appliance as a slave node, see “Configuring a slave node using the serial console” on page 80. To configure a master node using the serial console At the...
  • Page 87 Initializing Symantec Network Security Serial console initial configuration Enter date in MMDDhhmmYY format: Type the current month, date, hour, minute, and year using two digits for each. For the hour, use 24 hour format. For example, May 12, 2004 at 1:05pm is entered as: 0512130504.

  • Page 88: Configuring A Slave Node Using The Serial Console

    77. Note: A Symantec Network Security 7100 Series appliance can only be deployed as a slave node to another 7100 Series or to a master node running Symantec Network Security 4.0. To configure a slave node using the serial console...
  • Page 89 , or enter a unique number between 2 and 120. This node number cannot be changed once you have finished this procedure and installed Symantec Network Security. Enter the master node number (default 1): Press Enter to accept the default, or enter the node number of the master node for this cluster.
  • Page 90 82 Initializing Symantec Network Security Serial console initial configuration Please enter the password again: Re-enter the password for confirmation. Enter qspproxy port number (default: 62432): Press Enter to accept the randomized default or enter a number between 1024 and 65535.

  • Page 91: Compact Flash Initial Configuration

    Compact flash initial configuration If you have a compact flash card with a Symantec Network Security configuration already written to it, you can use it to configure your appliance. This convenient method provides a known configuration for a new appliance slave node that you are adding to an existing topology.

  • Page 92: Default Login Accounts

    Under normal operation, all tasks can be completed from the Network Security console or by using the buttons on the LCD panel. Occasionally you may need access to the operating system or the Symantec Network Security filesystem for troubleshooting or to view system log files.

  • Page 93: Chapter 6 Starting The Network Security Console

    Launching the console ■ About the Network Security console Once you have installed your Symantec Network Security 7100 Series appliance and performed initial configuration, the next step is to install the Network Security console on a separate machine. The Network Security console is a Java application that will run on a Windows or Linux machine.

  • Page 94: Console Requirements On Windows

    86 Starting the Network Security console Installing the console Console requirements on Windows Table 6-1 shows the minimum requirements needed by a Windows computer for running the Network Security console. Table 6-1 Console requirements on a Windows system Parameter Required minimum value Operating system Microsoft Windows 2000, Microsoft Windows Memory...

  • Page 95: Installing The Java Runtime Environment

    Double-click setup.exe. In Symantec Network Security 4.0 Setup, click Next. In Welcome, click Next. In Symantec Software License Agreement, read the agreement, and then click Yes. In Choose Destination Location, do one of the following: Click Next to accept the default directory: ■...

  • Page 96: Installing The Console On Linux

    88 Starting the Network Security console Launching the console The Symantec Network Security and Java Runtime Environment components are selected by default. If you already have JRE 1.4.2_04 installed on this machine, uncheck Java Runtime Environment. 10 In Ready To Install, click Next.

  • Page 97: Using The Correct Administration Ip Address

    This section describes how to launch the console on a Windows machine. To launch the console on Windows Double-click the shortcut to Symantec Network Security on your desktop. In Symantec Network Security Console, enter the administration IP address of the appliance into the Hostname text box.
  • Page 98 /usr/local/bin/java -jar -Xmx256m snsadmin.jar The option allots the required memory for the application. -Xmx256m In Symantec Network Security, enter the administration IP address of the appliance into the Hostname text box. “Using the correct administration IP address” on page 89.

  • Page 99: Chapter 7 Licensing

    When a license expires, a new license must be installed to activate the node. When no license is installed, only the licensing window is active. Standard Symantec licenses are node locked to the Symantec System ID, and are based on the monitored bandwidth. The license automatically includes maintenance and support for the first year.

  • Page 100: Bandwidth Licensing Options

    7120 50 Mbps 100 Mbps 7160 / 7161 250 Mbps 500 Mbps 1.0 Gbps Installing licenses The Symantec Network Security software functionality is activated by license. A separate license must be installed for each 7100 Series node, but the console...
  • Page 101 Licensing Installing licenses does not require a license. If you add nodes to your network, you must activate them with new licenses. The first time you log into a new 7100 Series master node using the Network Security console, the License Information window appears. When you add a slave node, you can access licensing by first connecting to the master node with the Network Security console.

  • Page 102: Requesting A License File

    Determining the Symantec System ID When you request a license file, you need to provide the Symantec System ID. There are three methods of determining the Symantec System ID. To determine the Symantec System ID from the console on an unlicensed appliance Launch the Network Security console.

  • Page 103: Requesting The License File

    Installing licenses Connect to the 7100 Series node and log in with the superuser account. In License Information, in the upper right corner, the Symantec System ID is displayed. Note that the parentheses are part of the ID. To determine the Symantec System ID on a licensed appliance In the Network Security console, on Devices, right-click the 7100 Series node object.

  • Page 104: Installing A License File

    Installing licenses Note: A license file that was issued for a particular machine cannot be used on another machine. Access the Symantec licensing Web site at https://licensing.symantec.com Follow the instructions on the Web page to complete and submit the online licensing form.

  • Page 105: Checking The License Status

    Licensing Checking the license status Click OK. In License Information, do one of the following: Click Browse to navigate to the location of the license file and select the ■ file. Type in the file name directly. ■ Click Submit. The software indicates whether the license installed successfully on the node.

  • Page 106: Adding To Licenses

    You must also provide the Fulfillment ID. Understanding excessive traffic Symantec Network Security notifies you each time the network traffic rate exceeds the license. The license is for the total packets seen by all combined interfaces on your Symantec Network Security 7100 Series appliance.

  • Page 107: Installing The Additive License File

    The software indicates whether the license installed successfully on the node. Calling for help Customers with a current support agreement may contact the Symantec Global Technical Support group by telephone, or online at www.symantec.com/techsupp. If you have questions regarding your license, you...
  • Page 108 100 Licensing Calling for help Symantec Serial Number: The serial number printed on the Symantec ■ Serial Number certificate. “Determining the serial numbers” on page 94. Appliance Serial Number: The serial number printed on a label on the back ■...

  • Page 109: Chapter 8 Configuring Nodes And Interfaces

    The topology database is established during the initial installation of Symantec Network Security, including several default network objects. Using the Network Security console, you can add or edit objects to make the topology database reflect your actual network configuration.

  • Page 110: Configuring Appliance Nodes

    You can edit slave and master node objects when connected to the master node with the Network Security console. For detailed information about the different types of nodes, see the Symantec Network Security Administration Guide.

  • Page 111: Node Options Tab Fields

    Monitoring groups can be created by superusers or admins. The console display can be filtered to show only the incidents from selected monitoring groups. See the Symantec Network Security Administration Guide for more information.

  • Page 112: Advanced Network Options Tab Fields

    If the current master node fails, another node in the group takes over as the functioning master. See the Symantec Network Security Administration Guide for more information. Master Node Sync The passphrase that is assigned when adding the node.

  • Page 113: Adding Or Editing An Appliance Node

    The hostname of the 7100 Series node. Adding or editing an appliance node The procedures for adding and editing Symantec Network Security 7100 Series nodes are very similar. The Edit dialog box has the same editable fields as the Add dialog box, with the exception of the Master Node Sync Information field.

  • Page 114: Configuring Appliance Interfaces

    106 Configuring nodes and interfaces Configuring appliance interfaces If the node is behind a NAT router, this IP address is the publicly visible address. Note: If you edit the IP address of a node, you will be prompted to edit settings in the Advanced Network Options tab.

  • Page 115: Configuring Monitoring Interfaces

    Network Security console. Configuring monitoring interfaces When you create a 7100 Series node object in your topology tree, Symantec Network Security automatically adds monitoring interface objects for the node. These interfaces default to passive mode. See “Passive mode”...

  • Page 116: Editing A Monitoring Interface

    108 Configuring nodes and interfaces Configuring appliance interfaces Table 8-3 Interface tab fields Field Description Expected Throughput A drop-down menu that contains throughput ranges in Mbps or Gbps to select from. Choose a value that fits within the node’s bandwidth license. TCP Reset Interface The interface through which TCP resets will be sent.

  • Page 117: Configuring An In-Line Pair

    Configuring an in-line pair An in-line interface pair is required to operate the Symantec Network Security 7100 Series appliance using in-line mode. When using in-line mode, you can configure policies for blocking malicious traffic before it enters your protected network.
  • Page 118 110 Configuring nodes and interfaces Configuring appliance interfaces About In-line Pair tab fields Table 8-5 provides information about the fields in the In-line Pair tab. Table 8-5 In-line Pair tab fields Field Description Name A descriptive name for the in-line pair of up to 40 characters. This is the object name displayed in the topology tree.

  • Page 119: Adding Or Editing An In-Line Pair

    Configuring nodes and interfaces Configuring appliance interfaces Adding or editing an in-line pair This section describes the procedure for adding or editing an in-line pair. Note that the in-line pair choices are pre-defined in the Network Security console. Other interface combinations are not supported as in-line pairs. To add or edit an in-line pair On the Devices tab, do one of the following: Right-click on the 7100 Series node object and click Add In-line Pair in...

  • Page 120: Configuring An Interface Group

    112 Configuring nodes and interfaces Configuring appliance interfaces On the Networks tab, select the default entry, and click Edit to enter a monitored network address, and then click OK. Click Add to enter any other networks protected by this interface. Enter the network IP addresses in CIDR format.

  • Page 121: Adding Or Editing An Interface Group

    Configuring nodes and interfaces Configuring appliance interfaces Table 8-7 Interface Group tab fields Field Description Expected Throughput The amount of network traffic you expect this interface group to monitor. TCP Reset Interface The designated reset interface to use when sending TCP resets. Description Descriptive text up to 255 characters.
  • Page 122 114 Configuring nodes and interfaces Configuring appliance interfaces In Expected Throughput, click the expected throughput in the pull-down list. The selected value must be less than or equal to the bandwidth license for this node. “Licensing” on page 91. In TCP Reset Interface, click the reset interface in the pull-down list. The selected reset interface must be cabled to access the monitored network.

  • Page 123: Chapter 9 Configuring Detection And Response

    You must start a sensor on an interface, interface group, or in-line pair before Symantec Network Security will detect traffic or attacks. Sensors function on a per interface basis. It is possible for sensors to be running on some appliance interfaces, and not running on others.

  • Page 124: About Protection Policies

    PAD-related port mapping, and custom signatures, see the Symantec Network Security Administration Guide. Symantec Network Security provides a number of predefined protection policies that you can apply directly, or clone and customize to suit your needs. You can apply a policy to one or more interfaces, but an interface can have only one policy applied to it at a time.

  • Page 125: Viewing A Protection Policy

    Configuring detection and response Creating and applying protection policies All protection policy tasks are available on the Policies tab in the Network Security console. This section describes procedures for: Viewing a protection policy ■ Setting policies to interfaces ■ Unapplying or removing policies from interfaces ■...

  • Page 126: Setting Policies To Interfaces

    118 Configuring detection and response Creating and applying protection policies To view a protection policy On the Policies > Protection Policies tab, click a protection policy. Click View. In View Protection Policy, do one of the following: Click Search Events to see all event types plus the Search Parameters ■...

  • Page 127: Enabling/Disabling Blocking On In-Line Pairs

    Configuring detection and response Creating and applying protection policies To unapply a policy on an interface On the Policies > Protection Policies tab, in the right pane, right-click an interface, in-line pair, or interface group. Click Unapply Policy from the pop-up list. Enabling/disabling blocking on in-line pairs If you apply a policy containing blocking rules to an in-line pair, blocking is enabled by default.

  • Page 128: Modifying Custom Protection Policies

    120 Configuring detection and response Creating and applying protection policies To clone a protection policy In the Policies > Protection Policies tab, click a protection policy. Click Clone. In Clone Policy, enter a name for the new protection policy. Click OK. Modify the cloned protection policy.

  • Page 129: Setting Logging Or Blocking On Events In A Policy

    Configuring detection and response Creating and applying protection policies Click View > Search Events if the policy is pre-defined. ■ Click Edit if the policy is user-defined. ■ Provide some or all of the following search criteria: In Event Name, enter a name. ■...
  • Page 130 122 Configuring detection and response Creating and applying protection policies To set logging or blocking on events On Policies, on the Protection Policies tab, do one of the following: Click New. ■ Click Edit. ■ In Add Protection Policy, do one of the following: Click Search Events.

  • Page 131: Deleting Custom Protection Policies

    Configuring detection and response Creating and applying protection policies In Event Properties, in Logging Options, to enable logging for the selected events, check Log Event. Do one of the following: To log events for any source or destination, click Log For All IPs. ■...

  • Page 132: About Response Rules

    Adding response rules ■ Deleting response rules ■ For a full description of all aspects of response rules, see the Symantec Network Security Administration Guide. Adding response rules This section provides the basic procedure for adding a response rule in the Network Security console.
  • Page 133 Configuring detection and response About response rules Note: It can take a few minutes for response rule changes to take effect. You can bypass the wait interval by clicking Admin > Force Database Sync. To add or insert a response rule In the Network Security console, click Configuration >...

  • Page 134: Deleting Response Rules

    126 Configuring detection and response About response rules Jump to a specific rule. ■ 17 Click OK to save your changes and exit the rule. Deleting response rules This section describes how to delete a response rule. To delete a response rule In the Network Security console, click Configuration >...

  • Page 135: Chapter 10 Monitoring And Reporting Events And Status

    Chapter Monitoring and reporting events and status This chapter includes the following topics: About monitoring and reporting events and status ■ Viewing events and incidents ■ Generating reports ■ Monitoring appliance status ■ About monitoring and reporting events and status The Network Security sensors monitor network traffic on the 7100 Series interfaces.

  • Page 136: Viewing Events And Incidents

    128 Monitoring and reporting events and status Viewing events and incidents Viewing events and incidents The Incidents tab provides a multi-level view of both incidents and events. The upper pane shows incident information. When you click on an incident, the lower pane displays the correlated events for that incident.

  • Page 137: Viewing Event Details

    You can mark, annotate, email, copy and paste, save, and print incident data. You can also change the display by using filters and by choosing table columns. See the Symantec Network Security Administration Guide for more information on these topics.

  • Page 138: Monitoring Appliance Status

    Click File > Close to close the report. For detailed information about report types and report scheduling, see the Symantec Network Security Administration Guide. Monitoring appliance status You can monitor the status of a 7100 Series node from the LEDs, the LCD panel, or from the Network Security console.

  • Page 139: Viewing Status On The Lcd Screen

    7161 The model number is displayed. SNS S/W version: ■ The version of Symantec Network Security that is running on the appliance. CPU Temp(s) ■ 32 34 The internal temperature of the CPU is displayed. For a 7160 or 7161, two values are shown for the two processors.

  • Page 140: Viewing Status On The Network Security Console

    If an interface, interface group, or in-line pair is running at a higher bandwidth, Symantec Network Security starts multiple sensor processes to handle the expected throughput. It can start up to four sensor processes. When you click the interface object, the status display in the right pane includes a column for each sensor process and a column for the aggregate values.

  • Page 141: Interface Status Parameters

    Current Average Bandwidth The bandwidth averaged over the last statistics ■ interval. Current Versions Network Security Version The version of Symantec Network Security on the ■ node. Security Update The Security Update (SU) level on the node. ■ JLU Version The version of LiveUpdate running on the node.

  • Page 142: In-Line Pair Status Parameters

    134 Monitoring and reporting events and status Monitoring appliance status Table 10-2 Monitoring interface status parameters Parameter Explanation Event Statistics Events/Second The number of security events per second seen on the ■ interface. Displayed for each sensor process. Flow Statistics New TCP Flows/Second The number of new TCP flows per second on the ■...
  • Page 143 Monitoring and reporting events and status Monitoring appliance status Table 10-3 In-line pair status parameters Parameter Explanation Blocked Packet (%) The percentage of packets blocked out of total ■ packets seen. Event Statistics Events/Second The number of security events per second seen on the ■...

  • Page 144: Interface Group Status Parameters

    136 Monitoring and reporting events and status Monitoring appliance status Interface group status parameters When you click an interface group, the following parameters are displayed: Table 10-4 Interface group status parameters Parameter Explanation Packet Statistics Receive Bit Rate (bps) The bits per second currently being received on the ■...

  • Page 145: Chapter 11 Maintaining And Administering The 7100 Series

    Using the serial console ■ About maintaining and administering the appliance Maintenance and administration on the Symantec Network Security 7100 Series is essential for managing the appliance and its software. This includes making backups, restarting software and hardware, and other basic administrative tasks.

  • Page 146: Managing Log Files And Backups

    Managing log files and backups Managing log files and backups Symantec Network Security provides a way to automate log file rotation to archive logs before they grow too large. You can choose from several options to back up your configuration and other data, including using a compact flash card.

  • Page 147: Using Scp To Rotate Log Files

    Parameters and choose a node from the pull-down list in Select Node. Click OK. In Symantec Network Security Configuration Parameters, under Log and Database Parameters, set values for each of the listed parameters. In Size to Trigger Rotation, enter the rotation size.

  • Page 148: Backing Up And Restoring

    Backup files are saved in tar format. When restoring files, you can choose from saved files on both the hard drive and compact flash. Periodic backups of the Symantec Network Security configuration on the master node are an important part of routine maintenance. This section describes the...

  • Page 149: Backing Up A Configuration

    Managing log files and backups standard procedures for backing up and restoring configuration data, using the hard drive to store the files. For more information about backup and restore, see the Symantec Network Security System Administration Guide. Backing up a configuration This section describes the standard procedure for backing up a node configuration.

  • Page 150: About The Compact Flash

    About the compact flash All models of the Symantec Network Security 7100 Series have a compact flash (CF) adapter, located on the back panel. The CF adapter is a device that reads from and writes to compact flash cards of up to 1 GB capacity.

  • Page 151: Making A Non-Bootable Compact Flash Card

    Maintaining and administering the 7100 Series Managing log files and backups Making a non-bootable compact flash card Many CF cards that you purchase new are bootable, with one partition. You should not insert such a card into the appliance and then reboot. The appliance will try to boot from the empty partition, and must be powered off and then rebooted after ejecting the CF card.

  • Page 152: Using The Compact Flash For Backup And Restore

    144 Maintaining and administering the 7100 Series Managing log files and backups fdisk /dev/sda using the device name for your adapter. To print out the current partitioning, type p. To delete all existing partitions, type d one or more times, once for each partition on the card (up to four).

  • Page 153: Using The Compact Flash For Backup

    Maintaining and administering the 7100 Series Managing log files and backups Using the compact flash for backup This section describes the procedure for backing up the node configuration onto compact flash. To use the compact flash for backup If a compact flash card is not already accessible, insert a non-bootable CF card into the CF adapter and reboot the appliance.

  • Page 154: Saving Initial Configuration

    146 Maintaining and administering the 7100 Series Managing log files and backups Saving initial configuration You can save an appliance’s configuration information onto the hard drive or onto a compact flash card. The procedure is the same, except that you must insert a non-bootable CF card and reboot the appliance to make the card accessible if you want to save the configuration to compact flash.

  • Page 155: Viewing A Configuration File

    Maintaining and administering the 7100 Series Managing log files and backups To save an initial configuration on compact flash If a compact flash card is not already accessible, insert a non-bootable CF card into the CF adapter and reboot the appliance. “Making a non-bootable compact flash card”...

  • Page 156: Using The Compact Flash During Re-Imaging And Upgrading

    You can restart Symantec Network Security on any node from the Network Security console. You can use serial console to restart Network Security on that node only. The LCD run menu does not include a command to restart Symantec Network Security.

  • Page 157: Stopping Network Security From The Lcd

    Restarting Network Security from the serial console ■ Stopping Network Security from the LCD This section describes the procedure for using the LCD panel to stop Symantec Network Security on the node. To stop Symantec Network Security from the LCD On the appliance front panel, press any button to change the LCD display.

  • Page 158: Starting Network Security From The Lcd

    150 Maintaining and administering the 7100 Series Restarting, rebooting, and powering off Starting Network Security from the LCD This section describes the procedure for using the LCD panel to start Symantec Network Security on the node. To start Symantec Network Security from the LCD On the appliance front panel, press any button to change the LCD display.

  • Page 159: Restarting Network Security From The Serial Console

    To reboot the appliance from the Network Security console On the Devices tab, right-click the node to reboot. In the drop-down menu, click Admin > Reboot Symantec Network Security Node. In Confirmation, click Yes. Rebooting the appliance from the LCD This section describes the procedure for using the LCD panel to reboot the appliance.

  • Page 160: Rebooting The Appliance From The Serial Console

    Wait for the appliance to reboot. Powering off the appliance Before removing power from the appliance, you must shut down Symantec Network Security and the appliance operating system. The LCD panel and the serial console both provide a command that stops the software and powers off the appliance.

  • Page 161: Powering Off The Appliance From The Serial Console

    Maintaining and administering the 7100 Series Restarting, rebooting, and powering off To power off your appliance from the LCD On the appliance front panel, press any button to change the LCD display. If the LCD screen is locked, see “Unlocking the LCD panel” on page 155 to unlock it.

  • Page 162: Using The Lcd Run Menu

    3. Stop SNS Stops the Symantec Network Security application. “Stopping Network Security from the LCD” page 149. 4. Start SNS Starts Symantec Network Security if it is currently stopped. “Starting Network Security from the LCD” page 150. 5. Shutdown Host Shuts downs and powers off the appliance.

  • Page 163: Running Commands On The Lcd Run Menu

    Maintaining and administering the 7100 Series Using the LCD run menu Running commands on the LCD run menu While the LCD panel is not in use, the LCD screen displays a rotating list of appliance health statistics. See “Viewing status on the LCD screen” on page 131.

  • Page 164: Enabling Or Disabling Lcd Locking

    You can change the IP address of the appliance by using the LCD run menu. You can use the Network Security console to change the IP address of any node in the cluster. See the Symantec Network Security Administration Guide for that procedure.
  • Page 165 Maintaining and administering the 7100 Series Using the LCD run menu Press any button to display the LCD run menu unless it is already displayed on the LCD screen. Use the down arrow button to scroll through the menu until you see: SNS7120 2.

  • Page 166: Using The Serial Console

    You must log in with a valid account name and password. The secadm user is the default login name for the serial console. The secadm account can access basic Symantec Network Security and administrative commands. You can gain root privileges by entering the...
  • Page 167 Performs initial configuration of Symantec Network ■ Security. “Serial console initial configuration” on page 76. start Starts Symantec Network Security if it is stopped. ■ “Starting Network Security from the serial console” on page 150. restart Stops, then starts Symantec Network Security.

  • Page 168: Changing Passwords

    160 Maintaining and administering the 7100 Series Using the serial console Table 11-3 Serial console commands Serial console command Explanation reboot Reboots the appliance. ■ “Rebooting the appliance from the serial console” on page 152. shutdown Shuts down and powers off the appliance. ■...

  • Page 169: Changing The Secadm Password

    Before running install-bridge, there are two tasks to perform in order to prepare for using SESA. Preparing to use SESA To use SESA with Symantec Network Security, you must do two things in preparation: Make sure that the appliance host name can be resolved ■...
  • Page 170 Save the file and exit the editor. Making the SIP file available on the SESA manager The Symantec Network Security SIP file is available on the Management Console CD. You can access it directly from the CD or copy it to any location on the SESA manager.

  • Page 171: Running Install-Bridge

    SNS7100> install-bridge The system warns you about stopping Symantec Network Security: To install the SESA Bridge, Symantec Network Security must be stopped and restarted. Continue installing the SESA Bridge? [y] Press Enter to continue. What is the primary SESA manager?

  • Page 172: Uninstalling The Sesa Bridge

    Continue uninstalling the SESA Bridge? [y] Press Enter to continue. The system stops Symantec Network Security. It displays a number of messages about stopping the processes. When Symantec Network Security is stopped, the system uninstalls the SESA agent and bridge software. It displays the message: SESA agent uninstalled.

  • Page 173: Starting The Sesa Agent Manually

    On the serial console, at the prompt, type: SNS7100> elevate and enter the root password. At the shell prompt, type: cd /opt/Symantec/sesa and press Enter. Type: ./agentd -start and press Enter. Stopping the SESA agent manually You can stop the SESA agent manually from the serial console.
  • Page 174 166 Maintaining and administering the 7100 Series Using the serial console...

  • Page 175: Chapter 12 Re-Imaging And Unconfiguring

    ■ About migration ■ About re-imaging and unconfiguring You can unconfigure Symantec Network Security without completely re- imaging your appliance. Unconfiguring leaves the underlying operating system intact, but removes the Symantec Network Security installation and configuration. Re-imaging the Symantec Network Security 7100 Series appliance involves reinstalling operating system software and core Symantec Network Security software.

  • Page 176: Unconfiguring Symantec Network Security

    168 Re-imaging and unconfiguring Unconfiguring Symantec Network Security the new version. Normally an upgrade is provided as a new Symantec Network Security package that includes the new operating system. Instructions for the upgrade procedure are provided with the upgrade package, available on the Symantec Web site.

  • Page 177: Running Unconfig Sns On The Lcd

    ■ Unconfigure and choose a node from the pull-down list in Select Node. Click OK. In Unconfigure, read the message and click Yes to unconfigure Symantec Network Security. The appliance uninstalls Symantec Network Security and reboots. After rebooting, it is ready for initial configuration.

  • Page 178: Running Unconfigure On The Serial Console

    Are you sure you want to do this? [NO/yes] type and press Enter. The appliance displays a number of messages while it uninstalls Symantec Network Security and reboots. After rebooting, the 7100 Series is ready for initial configuration. “About initializing Symantec Network Security”...

  • Page 179: Creating A Bootable Compact Flash

    Re-imaging and unconfiguring Preparing for re-imaging Warning: Do not save the configuration to a file on the hard drive of the node that you are re-imaging or upgrading. The hard drive is reformatted during imaging, and your file will be overwritten. Creating a bootable compact flash In order to establish contact with the Imaging Server at boot time, you will need to boot your appliance from a compact flash.

  • Page 180: Creating A Bootable Compact Flash Using The Imaging Server

    172 Re-imaging and unconfiguring Preparing for re-imaging 10 Type: cd /app/sns7100/appliance/cf_boot/images and press Enter. 11 Do one of the following: If the appliance is a 7120, type: ■ cat 82559er.dsk > /dev/hdc If the appliance is a 7160 or 7161, type: ■...

  • Page 181: Setting Up An Imaging Server

    Eject the CF card and remove it from the USB CF adapter. Setting up an Imaging Server You can use the Symantec Network Security Recovery Software CD to create an Imaging Server in two ways. The easiest way is to boot a PC or laptop from the CD to create an automatic Imaging Server.

  • Page 182: Setting Up A Standard Imaging Server

    Insert the Recovery Software CD into the CD drive of the Imaging Server. Reboot the Imaging Server. Wait while the Imaging Server boots from the Recovery Software CD. When the Symantec Network Security Appliance License and Warranty Agreement is displayed, read the agreement while pressing the space bar for each new page.

  • Page 183: Installing The Recovery Software Cd Onto The Imaging Server

    Once the Imaging Server is installed with RedHat Linux 8.0 or 9.0, you can load all the other required software from the Recovery Software CD provided with the Symantec Network Security 7100 Series appliance. See the following section: Installing the Recovery Software CD onto the Imaging Server ■...

  • Page 184: Connecting The Imaging Server To The Appliance

    176 Re-imaging and unconfiguring Setting up an Imaging Server The scripts checks that the dhcp, nfs, xinetd, and mknbi RPMs are installed. If one or more are not installed, it prompts you with the message: Please go install <rpm name> RPM from /mnt/cdrom/home/bto/tools. To install a missing RPM, use the following commands: cd tools rpm -i <rpm file name>...

  • Page 185: Connecting The Imaging Server To A 7120

    Re-imaging and unconfiguring Setting up an Imaging Server Connecting the Imaging Server to a 7120 Connect the 7120 to the Imaging Server using a crossover cable or a network device such as a hub or switch. To cable the Imaging Server directly to a 7120 Plug one end of the provided 10/100Base-T crossover cable into the RJ45 port on the Imaging Server.

  • Page 186: Connecting The Imaging Server To A 7161

    178 Re-imaging and unconfiguring Re-imaging the appliance Connect a second Ethernet cable from the left-most, top, RJ45 port (port 0) on the 7160 to the hub or switch. Note: If you use a switch, configure it so that the two ports can pass network traffic between them.
  • Page 187 “Powering off the appliance” on page 152. Insert the bootable compact flash into the appliance. Connect the Imaging Server to your Symantec Network Security 7100 Series appliance. “Connecting the Imaging Server to the appliance” on page 176. Re-imaging your appliance will re-install the original manufacturer’s software.
  • Page 188 Warning: The imaging process takes between five and fifteen minutes, and must not be interrupted. Your appliance is now re-imaged and you may proceed with initial configuration. “About initializing Symantec Network Security” on page 67. Note: The default password for a re-imaged appliance is Symantec...

  • Page 189: Upgrading The Console Application

    Security configuration from a backup if you made one before re-imaging. You can use the Network Security console to do the restore. “Managing log files and backups” on page 138. Caution: Be sure to re-install all security updates available on the Symantec Web site: http://www.symantec.com/techsupp/ “About the Web sites”...
  • Page 190 182 Re-imaging and unconfiguring About migration...

  • Page 191: Appendix A Troubleshooting

    Accessing troubleshooting information ■ About troubleshooting You can find up-to-date troubleshooting information for the Symantec Network Security 7100 Series (and all Symantec products) on the Symantec Web site, www.symantec.com. Accessing troubleshooting information Use the following procedure to access troubleshooting information from the Symantec Knowledge Base.
  • Page 192 184 Troubleshooting Accessing troubleshooting information On the Browse tab, expand a category to see a list of knowledge base ■ articles related to that topic. Click an article to view it.

  • Page 193: Appendix B Specifications And Safety

    ■ Safety guidelines ■ Product certifications ■ Product Specifications Table B-1 provides information about product specifications for models 7120, 7160, and 7161 of the Symantec Network Security 7100 Series appliance. Table B-1 7100 Series specifications Parameter 7120 7160 7161 Length 43.18 cm (17 in)

  • Page 194: Safety Guidelines

    190 W 240 W 240 W draw Safety guidelines For your protection, read and follow all safety instructions for the Symantec Network Security 7100 Series before use. Instructions ■ Read and understand all safety and operating instructions before installing and operating the appliance.
  • Page 195 Do not use an extension cord. Warning: To reduce the risk of electrical shock, do not disassemble the appliance. Return it to Symantec if servicing is required. Opening or removing covers may expose you to dangerous voltage or other risks.

  • Page 196: Product Certifications

    Product certifications The Symantec Network Security 7100 Series appliances are designed to meet the following regulatory requirements for public safety: UL and CSA Standard for Safety of Information Technology Equipment ■...
  • Page 197 Specifications and safety Product certifications EN61000-4-4 (1995), EFT/Burst: 1kV Power, 0.5 kV Signal Cables ■ EN61000-4-5 (1995), Surge: 1kV (L-L), 2 kV (L-G) ■ EN61000-4-6 (1996), Conducted RF Immunity: 3V, 150 kHz - 80 MHz ■ EN61000-4-11 (1994): >95%/0.5T, 30%/25T, >95%/250T ■...
  • Page 198 190 Specifications and safety Product certifications...

  • Page 199: Appendix C Service Manual

    About the removable hard drive This service manual provides instructions for removing the hard drive from the Symantec Network Security 7100 Series appliance models 7160 and 7161. The 7160 and 7161 have a hard drive that you can remove by means of a pullout panel on the bottom of the appliance.

  • Page 200: Removing The Hard Drive

    This feature of the 7100 Series appliance is provided solely for the protection of your private data while your appliance is away from your site. When Symantec sends you the repaired or replacement appliance, it will contain a new hard drive.
  • Page 201 Service Manual Removing the hard drive Optionally remove the appliance from the rack and turn it upside down. Using a Phillips screwdriver, loosen the four screws on the pullout panel. Pull the panel away from the appliance. It remains attached to the appliance interior with a safety strap. Detach the power cable from the hard drive.
  • Page 202 194 Service Manual Removing the hard drive Using a Phillips screwdriver, loosen the four screws that are holding the hard drive in place. Be sure to leave the metal plate attached to the inside of the pullout panel. 10 Carefully slide the hard drive out of the appliance. 11 Reattach the pullout panel to the appliance by tightening the four panel screws.
  • Page 203 Index Numerics licensed bandwidth 98 node 105 7100 Series node options 103 about 9 protection policy 119 models 11 response rule 124 7120 slave node 74, 75, 81, 83 about 18 administration IP address 89 back panel 18 advanced bypass unit cabling 51 network options 104, 106, 147 cabling 49 alarm 62, 66...
  • Page 204 2 Index backup cables CF 145 included with appliance 15 data included 140 cabling file format 140 7120 49 file location 140 7120 in-line mode 50 file size 144 7160 54 node configuration 141 7160 in-line mode 56 onto CF 144 7161 62 bandwidth 7161 in-line mode 64...
  • Page 205 Index in monitored networks 108 IP address from logging criteria 123 cloning predefined policies 116 protection policy 119 response rule 126 clusters 41 sample monitored network 108 changing IP in 103, 156 to change model number 105 failover group in 104 unapply policies before 124 initial config using CF 146 denial of service.
  • Page 206 4 Index monitoring interface 107, 108 forcing node 105, 147 link parameters 38 node fields 102 fulfillment ID 99, 133 predefined policies 116 slave nodes 102 topology database 101 gateway 70 electrical default 147 shock prevention 187 generating elevate reports 129 command 158 SSH keys 138 Engine Updates.
  • Page 207 Index on bypass unit 38 on bypass unit 35 initialization. See initial configuration starting sensor on 115 in-line mode status 133 interface group about 31 alerting 31 adding 112, 113 blocking 31 deployment 33 compared to passive 33 editing 112, 113 deployment 33 interfaces in 34 fail-open 35...
  • Page 208 102 requesting 94, 95 in failover group 104 support 99 initial config with serial console 77 Symantec serial number 94 initial configuration with LCD 69 Symantec System ID 94 installing license on 96 link parameters management IP 103...
  • Page 209 181 interfaces on 7120 18 verify parameters with 39 interfaces on 7160 19 Windows requirements 86 interfaces on 7161 20 Network Security. See Symantec Network Security traffic, default method 30 types 185 node adding 105 NAT address 89 Advanced Network Options field 104...
  • Page 210 8 Index default 68 elevate 159 object entering on LCD 71 adding node 105 erase all 168 adding slave 74, 75 for serial console 76 automatic creation 105 in configuration 170 click for details 102 initially used for 71 click to view status on 132 initially used for, on slave 75 default node 102 LCD panel 24, 155, 161...
  • Page 211 Index adding new 119 from serial console 151 applying 118 restore backing up 140 cluster 141 from CF 145 cloning 119 deleting 123 node 141 editing 120 reapply updates 142 enabling/disabling blocking 119 requirements 141 for in-line pair 33 root for interface group 34 account 158 modifying custom 120...
  • Page 212 Network Security on serial console 149 about 25 SU 43 connecting 50, 55, 63 SESA Java website 87 agent 165 Symantec Enterprise Security Administrator. See SESA deployment 42 installing bridge 163 Symantec Network Security manual agent start 165 accessing on serial console 84...
  • Page 213 152 ventilation stopping or starting 148 appliance 186 unconfigure 168 verify version 131, 133 link parameters 39 Symantec System ID verifying materials 14 determining 94 viewing event details 129 incident details 128 incidents 128 TCP flows 134, 135, 136...
  • Page 214 12 Index...

This manual is also suitable for:

712071607161

Table of Contents