McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance Product Manual
  1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Accessories
  5. IIP-S41K-NA-100I - IntruShield 4010 Sensor...
  6. Product manual
McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance Product Manual

McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance Product Manual

Intrushield® ips
Hide thumbs
Table of Contents

Advertisement

Quick Links

McAfee® IntruShield® IPS
IntruShield Sensor 4000
version 4.1
McAfee
®
Network Protection
Industry-leading intrusion prevention solutions
IntruShield Sensor 4000 Product Guide
revision 7.0

Advertisement

Table of Contents
loading

Related Manuals for McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

Summary of Contents for McAfee IIP-S41K-NA-100I - IntruShield 4010 Sensor Appliance

  • Page 1 IntruShield Sensor 4000 Product Guide revision 7.0 McAfee® IntruShield® IPS IntruShield Sensor 4000 version 4.1 McAfee ® Network Protection Industry-leading intrusion prevention solutions...
  • Page 2 The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.

  • Page 3: Table Of Contents

    Contents Preface ..................v Introducing McAfee IntruShield IPS ....................v About this guide ..........................v Contents of this guide......................v Audience ............................vi Conventions used in this guide .....................vi Related Documentation........................vii Contacting Technical Support...................... viii Chapter 1 An introduction to IntruShield sensors ....1 What is an IntruShield sensor?......................
  • Page 4 Using fail-open hardware .....................21 Cabling for in-line mode....................... 22 Cabling for Tap mode ........................22 Cabling I-4000 GBIC ports in external Tap mode ..............22 Cabling for SPAN mode....................... 23 Cabling the I-4000 sensor to monitor in SPAN or hub mode ..........23 Cabling the failover interconnection ports................23 Index ..................

  • Page 5: Preface

    Preface This preface provides a brief introduction to McAfee IntruShield, discusses the information in this document, and explains how this document is organized. It also provides information such as the supporting documents for this guide and how to contact McAfee Technical Support.

  • Page 6: Audience

    McAfee® IntruShield® IPS 4.1 Preface IntruShield Sensor 4000 Product Guide Audience • Chapter 4: Attaching Cables to the I-4000 Sensor (on page 18) describes how to attach monitoring and response cables to the sensor, and how to cable the sensor to operate in various operating modes.

  • Page 7: Related Documentation

    McAfee® IntruShield® IPS 4.1 IntruShield Sensor 4000 Product Guide Related Documentation Convention Example Information that you must read Caution: before beginning a procedure or that alerts you to negative consequences of certain actions, such as loss of data is denoted using this notation.

  • Page 8: Contacting Technical Support

    Information http://www.mcafee.com/us/about/contact/index.html page. Note: McAfee requires that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.

  • Page 9: Chapter 1 An Introduction To Intrushield Sensors

    TCP connections, “scrubbing” malicious packets, and even blocking attack packets entirely before they reach the intended target. Sensor platforms McAfee offers multiple sensor platforms providing different bandwidth and deployment strategies.

  • Page 10: The Intrushield 4000 Sensor

    McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 4000 Product Guide The IntruShield 4000 sensor This document describes the I-4000 sensor. The IntruShield 4000 sensor The IntruShield 4000 sensor (the I-4000), designed for high-bandwidth links, is equipped to support two full-duplex Ethernet segments, or four SPAN ports transmitting no more than 2 Gbps for up to 2 Gbps of aggregated traffic.

  • Page 11: Front Panel Leds On The I-4000

    . Power supply B is a hot-swappable, redundant power supply. This power supply also uses a standard IEC320-C13 port, and you can use the McAfee-provided cable or acquire one that meets your specific needs. The I-4000 does not have internal taps; it must be used with a 3rd party external tap to run in tapped mode.
  • Page 12 McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 4000 Product Guide The IntruShield 4000 sensor Status Description Power A Green Power Supply A is functioning. Amber Power Supply A is not functioning. Power B Green Power Supply B is functioning.
  • Page 13 McAfee® IntruShield® IPS 4.1 An introduction to IntruShield sensors IntruShield Sensor 4000 Product Guide The IntruShield 4000 sensor Status Description Response Port Link Green The link is connected. The link is disconnected.

  • Page 14: Chapter 2 Before You Install

    H A P T E R Before you install Sensor specifications, safety measures, unpacking a sensor This chapter describes best practices for deployment of IntruShield sensors on your network. Topics include system requirements, site planning, safety considerations for handling the sensor, and usage restrictions that apply to the sensor. I-4000 sensor specifications The following table lists the specifications of the I-4000 sensor.

  • Page 15: Sensor Capacity For I-4000 Sensor

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 4000 Product Guide Sensor capacity for I-4000 sensor Sensor Description Specifications Relative Humidity Operating (Non-condensing) 10%-90% non-condensing Non-operating 5% to 95% non-condensing System Heat 1194.3 BTU/hr Dissipation Airflow 200 lfm (1 m/s)

  • Page 16: Network Topology Considerations

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 4000 Product Guide Network topology considerations Default number of supported UDP Flows 100,000 Supported UDP Flows 750,000 DoS Profiles 5000 SYN rate (64-byte packets per second) 1,000,000 ACL Rules (refer to note below)

  • Page 17: Safety Measures

    McAfee® IntruShield® IPS 4.1 Before you install IntruShield Sensor 4000 Product Guide Safety measures considerations for IntruShield deployment, see Pre-deployment considerations, Planning and Deployment Guide Safety measures The safety measures given below apply to all sensor models unless otherwise specified. Carefully read the following warnings before you install the product.

  • Page 18: Working With Fiber-Optic Ports

    • The sensor appliance is not a general purpose workstation. • McAfee prohibits the use of the sensor appliance for anything other than operating the IntruShield IPS. • McAfee prohibits the modification or installation of any hardware or software in the sensor appliance that is not part of the normal operation of the IntruShield IPS.
  • Page 19 Before you install IntruShield Sensor 4000 Product Guide Unpacking the sensor • one power cord. McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire). International customers must procure a country-appropriate power cable. • one set of rack mounting ears •...

  • Page 20: Setup Overview

    H A P T E R Setting up the I-4000 sensor prior to configuration This chapter describes the process of setting up a sensor prior to configuring it via the ISM. Setup overview Setting up a sensor involves the following steps: Positioning the sensor.

  • Page 21: Mounting The I-4000 Sensor In A Rack

    Figure 2: Attaching the mounting ears to the sensor chassis Mounting the I-4000 sensor in a rack McAfee recommends rack-mounting your sensors. The rack-mounting hardware included with the sensors is suitable for most 19-inch equipment racks and telco-type racks. For maintenance purposes, you should have access to the front and rear of the sensor.

  • Page 22: Installing The I-4000 Redundant Power Supply

    McAfee® IntruShield® IPS 4.1 Setting up the I-4000 sensor prior to configuration IntruShield Sensor 4000 Product Guide Installing the I-4000 redundant power supply Mount the sensor by securing the ears to two posts or mounting strips in the rack. Because the ears bear the weight of the entire sensor, be sure to fasten the ears securely to the rack.

  • Page 23: Removing A Power Supply

    Note: For true redundant operation with the optional redundant power supply, McAfee recommends that you plug each supply into a different power circuit. For optimal protection, use uninterrupted power sources. Removing a power supply To remove a power supply from the I-4000 (Optional—the power...

  • Page 24: Installing Gbics

    Installing GBICs Installing GBICs A GBIC is a hot-swappable input/output device that plugs into a Gigabit Ethernet port, linking the module port with a fiber-optic network. Use only McAfee-approved GBICs either purchased from McAfee or from certified vendors. Note: To ensure compatibility, McAfee supports only those GBICs purchased through McAfee or from a McAfee-approved vendor.

  • Page 25: Removing A Gbic

    The I-4000 sensor has no power switch. The sensor powers on as soon as one of its power cables is connected to a power source. Powering off the sensor McAfee recommends that you use the shutdown CLI command to halt the sensor Sensor before powering it down. For more information on CLI commands, see...

  • Page 26: Chapter 4 Attaching Cables To The I-4000 Sensor

    Follow the steps outlined in this chapter to connect cables to the various ports on your sensor. Cabling the Console port The Console port is used for setup and configuration of the sensor. For console connections, plug the DB9 Console cable supplied by McAfee into Console Console port (labeled on the sensor front panel).

  • Page 27: Cabling The Response Ports

    Connect the other end of the cable to the network device (for example, hub, switch, router) that in turn connects to the ISM server. Note: To isolate and protect your management traffic, McAfee strongly recommends using a separate, dedicated management subnet to interconnect the sensors and the ISM.

  • Page 28: Cabling The I-4000 Monitoring Ports

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-4000 Sensor IntruShield Sensor 4000 Product Guide Cabling the Management port Cabling the I-4000 Monitoring ports Connect to the network devices you will be monitoring via the sensor Monitoring ports. You can deploy sensors in the operating modes shown in the following table.

  • Page 29: Default Monitoring Port Speed Settings For I-4000

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-4000 Sensor IntruShield Sensor 4000 Product Guide Cabling the Management port Default Monitoring port speed settings for I-4000 Be sure that the switch/router ports connected to the sensor Monitoring ports match the sensor configuration.

  • Page 30: Cabling For In-Line Mode

    The I-4000 sensor’s GBIC ports must be used with a 3rd party external tap. Note: For a list of approved 3rd party vendors, see the KnowledgeBase at Mcafee Support Site https://mysupport.mcafee.com. External tap mode requires a port pair (for example, 1A and 1B).

  • Page 31: Cabling For Span Mode

    McAfee® IntruShield® IPS 4.1 Attaching cables to the I-4000 Sensor IntruShield Sensor 4000 Product Guide Cabling for SPAN mode Cabling for SPAN mode Cabling the I-4000 sensor to monitor in SPAN or hub mode When you monitor in SPAN or Hub mode, you do not need to use a port pair. You can use single ports.
  • Page 32 McAfee® IntruShield® IPS 4.1 Attaching cables to the I-4000 Sensor IntruShield Sensor 4000 Product Guide Cabling for SPAN mode Plug the cable appropriate for use with your GBIC into port 2A of the active sensor. Connect the other end of the cable to port 2A of the standby sensor.
  • Page 33 McAfee® IntruShield® IPS 4.1 Attaching cables to the I-4000 Sensor IntruShield Sensor 4000 Product Guide Cabling for SPAN mode Caution 2: A very brief link disruption may also occur while the links between the sensor and each of the peer devices are renegotiated to place the sensor back in in-line mode.

  • Page 34: Index

    failover ..............24 fan LED ..............4 Index flash LED ..............4 front panel LEDs ............4 10/100 ports GBIC Monitoring ports ..........2 10/100 Management port ........20 10/100 Monitoring ports Link LED ....... 4 10/100 Response port ........20 heat requirements ............
  • Page 35 tap mode ..............23 Temp LED ..............4 using fail-open hardware........25...

This manual is also suitable for:

Intrushield 4000

Table of Contents