Broadcom Symantec S550 User manual
Symantec™ Endpoint Detection and Response 4.5 Installation
Guide for the S550 appliance
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Table of Contents
Copyright statement............................................................................................................................ 4
System Requirements..........................................................................................................................5
Symantec EDR version support for appliances........................................................................................................... 5
Browser requirements for the EDR appliance console............................................................................................... 5
System requirements for Symantec Endpoint Protection integration....................................................................... 5
Planning for installation...................................................................................................................... 7
Pre-installation checklist for physical appliances........................................................................................................7
Physical appliance installation worksheet.................................................................................................................... 8
About operating roles, operating modes, and network connections.......................................................................11
About selecting a network scanner............................................................................................................................. 13
About network configurations and port connections................................................................................................13
Where to place the appliance in your network for best results............................................................................... 15
Required firewall ports.................................................................................................................................................. 19
Proxy recommendations................................................................................................................................................23
Symantec EDR platform support matrix......................................................................................................................23
Obtaining a Symantec EDR license file and installing it........................................................................................... 24
Installing the physical appliance......................................................................................................25
S550 appliance installation workflow.......................................................................................................................... 25
Connecting the cables on the S550 appliance........................................................................................................... 26
Powering on the S550 appliance and verifying the LEDs......................................................................................... 27
Configuring the serial terminal or terminal emulation software............................................................................... 28
Rack-mounting the S550 appliance............................................................................................................................. 28
Running bootstrap............................................................................................................................. 33
Running bootstrap to configure the appliance...........................................................................................................33
Running the setup wizard.................................................................................................................35
Running the setup wizard............................................................................................................................................. 35
status_check command.................................................................................................................................................36
Post-installation tasks....................................................................................................................... 37
Completing setup tasks.................................................................................................................................................37
Testing Symantec EDR for successful monitoring or blocking................................................................................. 38
Testing the appliance bypass mode......................................................................................................................... 38
Accessing the EDR appliance console........................................................................................................................39
Appendix Materials............................................................................................................................ 40
Appendix A: Ports, connectors, and indicators on the appliance................................................ 41
About appliance ports, connectors, and indicators...................................................................................................41
2
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Appendix B: Hardward specifications..............................................................................................43
Symantec S550 appliance specifications................................................................................................................. 43
Appendix C: Re-installing Symantec EDR onto the S550..............................................................45
Re-installing Symantec EDR onto the 550 appliance from a USB stick or DVD......................................................45
3
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Copyright statement
Copyright statement
Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.
Copyright ©2020 Broadcom. All Rights Reserved.
The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit
www.broadcom.com.
Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,
function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does
not assume any liability arising out of the application or use of this information, nor the application or use of any product or
circuit described herein, neither does it convey any license under its patent rights nor the rights of others.
4
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
System Requirements
Symantec EDR version support for appliances
The Symantec S550 appliance supports Symantec EDR 4.1 and later.
Browser requirements for the EDR appliance console
Browser requirements for the EDR appliance console lists the web browsers that are compatible with the EDR appliance
console. JavaScript must be enabled in the browser and cookies must be allowed. The minimum resolution for viewing the
EDR appliance console is 1280x1024.
Table 1: Browser requirements for the EDR appliance console
Browser Version
Microsoft Internet Explorer 11 or later
Note: Quick filters are not supported.
Mozilla Firefox 81.0 or later (64-bit)
Google Chrome 85.0.4183.121 or later (64-bit)
Microsoft Edge Version 85.0.564.63 or later (64-bit)
Safari Not supported
Opera Not supported
System requirements for Symantec Endpoint Protection integration
Symantec Endpoint Protection version requirements
Symantec Endpoint Detection and Response can integrate with Symantec™ Endpoint Protection for enhancing event
information and providing Endpoint Communications Channel (ECC) functionality. Symantec EDR has certain version
requirements based on various components of SEP.
The minimum SEPM version is 12.1 RU6 or later. Symantec EDR can connect to multiple SEP sites with one connection
per SEP site, up to a total of ten connections to SEPM hosts.
Symantec EDR can manage the client endpoints that run SEP version 12.1 RU 6 MP3 or later with full ECC functionality.
However, clients must be running SEP 14 or later to take advantage of ECC 2.0 functionality.
Client endpoints that run versions earlier than SEP 12.1 RU5 are not supported. Some functionality is limited for the
clients that run on versions between SEP 12.1 RU5 and 12.1 RU6 MP3. The Symantec EDR documentation describes
any functionality limits based on the version of the SEP client.
Synapse log collector database requirements
SEPM 14.3 RU1 or later uses Microsoft SQL Express as its database for log collection. Symantec EDR can access the
database without any special host system requirements.
SEPM 14.3 MP1 or earlier supports either the MS SQL Server database or an embedded database. When SEPM uses
an embedded database, Symantec EDR uses a log collector on the SEPM host. This log collector requires the SEPM host
to be running one of the following operating systems:
5
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
•Windows 7 (64-bit only)
•Windows 8 (64-bit only)
•Windows Server 2008
•Windows Server 2012
•Windows Server 2012 R2 or later (recommended)
See the Symantec Endpoint Protection documentation for SEPM system requirements.
6
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Planning for installation
Pre-installation checklist for physical appliances
Pre-installation checklist lists the actions to complete and the information to have ready before you install a physical
appliance.
Table 2: Pre-installation checklist
Action/Item Description
Collect tools. Have the following items on hand:
•#2 Phillips head screwdriver
•8mm wrench (or an adjustable wrench)
•Equipment rack specific mounting hardware
(refer to your equipment rack guide for more
information)
•Marker pen (optional)
•Mechanical lift (optional)
•Slide rail kit
Ensure your environment has the required resources. Symantec EDR version support for appliances
Symantec EDR platform support matrix
Have a serial terminal local to the appliance. To perform the bootstrap, you'll need a serial
terminal (computer). This computer can be a
specialized, standalone internal server or a
Windows server that runs PUTTY. It can be
convenient if it provides remote access via RDP or
HTTP. This computer also needs to be local to the
appliance.
Configuring the serial terminal or terminal emulation
software
Have Ethernet cables (up to four normal cables and two crossover cables)
available.
The number and types of cables depends on your
network configuration and the number of LAN and
WAN ports on the appliance. For example, to permit
the ethernet interfaces to negotiate 1000 Mbps,
either cat5e or cat6 cables are required.
You may need crossover cables for an Inline
deployment.
Crossover cables aren't required if one or both
devices (switch, firewall) connected to the WAN
port and LAN port have automatic MDI/MDI-X.
Where to place the appliance in your network for
best results
Open required ports on the firewall and other network devices. Make sure that the necessary ports are open on
your firewall and other network devices to allow
traffic from or to the Symantec EDR device. For
example, HTTP 80 and HTTPS 443.
Required firewall ports
7
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Action/Item Description
Decide on the operating role and operating mode. The operating configuration roles are as follows:
•All-in-one
•Management platform
•Network scanner
About operating roles, operating modes, and
network connections
About network configurations and port connections
Obtain the license file and make sure that the license file is accessible. Make sure you can browse to and select the
Symantec license file from the computer you use to
run the setup wizard.
Obtaining a Symantec EDR license file and
installing it
Complete the installation worksheet. Make all of the decisions that you'll need for
installation before you start. Having this information
at hand ensures that the installation process runs
smoothly and quickly.
Physical Appliance Installation Worksheet
Physical appliance installation worksheet
Symantec EDR recommends that you complete the Installation Worksheet fully prior to commencing installation. Provide
this checklist to the administrators who will be performing the installation tasks. You should also retain a copy for your
records for archival and backup purposes.
Table 3: Set up serial terminal or terminal emulation software (S550 appliance only)
Configuration Description Value to input
Configure the terminal
emulation software.
You must configure the terminal program to be
able to run the bootstrap.
•Baud rate = 9600 bps
•Parity = None
•Flow control = None
•Data bits = 8
•Stop bits = 1
Configuring the serial terminal or terminal emulation software
Table 4: Bootstrap configuration (all physical appliances)
Configuration Description Value to input
New password: A new, secure password for the console. This
password replaces the default password,
symantec.
Provide this information to the administrator installing the
appliance in a secure method.
Ensure that the password is retained in a secure location
for archival purposes.
Weak password
Try another [y/n]?
Note: A password that is similar to a word in
the Dictionary, is too short, or not complex
enough is less secure. Symantec EDR will ask
you to confirm using a weak password.
________ yes
________ no
8
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Configuration Description Value to input
Re-enter new password: Confirm the new password. Provide this information to the administrator installing the
appliance in a secure method.
Ensure that the password is retained in a secure location
for archival purposes.
Select one of the
following appliance roles:
1 = Management
platform ..., 2 = Network
scanner ..., 3 = All-in-
one ... []?
Specify the appliance's role.
About operating roles, operating modes, and
network connections _______ 1 - Management platform
_______ 2- Network scanner
_______ 3- All-in-one
Configure the
management port. IPv4
address []:
The static IP for the management port. For a
management platform or all-in-one appliance,
this IP address is used to access the EDR
appliance console from a browser.
________.________.________.________
IPv4 netmask []: The network mask for the management port
IPv4 address. ________.________.________.________
Gateway []: The IP address for the gateway (switch
or router) that the appliance can use to
communicate with the rest of your network.
________.________.________.________
Name server (IPv4) []: The IP address of a name server that the
appliance can use to resolve IP addresses. ________.________.________.________
Configure another
nameserver? [y/n]
Yes add an additional name server or No to
use only one name server. If yes, provide the
IP address of a second name server.
________ yes
________.________.________.________
________ no
Network scanner role only:
IP address of the
Management Platform:
The management port IP address of the
management platform appliance that controls
this scanner.
________.________.________.________
Management platform or
network scanner roles only:
Communication Channel
password:
A secure password to encrypt
communications between the management
platform and all its network scanners.
This password must be the same for the
management platform and all network
scanners. It should be different from the
management console password. Letters,
numbers, periods, underscores, and hyphens
are allowed, and the password can be up to
50 characters.
Provide this information to the administrator installing the
appliance in a secure method.
Ensure that the password is retained in a secure location
for archival purposes.
Management platform or
network scanner roles only:
Re-enter Communication
Channel password:
Confirm password. Provide this information to the administrator installing the
appliance in a secure method.
Ensure that the password is retained in a secure location
for archival purposes.
Configure IPv4 static
routes? [y/n]
Yes to configure an IPv4 static route or no to
skip this configuration step.
Static routes may be required. For example,
use static routes to connect a network
scanner to its management platform.
________ yes
________ no
Destination (CIDR
allowed):
Gateway:
If you choose to configure IPv4 static routes,
provide a destination IP address and the
gateway IP address.
________.________.________.________
9
Symantec™ Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Configuration Description Value to input
Add another route? [y/n] Yes to configure an additional IPv4 static
route. No to go to the next prompt.
You can configure up to three IPv4 static
routes in bootstrap. You can configure
additional static routes in the EDR appliance
console.
________ yes (up to three supported)
________.________.________.________
________.________.________.________
________.________.________.________
________ no
What do you want to call
this device?
The name to identify this system in the EDR
appliance console. Letters, numbers, spaces,
periods, and hyphens are allowed, and the
name can be up to 50 characters.
__________________________________
Set NTP server [] The IP address or FQDN of the NTP server.
Setting an NTP server ensures that the
appliance has an accurate time to indicate
when detections occurred.
________.________.________.________
Running bootstrap to configure the appliance
Table 5: Setup wizard
Configuration Description Value to input
Access EDR appliance
console.
This is the static IP for the management port
that was specified during bootstrap. ________.________.________.________
Upload License You must upload a license before the
Symantec EDR device is functional. You
cannot use Symantec EDR after initial
installation without a license. No grace period
exists.
Symantec EDR license location:
______________________________________
SMTP Settings Symantec strongly recommends that you specify the SMTP settings in the setup wizard. Doing so lets
you recover a lost password. Otherwise, you can check Skip adding SMTP server configuration and
specify the settings later in the EDR appliance console.
SMTP Server and Port The fully qualified domain name and port
number of the secure mail server. ________.________.________.________
Appliance Email The email address where alerts, such as a
license expiration notification, are sent from. ___________________@_____________._____
Authorize If your mail server requires a secure logon
to receive messages, type a user name and
password that Symantec EDR can use to
authenticate with the mail server.
User name:
_______________________________
Password:
Provide this information to the administrator installing the
appliance in a secure method.
Ensure that the password is retained in a secure location
for archival purposes.
Create an Administrative
account
These are the login credentials for the initial administrator account. You need this logon to complete the
setup wizard.
This administrator can create additional user accounts, including additional administrator accounts.
Logon name Initial administrator logon name _______________________________
Display name The initial administrator's display name as it
appears in the EDR appliance console. _______________________________
User email address The initial administrator's email address for
notifications. ____________________@____________._____
10
Table of contents
Other Broadcom Firewall manuals
