Mcafee Ns3500 User manual

This quick start guide explains how to quickly set up and activate your McAfee® Network Security Platform NS3500

Sensor in inline mode. This model has a throughput of 100 Mbps and 200 Mbps depending on the license

purchased.

All product documentation referenced in this quick start guide is found on the McAfee Documentation and McAfee

Service Portal.

The NS3500 Sensor model

Figure 1 Sensor front panel

1Power LED 4Speed LED for each ethernet port

2Status LED 5Link LED for each ethernet port

3Hard drive LED

Figure 2 Sensor rear panel

1Power supply (12V DC IN)

2Power switch

Revision B

McAfee Network Security Platform

(NS3500 Quick Start Guide)

3RJ-45 Console port (1)

4USB ports (2)

5RJ-45 10/100/1000 Management port (MGMT) (1)

6RJ-45 10/100/1000 Response port (R1) (1)

7RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (4)

1 Verify the contents in the box

The following accessories are shipped in the NS3500 Sensor crate:

• Sensor

• 12V DC adapter with power cord

• Printed Quick Start Guide

• RJ45 to DB9 console cable

• Set of rack mounting ears with screws

• Set of rubber feet (4x)

The set of rubber feet can be used if the Sensor is placed in a desktop setting.

2 Verify the hardware and software requirements

Make sure to meet the following hardware requirements. For more information, see the McAfee Network

Security Platform Installation Guide.

The following are the system requirements for a Manager and Central Manager server:

Minimum required Recommended

Operating

system

Any of the following:

• Windows Server 2008 R2 Standard or Enterprise Edition,

English operating system, SP1 (64-bit) (Full Installation)

• Windows Server 2008 R2 Standard or Enterprise Edition,

Japanese operating system, SP1 (64-bit) (Full Installation)

• Windows Server 2012 R2 Standard Edition (Server with a

GUI) English operating system

• Windows Server 2012 R2 Standard Edition (Server with a

GUI) Japanese operating system

• Windows Server 2012 R2 Datacenter Edition (Server with a

GUI) English operating system

• Windows Server 2012 R2 Datacenter Edition (Server with a

GUI) Japanese operating system

• Windows Server 2016 Standard Edition (Server with a GUI)

English operating system

• Windows Server 2016 Standard Edition (Server with a GUI)

Japanese operating system

• Windows Server 2016 Datacenter Edition (Server with a

GUI) English operating system

• Windows Server 2016 Datacenter Edition (Server with a

GUI) Japanese operating system

Only X64 architecture is supported.

Windows Server 2016

Standard Edition operating

system

Memory 8 GB

Supports up to 3 million alerts in Solr.

>16 GB

Supports up to 10

million alerts in

Solr.

CPU Server model processor such as Intel Xeon Same

Disk space 100 GB 300 GB or more

Network 100 Mbps card 1000 Mbps card

Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above)

The following are the system requirements for client systems connecting to the Manager application.

Minimum Recommended

Operating

system

• Windows 7, English or Japanese

• Windows 8, English or Japanese

• Windows 8.1, English or Japanese

• Windows 10, English or Japanese

The display language of the Manager client must be

same as that of the Manager server operating

system.

Windows 10, English or

Japanese

RAM 2 GB 4 GB

CPU 1.5 GHz processor 1.5 GHz or faster

Browser • Internet Explorer 10, 11

• Mozilla Firefox

• Google Chrome (App mode in Windows 8 is not

supported)

To avoid the certicate mismatch error and security

warning, add the Manager web certicate to the

trusted certicate list.

• Internet Explorer 11

• Mozilla Firefox 20.0 or

later

• Google Chrome 24.0 or

later

Install the following software:

• Sensor image

• Manager image

• Signature set

3 Install the Sensor on the rack

Follow this procedure to install the Sensor on the rack.

aAttach the ear to the Sensor using three countersink screws.

bSecure the Sensor into the rack using four truss head screws.

4 Connect the Management and Console ports

aOn the back panel of the NS3500 Sensors, plug a Category 5e Ethernet cable in the Management port

(labeled MGMT).

bPlug the other end of the cable into the network device connected to your Manager server.

cOn the back panel of the NS3500 Sensor, plug the RJ45 end of the console cable into the console port

(labeled CONSOLE).

dConnect the other end of the Console port cable directly to a COM port of the PC or terminal server you

are using to congure the Sensor (for example, a PC running correctly congured Windows

Hyperterminal software). You must directly connect to the console for initial conguration, you cannot

congure the Sensor remotely.

Terminal servers are provided for console access. The required settings for Hyperterminal are:

• Baud rate: 115200 • Stop Bits: 1

• Number of Bits: 8 • Control Flow: None

• Parity: None

ePlug the power adapter jack to power inlet connector (labeled DC + 12v) on the back panel of the sensor

and turn the screw lock until the jack is fully secured.

Connect one end of the power cord to the adapter and other end to power source.

5 Connect the monitoring ports

This procedure describes how to connect cables to a Sensor that runs in inline mode.

aPlug the Category 5e Ethernet cable into one of the monitoring ports labeled x (for example, 1).

bPlug the Category 5e Ethernet cable into one of the monitoring ports labeled y (for example, 2).

cConnect the other end of each cable to the network devices that you want to monitor. For example, if you

plan to monitor trac between a switch and a router, connect the cable connected to 1 to the router and

the one connected to 2 to the switch.

6 Install the Manager software

For detailed instructions, see the McAfee Network Security Platform Installation Guide.

You must have administrator rights on the target Windows Server to install the Manager software.

A MySQL database is included with the Manager and is installed (embedded) automatically on your

target Windows Server during this process.

The following steps briey explain the Manager installation:

aPrepare the system according to the requirements outlined in McAfee Network Security Platform Installation

Guide and the McAfee Network Security Platform Release Notes.

bClose all open applications.

cGo to the McAfee Update Server (https://menshen1.intruvert.com) and log on, using the grant number

and password.

dGo to the Manager Software Updates folder and select the latest Manager software version available.

eDownload the .zip le to the target Windows Server and extract the setup le.

fDouble-click Manager_<version>_setup.exe and follow the on-screen prompts.

7 Start the Manager

From the Start menu, select Programs | McAfee | Network Security Manager | Network Security Manager.

8 Add the Sensor to the Manager

After a Sensor is congured with a name and shared key value, you can add the Sensor to the Manager in Add

and Remove Devices page.

Adding a physically installed and network-connected Sensor to the Manager activates communication

between them.

The following steps describe how to add a Sensor to the Manager:

aStart the Manager software.

bLog on to the Manager (the default username is admin and the default password is admin123).

cTo add a Sensor in the Manager, click Devices | <Admin Domain> | Global | Add and Remove Devices, then click

New.

You do not require a license le to enable IPS on NS-series Sensors.

The Add New Device page is displayed.

dEnter the following mandatory information in the appropriate elds.

1) Device Name — The Sensor name must begin with a letter. The maximum length of the name is 25

characters.

2) Device Type — Species the type of device to be added. Select IPS Sensor.

3) Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25

characters in length. The key cannot start with an exclamation mark nor can have any spaces. The

parameters that you can use to dene the key are:

• 26 alphabets: Uppercase and lowercase

(A, B, C,...Z and a,b,c,...z)

• 32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + ‑ =

[ ] { } \ | ; : " ' , . <? /

• 10 digits: 0 1 2 3 4 5 6 7 8 9

The Sensor name and shared secret key entered in the Manager must be identical to the

shared secret entered later during physical installation or initialization of the Sensor (using

CLI) in Step 10 - Congure Sensor information. If not, the Sensor will not be able to register

itself with the Manager.

4) Confirm Shared Secret — Conrm the shared secret key.

5) Updating Mode — Select Online or Offline.

Selecting Offline enables Oine Sensor update. Online is the default mode.

eClick Save. The added Sensor is displayed in the Add and Remove Devices page.

9Congure Sensor information

Congure the Sensor with the network information, a name, and the shared secret key that the Sensor uses to

establish secure communication with the Manager. Use the name and key values you set in Step 8- Add the

Sensor to the Manager.

The rst time you congure a Sensor, you must have physical access to the Sensor.

At any time during conguration, you can type a question mark (?) to get help on the Sensor CLI commands.

For a list of all commands, type commands.

aLog on to the Sensor using the terminal connected to the Console port.

bAt the prompt, log on using the default Sensor user name admin and password admin123.

cOptional, but recommended. Change the Sensor password. At the prompt, type: passwd. The Sensor

prompts you to enter the new password and prompts you for the old password.

A password must contain between 8 to 25 characters, is case-sensitive, and can consist of any

alphanumeric character or symbol.

dSet the name of the Sensor.

You can enter the setup command at the prompt. This automatically prompts you to provide

the information shown in items d through g and item j. Alternatively, you can use the set

command. If you use the set command, manually enter the complete command syntax as

shown in items d through g and item j.

At the prompt, type: set sensor name <word>.

Example: set sensor name HR_sensor1

The Sensor name is a case-sensitive character string up to 25 characters. The string can include

hyphens, underscores, and periods, and must begin with a letter.

eIf the Sensor is not on the same network as the Manager, set the address of the default Gateway. At the

prompt, type: set sensor gateway <A.B.C.D>

Example: set sensor gateway 192.1.1.1

fSet the IP address of the Manager server. At the prompt, type: set manager ip <A.B.C.D>.

Example: set manager ip 192.2.2.2

gSet the IP address and subnet mask of the Sensor. At the prompt, type: set sensor ip <A.B.C.D>

<E.F.G.H>.

Example: set sensor ip 192.3.3.3 255.255.255.0

Specify an IP address using four octets separated by periods: X.X.X.X, where X is a number

between 0 and 255, followed by a subnet mask in the same format.

hIf prompted, reboot the Sensor. Type: reboot

The Sensor can take up to ve minutes to complete its reboot.

iPing the Manager from the Sensor to determine if your conguration settings to this point have

successfully established the Sensor on the network. At the prompt, type:

ping <manager IP address>.

If the ping is successful, continue with the following steps. If not, type show to verify your conguration

settings and check that the information is correct.

jSet the shared secret key value for the Sensor. At the prompt, type:

set sensor sharedsecretkey

The Sensor then prompts you to enter and then conrm the shared secret key value.

This value is used to establish a trust relationship between the Sensor and the Manager. The

secret key value can be between 8 and 25 characters of any ASCII text. The shared key value is

case-sensitive. Make sure that the value matches the shared secret key value you provided in

the Manager interface in Step 8- Add the Sensor to the Manager.

kTo verify the conguration information, type show. Check that all information is correct.

A license is required to activate the baseline throughput of 100 Mbps for NS3500 Sensor. A

dierent license is required to increase the throughput from 100 Mbps to 200 Mbps. For more

information on license, see McAfee Network Security Platform NS3500 Sensor Product Guide.

lTo exit the session, type exit.

10 Verify successful installation

aIn the Sensor CLI, type: status. The status report is displayed.

The Sensor parameter System Initialized must be yes, and for Manager communication Trust

Established must be yes.

bFrom the Manager Dashboard, view the Manager status in the System Health monitor.

The Manager status displays as Up and Sensor status is Active.

open the ports page.

<Device Name> indicates the name of the Sensor you added.

dA policy named Default Prevention is active upon Sensor addition. To view this policy, select Policy |

<Admin Domain Name> | Intrusion Prevention | Policy Types | IPS Policies. Select Default Prevention from the list and

click Edit.

The Default Prevention policy contains attacks already congured with a "blocking" Sensor

response action. If any attack in the policy is triggered, the Sensor automatically blocks the

attack. To tune this or any other McAfee-provided policies, you can clone the policy and then

customize it as described in the McAfee Network Security Platform IPS Administration Guide.

fSelect the port on the Sensor that you cabled to view port settings. Make sure that your port settings

match the cabling, for example, if port 1 is cabled for inline mode, then the mode of operation in the port

setting must be inline mode.

For more information on port settings, see Conguring the monitoring and response ports of a

Sensor chapter in the McAfee Network Security Platform IPS Administration Guide.

11 You're up and running!

Your Sensor is actively monitoring connected segments and communicating with the Manager for

administration and management operations.

aFor detailed usage instructions, see McAfee Network Security Platform IPS Administration Guide, or click

the ? buttons in the upper-right corner of each window in the Manager.

bStart the Analysis | <Admin Domain Name> | Attack Log to view alert statistics as attacks are detected. A

summary of alerts is displayed in the Unacknowledged Alert Summary monitor of the Manager Dashboard page.

cHaving problems? Check McAfee Network Security Platform Troubleshooting Guide for troubleshooting

information.

dMost deployment problems stem from conguration mismatches between the Sensor and the network

devices to which it is connected. Check your duplex and auto-negotiation settings on both devices to

ensure they are synchronized.

If you need to contact Technical Support, go to https://mysupport.mcafee.com.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other

marks and brands may be claimed as the property of others.

16 700-5145B00

Other McAfee Firewall manuals

McAfee

McAfee M-1250 - Network Security Platform User manual

McAfee

McAfee M-1250 - Network Security Platform Installation and operation manual

McAfee

McAfee NS5100 User manual

McAfee

McAfee SG720 User manual

McAfee

McAfee IIP-M80K-ISAA - Network Security Platform... User manual

McAfee

McAfee SG310 Instruction Manual

McAfee

McAfee Data Loss Prevention Prevent User manual

McAfee

McAfee NS Series User manual

McAfee

McAfee MSA-3400-SWGI - Web Security Appliance 3400 User manual

McAfee

McAfee ATD-3000 Installation instructions

McAfee

McAfee IIP-M65K-ISAA - Network Security Platform... User manual

McAfee

McAfee MFO-3400-SWGA - Web Security Appliance 3400... User manual

McAfee

McAfee M-1250 - Network Security Platform User manual

McAfee

McAfee NS7200 User manual

McAfee

McAfee M-1250 - Network Security Platform User manual

McAfee

McAfee NS9100 User manual

McAfee

McAfee M-1250 - Network Security Platform Quick reference guide

McAfee

McAfee MAP-3300-SWG - Web Security Appliance 3300 User manual

McAfee

McAfee M4050 - Network Security Platform User manual

McAfee

McAfee INTRUSHIELD 1400 User manual

McAfee

McAfee 1650 Installation instructions

McAfee

McAfee Manager Appliance User manual

McAfee

McAfee M-3050 User manual

McAfee

McAfee M-3050 User manual

Popular Firewall manuals by other brands

Fortinet

Fortinet FortiGate FortiGate-300 quick start guide

HotBrick

HotBrick Dual WAN Firewall VPN 1400/2 user guide

Forcepoint

Forcepoint 110 Hardware guide

SonicWALL

SonicWALL NSa 4650 user manual

ZyXEL Communications

ZyXEL Communications ZyWALL 110 Series Handbook & instructions

Fortinet

Fortinet FortiGate FortiGate-800F quick start guide

ZyXEL Communications

ZyXEL Communications ZyXEL ZyWALL 5 quick start guide

SonicWALL

SonicWALL Email Security 7.0 8000 Getting started guide

HotBrick

HotBrick VPN 800/8 F user guide

NETGEAR

NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet... installation guide

Freedom9

Freedom9 freeGuard 100 Command line interface guide

Fortinet

Fortinet FortiGate FortiGate-800 Administration guide

EBLOCKER

EBLOCKER PRO user manual

Ruijie Networks

Ruijie Networks RG-WALL 1600 Installation and Initialization

Cisco

Cisco M170 quick start guide

pfSense

pfSense FW-7551 installation guide

SonicWALL

SonicWALL Secure Mobile Access 6210 installation guide

SonicWALL

SonicWALL Email Security 6000 Getting started guide

McAfee NS3500 User manual

Popular Firewall manuals by other brands