McAfee MVM2200 User manual
McAfee MVM2200 Appliance
Appliance Guide
COPYRIGHT
Copyright © 2014 McAfee, Inc. Do not copy without permission.
TRADEMARKS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR
A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS
SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
McAfee Vulnerability Manager Appliance Guide
700-4283A00
McAfee MVM2200 Appliance Guide iii
Contents
Introducing McAfee Vulnerability Manager ..................................................... 5
Audience .......................................................................................................................... 5
Find product documentation ............................................................................................... 5
Before installing the appliance............................................................................................. 5
Network recommendations, hardware specifications, and environment requirements........... 6
Unpacking the appliance................................................................................. 6
MVM2200 front panel description......................................................................................... 7
MVM2200 back panel description......................................................................................... 8
Install the hardware ....................................................................................... 8
Positioning the appliance .................................................................................................... 8
Installing the appliance in a rack ......................................................................................... 9
Connecting the appliance to power and the network .............................................................. 9
Starting the appliance ........................................................................................................ 9
Using the appliance wizard ................................................................................................. 9
Using the Network Security Wizard .................................................................................... 10
Resetting the appliance to factory defaults ......................................................................... 12
Virtual local area network on the appliance......................................................................... 12
Accessing the VLAN properties on the NIC card............................................................. 12
Troubleshooting ........................................................................................... 13
The appliance is not receiving power.................................................................................. 13
The appliance is not communicating with the network.......................................................... 13
McAfee MVM2200 Appliance Guide 5
Introducing McAfee Vulnerability
Manager
McAfee Vulnerability Manager is an agentless network scanner that helps you identify and protect the
assets (systems) on your network. This protection allows managers to monitor and respond to
changing risks in their environment.
Audience
This guide is intended for administrators responsible for adding an MVM2200 to their existing McAfee
Vulnerability Manager deployment.
Find product documentation
McAfee provides the information you need during each phase of product implementation, from
installing to using and troubleshooting.
1Go to the McAfee Product Download (https://secure.mcafee.com/apps/downloads/my-
products/login.aspx) site.
2Type in your grant number, then click Submit.
3Select McAfee Vulnerability Manager.
After a product is released, information about the product is entered into the McAfee online
KnowledgeBase at http://mysupport.mcafee.com.
Before installing the appliance
Before you install the appliance, we recommend that you do the following:
Read the provided safety information.
Make sure that you have selected a suitable location for installing the appliance.
Check that you have all the necessary equipment and components as described in this document.
Familiarize yourself with the appliance NIC ports and connectors as described in this document.
Know the ports and IP address to be used by the appliance.
Know the location or port number of the configuration manager.
Determine a host name for the appliance. Make sure that the name can be resolved from the
enterprise manager server. This is done by adding the name to the hosts file on the enterprise
manager server, or by registering the name in the Domain Name Server (DNS).
Caution
To ensure the safe operation of the appliance, read all documentation before installing.
Appliance power on/off –the push-button on/off power switch on the front panel of the appliance
–does not turn off the AC power. To remove AC power from the appliance, you must unplug the
AC power cord from the power supply or wall outlet.
Unpacking the appliance
Before installing the appliance
McAfee MVM2200 Appliance Guide 6
Warning
The power supplies in your system might produce high voltages and energy hazards, which can
cause bodily harm. Do not remove the cover. Only trained service technicians are authorized to
remove the covers and access any of the components inside the system.
Hazardous conditions –devices and cables: Hazardous electrical conditions might be present on
power, telephone, and communication cables. Turn off the appliance and disconnect
telecommunications systems, networks, modems, and the power cords attached to the appliance
before opening it. Otherwise, personal injury or equipment damage can result.
Avoid injury: Lifting the appliance and attaching it to the rack is a two-person job. The appliance
weighs approximately 15 kg (33 lb).
Network recommendations, hardware specifications, and
environment requirements
This section describes the network recommendations, hardware specifications, and environmental
requirements for the appliance.
Network recommendations
Although the appliance supports both DHCP and static IP address networks, McAfee strongly
recommends that you use static IP addresses.
In addition, McAfee recommends having a DNS server on your network. This allows reverse mapping
between discovered IP addresses and host names, providing better reports and more information
from your scans. It also provides the ability to specify credentials using fully-qualified domain names.
Hardware specifications and environmental requirements
Dimensions
1.70” (43mm) H x 17.25” (438mm) W x 22.25” (565mm) D
Power delivery
Power Supply
350 watt AC power supply, fixed, non-redundant
Environment
Ambient
Temperature
Operating: +10°C to +35°C, with a maximum rate of
change not to exceed 10°C per hour.
Non-operating: -40°C to +70°C
Non-Operational
Humidity
50% to 90%, non-condensing with a maximum wet
bulb of 28°C (at temperatures from 25°C to 35°C)
Unpacking the appliance
Carefully unpack and remove the contents of the shipping box. Verify that you have all of the
components listed. If you do not, contact McAfee Technical Support.
You should have the following:
McAfee Vulnerability Manager 2200 Appliance
Accessory kit, containing:
Unpacking the appliance
MVM2200 front panel description
McAfee MVM2200 Appliance Guide 7
Power cord
Rack mount kit, containing:
Rails (2)
Fastener pack, containing screws
Accessory bag, containing:
Safety Warning document
McAfee Vulnerability Manager 2200 Appliance Installation Guide
USB flash drive –Restore to factory default image
USB flash drive –Hardware diagnostics tool
McAfee Limited Warranty on Hardware document
MVM2200 front panel description
The following illustration shows the location of connectors and indicator lights on the front panel of the
appliance.
Figure 1: MVM2200 front panel
Front panel connectors
A
USB ports
B
System ID button (with integrated LED)
C
NMI Button (recessed, tool required for use)
D
NIC-1 activity LED
E
NIC-3 Activity LED (Not used)
F
Reset button
G
System status LED
H
Power button (with integrated LED)
I
Hard Drive activity LED
J
NIC-4 activity LED (Not used)
K
NIC-2 activity LED
Install the hardware
Positioning the appliance
McAfee MVM2200 Appliance Guide 8
MVM2200 back panel description
The following illustration shows the locations of connectors on the back panel of the appliance.
Figure 2: MVM2200 back panel
Back panel connectors
A
AC power connector
B
Power supply status LED
C
NIC 1 and 2
D
Empty slot for PCI Express add-in
E
Serial port
F
Video out
G
Dual USB 2.0 ports
H
Dual USB 3.0 ports
I
Empty slots for IO module external connectors
Install the hardware
This section describes how to attach rails and mount the appliance in a rack.
Positioning the appliance
The appliance must be installed in a suitable location, such as a rack. Since it is designed to be
operated remotely, physical access to the appliance is needed only for initial setup. Initial setup
Install the hardware
Using the appliance wizard
McAfee MVM2200 Appliance Guide 9
requires attaching a single network cable to the back of the appliance. Once the network setup is
finished, physical access to the appliance is necessary only to reset the appliance.
A rack mounting kit is supplied with the appliance so you can install the appliance in a 19-inch rack,
as described in the following rack mounting instructions.
Installing the appliance in a rack
Use the rack mounting kit included with the appliance to install the unit. Follow the rack installation
instructions that are included with the rack mounting kit.
Connecting the appliance to power and the network
Once you have installed the appliance in the rack, connect it to the power source and to your
network. Connect a monitor, keyboard, and mouse, which are required to configure the McAfee
Vulnerability Manager software.
1Plug the AC cord into the back of the appliance, then plug the other end of the cord into an
appropriate power source.
2Connect a network cable to each network interface card (NIC). If only one NIC is required,
connect the network cable to NIC 1. See the MVM2200 back panel description (page 8) for more
information.
3Connect a monitor, mouse, and keyboard to the rear of the appliance.
Note: Once the initial installation and configuration are completed, you can manage the
appliance from a remote computer. To access the appliance using RDP, RDP must be enabled.
Starting the appliance
After the appliance hardware is set up, you can turn on the appliance. The BIOS on the MVM2200 is
password-protected and you have the option of changing it.
1Turn on the power for the appliance using the power button on the front panel.
2If you want to change the BIOS password, press F2 during the boot process. The factory default
BIOS password is MCAFEE. Change the password to one that follows your security guidelines.
Once it’s changed, press F10 to save and reboot.
3During the operating system setup, type a password for the applianceadmin user.
4When the appliance has finished booting, the appliance wizard appears. Follow the wizard to
configure the appliance.
Using the appliance wizard
Once the appliance is turned on and the operating system setup is complete, the setup wizard
appears to guide you through configuring the IP address and port number for the appliance.
After the setup is complete, the appliance appears in the configuration manager as a scan engine. You
can then assign the scan engine to a scan controller.
Install the hardware
Using the Network Security Wizard
McAfee MVM2200 Appliance Guide 10
1From the Welcome screen, click Next.
2From the Restore Appliance Settings screen, select No, then click Next.
3Select a network interface to configure (the appliance has two network interface cards installed).
If you use only one and want to disable the other, select the network interface you want to
disable, then deselect Enable.
4Select dynamic host configuration protocol (DHCP) or static IP addressing, then click Next.
aIf you use DHCP, make sure Obtain IP addressing automatically is selected.
bIf you use a static IP address, deselect Obtain IP addressing automatically, type the IP address,
subnet mask, default gateway, and DNS server information.
5Type in the address (IP address or fully-qualified domain name) for the configuration manager,
then click Next. If the configuration manager uses a custom port number, deselect Use Default
Port, type in the port number used by the configuration manager.
Note: You can type a NetBIOS name, but it only works when the name can be properly resolved.
6Type the database address (IP address, fully-qualified domain name, or host name), then the
Faultline user name and password. Optionally, you can include the SQL port or SQL instance name
with the database address.
7Click Test Credentials to test the Faultline user password and then click Next. If the test fails,
retype the password. Also make sure the database is online and the appliance can connect to it.
8Review the settings for the appliance, then click Apply. The MVM2200 appliance communicates
with the configuration manager. The configuration manager then sends information back to the
appliance, including which product version you are currently using.
9Click Restart Appliance.
Using the Network Security Wizard
Use the Advanced setup in the Network Security Wizard to adjust the system firewall settings, change
service communication ports, and add additional rules for your network security settings.
Caution: If you leave an IP address field blank, the service is open to any host on the network.
1Select Start | All Programs | McAfee | MVM Network Security Wizard | Configure
Network Security.
2On the Welcome screen, click Next.
3Select the Windows Advanced Firewall profiles, ICMP Echo Requests, and Edge Traversal options.
Windows Advanced Firewall profiles –Select the firewall profiles (Domain, Public, Private)
that should be modified by the Network Security wizard.
Allow ICMP Echo Requests –Select this option to allow the appliance to respond to ICMP
echo requests (ping).
Enable Edge Traversal –Select this option to make sure that inbound tunneled traffic is
passed through the firewall. If devices in your McAfee Vulnerability Manager environment
tunnel traffic, select this checkbox.
4Select Advanced, then click Next.
5If a scan controller is installed, select Scan Controller Firewall options, then click Next. The
Scan Controller Firewall allows you to specify host IP address ranges that are permitted to access
the scan controller.
Allow access to the Scan Controller –Allow other systems access to the scan controller.
Allow all hosts –Allow all hosts access to the scan controller.
Install the hardware
Using the Network Security Wizard
McAfee MVM2200 Appliance Guide 11
Allow only these hosts –Allow only the IP addresses specified access to the scan controller.
Type in the IP addresses or address ranges.
Override Default Port –Change the scan controller service port. Type in a port number.
6Select the Remote Desktop Firewall options, then click Next.
Enable Remote Desktop service –Enable the remote desktop service on this system.
Allow all hosts –Allow all hosts remote access to this system.
Allow only these hosts –Allow only the IP addresses specified remote access to this
system. Type in the IP addresses or address ranges.
Override Default Port –Change the remote desktop service port. Type in a port number.
7Create additional firewall rules, then click Next. When you add or edit a firewall rule, you must
click OK to save your settings.
Add –Add a custom firewall rule.
Edit –Edit the selected firewall rule.
Delete –Delete the selected firewall rule.
The following options are available when you create or edit a firewall rule.
Service Name –Type the name of the service.
Protocol –Select the TCP or UDP protocol.
Service Port –Type the port number used by the service.
Allow access to the service –Open this service to other hosts.
Allow all hosts –Allow all hosts access to this service.
Allow only these hosts –Allow only the IP addresses specified access to this service. Type
in the IP addresses or address ranges.
Figure 3: Custom firewall rules
8On the Confirm Settings screen, click Apply to confirm the firewall settings.
9On the Firewall Configuration Complete screen, click Finish to restart the system.
Note: If you selected Advanced and then accepted the default settings, the Network Security
Wizard doesn't prompt you to restart the appliance. If this happens, restart the appliance. Some
changes don't take effect until after the system is restarted.
Install the hardware
Virtual local area network on the appliance
McAfee MVM2200 Appliance Guide 12
10 Log on with the administrator account name and password you created in the previous steps.
Note: McAfee recommends running McAfee Vulnerability Manager Update after upgrading to
make sure you have the latest product updates.
Resetting the appliance to factory defaults
Resetting the MVM2200 to factory defaults overwrites all existing data on the appliance and applies
the factory default (fresh) image, stored on the USB flash drive.
1Connect a keyboard, mouse, and monitor to the appliance.
2Insert the McAfee Vulnerability Manager restore to factory image USB flash drive (2200 W2K8R2
Image) into the USB port and restart the appliance.
3Press F6 to select a boot option, enter the BIOS password, then choose to boot the recovery
image using USB.
4On the system installation screen, click Restore to continue. The restoration process might take
several minutes.
5When the restoration process is complete, system reboots.
6Once the MVM2200 has started, type a password for the “applianceadmin” account, then retype it
to confirm. The system reboots again.
7Once the MVM2200 has rebooted, log on using “applianceadmin” credentials and the password
entered in the previous step. The MVM2200 Setup Wizard appears.
Virtual local area network on the appliance
A virtual local area network (VLAN) allows you to group systems together and allows those systems to
communicate as if they were on the same local area network, even if those systems are not located
on the same physical network. The MVM2200 supports up to 64 VLANs.
There are two types of VLANs:
Tagged VLANs are based on the IEEE 802.1Q specification. Each packet has a four-byte tag
added to the packet header. The switch must support IEEE 802.1Q tagging and be properly
configured. Check your switch documentation for the correct switch configuration.
Untagged or Port-based VLANs are statically configured on the switch. They are transparent to
connected devices.
For additional information on VLANs, visit the Intel Networking website.
Accessing the VLAN properties on the NIC card
You can enter your VLAN information on the VLAN properties tab of the appliance NIC card.
Note: You must be logged on as the console administrator if you are connecting to the appliance
using RDP.
Troubleshooting
The appliance is not communicating with the network
McAfee MVM2200 Appliance Guide 13
1Log on to the appliance.
2Select Start |Control Panel.
3Select Hardware, then select Device Manager.
4Under Network adapters, right-click a network adapter and select Properties.
5Select the VLAN tab, then click New. Type in your VLAN information and select your options.
6Click OK.
Troubleshooting
This section provides information on common issues that you might encounter as you configure and
use the appliance.
The appliance is not receiving power
Check the following:
The appliance is connected properly to a working power outlet, using the supplied power cord. If
the power outlet has a switch, make sure it is on.
The power cord is plugged in to the back of the appliance.
If the appliance is still not receiving power, check the power outlet by plugging other equipment into
it. If the power outlet is working, there is a problem with the appliance or its power cord. Contact your
supplier or McAfee Technical Support.
The appliance is not communicating with the network
Check the following:
The appliance is turned on and its software is running, indicated by the lights on the front display
panel.
The network cables that you are using are undamaged and connected properly to the appliance
ports and your existing network equipment. Ensure that the cables you use are the correct
specification.
You have used the correct LAN ports when connecting the appliance to your existing network
equipment.
There are no IP address conflicts.
If the appliance is still not receiving network traffic, check the network cables and the network ports
on your existing network equipment. If the cables and ports are working, there is a problem with the
appliance. Contact your supplier or McAfee Technical Support.
McAfee Vulnerability Manager Appliance Guide
700-4283A00
Table of contents
Other McAfee Network Hardware manuals
Popular Network Hardware manuals by other brands
Pacific Communications
Pacific Communications SmartIP-8SD user manual
Leonton
Leonton CBG5-0602-SFP-Lite Hardware user manual
Moxa Technologies
Moxa Technologies NPort 5410 Quick installation guide
Airlogic
Airlogic ABM-400 Series Application note
FITRE
FITRE RETEMATIC IP-RMH1 Installation & configuration manual
Edimax
Edimax NVR-4 Quick installation guide
NI
NI PXIe-4303 USER GUIDE AND SPECIFICATIONS
Avigilon
Avigilon AI NVR installation guide
Cisco
Cisco NCS 540 installation guide
National Instruments
National Instruments NI-9206 Getting started
Paradyne
Paradyne Hotwire 8775 MSDSL installation instructions
Cabletron Systems
Cabletron Systems Netlink FRX4000 Maintenance Guide
