Trellix NS3 00 Series User manual
This quick start guide explains how to quickly set up and activate your Trellix Intrusion Prevention System NS3100
and NS3200 Sensors in inline mode. These models have a throughput of 750 Mbps.
All product documentation referenced in this quick start guide is found on the Trellix Documentation Portal.
The NS3100/NS3200 Sensor model
Figure 1 Sensor front panel
1Console port (1)
2RJ-45 10/100/1000 Management port (MGMT) (1)
3RJ-45 10/100/1000 Response port (R1) (1)
4USB ports (1)
5RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (8)
Figure 2 Sensor rear panel
1Power supply inlet (1)
2Fan units (3)
Trellix Intrusion Prevention System
(NS3x00 Quick Start Guide)
1
1 Verify the contents in the box
The following accessories are shipped in the NS3x00 Sensor crate:
• Sensor
• Power cords (Trellix provides standard and international power cables)
• Printed Quick Start Guide
2 Verify the hardware and software requirements
Make sure to meet the following hardware requirements. For more information, refer to Trellix Intrusion
Prevention System Installation Guide.
Manager Windows server system requirements
2
The following table lists the 11.1 Windows based Manager/Central Manager application requirements:
Note
Windows Server 2012 Standard/Windows Server 2012 R2 Standard is not supported for the Manager.
Minimum required Recommended
Operating
system
Any of the following:
• Windows Server 2016 Standard Edition English
operating system
• Windows Server 2016 Standard Edition Japanese
operating system
• Windows Server 2016 Datacenter Edition English
operating system
• Windows Server 2016 Datacenter Edition Japanese
operating system
• Windows Server 2019 Standard Edition English
operating system
• Windows Server 2019 Standard Edition Japanese
operating system
• Windows Server 2019 Datacenter Edition English
operating system
• Windows Server 2019 Datacenter Edition Japanese
operating system
• Windows Server 2022 Standard Edition English
operating system
• Windows Server 2022 Standard Edition Japanese
operating system
• Windows Server 2022 Datacenter Edition English
operating system
• Windows Server 2022 Datacenter Edition Japanese
operating system
Note: Only x64 architecture is supported.
Windows Server 2022
Datacenter Edition operating
system
Memory 16 GB
Note: Supports up to 10 million alerts in Solr
>=32 GB
Note: Supports up to
20 million alerts in Solr
CPU Server model processor, such as Intel Xeon Same
Disk space 300 GB 500 GB or more
3
Minimum required Recommended
Network 1 Gbps card 1 Gbps card
Virtual CPUs
(Applicable only
on a VMware
platform)
4 4 or more
Table 1 VMware ESX server requirements for Windows Operating System
Component Supported
Virtualization software • ESXi 7.0 Update 3
• ESXi 8.0
Note: Hyperthreading should be available.
Manager Linux server system requirements
The following table lists the 11.1 Linux based Manager/Central Manager application specications for an OVA
le:
Component Specications
MLOS 3.9.1
Logical CPU cores 8
Memory 32 GB
Disk space 500 GB
NIC 1
Note: You can consider 2 for a dual NIC conguration.
The following are the system requirements for hosting 11.1 Linux based Manager/Central Manager application
on a VMware platform:
Table 2 VMware ESX server requirements for MLOS
Component Supported
Virtualization software • ESXi 7.0 Update 3
• ESXi 8.0
Note: Hyperthreading should be available.
4
Manager client system requirements
The following table lists the 11.1 Manager/Central Manager client requirements when using Windows 10:
Minimum Recommended
Operating
system
Windows 10, English or Japanese
Note: The display language of the Manager
client must be same as that of the Manager
server operating system.
Windows 10, version 1903 English or
Japanese
Memory 8 GB 16 GB
CPU 1.5 GHz processor 2.4 GHz or faster
Monitor 32-bit color, 1440 x 900 display setting 1920 x 1080 (or above)
Browser • Microsoft Edge
• Mozilla Firefox
• Google Chrome
Note: To avoid the certicate mismatch error
and security warning, add the Manager web
certicate to the trusted certicate list.
• Microsoft Edge 111.0 or later
• Mozilla Firefox 111.0 or later
• Google Chrome 111.0 or later
For the Manager/Central Manager client, in addition to Windows 10, you can also use the operating systems
mentioned for the Manager server.
The following are Central Manager and Manager client requirements when using Mac:
Mac operating system Browser
Ventura Safari 16 or later
Install the following software:
• Manager image
• Sensor image
• Signature set
3 Install the Sensor
The mounting ears are pre-attached to the Sensor. Install the Sensor into the rack.
5
4 Connect the Management and Console ports
aOn the front panel of the NS3x00 Sensors, plug a Category 5e Ethernet cable in the Management port
(labeled MGMT).
bPlug the other end of the cable into the network device connected to your Manager server.
cOn the front panel of the NS3x00 Sensors, plug the DB9 Console cables into the Console port (labeled
Console).
dConnect the other end of the Console port cable directly to a COM port of the PC or terminal server you
are using to congure the Sensor (for example, a PC running correctly congured Windows
Hyperterminal software). You must directly connect to the console for initial conguration, you cannot
congure the Sensor remotely.
6
Terminal servers are provided for console access.
The required settings for Hyperterminal are as follows:
• Baud rate: 115200 • Stop Bits: 1
• Number of Bits: 8 • Control Flow: None
• Parity: None
ePlug one end of the power cable into the power inlet and plug the other end into a power source. The
Sensor ships with standard US power and international cables.
Note
The NS-series Sensor does not have a power switch. You can directly plug the power cable into a power
source.
5 Connect the monitoring ports
This procedure describes how to connect cables to a Sensor that runs in inline mode.
aPlug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled
x (for example, 1).
bPlug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled
y (for example, 2).
cConnect the other end of each cable to the network devices that you want to monitor. For example, if you
plan to monitor trac between a switch and a router, connect the cable connected to 1 to the router (3)
and the one connected to 2 to the switch (4).
7
6 Install the Manager software
Following steps briey explain the Manager installation:
Note
You must have administrator privileges on the target Windows or Linux server to install the Manager
software.
Note
MariaDB is included with the Manager and is installed (embedded) automatically on your target Windows or
Linux server during this process.
aPrepare the system according to the requirements outlined in Trellix Intrusion Prevention System
Installation Guide.
bClose all open applications.
cGo to Trellix Download Server (https://www.trellix.com/en-us/downloads/my-products.html).
dLog on using your Grant Number and registered Email Address.
The Find Products page opens.
eIn the Category lter, select Network Security.
fClick on the Manager version required.
The Available Downloads page opens.
gIn the Type lter, select Installation.
The Manager installation les available for download are listed.
hClick on the required Manager installation le and the download starts.
iRefer to Trellix Intrusion Prevention System Installation Guide for detailed procedure to install the Manager
application.
7 Add the Sensor to the Manager
The Manager displays the Logon page.
aLog on to the Manager using the default user name (admin) and password (admin123).
bGo to Devices | <Admin Domain Name> | Global | Device Manager.
The Device Manager page is displayed.
8
cSelect the Sensors tab and then click .
Note
You do not require a license le to enable IPS on NS-series Sensors.
The Add Devices - Step 1 of 2 panel is displayed.
dEnter the following mandatory information in the appropriate elds:
1) Name — The Sensor name must begin with a letter. The maximum length of the name is 25
characters.
2) Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25
characters in length. The key cannot start with an exclamation mark nor can have any spaces. The
parameters that you can use to dene the key are listed below:
• 26 alphabets: Uppercase and lowercase
(A, B, C,...Z and a,b,c,...z)
• 32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + ‑ =
[ ] { } \ | ; : " ' , . <? /
• 10 digits: 0 1 2 3 4 5 6 7 8 9
9
Retype the password in Conrm Shared Secret.
Note
The Sensor name and shared secret key that you enter in the Manager must be identical to the
shared secret that you will enter later during physical installation or initialization of the Sensor
(using CLI interface) as stated in the Congure Sensor information section. If not, the Sensor will not
be able to register itself with the Manager.
3) Device Type — Species the type of device to be added. Select IPS Sensor.
4) Deployment Mode — Select Direct or Indirect.
Note
Selecting Direct enables online Sensor update. Direct is the default mode.
5) Contact Information — (Optional) Type the contact information.
6) Location — (Optional) Type the location.
7) Comment — (Optional) Type the comment.
eClick Save.
The added Sensor is displayed on the Sensors tab of Device Manager page.
8Congure Sensor information
Congure the Sensor with the network information, a name, and the shared secret key that the Sensor uses to
establish secure communication with the Manager. Use the name and key values you set in Add the Sensor to
the Manager section.
Tip
You must have physical access to the Sensor when you congure a Sensor for the rst time.
10
At any time during conguration, you can type a question mark (?) to get help on the Sensor CLI commands.
Type commands for a list of all commands.
aLog on to the Sensor using the terminal connected to the Console port.
bAt the prompt, log on using the default Sensor user name (admin) and password (admin123).
c(Optional, but recommended) Change the Sensor password. At the prompt, type passwd. The Sensor
prompts you to enter the new password and aks you for the old password.
Note
A password must contain between 8–25 characters, is case-sensitive, and can consist of any
alphanumeric character or symbol.
dSet the name of the Sensor:
Tip
You can enter the setup command at the prompt which will automatically prompt you to provide the
information shown in the subsequent steps of this section. Or, you can use the set command instead.
If you use the set command, you must manually enter the complete command syntax as shown in the
subsequent steps of this section.
Type set sensor name <word> at the prompt.
Example: set sensor name HR_sensor1
Note
The Sensor name is a case-sensitive character string up to 25 characters. The string can include
hyphens, underscores, and periods, and must begin with a letter.
eIf the Sensor is not on the same network as the Manager, set the address of the default Gateway. Type
set sensor gateway <A.B.C.D> at the prompt.
Example: set sensor gateway 192.1.1.1
11
fSet the IP address of the Manager server. Type set manager ip <A.B.C.D> at the prompt.
Example: set manager ip 192.2.2.2
gSet the IP address and subnet mask of the Sensor. Type set sensor ip <A.B.C.D> <E.F.G.H> at the
prompt.
Example: set sensor ip 192.3.3.3 255.255.255.0
Note
Specify an IP address using four octets separated by periods: X.X.X.X, where X is a number between 0
and 255, followed by a subnet mask in the same format.
hIf prompted, reboot the Sensor. Type reboot
Note
The Sensor can take up to ve minutes to complete its reboot.
iPing the Manager from the Sensor to determine if your conguration settings to this point have
successfully established the Sensor on the network. At the prompt, type the following command:
ping <manager IP address>
If the ping is successful, continue with the following steps. If not, type show to verify your conguration
settings and check that the information is correct.
jSet the shared secret key value for the Sensor. At the prompt, type the following command:
set sensor sharedsecretkey
The Sensor then prompts you to enter and then conrm the shared secret key value.
Note
This value is used to establish a trust relationship between the Sensor and the Manager. The secret key
value can be between 8 and 25 characters of any ASCII text. The shared key value is case-sensitive.
Make sure that the value matches the shared secret key value you provided in the Manager interface
while adding the Sensor.
kType show to verify the conguration information. Check that all information is correct.
lType exit to exit the session.
12
9 Verify successful installation
aType status in the Sensor CLI. The status report is displayed.
The Sensor parameter System Initialized must be yes, and for Manager communication Trust
Established must be yes.
bFrom the Manager Dashboard, view the Manager status in the System Faults monitor.
13
The Manager status displays as Up and Sensor status is Active.
cFrom the Manager, select Devices | <Admin Domain Name> | Devices | <Device Name> | Setup |
Physical Ports to open the ports page.
Note
<Device Name> indicates the name of the Sensor you added.
dA policy named Default Prevention is active upon the addition of the Sensor. To view this policy, select
Policy | <Admin Domain> | Intrusion Prevention | Policy Types | IPS Policies.
The Default Prevention policy contains attacks already congured with a "blocking" Sensor response
action. If any attack in the policy is triggered, the Sensor automatically blocks the attack. To tune this or
any other Trellix-provided policies, you can clone the policy and then customize it as described in Trellix
Intrusion Prevention System Product Guide.
14
eClick Devices | <Admin Domain> | Devices | Setup | Physical Ports.
fTo view port settings, select the port on the Sensor that you cabled. Ensure that your port settings match
the cabling. For example, if port 1 is cabled for inline mode, the mode of operation in the port setting
should be inline mode.
Note
For more information on port settings, see the chapter Conguring the monitoring and response ports of
a Sensor in Trellix Intrusion Prevention System Product Guide.
10 You're up and running!
Your Sensor is actively monitoring connected segments and communicating with the Manager for
administration and management operations.
aFor detailed usage instructions, see Trellix Intrusion Prevention System Product Guide, or click in the
upper-right corner of each window in the Manager.
bGo to Analysis | <Admin Domain> | Attack Log to view alert statistics as attacks are detected. A
summary of alerts is displayed in the Attack Severity Summary monitor of the Manager Dashboard
page.
cHaving problems? Check Trellix Intrusion Prevention System Product Guide for troubleshooting information.
dMost deployment problems stem from conguration mismatches between the Sensor and the network
devices to which it is connected. Check your duplex and auto-negotiation settings on both devices to
ensure they are synchronized.
If you need to contact Technical Support, go to https://www.trellix.com/en-us/support.html.
15
Copyright © 2023 Musarubra US LLC.
Trellix and FireEye are the trademarks or registered trademarks of Musarubra US LLC, FireEye Security Holdings US LLC and their aliates in the
US and /or other countries. McAfee is the trademark or registered trademark of McAfee LLC or its subsidiaries in the US and /or other countries.
Skyhigh Security is the trademark of Skyhigh Security LLC and its aliates in the US and other countries. Other names and brands are the
property of these companies or may be claimed as the property of others.
700-4498L30
This manual suits for next models
2
Table of contents
Popular Power Supply manuals by other brands
Dynojet
Dynojet Power commander V installation instructions
Njoy
Njoy Legion 600 user manual
Gallagher
Gallagher HobbyMaster installation instructions
New Japan Radio
New Japan Radio NJZ1295 specification
heinzinger
heinzinger ERS Compact Series user manual
Tycon Power Systems
Tycon Power Systems RPMS24 installation instructions
