Trellix Fireeye ex series Instruction Manual

EX Series

Hardware Administration Guide

EX 8600

FEI-019

Trellix, FireEye, and Skyhigh Security are the trademarks or registered

trademarks of Musarubra US LLC, FireEye Security Holdings US LLC,

and their affiliates in the US and /or other countries. McAfee is the

trademark or registered trademark of McAfee LLC or its subsidiaries

in the US and /or other countries. Other names and brands are the

property of these companies or may be claimed as the property of

others.

FireEye Security Holdings US LLC assumes no responsibility for any

inaccuracies in this document. FireEye Security Holdings US LLC

reserves the right to change, modify, transfer, or otherwise revise this

publication without notice.

EX Series Hardware Administration Guide

EX 8600

Trellix Contact Information

Website: www.trellix.com

Technical Support: https://www.trellix.com/en-us/support.html

Phone (US):

1.408.321.6300

1.877.347.3393

Table of Contents

The EX 8600 ........................................................................................... 4

The Front View ................................................................................. 4

The Rear View ................................................................................. 6

Deployment ............................................................................................ 8

Message Transfer Agent Deployment .............................................. 8

Bcc: Deployment .............................................................................. 9

SPAN/ TAP Deployment ................................................................. 10

Installation ........................................................................................... 12

Before You Begin ........................................................................... 12

Installation Site Guidelines ............................................................. 12

Rack Precautions ........................................................................... 13

Server Precautions ........................................................................ 13

Rack-Mounting Precautions ........................................................... 14

Power Requirements ..................................................................... 14

Ventilation Requirements ............................................................... 14

Cabling Requirements ................................................................... 15

Rack Installation ............................................................................. 15

Attaching Cables to the Appliance ................................................. 16

Turning On the Appliance .............................................................. 16

Replacements ...................................................................................... 17

Return Process .............................................................................. 17

Removing and Replacing a Disk Drive .......................................... 17

Removing and Replacing a Power Supply Unit ............................. 17

Removing and Replacing a Cooling Fan ....................................... 17

Appendices .......................................................................................... 19

Appendix 1: System Specifications ................................................ 19

Technical Support ............................................................................... 20

Documentation ............................................................................... 20

EX Series

The EX 8600

The FireEye EX 8600 protects your network from spear phishing attacks that bypass

traditional anti-spam technologies. It analyzes every attachment using a signature-less, Multi-

Vector Virtual Execution engine that can identify zero-day attacks by detonating attachments

in an environment that mimics operating systems, applications, and browsers in their

exhaustive list of versions, configurations, and plug-ins.

The EX 8600 provides layers of dynamic malware analysis to protect your network from

malicious images, PDFs, and ZIP/RAR/TNEF archives.

The Front View

Button/ LED Name Description Status Indication

1. Power button The main power switch applies or removes

primary power from the power supply to the

server but maintains standby power. Unplug

the appliance before servicing.

2. Reset button Reboots the system.

3. Power LED Steady on Power on

EX Series The EX 8600

Button/ LED Name Description Status Indication

Blinking at 4 Hz Checking BIOS/BMC integrity

Blinking at 4Hz and "i" LED is blue BIOS firmware updating

Two blinks at 4 Hz, one pause 2 Hz and "i"

LED is blue

BMC firmware updating

Blinking at 1 Hz and "i" LED is red Fault detected

4. LAN 1 LED Indicates network activity on a LAN when

flashing.

5. Power Failure LED Indicates a power supply module has failed.

6. HDD Activity LED Indicates activity on the hard drive when

flashing.

7. LAN 2 LED Indicates network activity on a LAN when

flashing;

8. Information LED Alerts operator to several states:

Red, solid An overheat condition has oc-

curred

Red, blinking at 1 Hz A fan has failed, check for an

inoperative fan

Red, blinking at 0.25 Hz A power supply has failed,

check for a non-operational

power supply

Red, solid, with Power LED blinking green Fault detected

Blue and red, blinking at 10 Hz Recovery mode

Blue, solid UID has been activated local-

ly to locate the server in a

rack environment

Blue, blinking at 1 Hz UID has been activated using

the BMC to locate the server

in a rack environment

Blue, blinking at 2 Hz BMC is resetting

Blue, blinking at 4 Hz BMC is setting factory de-

faults

Blue, blinking at 10 Hz with Power LED

blinking green

BMC/BIOS firmware is updat-

ing

9. Drive Device LED Each drive carrier displays two status LEDs

on the front of the carrier.

10. Drive Device LED Each drive carrier displays two status LEDs

on the front of the carrier.

Drive Carrier LED Indicators

The chassis includes externally accessible SAS/SATA drives. Each drive carrier displays two

status LEDs on the front of the carrier.

• Green: When illuminated, this LED indicates drive activity. It blinks on and off when

the particular drive is being accessed This function is controlled by the backplane.

• Red: When illuminated, this LED indicates a drive failure. You should be notified by

your system management software.

EX Series The EX 8600

Chassis

1. Disk Drive Carrier: Each carrier can house a hot-swappable disk drive. A drive

slot map displays the disk slot numbers on top of the appliance.

2. Handle Release: Press this tab to release the handle. Use the handle to pull the

disk drive carrier from the chassis.

The Rear View

1) Power Supply 1 8) VGA Connector

2) Power Supply 2 9) pether3 (SFP+) SMTP interface 3 Port

3) Serial Console Port 10) pether4 (SFP+) SMTP interface 4 Port

4) USB 2.0 Port 11) pether5 (SFP+) SMTP interface 5 Port

5) USB 3.2 Port 12) pether6 (SFP+) SMTP interface 6 Port

6) ether1 (RJ45) Management 1 Port 13) IPMI Port

7) pether2 (RJ45) live mode analysis 2 Port

Power

•Power: Connect your power source to this port to provide power to the appliance.

The appliance comes with one redundant power supply unit for use if the primary

unit fails.

EX Series The EX 8600

I/O Ports

•USB 2.0: These ports are USB 2.0 compliant.

•Serial Console: Connect to this port to manage the appliance from your terminal.

•Video: Connect a monitor to this port to view the appliance's command-line

interface.

•USB 3.2: These ports are USB 3.2 compliant.

Management Ports

•ether1 (RJ45): Connect your LAN to this port to enable remote access to the CLI

and Web UI. The RJ45 connector is a 10/100/1000BASE-T port.

•IPMI: Connect for access to out-of-band management functions, including power

control, console redirection, and appliance health status. The connector is a

10/100/1000BASE-T port.

Live Mode Analysis Ports

•pether2 (RJ45): The RJ45 connector is 10/100/1000BASE-T port.

SMTP Interface Ports

•pether3 through pether6 (SFP+): The SFP+ ports support 1G or 10Gbps data rate.

pether (SFP+): The SFP+ connectors accept the following modules:

• 1000BASE-SX/10GBASE-SR (LC MMF)

• 1000BASE-LX/10GBASE-LR (LC SMF)

• 1000BASE-T (RJ45)

• 10GBASE-CU (5m direct attach cable)

EX Series The EX 8600

Deployment

You can deploy the EX 8600 in your network in one of the following ways:

•Message Transfer Agent Deployment Page 8

•Bcc: Deployment Page 8

•SPAN/TAP Deployment Page 8

Message Transfer Agent Deployment

When the EX 8600 is in Message Transfer Agent deployment, it serves as an MTA inline

with the email traffic flow and can be configured to Block Analysis Mode or Monitor Analysis

Mode. In Block Analysis Mode (the default), the EX 8600 will prevent malicious emails from

passing through to the mail server. In Monitor Analysis Mode, all email is passed through to

the mail server and only copies of the email are analyzed.

The diagram below illustrates the MTA deployment of an EX 8600 in a typical network

environment.

NOTE

For information about configuring the EX 8600 for MTA deployment mode,

see the Email Security System Administration Guide for your release.

EX Series Deployment

Prerequisites

Before connecting the EX 8600 to your network, ensure that your network devices provide

10/100/1000BASE-T Ethernet output.

Cabling

Connect two cables to the EX 8600 appliance’s management ports as follows:

• ether1: Connect one end of an Ethernet cable to the EX appliance’s ether1 port,

and connect the other end to your LAN-facing switch. This port is the management

interface.

• pether3: Connect one end of an Ethernet cable to the EX appliance’s pether3 port,

and connect the other end to your MTA or anti-spam device. This connection allows

the appliance access to the upstream and downstream of traffic.

• (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet

cable to the EX appliance’s pether2 port, and connect the other end to your Internet

facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious

URLs for further analysis. FireEye recommends connecting to an isolated Internet

connection to prevent the exposure of the IP address and other information about

your main network.

You can monitor more network segments by connecting additional MTA or anti-spam devices

to pether3-6.

Bcc: Deployment

When the EX 8600 is in Bcc: mode, it receives a copy of all emails from a Message Transfer

Agent (MTA) or anti-spam device for analysis. If the results of the analysis are positive for

malicious attachments or URLs, a notification is sent to a configured email alias of “admin

CC:” or “Bcc:” members.

The diagram below illustrates the Bcc: deployment of an EX 8600 appliance in a typical

network environment.

IMPORTANT

For information about configuring the EX Appliance for Bcc: mode, see the

EX Series System Administration Guide for your release.

EX Series Deployment

Prerequisites

Before connecting the EX appliance to your network, ensure that your network devices

provide 10/100/1000BASE-T Ethernet output.

Cabling

• ether1: Connect one end of an Ethernet cable to the EX appliance’s ether1 port,

and connect the other end to your LAN-facing switch. This port is the management

interface.

• pether3: Connect one end of an Ethernet cable to the EX appliance’s pether3 port,

and connect the other end to your MTA or anti-spam device. This connection allows

the appliance access to the upstream and downstream of traffic.

• (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet

cable to the EX appliance’s pether2 port, and connect the other end to your Internet

facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious

URLs for further analysis. FireEye recommends connecting to an isolated Internet

connection to prevent the exposure of the IP address and other information about

your main network.

You can monitor more network segments by connecting additional MTA or anti-spam devices

to pether3-6.

SPAN/ TAP Deployment

When the EX 8600 appliance is in SPAN/TAP deployment, it is connected to a network switch

capable of mirroring traffic. The EX appliance extracts email from the traffic for analysis.

EX Series Deployment

The diagram below illustrates the SPAN/TAP deployment of an EX appliance in a typical

network environment.

IMPORTANT

For information about configuring the EX 8600 appliance for SPAN/TAP

mode, see the Email Security System Administration Guide for your release.

Prerequisites

Before connecting the EX appliance to your network, ensure that your network devices

provide 10/100/1000BASE-T Ethernet output.

Cabling

• ether1: Connect one end of an Ethernet cable to the EX appliance’s ether1 port,

and connect the other end to your LAN-facing switch. This port is the management

interface.

• pether3: Connect one end of an Ethernet cable to the EX appliance’s pether3 port,

and connect the other end to your switch. This connection allows the appliance

access to the upstream and downstream of traffic.

• (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet

cable to the EX appliance’s pether2 port, and connect the other end to your Internet

facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious

URLs for further analysis. FireEye recommends connecting to an isolated Internet

connection to prevent the exposure of the IP address and other information about

your main network.

EX Series Deployment

Installation

This chapter describes the site requirements of your installation location.

Before You Begin

Follow the steps in this section before you install the appliance.

Before Opening the Box

• Review the packing slip contained in the plastic slip attached to the top of the box.

Ensure the shipment contains the correct appliance.

• Ensure the serial number listed on the packing slip matches the one specified on the

sticker located on one side of the box.

• If there appears to be damage to the box, file a damage claim with the carrier who

delivered it.

Unpacking the Appliance

Carefully remove the appliance from the box in an area away from heat, electrical noise, and

electromagnetic fields.

Ensure your box contains:

• The correct appliance model

• An accessory kit

• Online Documents Portal Referral

• A rail kit

Installation Site Guidelines

Follow these guidelines w hen you select an installation site:

• Leave enough clearance in front of the rack for its door to open completely without

obstruction.

• Avoid environments that produce heat, electrical noise, and electromagnetic fields.

• Only install the appliance in a restricted access location such as a service closet or

dedicated equipment room.

• Make sure the location is properly ventilated.

• Make sure there is sufficient space for air flow.

EX Series Installation

Rack Precautions

FireEye recommends that you mount the appliance in a standard 19-inch rack. The vertical

hole spacing on the rack rails must meet standard ANSI/EIA-310-C requirements.

Consider the following before installing your appliance in the rack:

• Ensure the leveling jacks on the bottom of the rack are fully extended to the floor

with the full weight of the rack resting on them.

• In a single-rack installation, stabilizers should be attached to the rack.

• In a multiple-rack installation, the racks should be coupled together to increase their

stability.

• Always make sure the rack is stable before extending a component from the rack.

• Only extend one component from the rack at a time—extending two or more

simultaneously may cause the rack to become unstable.

• Ensure your rack meets the safety requirements of UL 60950-1.

WARNING

STABILITY HAZARD: The rack may tip over causing serious personal

injury. To prevent injury:

• Before extending the rack to the installation position, read the

installation instructions.

• Do not put any load on the slide-rail mounted equipment when the

rails are extended.

• Do not leave the slide-rail mounted equipment with the rails

extended.

Server Precautions

FireEye recommends reviewing the electrical and general safety precautions that came with

each component you intend to install in the rack.

Review the following before installing the appliance in the rack:

• Determine the placement of each component in the rack.

• Ensure there is a minimum clearance of six inches behind the chassis to allow for

easy cable management.

• Install the heaviest component at the bottom of the rack first, then move up.

EX Series Installation

• Allow hot-swappable power supply units, disk drives, and transceivers to cool before

handling them.

• Use a regulating uninterruptible power supply to protect your components from

voltage spikes, power surges, and failure during a power outage.

• Keep all of the rack's doors and panels closed when you are not servicing the

components.

Rack-Mounting Precautions

Consider the following safety precautions when you install the appliance in the rack:

• Make sure the appliance is grounded at all times to prevent damage from

electrostatic discharge.

• Use an electrostatic wrist guard when handling the appliance.

• At least two technicians should be involved to install the appliance safely.

• FireEye recommends only individuals with rack-mounting experience should install

the appliance.

• Install the appliance in an environment compatible with the manufacturer's

maximum recommended ambient temperature (TMRA) for each component in your

rack.

Power Requirements

The EX uses a 920 W power supply unit with an input rating of 100-240 VAC (±10%), 11-4.4

A at 50-60 Hz.

Ensure your power source has sufficient electrical overload protection. In North America,

connect the rack to a power source with over-current protection that complies with UL 489. In

Europe, the over-current protection must comply with IEC standards.

Ventilation Requirements

Ventilation and optimal location are essential to the proper operation of the EX Series

appliance. Give the unit at least six inches of space around ventilation openings so that

adequate ventilation is possible.

The EX Series appliance draws air through the front and expels it out the back. Note the

direction of the air intake and exhaust of the other components in the rack to ensure safe

ventilation of all components involved.

EX Series Installation

Cabling Requirements

The EX Series appliance ships with the following cables:

• (2) 6 ft AC power cord, SVT, 60oC, 3x18AWG (0.824mm2)

• (1) 6 ft null modem DB9 female serial cable

You must provide any additional cables required to connect your system to the network and

other devices. Do not exceed the maximum run length of the additional cables you provide.

Rack Installation

This section explains how to install your appliance in a standard 19-inch wide rack with the

equipment provided. Because various rack units are available, the assembly procedure may

differ slightly from the following instructions. Refer to the installation instructions that came

with your rack.

Installing the Inner Rails on the Appliance

1. Starting with either rail (each works for both sides of the appliance), pull the inner

rail from the outer rail until it is fully extended.

2. Push the arrow-shaped rail-release lever on the inner rail in the direction of the

arrow and slide the inner rail out until it is detached from the outer rail.

3. Align the notches of the inner rail with the tabs on the side of the appliance.

4. While firmly pressing the inner rail against the appliance, slide it in the direction of

the tabs until you hear a click.

5. Repeat steps 1—4 with the other inner rail on the other side of the appliance.

Installing the Outer Rails on the Rack

1. Insert the front end of an outer rail (“Front Bracket” is engraved on the front end)

into the front rack column at the desired height. A metal tab will slide and lock onto

the column automatically.

2. Extend the rail until it reaches the rear rack column.

3. Insert the back end into the rack column at the same height chosen in step 1.

4. Repeat steps 1—3 with the other outer rail on the other side of the rack.

Mounting the Appliance on the Rack

1. Align the rear of the inner rails installed on the appliance with the front channels of

the outer rails installed on the rack.

EX Series Installation

2. Fully slide the appliance into the rack. The inner and outer rails will lock together

automatically.

3. (Optional) Further secure the appliance to the rack by using the captive screws

installed on the ears of the appliance.

Attaching Cables to the Appliance

1. Connect the EX Series appliance to one or more network devices using the cables

appropriate to the deployment of your choice.

2. Connect the power cable or cables to the power port or ports on the back of the

appliance.

Turning On the Appliance

Power on the appliance by pressing the power button on the ear to the left of the bezel.

EX Series Installation

Replacements

Return Process

If you believe you have a defective part or system, you must first contact FireEye Technical

Support, who will validate the claim. If the part or system is defective, Technical Support will

initiate a Return Materials Authorization (RMA) and guide you through the process. For more

information, visit www.fireeye.com/legal.

Removing and Replacing a Disk Drive

Perform the following steps to remove and replace a disk drive:

1. Remove the bezel at the front of the appliance by sliding the release tab to the

right and pulling the bezel aw ay from the chassis.

2. Locate the disk drive carrier that contains the failed disk drive. The carrier should

have a blinking amber LED.

3. Unlock the disk drive handle by sliding the blue tab to the left.

4. Push the maroon button on the right to release the latch handle.

5. Pull the handle to slide the disk drive from its slot.

6. Insert the new disk drive carrier into the available slot and push in until it clicks.

Removing and Replacing a Power Supply Unit

Perform the following steps to remove and replace a power supply unit (PSU):

1. At the rear of the appliance, remove the power cable from the failed PSU.

2. While gripping the handle to the left of the pow er port and pressing the release

lev er to the right of it, pull out the failed PSU.

3. Insert the replacement PSU in the open slot and slide it in until it clicks into place.

4. Attach the power cable to the new power supply.

Removing and Replacing a Cooling Fan

Perform the following steps to remove and replace a failed fan:

EX Series Replacements

1. Turn off the appliance.

2. Using a Phillips screwdriver, remove the four screws securing the middle section

of the appliance’s top cover.

3. Remove the middle section of the top cover.

4. Remove the fan from the appliance by squeezing the plastic release tab and

pulling.

5. Insert the new fan into the empty fan bracket, ensuring it is oriented the same way

as the others. You will hear a click when it is secured.

6. Replace the top cover and secure it with screws.

EX Series Replacements

Appendices

Appendix 1: System Specifications

The table below provides the technical specifications for the Trellix EX 8600 .

Component EX 8600 Specifications

Form Factor 2U Rack-Mount

Weight of Appliance 41 lbs

Weight of Packaged Appliance 67 lbs

Dimensions

(W x D x H)

17.2 x 25.5 x 3.5 inches (43.7 cm x 8.9 cm x 64.7 cm)

Enclosure 2 RU, fits 19-inch Rack

Management Interfaces (1) 10/100/1000BASE-T Ports

Live Mode Analysis Ports (1) 10/100/1000BASE-T Ports

SMTP Interface Ports (4) 1G/10G SFP+ Ports

Memory 256 GB (8 X 32 GB)

Drive Capacity (4) 4 TB HDD, RAID 10, 3.5 inch, FRU

AC Power Supply Redundant (1+1), FRU, 920W with Input 100-240V, 11-4.4A, 50-60 Hz

IEC60320-C14 inlet

Maximum Power Consumption 580 W

Operating Temperature 5° to 35° C (41°F - 95°F)

Maximum Thermal Dissipation 1978 BTU/hr

EX Series Appendices

Technical Support

For technical support, contact FireEye through the Support portal: https://csportal.fireeye.com

Documentation

Documentation for all FireEye products is available on the FireEye Documentation Portal

(login required):

https://docs.fireeye.com/

EX Series Technical Support

This manual suits for next models

Table of contents

Popular Server manuals by other brands

Sun Oracle

Sun Oracle SPARC T4-1B Product notes

Silicon Graphics

Silicon Graphics Rackable C1110-RP6 user guide

Dell

Dell PowerEdge T110 datasheet

Mount-It!

Mount-It! MI-7157 installation manual

Wellav

Wellav smp100 Quick installation guide

HP ProLiant DL380p specification

IBM

IBM E Server i Series manual

CNB

CNB XNET user guide

Nortel

Nortel CallPilot 1005r Maintenance and Diagnostics

Lenovo

Lenovo ThinkSystem SR950 V3 manual

Omneon

Omneon MediaPort 5221 Quick reference guide

HP ProLiant DL380 Gen9 user guide

HPE

HPE ProLiant DL385 Gen10 user guide

Lenovo

Lenovo ThinkServer RD230 manual

Lenovo

Lenovo ThinkServer TD230 user guide

Supermicro

Supermicro SUPERSERVER 5018D-MHR7N4P user manual

Bay Networks

Bay Networks 6300 Ordering guide

Supermicro

Supermicro SYS-521C-NR user manual

Trellix FireEye EX Series Instruction Manual

Popular Server manuals by other brands