NS7x00 Quick Start Guide Revision B
McAfee Network Security Platform This quick start guide explains how to quickly set up and activate your McAfee® Network Security Platform NS7100, NS7200, and NS7300 Sensors in in-line mode. These models have a throughput of 1.5 Gbps, 3 Gpbs, and 5 Gbps respectively. All product documentation referenced in this quick start guide is found on the McAfee ServicePortal. The NS7100/NS7200/NS7300 Sensor model
Figure 1 Sensor front panel 1
Console port (1)
2
RJ-11 port (1) for fail-open control of two built-in SFP+ ports in slot G0. The RJ-11 port supports 1 Gbps (SFP) copper or fiber and 10 Gbps (SFP+) (SR and LR).
3
SFP+ 1/10 Gigabit Ethernet ports (2) The RJ-11 port controls only the SFP+ 1/10 port pair in passive fail-open mode.
4
5
Two slots for I/O modules (Any combination of the interface modules can be used.) •
SFP/SFP+ 1/10 GigE Monitoring ports (8)
•
RJ-45 10/100/1000 Mbps with internal fail-open Ethernet Monitoring ports (6)
•
10/1 GigE SM 8.5 micron with internal fail-open Monitoring ports (4)
•
10/1 GigE MM 50 micron with internal fail-open Monitoring ports (4)
•
10/1 GigE MM 62.5 micron with internal fail-open Monitoring ports (4)
RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (8) 1
The supported transceiver modules are SFP+ (M2M and SM), SFP Fiber (MM and SM) and SFP Copper.
Figure 2 Sensor rear panel 1
Auxiliary port (1)
2
USB ports (2)
3
Power supply inlet (2) The NS7x00 Sensors are shipped with one power supply unit. Second power supply (optional) is supported to enable redundancy.
4
RJ-45 10/100/1000 Response port (R1) (1)
5
RJ-45 10/100/1000 Management port (Mgmt) (1)
1
Verify the contents in the box The following accessories are shipped in the NS7x00 Sensor crate:
2
•
Sensor
•
Power cords (McAfee provides standard and international power cables.)
•
Set of rack mounting rails
•
Printed Quick Start Guide
Verify the hardware and software requirements Make sure to meet the following hardware requirements. For more information, see the McAfee Network Security Platform Installation Guide. The following are the system requirements for a Manager server.
2
Operating system
Minimum required
Recommended
Any of the following Microsoft operating systems:
Same as the minimum required.
•
Windows Server 2008 R2 Standard or Enterprise Edition, SP1 (Full Installation), English operating system
•
Windows Server 2008 R2 Standard or Enterprise Edition, SP1 (Full Installation), Japanese operating system
•
Windows Server 2012 Standard Edition (Server with a GUI) English operating system
•
Windows Server 2012 Standard Edition (Server with a GUI) Japanese operating system
•
Windows Server 2012 R2 Standard Edition (Server with a GUI) English operating system
•
Windows Server 2012 R2 Standard Edition (Server with a GUI) Japanese operating system
•
Windows Server 2012 R2 Datacenter Edition (Server with a GUI) English operating system
•
Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Japanese operating system Only X64 architecture is supported.
Memory
8 GB
8 GB or more
CPU
Server model processor such as Intel Xeon
Same
Disk space
100 GB
300 GB or more
Network
100 Mbps card
1000 Mbps card
Monitor
32-bit color, 1440 x 900 display setting
1440 x 900 (or higher)
The following are the system requirements for client systems connecting to the Manager application. Minimum Operating system
•
Windows 7 English or Japanese
•
Windows 8 English or Japanese
•
Windows 8.1 English or Japanese
Recommended
The display language of the Manager client must be same as that of the Manager server operating system. RAM
2 GB
4 GB
3
Minimum
Recommended
CPU
1.5 GHz processor
1.5 GHz or faster
Browser
•
Microsoft Internet Explorer 9, 10, or 11
•
Internet Explorer 11
•
Mozilla Firefox
•
•
Google Chrome (App mode in Windows 8 is not supported.)
Mozilla Firefox 20.0 or later
•
Google Chrome 24.0 or later
If you are using Google Chrome, add the Manager certificate to the trusted certificate list. Install the following software:
3
•
Sensor image
•
Manager image
•
Signature set
Install the slide rails and rack-mount the Sensor McAfee recommends rack-mounting your Sensor. For maintenance purposes, you must have access to the front and rear of the Sensor. Before you mount the Sensor on the rack, make sure that the power is off. Remove the power cable and all network interface cables from the Sensor. Due to the weight of the appliance, McAfee recommends that two people place the chassis into the rail cabinet. a
4
Disassemble the inner slide rail members from the cabinet sections. a
Pull the inner member out until it comes to a lock position.
b
Depress the QD latch to fully disconnect the inner members.
b
c
Mount the inner members to the chassis unit. a
Place each inner member on both sides of the chassis unit. Position the bottom mounting holes of the inner member with matching mounting holes on chassis unit.
b
Use screws to secure inner members in place. Apply to both sides of chassis unit.
Mount the slide cabinet sections to the rack. a
Install the front end of each slide cabinet section to the rack using the slide tool-less features. The tool-less latch rotates when the bracket is pressed up against the rack rails.
b
Align, adjust, and attach the rear brackets to the rack rail.
5
d
e
4
Mount the chassis unit into the mounted cabinet sections. a
Guide the chassis unit into the pre-installed cabinet sections. Allow the pre-installed inner members to slide into the outer members until they lock in place.
b
Depress the QD latch on both sides and continue to push the chassis unit in until fully closed.
Secure the chassis unit through the rack rails. a
With the chassis unit in a fully closed position, secure using two truss head screws.
b
Drive the screws through the inner member flange and through the rack rails. The screws thread directly to the cabinet slide members. Tighten the screws.
Install the interface modules You can purchase the following interface modules and insert them into the relevant slots on your NS7x00 Sensor.
6
•
8-port SFP/SFP+ 1/10 Gigabit interface module
•
6-port RJ-45 10/100/1000 Mbps with internal fail-open interface module
•
4-port 10/1 GigE SM 8.5 micron with internal fail-open interface module
5
•
4-port 10/1 GigE MM 50 micron with internal fail-open interface module
•
4-port 10/1 GigE MM 62.5 micron with internal fail-open interface module
a
Remove the module from its protective packaging.
b
Hold the module using your thumb and forefinger and insert it into the modular bay.
c
Drive in the screws fixed on the sides of the module to attach it to the Sensor.
Connect the Management and Console ports a
On the rear panel of the NS7x00 Sensors, plug a Category 5e Ethernet cable in the Management port (labeled Mgmt).
b
Plug the other end of the cable into the network device connected to your Manager server.
7
c
On the front panel of the NS7x00 Sensors, plug the DB9 Console cables into the Console port (labeled Console).
d
Connect the other end of the Console port cable directly to a COM port of the PC or terminal server you are using to configure the Sensor (for example, a PC running correctly configured Windows Hyperterminal software). You must directly connect to the console for initial configuration, you cannot configure the Sensor remotely. Terminal servers are provided for console access. The required settings for Hyperterminal are:
e
•
Baud rate: 115200
•
Stop Bits: 1
•
Number of Bits: 8
•
Control Flow: None
•
Parity: None
Plug one end of the power cable into the power inlet and plug the other end into a power source. The Sensor ships with standard US power and international cables. The NS-series Sensor does not have a power switch. You can directly plug the power cable into a power source.
8
6
Connect the monitoring ports This procedure describes how to connect cables to a Sensor that runs in in-line mode.
7
a
Plug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled x (for example, 1).
b
Plug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled y (for example, 2).
c
Connect the other end of each cable to the network devices that you want to monitor. For example, if you plan to monitor traffic between a switch and a router, connect the cable connected to 1 to the router and the one connected to 2 to the switch.
Install the Manager software For detailed instructions, see the McAfee Network Security Platform Installation Guide. You must have administrator rights on the target Windows Server to install the Manager software. A MySQL database is included with the Manager and is installed (embedded) automatically on your target Windows Server during this process. The following steps briefly explain the Manager installation:
8
a
Prepare the system according to the requirements outlined in McAfee Network Security Platform Installation Guide and the McAfee Network Security Platform Release Notes.
b
Close all open applications.
c
Go to the McAfee Update Server (https://menshen1.intruvert.com/) and log on, using the grant number and password.
d
Go to the Manager Software Updates folder and select the latest Manager software version available.
e
Download the .zip file to the target Windows Server and extract the setup file.
f
Double-click Manager __setup.exe and follow the on-screen prompts.
Start the Manager Click Start | Programs | McAfee | Network Security Manager | Network Security Manager.
9
9
Add the Sensor to the Manager The Manager displays the Logon page. a
Log on to the Manager using the default user name (admin) and password (admin123).
b
Click Devices.
c
To add a Sensor in the Manager, click Global | Add and Remove Devices, then click New. You do not require a license file to enable IPS on NS-series Sensors. The Add New Device page is displayed. We recommend using the Add Device wizard to add a device.
d
10
Enter the following mandatory information in the appropriate fields. 1)
Device Name — The Sensor name must begin with a letter. The maximum length of the name is 25 characters.
2)
Device Type — Specifies the type of device to be added. Select IPS Sensor.
3)
Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25 characters in length. The key cannot start with an exclamation mark nor can have any spaces. The parameters that you can use to define the key are: •
26 alphabets: Uppercase and lowercase (A, B, C,...Z and a,b,c,...z)
•
10 digits: 0 1 2 3 4 5 6 7 8 9
•
32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + ‑ = [ ] { } \ | ; : " ' , .
