Symantec
™
Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
NOTE
Port connections vary by appliance model, version, and role.
Network configuration
Description
Connect
Management to
Connect WAN to
Connect LAN to
Simple port span/tap
This configuration
monitors the traffic
between the endpoints
and the Internet but does
not block file transfers
or websites. Internet-
bound traffic is copied
to the switch port using
port mirroring that is
configured on the switch
itself.
This configuration
uses two monitor ports
and one management
connection. This setup is
easy and is useful as an
initial test of Symantec
EDR.
Port on your LAN switch Connect Monitor1 to
network tap or port on
your LAN switch that is
set to span mode
Not used
Port span/tap with
multiple monitor ports
This configuration
uses two monitor ports
and one management
connection. Extra monitor
ports allow the same
appliance to connect to
multiple switches from
different subnets. This
configuration does not
block file transfers or
websites.
Port on your LAN switch Connect Monitor1 to
network tap or port on
your LAN switch that is
set to span mode
Connect Monitor2 to
network tap or port on
your LAN switch that is
set to span mode
Simple inline
You can block file
transfers and websites
using this configuration.
Inline configuration
requires more network
connections than port
span/tap. Ideally, you
should deploy Symantec
EDR inline between the
client and the firewall.
If you use a proxy,
you should connect
the appliance should
between the client and
the proxy.
Port on your LAN switch Internet firewall LAN port Port on your LAN switch
14
Summary of Contents for Symantec S550
Page 1: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance ...
Page 17: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance 17 ...
Page 18: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance 18 ...
Page 49: ......