McAfee M-3050, Product Manual

Page 1: ...M 3050 M 4050 Sensor Product Guide Revision B McAfee Network Security Platform ...

Page 2: ...er marks and brands may be claimed as the property of others LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED PLEASE CONSULT THE SALES AND OTHER RELATED LI...

Page 3: ...or 17 3 Setting up the Sensor 19 Setup overview 19 How to position the Sensor 19 Install the rails and ears on the chassis and rack 20 Mount the Sensor on a rack 20 Remove a Sensor from the rack 20 Redundant power supply 21 Install the power supply 21 Remove the power supply 22 Cable the Sensor 22 Small form factor pluggable modules 23 SFP modules 23 XFP modules 24 Install a module 24 Remove a mod...

Page 4: ...d PCs 30 Connect the cables for in line mode 30 Connect the cables for tap mode 31 Connect the cables for SPAN or hub mode 31 Cable the fail over interconnection ports 31 How does the fail open function work 32 5 Troubleshooting the Sensor 35 6 Sensor technical specifications 37 A Regulatory compliance and safety information 39 Index 41 Contents 4 McAfee Network Security Platform M 3050 M 4050 Sen...

Page 5: ...company s security program Users People who use the computer where the software is running and can access some or all of its features Conventions This guide uses these typographical conventions and icons Book title term emphasis Title of a book chapter or topic a new term emphasis Bold Text that is strongly emphasized User input code message Commands and other text that the user types a code sampl...

Page 6: ...roduct implementation from installation to daily use and troubleshooting After a product is released information about the product is entered into the McAfee online KnowledgeBase Task 1 Go to the McAfee Technical Support ServicePortal at http mysupport mcafee com 2 Under Self Service access the type of information you need To access Do this User documentation 1 Click Product Documentation 2 Select...

Page 7: ...to handle traffic at wire speed efficiently inspect and detect intrusions with a high degree of accuracy and flexible enough to adapt to the security needs of any enterprise environment When deployed at key network access points the Sensor provides real time traffic monitoring to detect malicious activity and respond to the malicious activity as configured by the administrator After you deploy a S...

Page 8: ...nsor can perform many types of attack responses including generating alerts and packet logs resetting TCP connections scrubbing malicious packets and even blocking attack packets entirely before they reach the intended target Network topology considerations Deployment of a Sensor requires knowledge of your network to help determine the level of configuration and the number of installed Sensors You...

Page 9: ...er exploits Figure 1 1 A sample Network Security Platform deployment M 3050 M 4050 key features The M 3050 M 4050 Sensor includes the following features M 3050 M 4050 4 10 GbE XFP 4 10 GbE XFP 8 SFP ports 10 100 1000 copper or 1 GbE fiber 8 SFP ports 10 100 1000 copper or 1 GbE fiber 1 10 100 1000 Base T Management port 1 10 100 1000 Base T Management port 1 Response port 1 Response port Hot swapp...

Page 10: ...transmitting aggregated traffic Additionally it supports four 1 Gigabit full duplex Ethernet segments or eight 1 Gigabit SPAN ports transmitting aggregated traffic Ports The M 3050 M 4050 is a 2RU 2 rack unit and is equipped with the following components Figure 1 2 An M 3050 M 4050 Sensor Item Description 1 Power Supply A 2 Power Supply B 3 RS 232C Console port 4 RS 232C Auxiliary port 5 RJ 11 Fai...

Page 11: ...g they have no IP address and are not visible on the monitored segment If you choose to run in failover mode port 2A is used to interconnect with a standby Sensor The gigabit ports of the M 3050 M 4050 when deployed in in line fail close meaning that if the Sensor fails it will interrupt block data flow Fail open functionality requires either the Layer 2 Passthru feature or the hardware Gigabit Fa...

Page 12: ...ide chassis is normal Chassis temperature OK Inlet air temperature measured inside chassis is too hot Chassis temperature too hot Flash Green Off Activity on external compact flash No activity on external compact flash Gigabit Ports SFP XFP Act Amber Off Data transferring No data transferring Gigabit Ports SFP XFP Link Green Off The link is connected The link is disconnected Response Port Speed Gr...

Page 13: ...on regarding the Sensor fans LED Status Description Fan LED OFF The fan is functioning properly Amber The fan has malfunctioned Overview M 3050 M 4050 physical description 1 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide 13 ...

Page 14: ...1 Overview M 3050 M 4050 physical description 14 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 15: ...shell of the Sensor Doing so will invalidate your warranty The Sensor appliance is not a general purpose workstation McAfee prohibits the use of the Sensor appliance for anything other than operating Network Security Platform McAfee prohibits the modification or installation of any hardware or software on the Sensor appliance that is not part of the normal operation of Network Security Platform Sa...

Page 16: ...limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual might cause harmful interference to rad...

Page 17: ...the Sensor box as close to the installation site as possible 2 Position the box with the text upright 3 Open the top flaps of the box 4 Remove the accessory box 5 Verify you have received all parts These parts are listed on the packing list and in the Contents of box section 6 Pull out the packing material surrounding the Sensor 7 Remove the Sensor from the anti static bag 8 Save the box and packi...

Page 18: ...2 Before you install Unpack the Sensor 18 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 19: ...wer network and monitoring cables 4 Powering on the Sensor 5 Configuring the Sensor after you have set up and powered it on How to position the Sensor Place the Sensor in a physically secure location close to the switches or routers it will be monitoring Ideally the Sensor should be located within a standard communications rack To mount the Sensor on a rack you will attach two mounting ears and ra...

Page 20: ...the rail as needed for length You are now ready to mount the Sensor on the rack Mount the Sensor on a rack McAfee recommends rack mounting your Sensor The rack mounting hardware included with the Sensor is suitable for most 19 inch equipment racks and telco type racks For maintenance purposes you must have access to the front and rear of the Sensor Before you mount the Sensor on the rack make sure...

Page 21: ...second hot swappable power supply for redundancy You will have to purchase this redundant power supply separately from McAfee Each of these modules have one handle for insertion or extraction from the unit as well as a release latch Figure 3 2 Power supply units Install the power supply Task 1 Unpack the power supply from its shipping carton 2 Remove the faceplate panel covering the power supply s...

Page 22: ... shuts down and all data traffic stops Power off only the power supply you are replacing Task 1 Unplug the power cable from its power source and remove the power cable from the power supply 2 Put on an antistatic wrist or ankle strap 3 Attach the strap to a bare metal surface of the chassis 4 Push the release latch inward toward the handle 5 Squeeze the handle of the power supply and pull it out 6...

Page 23: ... XFP modules that use a bail clasp for securing the module in place in the Sensor Your module might be slightly different Check the module manufacturer s installation instructions for more details For ease of installation insert the module in the Sensor while it is powered down and before placing it on a rack To prevent eye damage do not stare into open laser apertures SFP modules An SFP module is...

Page 24: ... 1 Remove the module from its protective packaging 2 Make sure the module is the correct model for your network 3 Locate the label on the module and make sure that the alignment groove is down For SFP modules turn the module so that its label is on top For XFP modules turn the module so that its label is on the bottom 4 Grip the sides of the module with your thumb and fore finger and insert the mo...

Page 25: ...ng a redundant power supply you should install it as described in Installing a power supply For true redundant operation with the optional redundant power supply McAfee recommends that you plug each supply into a different power circuit Task 1 Connect the power cable to the Sensor power supply 2 Connect the power cable to a power source The Sensor has no power switch It powers on as soon as one of...

Page 26: ...3 Setting up the Sensor Power off the Sensor 26 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 27: ...Monitoring ports Connect the cables for in line mode Connect the cables for tap mode Connect the cables for SPAN or hub mode Cable the fail over interconnection ports How does the fail open function work Cable the Console port The Console port is used to set up and configure the Sensor Task 1 For console connections plug the DB9 Console cable supplied by McAfee into the Console port This port is l...

Page 28: ...ary port This port is labeled as Aux on the Sensor front panel 2 Connect a modem to the Aux port 3 Connect a telephone line to the modem Required settings for the Aux port are Name Setting Baud rate 38400 Number of bits 8 Parity None Stop bits 1 Flow Control None Connect the cable to the Response port When operating in tap or SPAN mode the Sensor uses its Response port to respond to attacks When d...

Page 29: ...r server To isolate and protect your management traffic McAfee strongly recommends that you use a separate dedicated management subnet to interconnect the Sensors and the Manager About connecting cables to the Monitoring ports Connect to the network devices that you want to monitor through the Sensor monitoring ports You can deploy Sensors in the following operating modes In line mode fail close S...

Page 30: ... cable to connect a router port to the 10 100 1000 copper SFP monitoring ports Use a straight through Ethernet RJ 45 cable to connect a switch or a hub port to 10 100 1000 copper SFP monitoring ports Use a crossover Ethernet RJ 45 cable to connect a router port to PC to the Sensor Management port Use a crossover Ethernet RJ 45 cable to connect a PC to the Sensor monitoring port Connect the cables ...

Page 31: ...nitoring ports for example 1A 2 Plug another cable into the peer of the port used in Step 1 3 Connect the other end of each cable to the tap 4 Connect the network devices that you want to monitor to the tap Connect the cables for SPAN or hub mode For the Sensor monitoring in SPAN or hub mode occurs in in line fail open mode When you monitor in SPAN or hub mode you use only single ports To connect ...

Page 32: ...bit Optical Kit is available for the 10 gigabit ports The Monitoring ports of the Sensors fail close thus if the Sensor is deployed in line a hardware failure results in network downtime For the Monitoring ports to fail open you use the optional external bypass switch provided in a Fail Open Kit With the bypass switch in place normal Sensor operation supplies power to the switch through a control ...

Page 33: ...ange from a couple of seconds to more than a minute with certain vendors devices A very brief link disruption might also occur while the links between the Sensor and each of the peer devices are renegotiated to place the Sensor back in in line mode This outage again varies depending on the device and can range from a few seconds to more than a minute You can find the installation and troubleshooti...

Page 34: ...4 Attaching Cables to the Sensor How does the fail open function work 34 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 35: ... not monitoring traffic The Sensor ports have not been enabled in the Manager The Sensor will not monitor traffic on the ports unless the ports are enabled in the Manager Ports are disabled in case of Sensor failure you must re enable them for Sensor monitoring to resume Network or link problems Improper cabling or port configuration Make sure that the transmitting and receiving cables are properl...

Page 36: ...5 Troubleshooting the Sensor 36 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 37: ... Range 100 240VAC Frequency 50 60Hz Vibration operating Sinusoidal 3 to 500 Hz 0 15 gpk Random 2 5 to 200 Hz 0 33 g Vibration non operating Sinusoidal 10 to 500 Hz 0 8 gpk Random 2 5 to 200 Hz 1 05 g Power requirements 450W Temperature Ambient Temperature Range Non condensing Operating 0C 32F to 35C 95F Non operating 40C 40F to 70C 158F Relative Humidity Non condensing Operating 5 90 non condensin...

Page 38: ...stem Heat Dissipation AC max 535W 1825 BTU hr DC max To Be determined Airflow 200 lfm 1 m s Altitude Sealevel to 10 000 ft 3050m 6 Sensor technical specifications 38 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 39: ...ion EN 61000 4 6 Conducted Immunity EN 61000 4 11 Voltage Interruption Dips N A for DC CISPR KN22 KN 61000 4 2 ESD Immunity KN 61000 4 3 Radiated Immunity KN 61000 4 4 EFT B Immunity KN 61000 4 5 Surge Protection KN 61000 4 6 Conducted Immunity KN 61000 4 11 Voltage Interruption Dips N A for DC Electromagnetic compliance emissions FCC Part 15 Class A Industry Canada ICES 003 Issue 4 February 7 200...

Page 40: ...ssions EN 61000 3 2 2000 Harmonic Current Emissions EN 61000 3 3 1995 A1 2001 Voltage Fluctuation Flicker CISPR KN22 Radiated Emissions Conducted Emissions A Regulatory compliance and safety information 40 McAfee Network Security Platform M 3050 M 4050 Sensor Product Guide ...

Page 41: ...phical conventions and icons 5 F front panel 11 17 H hot swappable power supply 22 M Management port 29 McAfee ServicePortal accessing 6 module 24 25 P peer 29 31 Pluggable 23 ports 10 power supply 21 R rack 16 19 20 Response port 28 S Safety 39 sensor responsibilities 8 ServicePortal finding product documentation 6 setting up 19 27 SFP 23 SFP module 25 specifications 37 T Technical Support findin...

Page 42: ...700 3589B00 ...