At any time during configuration, you can type ? to get help on the Sensor CLI commands. To see a list of all commands, type commands. These commands are described in the McAfee Network Security
Platform CLI Guide.
The first time you configure a Sensor, you must have physical access to the Sensor.
If you are moving a Sensor to a new environment and wish to wipe the Sensor back to its factory default settings, start by typing factorydefaults from the CLI. See the McAfee Network Security
Platform CLI Guide for specific details on the usage of command.
5
Adding a SensorTask
1 Open a hyperterminal session to configure the Sensor. (For instructions on connecting to the Console port, see the section Cabling the Console Port, in the McAfee Network Security Platform
Product Guide for your Sensor model.)
2 At the login prompt, log on to the Sensor using the default username
admin and password admin123.
McAfee strongly recommends that you change the default password later for security purposes as described in Step 9.
By default, the user is prompted for configuration set up, immediately after login. Else, the user can choose to start the setup later from command prompt using the setup command. For more
information, see the McAfee Network Security Platform CLI Guide. 3 Set the name of the Sensor. At the prompt, type:
set sensor name <WORD>
The Sensor name is a case-sensitive alphanumeric character string up to 25 characters. The string can include hyphens, underscores, and periods, and must begin with a letter.
For example, set Sensor name Engineering_Sensor1
4 Set the IP address and subnet mask of the Sensor. At the prompt, type:
set sensor ip <A.B.C.D> <E.F.G.H>
Specify a 32-bit address written as four eight-bit numbers separated by periods as in
<A.B.C.D>
where:
• A,B,C or D is an eight-bit number between 0-255. • <E.F.G.H> represents the subnet mask.
For example,
set sensor ip 192.34.2.8 255.255.255.0 Or Specify an IPv6 address as given below: set sensor ipv6 <A:B:C:D:E:F:G:H/I>
where:
• A:B:C:D:E:F:G:H> is a 64-bit address written as octet (eight groups) of four hexadecimal numbers, separated by colons. Each group A,B,C,D (etc) represents a group of hexadecimal numbers between 0000-FFFF. This is followed by a prefix length I with value between 0 and 128. For example, set sensor ipv6 2001:0db8:8a2e:0000:0000:0000:0000:0111/64
If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons (::). For example, set sensor ipv6 2001:0db8:8a2e::0111/64
Setting the IP address for the first time—that is, during the initial configuration of the Sensor—does not require a Sensor reboot. Subsequent changes to the IP address will, however, require that you reboot the Sensor for the change to take effect. If a reboot is necessary, the CLI will prompt you to do so. For information on rebooting, see Conditions requiring a Sensor reboot, McAfee Network Security Platform Troubleshooting Guide.
5 If the Sensor is not on the same network as the Manager, set the address of the default
gateway
Adding a Sensor
Note that you should be able to ping the gateway (that is, gateway should be reachable). At the prompt, type: set sensor gateway <A.B.C.D>
Use the same convention as the one for Sensor IP address. For example, set sensor gateway 192.34.2.8
Or Specify an IPv6 address of the gateway for the Manager server as given below:
set sensor gateway-ipv6 <A:B:C:D:E:F:G:H>
where:
• <A:B:C:D:E:F:G:H>is a 128-bit address written as octet (eight groups) of four hexadecimal numbers, separated by colons. Each group A,B,C,D etc( ) is a group of hexadecimal numbers between 0000-FFFF. For example, set sensor gateway-ipv6 2001:0db8:8a2e:
0000:0000:0000:0000:0111
If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons (::)
For example, set sensor gateway-ipv6 2001:0db8:8a2e::0111
6 Set the IPv4 or IPv6
address of the Manager server. At the prompt, type:
set manager ip <A.B.C.D>
Use the same convention as the one for Sensor IP address. For example, set manager ip 192.34.3.2
Or Type an IPv6 address of the Manager server, as given below: set manager ip <A:B:C:D:E:F:G:H>
where:
• <A:B:C:D:E:F:G:H> is a 128-bit address written as octet (eight groups) of four hexadecimal numbers, separated by colons. Each group (A,B,C,D etc) is a group of hexadecimal numbers between 0000-FFFF. For example: set manager ip 2001:0db8:8a2e:
0000:0000:0000:0000:0111
If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons (::). For example: set manager ip 2001:0db8:8a2e::0111
7 Ping the Manager from the Sensor to determine if your configuration settings to this point have successfully established the Sensor on the network. At the prompt, type: ping <manager IP address>
The success message " host <ip address> is alive " appears. If not, type show to verify your configuration information and check to ensure that all information is correct. If you run into any difficulties, see
McAfee Network Security Platform Troubleshooting Guide.
8 Set the shared key value for the Sensor. This value is used to establish a trust relationship between the Sensor and the Manager.
At the prompt, type:
set sensor sharedsecretkey
The Sensor then prompts you to enter a shared secret key value. Type the shared secret key value at the prompt. The Sensor then prompts you to verify the value. Type the value again.
The shared secret key value must be between 8 and 25 characters of ASCII text. The shared secret key value is case-sensitive. For example, IPSkey123
5
Adding a Sensor9 (Optional, but recommended) Change the Sensor password. At the prompt, type:
passwd
The Sensor prompts you to enter the new password and prompts you for the old password. A password must be between 8 and 25 characters, is case-sensitive, and can consist of any alphanumeric character or symbol.
McAfee strongly recommends that you choose a password with a combination of characters that is easy for you to remember but difficult for someone else to guess.
10 To exit the session, type
exit.