McAfee Network Security Platform

(1)

Manager Server Configuration Guide

revision 2.0

McAfee

®

Network Protection

Industry-leading network security solutions

McAfee® Network Security Platform

Network Security Manager

version 6.0

(2)

COPYRIGHT

Copyright ® 2001 - 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARKS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE AND PATENT INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO McAfee OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions This product includes or may include:

* Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. * Software written by Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. * Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. * Software copyrighted by Expat maintainers. * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000. * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas. (C) 1995-2003. * Software copyrighted by Michael A. Chase, (C) 1999-2000. * Software copyrighted by Neil Winton, (C) 1995-1996. * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. * Software copyrighted by Sean M. Burke, (C) 1999, 2000. * Software copyrighted by Martijn Koster, (C) 1995. * Software copyrighted by Brad Appleton, (C) 1996-1999. * Software copyrighted by Michael G. Schwern, (C) 2001. * Software copyrighted by Graham Barr, (C) 1998. * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. * Software copyrighted by Frodo Looijaard, (C) 1997. * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002. * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C) 1997-2000 University of Notre Dame. * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002. * Software copyrighted by Stephen Purcell, (C) 2001. * Software developed by the Indiana University Extreme! Lab

(http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003. * Software developed by the University of California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall <[email protected]> for use in the mod_ssl project (http:// www.modssl.org/). * Software copyrighted by Kevlin Henney, (C) 2000-2002. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 2001, 2002. * Software copyrighted by David Abrahams, (C) 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000. * Software copyrighted by Boost.org, (C) 1999-2002. * Software copyrighted by Nicolai M. Josuttis, (C) 1999. * Software copyrighted by Jeremy Siek, (C) 1999-2001. * Software copyrighted by Daryle Walker, (C) 2001. * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002. * Software copyrighted by Samuel Krempp, (C) 2001. See http://www.boost.org for updates, documentation, and revision history. * Software copyrighted by Doug Gregor ([email protected]), (C) 2001, 2002. * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000. * Software copyrighted by Jens Maurer, (C) 2000, 2001. * Software copyrighted by Jaakko Järvi ([email protected]), (C) 1999, 2000. * Software copyrighted by Ronald Garcia, (C) 2002. * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001. * Software copyrighted by Stephen Cleary ([email protected]), (C) 2000. * Software copyrighted by Housemarque Oy <http://www.housemarque.com>, (C) 2001. * Software copyrighted by Paul Moore, (C) 1999. * Software copyrighted by Dr. John Maddock, (C) 1998-2002. * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999. * Software copyrighted by Peter Dimov, (C) 2001, 2002. * Software copyrighted by Jeremy Siek and John R. Bandela, (C) 2001. * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002. * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992. * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003. * Software copyrighted by Sparta, Inc., (C) 2003-2004. * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004. * Software copyrighted by Simon Josefsson, (C) 2003. * Software copyrighted by Thomas Jacob, (C) 2003-2004. * Software copyrighted by Advanced Software Engineering Limited, (C) 2004. * Software copyrighted by Todd C. Miller, (C) 1998. * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.

(3)

comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion Prevention System (IPS) and Network Threat Behavior Analysis (NTBA) for mission-critical enterprise, carrier, and service provider networks, while providing unmatched protection against spyware and known, zero-day, and encrypted attacks.

McAfee Network Threat Behavior Analysis Appliance provides the capability of monitoring network traffic by analyzing NetFlow information flowing through the network in real time, thus complementing the NAC and IPS capabilities in a scenario in which McAfee Network Security Sensor, NAC Sensor, and NTBA Appliance are installed and managed through a single Manager.

About this guide

This guide explains how to complete the following tasks for configuring McAfee®

Network Security Manager:

• Specifying server functions for Manager Summary details, Internet connectivity, and mail notification.

• Installing the required licenses.

• Connecting to the McAfee®_{Network Security Update Server to obtain software}

updates and company notices. • Preparing for disaster recovery.

• Backing up, restoring, and archiving data. • Tuning and maintaining the database. For information about configuring McAfee®

Network Security Sensors, see the Device

Configuration Guide and/or CLI Guide.

Audience

This guide is intended for use by network technicians and maintenance personnel responsible for installing, configuring, and maintaining McAfee Network Security Manager(Manager) and McAfee Network Security Sensors (Sensors), but is not

necessarily familiar with NAC or IPS-related tasks, the relationship between tasks, or the commands necessary to perform particular tasks.

(6)

McAfee® Network Security Platform 6.0 Preface

Conventions used in this guide

This document uses the following typographical conventions:

Convention Example

Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in Arial Narrow bold font.

The Service field on the Properties tab specifies the name of the requested service.

Menu or action group selections are indicated using a right angle bracket.

Select My Company > Admin Domain > Summary. Procedures are presented as a series of

numbered steps.

1. On the Configuration tab, click Backup.

Names of keys on the keyboard are denoted using UPPER CASE.

Press ENTER.

Text such as syntax, key words, and values that you must type exactly are denoted using Courier New font.

Type: setup and then press ENTER.

Variable information that you must type based on your specific situation or environment is shown in italics.

Type: Sensor-IP-address and then press ENTER.

Parameters that you must supply are shown enclosed in angle brackets.

set Sensor ip <A.B.C.D>

Information that you must read before beginning a procedure or that alerts you to negative consequences of certain actions, such as loss of data is denoted using this notation.

Caution:

Information that you must read to prevent injury, accidents from contact with electricity, or other serious consequences is denoted using this notation.

Warning:

Notes that provide related, but non-critical, information are denoted using this notation.

Note:

Contacting Technical Support

If you have any questions, contact McAfee for assistance:

Online

Contact McAfee Technical Support http://mysupport.mcafee.com.

Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee's 24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the online case submit, software downloads, and signature updates.

Phone

Technical Support is available 7:00 A.M. to 5:00 P.M. PST Monday-Friday. Extended 24x7 Technical Support is available for customers with Gold or Platinum service contracts. Global phone contact numbers can be found at McAfee Contact Information

http://www.mcafee.com/us/about/contact/index.html page.

Note: McAfee requires that you provide your GRANT ID and the serial number of

your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission.

(9)

C

H A P T E R

1 About the Manager resource node

This section describes how to configure system-level settings, including system backups, signature and software updates, and user-defined signatures. These settings are located under the node representing the McAfee®_{Network Security Manager server. The Manager}

node is located under the root admin domain node and cannot be moved or renamed. For navigation purposes, the Manager node is denoted in configuration steps as Manager >.

Figure 1: Manager node

The Manager node tabs are:

• Specifying server functions for Manager (on page 2): provides the McAfee Network Security Manager (Manager) functions like viewing the Manager details, mail server notification details, automatically acknowledge alerts, setting audit log parameters, and uploading banner image.

• Obtaining updates from the Update Server (on page 16): enables you to configure communication between the Manager and the McAfee®_{Network Security Update}

Server. Some of the actions include establishing the communication channel, scheduling downloads of the latest software and signature updates, and downloading updates.

• Installing Network Security Platform license files (on page 7): provides information on the licenses in your deployment and how to change your license file.

• Preparing for Manager Disaster Recovery (MDR) (on page 24): enables you to have a standby Manager available in cases where the primary Manager fails.

• Establishing communication with Central Manager (on page 34): enables you to configure Manager with the McAfee®

Network Security Central Manager, view and manage McAfee Network Security Central Manager (Central Manager) details by establishing a trust between the Manager and Central Manager.

• Backing up and restoring data (on page 44): enables you to back up your McAfee®

Network Security Platform [formerly McAfee®

IntruShield®

Network Intrusion Prevention System] data on-demand or by a set schedule.

• Archiving data: enable you to save alerts and packet logs from the database on-demand or by a set schedule.

• Tuning your Manager database (on page 40): enables you to schedule or initiate tuning of your MySQL database.

• Maintaining your database (on page 49): enables you to set a schedule for file maintenance, view disk metrics, manage database disk space, and clear the Manager cache.

• Configuring authentication: (on page 64) enables you to view details of authentication of Manager with multiple LDAP and RADIUS servers.

• Configuring Access Control for specific hosts/networks (on page 70): allows you configure access to specific hosts by defining lists of authorized hosts/networks.

(10)

C

H A P T E R

2 Specifying server functions for Manager

The Manager tab provides the following server configuration functions:

Figure 2: Manager Summary Path

• Viewing Manager Summary: (on page 2) View session information, up time, and current the Manager software version.

• Specifying an e-mail server for notifications: (on page 3) Configure the Manager to point to a mail server for sending out e-mail or pager security notifications. • Auto Acknowledge alerts : Configure the Manager to acknowledge new alerts

automatically.

• Setting Audit Log parameters: (on page 4) Determine what information to display in relation to a user activity audit.

• Logon Banner: (on page 5) Upload your company logo and customized text on the Manager login page.

Viewing Manager Summary

The Summary action (My company / Manager or Central Manager > Manager or Central Manager > Summary enables you to view the following details:

(Note that the Summary page from the Manager or Central Manager displays similar functions, as given below).

• Manager Software Version: current Manager software version • Active Signature Set: current signature version available in Manager • Last Start Time: the most recent time Manager service was started

• Host Name ( IP Address ): host name and network identification of the Manager server (if host name is not available, only the IP is displayed)

• License Expiration: date and time when the license will expire • Logged In Users: all currently open user session information by:

• User Name

• Host Name (IP Address) • Login Time

(11)

McAfee® Network Security Platform 6.0 Specifying server functions for Manager

Figure 3: Manager Information Page

Specifying an E-mail server for notifications

Using the E-mail Server action, you can configure Manager (or Central Manager) to point to an e-mail server for sending out system e-mails. For example, these e-mails can be security notifications that have been prioritized by selecting E-mail or Pager. Using this action, you can also specify the from address for the system e-mails.

To configure a mail server for notifications, do the following:

1 Select Manager (or Central Manager) > Manager (or Central Manager) > Mail Server.

Figure 4: Mail Server Configuration

2 Provide the following information:

Enable E-mail Forwarding?: Select Yes to allow notifications to be sent to an e-mail server, or select No to disable notifications to the e-mail server.

SMTP Server Name or IP Address: IP address or name of the e-mail server. Note that either IPv4 or IPv6 address can be entered in SMTP Server Name or IP Address. Sender E-mail Address: e-mail address from where messages are sent.

Mail Authentication Enabled: Select Yes to allow authentication of login credentials, or No for no authentication of login credentials.

Login Name: of the “From:” account Password: of the “From:” account

(12)

3 Click Save to save the changes made.

Configuring Global Auto Acknowledgement

To configure auto-acknowledgement using the Global Auto Acknowledgment feature:

1 Navigate to Manager > Manager > Global Auto Acknowledgement.

Figure 5: Global Auto Acknowledgement Setting

2 Select the option Yes to enable Global Auto Acknowledgement.

This is enabled by default for a fresh install of Network Security Platform.

3 Specify the Highest Severity Alert of the attacks that you want to be auto acknowledged.

For example, if you specify 2 (Low) then Manager will consider all attacks with a severity level of 2 or less. The default value is 3 (Low).

4 Specify whether you want to auto acknowledge attacks that are recommended by McAfee for blocking (RFB). The default selection is 'No'.

5 Click Save to save the changes you made.

Setting Audit Log parameters

Setting audit log parameters enables you to determine what information to display in relation to a user’s activities. You can choose whether or not to view actions performed on admin domains and users (creation, editing, role assignment), the Manager (backups, Update Server settings), McAfee®

Network Security Sensor (addition, port configuration), and so forth. By disabling any of the categories, you will not see user actions in regard to those resources.

Note: For more information on viewing a user activity audit, see Generating a User

Activities Audit, Administrative Domain Configuration Guide. To choose user audit parameters, do the following:

(13)

1 Select Manager (or Central Manager) > Manager (or Central Manager) > Audit Log Setting.

Figure 6: Audit Log Settings

Following Audit Log categories are displayed as per the Manager modes.

IPS Mode NAC mode IPS with NAC mode

Admin Domain User Manager Sensor IPS Policy Report Update Server Operational Status Threat Analyzer NTBA Admin Domain User Manager Sensor Report Update Server Operational Status Threat Analyzer NAC Admin Domain User Manager Sensor IPS Policy Report Update Server Operational Status Threat Analyzer NAC NTBA NTBA

2 Select the categories you want to enable.

3 Click Save to save the changes you made.

Adding a Manager Logon Banner

The logon banner option enables you to upload your company logo (or any other relevant image) and customized text on the Manager logon page.

The size of the banner image must be 100x35 pixels and only .jpeg and .png files are supported. Banner image of different sizes will be resized to 100x35.

(14)

1 Select Manager (or Central Manager) > Manager (or Central Manager) > Logon Banner.

Figure 7: Manager Logon Banner

2 Provide the following information:

Enable: Select Yes to allow the logon banner to be displayed and select No not to display the logon banner.

Banner Text : Type the required text to be displayed.

Image File: Browse to select the banner image that you want to upload.

(15)

C

H A P T E R

3 Managing Licenses

Network Security Platform requires installation of license files for McAfee Network Security Manager (Manager) and Network Security Sensors and/or Network Threat Behavior Analysis Appliances to work in your deployment.

Network Security Manager license types

The Manager consists of hardware and software resources that are used to configure and manage your Network Security Platform deployment.

There are three software versions of the Manager:

• Network Security Global Manager—best suited for global IPS deployments of more than six Sensors.

• Network Security Manager—can support large or distributed deployments of up to six Sensors.

• Network Security Manager Starter—can support two Sensors.

Functionally, the products are otherwise identical. The license file provided to you by McAfee determines which version of the Manager you install.

Installing the Manager license

The Manager software license file identifies which version of Network Security Platform you purchased, and is required for the Manager software to function.

Figure 8: The Licenses tab

When you purchased the product, you—the customer contact identified on the Ship To: of the purchase order—were sent the software license file in an e-mail. The license file must be installed in the “config” folder of your Network Security Manager \ App folder.

License file installation for the Manager and Central Manager

1 Retrieve the file from your e-mail.

There are separate license files for the Manager and Central Manager: "MNSMLicense.jar." for the Manager installation

(16)

McAfee® Network Security Platform 6.0 Managing Licenses

2 Place the license file in the “config” folder within your Network Security Manager installation folder (for example, C:\ Program Files\ McAfee \ Network Security Manager\ App \ config).

Note: Having trouble finding the file? Clear the Windows Explorer option Tools >

Folder Options > View > Hide File Extensions for Known File Types and look for the file name described above.

Changing the Manager license

If you upgrade from a temporary license to a specific Manager license type, or if you upgrade from Network Security Manager to Network Security Global Manager, you must perform the license installation procedure.

You can change the license file during a Manager session. If you have a Manager session open, you do not need to log out to install the new license.

To change the license file during a Manager session, do the following:

1 Go to Manager > Licenses > Network Security Manager.

Figure 9: Import License Action

2 Click Import to bring up the Import Network Security Manager License File dialog.

Figure 10: Import Manager License Dialog

3 Click Browse to browse and select the appropriate license for the Manager server. Click Import to import the license file.

The new license overwrites the existing license and takes effect immediately.

Error raised if incorrect license file is selected for import

(17)

Error Description/Cause

Action failed Imported file was not of a valid extension.

An existing license file can be exported and saved in a desired location in an eventuality where the license file needs to be imported again.

To export the license file during a Manager session, do the following:

1 Go to Manager > Licenses > Network Security Manager. 2 Click Export to bring up the File Download dialog.

Figure 11: Manager License File Download Dialog

3 Click Save to open the Save As dialog.

Figure 12: Save As Dialog For Saving License File

4 Save the license file in the selected location.

(18)

Device license types

Your Sensor or NTBA Appliance license file identifies which Network Security Platform device you purchased as well as the serial number.

Network Security Platform device license types can be broadly categorized as: • Default IPS license

• Grace license • Native license • Add-on license

Default IPS license

When you add an I-series Sensor to the Manager, upon discovery, the Manager provides a default IPS license to the Sensor. This license is based on the serial number and automatically binds to the Manager.

This license is not applicable to M-series and N-series Sensors, and NTBA Appliances.

Grace license

When you add a new M-series or N-series Sensor, or an NTBA Appliance to the Manager, upon discovery, the Manager provides a grace license to enable the native functionality on the device for a period of 30 days.

Native functionality refers to the default functionality that is activated on the device. Refer the table below for the native functionality supported based on the device family:

Device Family Native Functionality

M-series Sensors IPS

N-series Sensors NAC

NTBA Appliances NTBA

This license is not applicable for I-series Sensors.

The grace license is based on the serial number and automatically binds to the device.

Native License

When you purchase a new M-series or N-series Sensor or an NTBA Appliance, McAfee sends you a license file by email. You can import this license file into the Manager to enable the native functionality on the device. The native license is based on the serial number, and automatically binds to the device.

Add-on license

To enable the NAC functionality on your M-series Sensor, you need to purchase an Add-on license. CAdd-ontact McAfee Sales for the same. Once your order is processed, McAfee will send you a license file by email.

(19)

Note: The Add-on license is not applicable to I-series and N-series Sensors, and

NTBA Appliances.

Add-on licenses have a unique license key. You need to manually import and bind the add-on license to the Sensor. For more information, see Importing a Device License (on page 11).

License usage when creating a Sensor failover pair

If you plan to configure a Sensor failover pair, both the Primary and the Secondary Sensor should have a license file each of the same functionality. For example, if you have both IPS and NAC functionality enabled in your deployment, the Manager allows failover pair creation between Sensors where the license type for both the Sensors are either IPS only license, NAC only license, or IPS and NAC license.

Importing a Device License

After adding a physical device (Sensor or NTBA Appliance) to the Manager, you need to associate a license with the device. For this, you can import a license to the Manager, and then the Manager automatically binds the license to the device. You can also manually assign a license to the device.

The Manager mode functionalities (IPS, NAC and NAC with IPS) are dependent on the type of device license imported to the Manager.

Importing a Device License

1 Retrieve the file from e-mail.

To enable the NAC mode on M-series Sensors, you need an Add-on license. Contact McAfee support (with your device serial numbers) to obtain the Add-on license file.

Note: The IPS mode is enabled by default in the Manager.

2 Go to Manager > Licenses > Devices. The Device Licenses page is displayed.

(20)

3 To import a Device license, click Import to view the Import License File dialog.

Figure 14: Import Sensor License File Dialog

4 Click Browse to browse and select the appropriate license for the device file (.jar format) received from McAfee. Click Import to import the license file.

After a successful import, these licenses are stored in “<Network Security Manager install directory>\App\LICENSES\SensorLicense”.

5 If the license has a serial number, the Manager automatically binds the license with the matching device model added to the Manager.

Error raised if incorrect license file is selected for import

The following error is raised if an incorrect license file is selected for import.

Action failed <File Name> could not be processed by the Manager.

Change in License due to purchase of additional functionality

If you upgrade from a temporary license or if you opt to upgrade your device to use additional functionality for example, from IPS to IPS and NAC, you need to change the device license by importing a new device license that can overwrite the existing one. This can be done through the Manager during a Manager session. You do not have to log out of an open Manager session to install the new license.

Manually assigning a device license

Manual assignment of a device license is applicable to add-on license files alone. Add-on licenses have a unique license key. Once imported in the Manager, the license file can be manually assigned to the matching M-series Sensor model.

Add-on licenses are applicable only to activating the NAC feature on M-series Sensors along with IPS.

You can also revoke the manual binding of add-on licenses. To manually assign an add-on license:

1 In the Device Licenses page, select Manual Assignment.

(21)

2 Select a license from the drop down.

Devices matching the selected Sensor license model are displayed.

3 Select the required device, and click Assign.

The license is assigned to the selected device, and displayed in the Device Licenses page.

Figure 16: DeviceLicense Import

4 Here, you can unbind the manual assignment of device license.

For this, select the device from Current License Assignments and click Revoke.

Note: Only device licenses that are manually assigned can be revoked.

Device licenses validity period

Refer the table below to identify the validity period for the various license types.

License Type Applicable to: License Validity Period

Default IPS License I-series Sensors up to year 2035.

Grace License M-series and N-450

Sensors, NTBA Appliances

30 days.

Native License M-series and N-450 Sensors, NTBA Appliances

As indicated in the associated Grant and must be renewed periodically.

Add-on License M-series Sensors for enabling the NAC functionality

As indicated in the associated Grant and must be renewed periodically.

(22)

Support Expiration date for Device License

The support expiration dates for Sensor licenses are displayed under the Support Expiration Date column of the Device Licenses page.

Figure 17: Support Expiration Date Information

Manager faults for license expiry

The Manager raises separate faults for license support expiry and license expiry: • Faults indicates that the license (or license support) will expire soon are raised 90

days, 60 days, and 30 days before the respective expiry date.

• Faults which indicate that the license (or license support) has expired are raised daily after the respective expiry date.

If you have both IPS and NAC functionality enabled on your Sensor, then the Manager raises separate faults for the IPS and NAC license support expiry and license expiry.

Error raised during signature set push in case device license has expired

You are allowed to push signature files to the device. After the expiry of the device licenses, the Manager still allows you to push the signature files to the device. A fault will be raised for your license renewal.

The following error is raised during signature set push in case device license has expired.

License expired Indicates that your device license has expired; No license available for the device.

Device license renewal process

Contact [email protected] for any license file related queries. Provide your active Grant-ID along with contact details for a faster response.

Viewing licenses in your deployment

The Manager provides a read-only view of the Manager and device licenses in your deployment, including unused licenses under Manager > Licenses > Summary.

(23)

Figure 18: Sensor Summary Page

Field Description

License Type (Maximum Supported Devices)

The type of Network Security Manager license.

Total Devices in Use The IPS module is enabled by default.

Expired Licenses Devices that do not have a current license are listed. The Manager allows downloading new signature sets to these devices. Faults are raised to notify for your license renewal.

Unassigned Licenses Unassigned licenses will be automatically assigned once the device with the corresponding serial number is added to the Manager.

(24)

C

H A P T E R

4 Obtaining updates from the Update Server

The Update Server tab contains several actions for configuring communication between the McAfee®_{Network Security Manager (Manager), McAfee}®_{Network Security Sensor}

(Sensor), McAfee®

Network Threat Behavior Analysis Appliance (NTBA Appliance) and the McAfee®_{Network Security Update Server (Update Server). These actions include}

establishing the communication channel, scheduling downloads of the latest software and signature updates, and downloading updates when they become available.

Figure 19: The Update Server Tab

Note 1: You can only perform one download/upload at a time from any Network

Security Platform component, including the Update Server.

Note 2: Before you can perform on-demand and automated downloading actions,

you must authenticate your credentials with the Update Server. You are not required to enter an IP address or hostname for contacting the Update Server; contact information is hardcoded into the Manager. You only need to supply your credentials using the Authentication action. McAfee provides your authentication credentials by e-mail.

• Downloading software updates (on page 17): Download the latest McAfee®

Network Security Sensor (Sensor) or McAfee Network Threat Behavior Analysis Appliance (NTBA Appliance) software image file from the Update Server to the Manager. • Downloading signature set updates (on page 17): Download the latest attack and

signature information from the Update Server to the Manager.

• Automating updates (on page 19): Configure the frequency by which the Manager checks the Update Server for updates, and the frequency by which Sensors and NTBA Appliances receive signature updates from the Manager.

• Manually importing a Sensor and NTBA Appliance image or signature set (on page 21): Manually import downloaded Sensor or NTBA Appliance software image and signature files to the Manager.

• Specifying the Update Server authentication (on page 22): Establish communication between the Manager and the Update Server.

• Specifying a proxy server for Internet connectivity: (on page 23) Configure the McAfee®_{Network Security Manager (Manager) to use a proxy server to connect to the}

McAfee®

(25)

McAfee® Network Security Platform 6.0 Obtaining updates from the Update Server

Downloading software updates

You can download available Sensor software (including NTBA Appliance) updates on-demand from the Update Server. If more than one version is available, select the most recent version (that with the highest version number).

Automation enables the Manager to check the Update Server for software updates on a periodic basis. For more information on Automation configuration, see Automating updates (on page 19).

To download available software updates to the Manager, do the following:

1 Select Manager > Update Server > Software. There are two tables on this screen:

Software available for download: current software versions available on the Update Server.

Software on the Manager: the software versions that have been downloaded to the Manager.

Figure 20: Sensor Software Details Page

2 Select the required software update from the “Software Available for Download” column of the Software table.

Note: Click a version listed in the “Software Available for Download” column to view

details of the software update.

3 Click Download to download the software updates.

Note: The following options are available for Sensor:

Update all Sensors under the Sensors node; for more information, see Updating the

Configuration of all Sensors, Device Configuration Guide.

Update a single Sensor; for more information, see Updating the software on a

Sensor, Device Configuration Guide.

Downloading signature set updates

The Signature Sets action enables you to download available attack signature updates on-demand from the Update Server to the Manager server. You can then push the signature download onto your Sensors or NTBA Appliance.

(26)

Note that Signature Sets feature is available in Network Security Central Manager (Central Manager) in the path / My Company / Central Manager > Update Server > Signature Sets.

Tip: Because incremental emergency signature sets can be downloaded along with regular signature sets, you no longer need to use custom attack definitions feature to import late-breaking attacks.

The Signature Sets action not only allows you to import regular signature sets, but also incremental emergency signature sets that include attack signatures not yet available in regular signature sets. Incremental emergency signature sets are meant to address late-breaking attacks that may need to be addressed immediately. Emergency signature sets are non-cumulative and can only add new signatures, so they do not contain a full set of signatures. To ensure that you have a complete set of signatures, Network Security Platform checks to see if a required regular signature set is missing and downloads it prior to downloading the related emergency signature set.

Note: You must use the Signature Sets or Automation action in order for Network Security Platform to automatically download a required regular signature set prior to downloading an emergency signature set. You will receive an error if you try to import an emergency signature set via the Import action.

When a signature file, or version, is downloaded, the version is listed in the Signature Sets action configuration table as the Active Manager Signature Set. Signatures files are not applied to the Manager, rather, the current version is the version that is pushed to the Sensor(s) or NTBA Appliance when you are ready to update your Sensor’s or NTBA Appliance's signature set.

Setting a schedule enables the Manager to check the Update Server for signature updates on a periodic basis, download the available updates, and push these updates to your Sensors or NTBA Appliances without your intervention. For more information on Scheduler

configuration, see Automating updates (on page 19).

To download the latest signatures to the Manager, do the following:

1 Select Manager > Update Server > Signature Sets.

Figure 21: Download Signatures Configuration

2 View the Active Manager Signature Set: Version n. This is the version that is currently

available for your Sensors or NTBA Appliances to download. This signature set is kept in a queue for download to your Sensors or NTBA Appliances. You can only have one version in the queue for download.

3 Select the signature update you want from Signature Sets Available For Download. You can click a version number to view update details.

Note 1: If you have downloaded the latest version, a default message reads,

“No new signature sets available. The Manager has the most recent signature set.”

(27)

Note 2: Click view all to display all the signature updates available on the Update

Server. These are signatures you have already downloaded or upgraded to a new version.

4 Click Download.

A status window opens to verify signature download progress. The Download button only appears when there is a new version to download.

Note: When the download is complete, you can update the Sensor signature set by

performing one of the following actions:

To download the signature set to all Sensors; for more information, see Updating the

Configuration of all Sensors, Device Configuration Guide

To download the signature set to a single Sensor; for more information, see

Updating the software on a Sensor, Device Configuration Guide

Automating updates

McAfee is constantly researching security issues and developing new signatures to provide the best protection available. New signatures are constantly being

modified/developed to respond to the most current attacks, and software updates are developed to continually improve Sensor and NTBA Appliance performance. These enhancements are made available on a regular basis via the Update Server.

Update availability is not confined to a set day and time; rather, updates are provided when they are developed, enabling you to have the latest improvements as soon as they are ready. The Automation feature enables you to configure the frequency by which the Manager (or Central Manager) checks the Update Server for updates. At your automated time, the Manager polls the Update Server; if an update is available that is newer than the signature set or Sensor and NTBA Appliance software versions on your Manager, that update is downloaded to the Manager. You can check what has been downloaded at the Software and Signature Sets option.

Note: The Automation feature is available in the Network Security Central Manager

(Central Manager) in the path / My Company / Central Manager > Update Server > Automation. After downloading a signature set update, you can configure your Manager to push the update to all of your Sensors or NTBA Appliances either immediately or by automation. Since signature sets can be updated to Sensors and NTBA Appliances in real time without shutdown, this scheduling feature enables you to quickly propagate the latest signature set across your Sensors and NTBA Appliances.

The Automation action combines two actions for update scheduling:

• Automating signature set downloads from the Update Server (on page 20):Configure a schedule by which Manager polls the Update Server for available signature set updates.

• Automatically deploy new signature sets to your devices (on page 20):Enable either automatic or scheduled downloading of the most recently downloaded signature set to your Sensors.

(28)

Automating signature set downloads from the Update Server

In the Update Server Automation, you schedule the Manager to poll the Update Server for signature downloads on a periodic basis. Once your polling schedule is set, you can use the Signatures action to check what signature updates have been downloaded to your Manager and thus available for download to your Sensors and NTBA Appliances.

Note: If your Manager does not have a connection to the Internet, then you do not

need to set the automation. Rather, you would use your Network Security Platform Support account to download the latest updates from the Update Server. For more information, see Updating your Signatures and Software, Network Security Platform

Quick Tour.

To configure an Update Server signature set downloads, do the following:

1 Select Manager > Update Server > Automation.

Figure 22: Signature Set Download Scheduler

2 Select Yes to enable automation. No is selected by default.

Note: Select No and click Apply at any time to disable the polling automation.

3 Select the Schedule frequency by which you want the Manager to poll the Update Server. The polling choices are:

Frequently: Several times a day during a specified time period Daily: once a day

Weekly: once a week

4 Fill in the Start Time:, End Time:, and Recur every fields to your desired interval. Your

selected Automatic Downloading frequency choice affects these fields.

5 Click Save when done.

Once enabled, the Manager will download signature sets from the Update Server against your set automation.

Automatically deploy new signature sets to your devices

From the Update Server Automation, you can automate signature file updating for all of your Sensors and NTBA Appliances. This means you can have all of your Sensors and NTBA Appliances updated:

1) As soon as signature updates are downloaded to the Manager from the Update Server (real-time)

(29)

3) By both a real-time setting and a scheduled time in an effort to reinforce immediate updating with a scheduled check to make sure the latest update is loaded to your Sensors.

Note1: Setting both options enables the system to check update availability for

cases where the real-time updating may have missed an update.

Note2: If you are going to use automated updating, McAfee recommends a

scheduled time rather than real time for signature updating in case of slower performance experienced during signature file download. You can schedule a time when you know your network sees a lesser amount of traffic.

To automatically deploy new signature sets to your Sensors, do the following:

1 Select Manager > Update Server > Automation.

Figure 23: Sensor Update Scheduler

2 In the Automatic Deployment, click Yes at Deploy in Real-time to have the Manager push signature sets update to all Sensors and NTBA Appliances immediately after it is downloaded to the Manager. No is the default. To turn off the Deploy in Real-time at any time after enabling it, return to this page, select No, and click Save.

AND/OR

Click Yes at Deploy at Scheduled Interval to apply a schedule for downloading signature updates from the Manager to the Sensors. No is the default. To turn off the Deploy at Scheduled Interval at any time after enabling it, return to this page, select No, and click Save.

3 Select the Schedule: frequency by which you want the Manager to check for a newly downloaded signature set. The polling choices are:

Frequently: Several times a day during a specified time period at interval indicated in the Recur every option.

Daily: once a day Weekly: once a week

4 Fill in the Start Time, End Time, and Recur every fields to desired interval specifications. Your selected Automation frequency choice affects these fields.

5 Click Save to save your changes.

Manually importing a software image or signature set

The Manual Import action enables manual loading of the latest Sensor and NTBA Appliance software and signature files to the Manager (or Central Manager) from another

workstation. This method is particularly useful if the Manager server is in a lab or secure environment and you do not want to compromise that environment by an Internet

(30)

connection. This is crucial for administrators who do not want to connect their Manager to the Update Server via the Internet.

McAfee provides an alternate FTP server that contains the latest updates. You can download the update you need from the FTP location to a client machine. Once the image file is downloaded to the alternate machine, you configure Manager to pull the file from the client to the Manager server using the Import action.

To import software/signature files to your Manager (or Central Manager), do the following:

1 Select Manager (or Central Manager) > Update Server > Manual Import.

Figure 24: Import Signature Set From File

2 Click Browse to locate the Sensor or NTBA Appliance software or Signature set file, or type the file’s absolute path name on your network.

3 Click Import.

Note: The Sensor needs to be rebooted after manual import. For more information

on rebooting the Sensor, see Device Configuration Guide. The guide also mentions about alert and packet log interruptions.

Specifying the Update Server authentication

The Authentication action authenticates communication between your Manager (or Central Manager) and the Update Server. This connection establishes all future communication for downloading new signature sets and Sensor or NTBA Appliance software files from the Update Server onto the Manager. Once you enter your credentials (ID and password given to you by McAfee), the Manager attempts to contact the Update Server via hardcoded communication settings.

Note: You are not required to enter an IP address or hostname to reach the Update

Server. You only need to submit your credentials, the Manager then attempts the connection with the hardcoded settings. You cannot change these settings.

To establish the Manager (or Central Manager) communication with the Update Server, do the following:

1 Select Manager (or Central Manager) > Update Server > Authentication.

Figure 25: Update Server Credentials Page

2 Enter the Grant Number and Password.

(31)

4 Click Delete to delete the credentials.

Note: If no congratulatory note is returned, re-enter your credentials. If you feel

you have entered the values correctly, check the User Activity Audit Log (For more information, see Generating a User Activities Audit, Administrative Domain

Configuration Guide) action to confirm success or failure. If the Password is incorrect or if you did not receive them via e-mail from McAfee, please contact McAfee Customer Support.

Once communication is successful, you can use the Software, Signature Sets, Automation, Manual Imports, and Proxy Server actions.

Specifying a proxy server for Internet connectivity

If you employ a proxy server for Internet connectivity, you can configure the Manager to connect to that server for proxy service. This is especially necessary if you want to download updates directly to Manager from the Update Server.

The Manager supports application-level HTTP/HTTPS proxies, such as Squid, iPlanet, Microsoft Proxy Server, and Microsoft ISA.

Note 1: To use Microsoft ISA, you must configure this proxy server with basic

authentication. Network Security Platform does not support Microsoft ISA during NTLM (Microsoft LAN Manager) authentication.

Note 2: SOCKS, a network-level proxy, is not currently supported by Network

Security Platform.

To specify your proxy server, do the following:

1 Select Manager (or Central Manager) > Update Server > Proxy Server. The Proxy Server window

displays.

Figure 26: Proxy Server Settings

2 Type the Proxy Server Name or IP Address. This can be either IPv4 or IPv6 address.

3 Type the Proxy Port of your proxy server.

4 Type User Name and Password.

5 Provide the appropriate URL. You may test to ensure that the connection works by entering a Test URL and clicking Test Connection.

6 Click Save to save your settings.

When the Manager makes a successful connection, it displays a message indicating that the proxy server settings are valid.

(32)

C

H A P T E R

5 Preparing for Manager Disaster Recovery (MDR)

The MDR tab actions enable you to have a standby McAfee®

Network Security Manager (Manager) available in cases where the primary Manager fails.

Figure 27: The MDR Tab

Manager Disaster Recovery (MDR) feature is available for deployments where the following conditions are met:

• Two Managers (called Primary and Secondary) are available. The Primary is in active mode and the secondary in standby mode.

• The Primary and Secondary use the same Manager software release version. Manager version of both primary and secondary manager needs to be similar for the creation of MDR pair.

• The Primary and Secondary Managers share the same database structure. The Primary and Secondary Managers can be located in the same Network Operations Center (NOC) or in geographically diverse locations, as long as they can communicate via SSL through TCP port 443. Managers can also be on different hardware.

If the Primary and Secondary Managers are located in different geographical regions, then there needs to be time synchronization between the two Managers keeping the

Coordinated Universal Time (UTC) as the standard time.

Let's say, one Manager is in California (UTC - 8 hours), and the other Manager is in New York (UTC - 5 hours). The MDR setup will work in this scenario as long as the time set in both the Managers are in sync with each other. That is, at 09:00 UTC hours, if the Manager in California shows 01:00 hours local time, and the Manager in New York shows 04:00 hours local time, MDR will work.

Note that McAfee®_{Network Security Sensor (Sensor) does not have a built-in clock. It gets}

UTC time from the Manager.

Note: When upgrading the Primary and Secondary Managers, first suspend MDR.

Otherwise, MDR may malfunction. Once MDR is suspended, upgrade the

Secondary Manager, and then upgrade the Primary Manager. Once both Managers are upgraded, resume MDR.

Sensors communicate directly only with the Primary Manager. The Secondary Manager becomes active only when a majority of Sensors fail to reach the primary or when a manual switchover to the Secondary is performed.

The Secondary Manager receives configuration information from the Primary on a regular basis.

(33)

McAfee® Network Security Platform 6.0 Preparing for Manager Disaster Recovery (MDR)

Note 1: Alert and packet log information is not sent to the Secondary Manager on a

regular basis.

Note 2: Custom roles created on the primary Manager are not copied onto the

Secondary Manager. The roles have to be manually created on the Secondary Manager.

MDR failover is not stateful. All “in-flight” transactions are lost during the failover process. For example, if the Primary Manager crashes after receiving an alert from a Sensor, but before writing it to the database, the alert is lost. However, if the Primary crashes before fully receiving the alert, the Sensor Manager buffers the alert and eventually forwards it to the Secondary Manager.

When the standby becomes the active Manager, it will have a clean Threat Analyzer. Manager will still have mechanisms for automating all tables back-ups. There is a manual switch-back mechanism.

After switch-back, alert and packet log data is copied from Secondary Manager to Primary Manager. This data can be viewed in the Historical Threat Analyzer. For more information, see Historical Threat Analyzer, System Status Monitoring Guide.

MDR communication

The MDR architecture incorporates Sensor to Manager communication and Manager to Manager communication.

A Sensor connected to an MDR pair maintains communication with both Managers at all times. The primary Manager synchronizes data with the secondary Manager every 15 minutes. However, the primary and secondary Managers receive system events from a Sensor independently, and store the events also independently. If the Sensor has trouble communicating with the primary Manager, it will send a system event to the secondary Manager about the communication error between it and the primary Manager.

Sensor to Manager communication

Sensors in Network Security Platform are MDR aware. When Sensors first establish trust with Manager, they query Manager to find out if the Manager is part of an MDR pair. The Manager responds and, if it is part of an MDR pair, includes its current status (active or standby) and the IP of its peer Manager. The Sensor then establishes trust with the peer as well.

The Sensor sends alerts, packet logs to both the Managers. Real-time synchronization between the MDR pair ensures that the data present in the active mode is exactly mirrored in the standby. This ensures minimal loss of data if the active Manager goes down. Alerts and packet logs sent by the Sensor to the Manager can be viewed in the Threat Analyzer. In addition to alerts, faults and McAfee NAC host events are also synchronized between the Managers. You can view all hosts, alerts, and packet log data in the Threat Analyzer. In case one of the Managers goes down, then after it comes up, the other Manager will update the alerts and packet log data to the first Manager during synchronization.

(34)

Manager to Manager communication

Once each minute, the primary and secondary Managers exchange a “heartbeat” communication. This communication includes a byte of data specific to the health of Manager in question. Manager receiving the heartbeat concludes that its peer has failed under two scenarios:

• One of the Network Security Platform subsystems reports a failure.

• A heartbeat has not been received within the Downtime Before Switchover interval (configured using the Manage Pair Configuration action). For example, if the default interval is 5 minutes and the heartbeat is sent once a minute, the secondary takes control after five minutes of missed heartbeats.

If the secondary Manager becomes unavailable, the primary remains active and logs the failure. If the primary Manager becomes unavailable, the secondary logs the event and becomes active.

If both Managers are online but are unable to communicate with each other, the secondary Manager queries each Sensor and becomes active only if more than half the Sensors cannot communicate with the primary Manager.

Data synchronization between the primary and secondary Manager occurs every 15 minutes.

The MDR tab provides the following functions: • Viewing the current details of MDR (on page 26) • Configuring MDR (on page 27)

• MDR Actions (on page 31)

• Viewing MDR switchover history (on page 33)

Viewing the current details of MDR

The Manage Pair action enables you to view the current state of MDR functions including Primary Manager status, Secondary Manager status, and a summary of current MDR settings.

(35)

Configuring MDR

The Manage Pair action enables you to configure both the Primary and Secondary Managers used for MDR.

Initial MDR Configuration

First, you must configure MDR separately on both the Primary and Secondary Managers:

1 Select Manager > MDR > Manager Pair.

Note 1: Network Security Platform supports a maximum of three IP addresses

during MDR configuration.

Note 2: Network Security Platform assumes that all the IP addresses are bound

to the same host name.

Note 3: Manager supports one public IPv6 address per NIC. This means that

there should be only one IPv6 address for the IPv6 stack supported by your operating system.

Figure 29: MDR Pair Creation Page

2 Fill in the following fields:

Role of this Manager: Select Primary to use this Manager as the active Manager, or Secondary to use this Manager as the standby.

Use Out-of-Band (OOB) Manager-to-Manager Communication?: Select

• Yes to use separate interfaces for Manager-Manager and Manager-Sensor communication.

• No to use the same interface for Manager-Manager and Manager-Sensor communication.

If you have selected Yes, then set the following:

• Peer IP for Manager-to-Manager Communication: Enter the IP address of the Peer Manager that you wish to use for Manager-Manager communication.

Note 1: These IP addresses are not reachable from the Sensors.

Note 2: If you set Out Of Band (OOB) Manager to Manager Communication to

Yes in the Primary Manager, then set this option as Yes in your Secondary Manager as well. A mismatch in this option setting between the Primary and Secondary Manager pair will result in an MDR configuration failure.

McAfee Network Security Platform

Manager Server Configuration Guide

McAfee

®

Network Protection

Industry-leading network security solutions

McAfee® Network Security Platform

Network Security Manager

version 6.0

Contents

Preface ... v

Chapter 1 About the Manager resource node ... 1

Chapter 2 Specifying server functions for Manager... 2

Chapter 3 Managing Licenses ... 7

Chapter 4 Obtaining updates from the Update Server ... 16

Chapter 5 Preparing for Manager Disaster Recovery (MDR)... 24

Chapter 7 Managing your Network Security Manager database... 38

Chapter 8 Configuring external authentication... 64

Chapter 9 Limiting Manager access... 70

Index ... 73

Preface

Introducing McAfee Network Security Platform

About this guide

Audience

Conventions used in this guide

Related documentation

Contacting Technical Support

Online

Phone

C

H A P T E R

1

About the Manager resource node

C

H A P T E R

2

Specifying server functions for Manager

Viewing Manager Summary

Specifying an E-mail server for notifications

Configuring Global Auto Acknowledgement

Setting Audit Log parameters

Adding a Manager Logon Banner

C

H A P T E R

3

Managing Licenses

Network Security Manager license types

Installing the Manager license

License file installation for the Manager and Central Manager

Changing the Manager license

Error raised if incorrect license file is selected for import

Device license types

Default IPS license

Grace license

Native License

Add-on license

License usage when creating a Sensor failover pair

Importing a Device License

Importing a Device License

Error raised if incorrect license file is selected for import

Change in License due to purchase of additional functionality

Manually assigning a device license

Device licenses validity period

Support Expiration date for Device License

Manager faults for license expiry

Error raised during signature set push in case device license has expired

Device license renewal process

Viewing licenses in your deployment

C

H A P T E R

4

Obtaining updates from the Update Server

Downloading software updates

Downloading signature set updates

Automating updates

Automating signature set downloads from the Update Server

Automatically deploy new signature sets to your devices

Manually importing a software image or signature set

Specifying the Update Server authentication

Specifying a proxy server for Internet connectivity