McAfee M3050 - Network Security Platform Guide d'installation

Special Topics Guide—Sensor High Availabilityrevision 1.0 McAfee® Network Protection Industry-leading network security solutions McAfee®

C HAPTER 2 Network Security Platform Failover Architecture McAfee® Network Security Platform was built with high availability in mind. In fact,

C HAPTER 3 Sensor Failover Implementation A typical McAfee® Network Security Platform failover implementation includes the following steps: •

C HAPTER 4 Understanding the current network topology Understanding the current network topology is essential for the proper planning of McAfee

McAfee® Network Security Platform 6.0 Understanding the current network topology A single path Some networks do not include much or any redundancy.

C HAPTER 5 Determining optimal Sensor location The previous section is mostly intended as a point of reference. The good news is that McAfee® N

McAfee® Network Security Platform 6.0 Determining optimal Sensor location The same basic rule applies to Network Security Platform failover. If the

McAfee® Network Security Platform 6.0 Determining optimal Sensor location Figure 2: Determining optimal sensor location - After The key is to ensur

McAfee® Network Security Platform 6.0 Determining optimal Sensor location Instead, consider the configuration in Figure “Stack” configuration for a

McAfee® Network Security Platform 6.0 Determining optimal Sensor location Preventing duplicate alerts To prevent the failover Pair from forwarding t

C HAPTER 6 Configuring the ports on each Sensor To function as a failover Pair, the two McAfee® Network Security Sensors (Sensors) must be the

COPYRIGHT Copyright ® 2001 - 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored i

McAfee® Network Security Platform 6.0 Configuring the ports on each Sensor If you choose to fail closed on an Ethernet port pair (not GBICs), the

McAfee® Network Security Platform 6.0 Configuring the ports on each Sensor bypass kit does not change to bypass mode. Instead, the port pair fails c

C HAPTER 7 How dongles work Dongles, included with all 10/100-port McAfee® Network Security Sensors (Sensors), are required when a 10/100 Senso

McAfee® Network Security Platform 6.0 How dongles work A group of mechanical relays actually resides between each port pair: Figure 6: Mechanical R

McAfee® Network Security Platform 6.0 How dongles work Again, the relays come into play when the Sensor is powered off: Figure 8: Mechanical Relay

McAfee® Network Security Platform 6.0 How dongles work The sole purpose of the dongles is to transpose the transmit signals from pins 4 and 5 (back)

C HAPTER 8 Physically installing the Sensors Installing McAfee® Network Security Sensors (Sensors) at this point may seem premature. After all,

McAfee® Network Security Platform 6.0 Physically installing the Sensors The “attack” looks as follows: Figure 13: FTP traversal “attack” The highli

McAfee® Network Security Platform 6.0 Physically installing the Sensors Figure 14: Show details of Specific attack If you are interested in HTTP te

McAfee® Network Security Platform 6.0 Physically installing the Sensors Reality check - Asymmetric routing In the case in which the network has two

Contents Preface ... v Introducing McAfee Net

C HAPTER 9 Defining the Network Security Platform Failover Pair Once McAfee® Network Security Sensors (Sensors) are known to be working indepen

McAfee® Network Security Platform 6.0 Defining the Network Security Platform Failover Pair Once complete, the display of the user interface will cha

McAfee® Network Security Platform 6.0 Defining the Network Security Platform Failover Pair It is very easy to see the details of the port status acr

C HAPTER 10 Cabling the heartbeat connection There is no standard heartbeat port across all McAfee® Network Security Sensor (Sensor) models. In

McAfee® Network Security Platform 6.0 Cabling the heartbeat connection GBIC cabling All Sensor models other than the I-1200 and I-1400 use a standar

McAfee® Network Security Platform 6.0 Cabling the heartbeat connection Important notes • The monitoring ports and failover ports use the same GBIC.

McAfee® Network Security Platform 6.0 Cabling the heartbeat connection The key to a successful fiber optic connection is to make sure the cable is c

McAfee® Network Security Platform 6.0 Cabling the heartbeat connection cable connector type is indeed RJ45 and the maximum distance is that of stand

C HAPTER 11 Verifying the failover configuration The final steps are to: • Confirm McAfee® Network Security Sensors (Sensors) are communicatin

McAfee® Network Security Platform 6.0 Verifying the failover configuration From within the CLI, you can instead run the command from either Sensor.

Confirming Sensor communication ... 30 Testing failover set

McAfee® Network Security Platform 6.0 Verifying the failover configuration 1 Cold start both Sensors. 2 Reconnect the cabling between them. 3 Rec

C HAPTER 12 Network Scenarios for Sensor High Availability In the below use-case scenarios, the term Active/Passive refers to network topology

McAfee® Network Security Platform 6.0 Network Scenarios for Sensor High Availability Solution: Each 4010 can scan up to 2 Gbps at any time -standalo

Index A active/active ...4 active/passive...

V verifying failover configuration... 24, 25 Virtual IP...1 Vi

Preface This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document i

McAfee® Network Security Platform 6.0 Preface Convention Example Names of keys on the keyboard are denoted using UPPER CASE. Press ENTER. Text such

McAfee® Network Security Platform 6.0 Preface • M-3050/M-4050 Quick Start Guide • M-6050 Sensor Product Guide • M-6050 Quick Start Guide • M-800

McAfee® Network Security Platform 6.0 Preface Phone Technical Support is available 7:00 A.M. to 5:00 P.M. PST Monday-Friday. Extended 24x7 Technical

C HAPTER 1 Background Most networks today have some amount of in-built redundancy. However, the extent to which a network can withstand a failu