Home » McAfee Manuals » Networking » McAfee DTP-165C-DPVG » Manual Viewer

McAfee DTP-165C-DPVG Installation Guide - Page 16

Select an integration mode for McAfee DLP Monitor, SPAN port configuration

View all McAfee DTP-165C-DPVG manuals

Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

2 Setting up the hardware Select an integration mode for McAfee DLP Monitor Select an integration mode for McAfee DLP Monitor McAfee DLP Monitor must be physically integrated into the network so it can capture traffic. There are two integration modes: use of a mirror (SPAN) port on a LAN switch, or placement of a network tap between the network and the appliance. SPAN port configuration A SPAN (Switched Port Analyzer) port configuration enables monitoring by transparently copying traffic from source ports to the destination port to which McAfee DLP Monitor is connected. If two capture ports are used, two traffic sources (for example, different subnets) must be used. Certain switch models permit the use of a "remote SPAN", or "RSPAN" capability, which allows ports from multiple switches to be mirrored to the port to which McAfee DLP Monitor is connected. If you want to mirror multiple ports on multiple switches to your DLP appliance, contact the switch vendor for details on configuring RSPAN. Figure 2-4 Span port configuration 1 Capture ports 2 WAN router traffic mirrored to McAfee DLP Monitor port 3 LAN 4 LAN switch 5 WAN This method requires a change on the LAN switch, but no downtime is required because network traffic is not disrupted. With this configuration, some packets might be dropped under heavy loads. As a result, the number of packets seen by McAfee DLP Monitor might not match the number seen by the ports being monitored. Integrate the appliance using a SPAN port Task 1 Connect McAfee DLP Monitor to a network switch using a console cable or network connection (such as Telnet or SSH). Note the port used to connect the appliance to the LAN switch, and the port used by the WAN router. 2 Apply the appropriate SPAN port configuration. 16 McAfee Data Loss Prevention 9.2.0 Installation Guide

Section	Page
Contents	3
Preface	5
About this guide	5
Audience	5
Conventions	5
Find product documentation	6
1 Introduction to McAfee Total Protection for DLP 9.2.0	7
McAfee Unified DLP deployment	7
Management options	8
McAfee Unified DLP dashboards	9
Installation scenarios	10
2 Setting up the hardware	11
Adding devices and servers	11
Check the shipment	11
Plan your installation	12
Rack mount the appliances	12
Connect a management console	13
Configure McAfee DLP Manager	14
Select an integration mode for McAfee DLP Monitor	16
SPAN port configuration	16
Integrate the appliance using a SPAN port	16
Network tap configuration	17
Network tap types	18
Integrate the appliance using a network tap	18
Complete the setup	18
3 Installing or upgrading the software on Model 4400	19
Download and expand the archive	19
Boot options	20
Load the primary image	21
Load the secondary image	21
Install a fresh image	22
Set up the next boot option	22
Upgrade the products	23
Apply a hotfix	23
Convert an installation to another DLP product	24
Restoring the drives	24
4 Installing or upgrading software on model 1650 and 3650 appliances	25
Download and expand the legacy archive	25
Install the products on legacy servers	26
Upgrade to 9.2.0 on legacy appliances	27
5 Configuring McAfee DLP appliances and adding servers	29
Configure McAfee DLP appliances using Setup Wizard	29
Configure McAfee DLP appliances after installation	35
Add McAfee DLP products to McAfee DLP Manager	35
Configuring McAfee DLP Prevent	36
MTA requirements for McAfee DLP Prevent	37
Configure McAfee DLP Prevent	37
Add LDAP servers to McAfee DLP Manager	38
Add McAfee Logon Collector to McAfee DLP Manager	40
Add syslog servers to McAfee DLP systems	41
Resynchronize McAfee DLP systems with an NTP server	41
Testing the system	42
6 Installing McAfee DLP Endpoint	43
Verify system requirements	43
Configure the server	45
Install McAfee ePolicy Orchestrator	45
Install McAfee ePolicy Orchestrator	46
Installing McAfee DLP WCF service	47
Install the McAfee DLP WCF service	48
Add a user in Microsoft SQL Server	49
Troubleshoot the McAfee DLP WCF service	52
Run the McAfee DLP WCF installer	53
Repository folders	53
Creating and configuring repository folders	54
Configure folders on Windows 2003 Server	54
Configure folders on Windows 2008 Server	55
User and permission sets	56
Create and define McAfee DLP administrators	56
Create and define permission sets	57
DLP permission set options	57
Install the McAfee Data Loss Prevention Endpoint extension	58
Initialize the DLP Policy console	58
Upgrade the license	60
Check in the McAfee DLP Endpoint package to ePolicy Orchestrator	61
Deploying McAfee DLP Endpoint	61
Define a default rule	61
Deploy McAfee DLP Endpoint with ePolicy Orchestrator	62
Verify the installation	63
Uninstalling McAfee DLP Endpoint	63
7 Integrating McAfee DLP Endpoint into a unified policy system	65
Setting up Unified DLP on ePolicy Orchestrator	66
Install the network extension	66
Install the UDLP (host) extension	66
Configure McAfee Agent on ePolicy Orchestrator	67
Add an evidence folder on McAfee DLP Manager	67
Connecting McAfee DLP Manager and the ePolicy Orchestrator server	68
Gather ePolicy Orchestrator registration information	68
Add a McAfee ePO database user for McAfee DLP Manager	68
Register McAfee DLP Manager on ePolicy Orchestrator server	69
Register ePolicy Orchestrator on McAfee DLP Manager	69
Checking the connection	70
Configuring McAfee DLP Endpoint on McAfee DLP Manager	70
Generate a global policy for McAfee DLP Endpoint	71
Maintaining compatibility with installed McAfee clients	71
Set an Agent Override password	72
Set the manual tagging option	72
Installation and configuration complete	73
Index	75
A	75
B	75
C	75
D	75
E	75
H	75
I	75
L	75
M	75
P	75
R	75
S	75
T	75
U	75
V	75

Match case Limit results 1 per page

Select an integration mode for McAfee DLP Monitor

McAfee DLP Monitor must be physically integrated into the network so it can capture traffic. There are

two integration modes: use of a mirror (SPAN) port on a LAN switch, or placement of a network tap

between the network and the appliance.

SPAN port configuration

A SPAN (Switched Port Analyzer) port configuration enables monitoring by transparently copying traffic

from source ports to the destination port to which McAfee DLP Monitor is connected.

If two capture ports are used, two traffic sources (for example, different subnets) must be used.

Certain switch models permit the use of a “remote SPAN”, or “RSPAN” capability, which allows ports

from multiple switches to be mirrored to the port to which McAfee DLP Monitor is connected. If you

want to mirror multiple ports on multiple switches to your DLP appliance, contact the switch vendor for

details on configuring RSPAN.

Figure 2-4

Span port configuration

Capture ports

WAN router traffic mirrored to McAfee DLP Monitor port

LAN

LAN switch

WAN

This method requires a change on the LAN switch, but no downtime is required because network

traffic is not disrupted.

With this configuration, some packets might be dropped under heavy loads. As a result, the number of

packets seen by McAfee DLP Monitor might not match the number seen by the ports being monitored.

Integrate the appliance using a SPAN port

Task

Connect McAfee DLP Monitor to a network switch using a console cable or network connection

(such as Telnet or SSH).

Note the port used to connect the appliance to the LAN switch, and the port used by the WAN router.

Apply the appropriate SPAN port configuration.

Setting up the hardware

Select an integration mode for McAfee DLP Monitor

McAfee Data Loss Prevention 9.2.0

Installation Guide