McAfee DTP-165C-DPVG Installation Guide - Page 40

Add McAfee Logon Collector to McAfee DLP Manager

Get McAfee DTP-165C-DPVG - Network DLP Prevent 1650 Appliance PDF manuals and user guides View all McAfee DTP-165C-DPVG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 40 highlights

5 Configuring McAfee DLP appliances and adding servers Add McAfee Logon Collector to McAfee DLP Manager 10 Identify the local domain components in the Base DN field (for example, dc=mydomain,dc=com). Use an administrative account whose password does not expire to maintain the connection, but a non-administrative account name is acceptable when using an authorization server. 11 Enter the number of records you want to retrieve at one time in the Server Results limit field. Before entering a value higher than 10, consult the administrator of the Active Directory server to find out how many records can be served per request. 12 Select the SSL checkbox to encrypt the connection and enable LDAPS (LDAP over SSL). A secure connection is not required, but is strongly recommended. Accept any available certificate, or select one by uploading it. If you upload, you must find the FQDN name of the authorization server in the encrypted file by logging on to the back end of the McAfee DLP appliance and running the following. # openssl x509 -noout -in .cer -subject The FQDN will be returned in reverse order: subject= /DC=net/DC=reconnex/CN=tyche Read from left to right to get the name of the authorization server: tyche.reconnex.net Enter the name into the Authorization Server field. 13 Select a Scope to set the directory depth to be accessed on the server. 14 Click Apply. Add McAfee Logon Collector to McAfee DLP Manager Connect McAfee Logon Collector to McAfee DLP Manager by using certificates to authenticate them to each other. When the process is concluded, an SSL connection is established between the servers. Task 1 Open a web browser, type the IP address of the McAfee Logon Collector into the address bar, and log on. 2 Go to Menu | Configuration | Server Settings | Identity Replication Certificate. 3 Select and copy all text in the Base 64 field and paste it into a text editor. 4 Add the following beginning and ending lines to the document, then paste in the Base 64 text. -----BEGIN CERTIFICATE---- -----END CERTIFICATE----- 5 Highlight and copy the entire text, including the BEGIN and END CERTIFICATE lines. 6 Open a web browser and log on to the Network McAfee DLP Manager. 7 In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Sys Config | System Administration | Directory Services. 8 On your Linux-based appliance, select System | System Administration | Directory Services. 40 McAfee Data Loss Prevention 9.2.0 Installation Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
10
Identify the local domain components in the
Base DN
field (for example,
dc=mydomain,dc=com
).
Use an administrative account whose password does not expire to maintain the connection, but a
non-administrative account name is acceptable when using an authorization server.
11
Enter the number of records you want to retrieve at one time in the
Server Results limit
field.
Before entering a value higher than 10, consult the administrator of the Active Directory server to
find out how many records can be served per request.
12
Select the
SSL
checkbox to encrypt the connection and enable LDAPS (LDAP over SSL).
A secure connection is not required, but is strongly recommended. Accept any available certificate,
or select one by uploading it. If you upload, you must find the FQDN name of the authorization
server in the encrypted file by logging on to the back end of the McAfee DLP appliance and running
the following.
# openssl x509 -noout -in <filename>.cer -subject
The FQDN will be returned in reverse order:
subject= /DC=net/DC=reconnex/CN=tyche
Read from left to right to get the name of the authorization server:
tyche.reconnex.net
Enter the name into the
Authorization Server
field.
13
Select a
Scope
to set the directory depth to be accessed on the server.
14
Click
Apply
.
Add McAfee Logon Collector to McAfee DLP Manager
Connect McAfee Logon Collector to McAfee DLP Manager by using certificates to authenticate them to
each other. When the process is concluded, an SSL connection is established between the servers.
Task
1
Open a web browser, type the IP address of the McAfee Logon Collector into the address bar, and
log on.
2
Go to
Menu
|
Configuration
|
Server Settings
|
Identity Replication Certificate
.
3
Select and copy all text in the
Base 64
field and paste it into a text editor.
4
Add the following beginning and ending lines to the document, then paste in the Base 64 text.
-----BEGIN CERTIFICATE-----
<pasted Base 64 field text>
-----END CERTIFICATE-----
5
Highlight and copy the entire text, including the BEGIN and END CERTIFICATE lines.
6
Open a web browser and log on to the Network McAfee DLP Manager.
7
In ePolicy Orchestrator, select
Menu
|
Data Loss Prevention
|
DLP Sys Config
|
System Administration
|
Directory
Services
.
8
On your Linux-based appliance, select
System
|
System Administration
|
Directory Services
.
5
Configuring McAfee DLP appliances and adding servers
Add McAfee Logon Collector to McAfee DLP Manager
40
McAfee Data Loss Prevention 9.2.0
Installation Guide