Home » McAfee Manuals » Networking » McAfee M-1250 » Manual Viewer

McAfee M-1250 Deployment Guide - Page 29

SPAN port and hub monitoring, High-Availability

Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

McAfee® Network Security Platform 6.0 Sensor Deployment Modes SPAN port and hub monitoring When monitoring a SPAN or hub port, Sensors with internal taps disabled. Note: McAfee recommends cabling your Fast Ethernet ports with fail-closed dongles if deploying in SPAN or Hub mode. In Figure SPAN Port Monitoring which shows an I-4000 Sensor, Port 1A receives data from the SPAN port of SwitchA. Port 1B gets data from the SPAN port of SwitchB. Two distinct network links from two separate switches are monitored by the one active I-4000 Sensor with a 1Gbps rate per link to the Sensor, allowing a total of 2Gbps traffic to the IPS engine. Figure 10: SPAN Port Monitoring High-Availability Redundancy is a key element for any network requiring 24x7 uptime. Using an identical pair of Sensors (same model, software image, signature set) deployed redundant in In-line Mode, Network Security Platform can provide high availability with no administrator intervention. 22

Section	Page
Preface	4
Introducing McAfee Network Security Platform	4
About this Guide	4
Audience	4
Conventions used in this guide	4
Related Documentation	5
Contacting Technical Support	7
Getting Started	8
Deciding where to deploy Sensors and in what operating mode	8
Setting up your Sensors	9
Establish Sensor-to-Manager communication	11
Viewing and working with data generated by Network Security Platform	12
Configuring your deployment using the Manager	12
Updating your signatures and software	13
Tuning your deployment	14
Planning Network Security Platform Installation	15
Pre-deployment considerations	15
What is the size of your network?	15
How many access points are there between your network and the extranets or Internet?	16
Where are the critical servers that require protection within your network?	16
How complex is your network topology?	16
How much traffic typically crosses your network?	17
Where are your security operations located?	18
Where should I deploy Sensors?	18
Sensor Deployment Modes	20
Flexible deployment options	20
Multi-port Sensor deployment	20
Supported deployment modes	20
Full-duplex and half-duplex monitoring	22
Deploying Sensors in in-line mode	22
Fail-open versus fail-closed	24
Fail-open option for GE ports	25
Fail-open option for FE ports	25
Layer 2 passthru mode	25
Deploying Sensors in tap mode	25
Deploying the Sensors with FE ports in internal tap mode	26
Deploying Sensors with GE ports in external tap mode	27
Shifting from tap mode to in-line mode	28
SPAN port and hub monitoring	28
SPAN port and hub monitoring	29
High-Availability	29
Understanding failover in Network Security Platform	30
\	31
Interface groups	31
Deployment Scenarios	33
Deployment flexibility	33
Deployment scenario for beginners	33
Deployment scenario for intermediate users	34
Deployment scenario for advanced users	34

Match case Limit results 1 per page

McAfee® Network Security Platform 6.0

Sensor Deployment Modes

SPAN port and hub monitoring

When monitoring a SPAN or hub port, Sensors with internal taps disabled.

Note:

McAfee recommends cabling your Fast Ethernet ports with fail-closed dongles

if deploying in SPAN or Hub mode.

In Figure

SPAN Port Monitoring

which shows an I-4000 Sensor, Port 1A receives data from

the SPAN port of SwitchA. Port 1B gets data from the SPAN port of SwitchB. Two distinct

network links from two separate switches are monitored by the one active I-4000 Sensor

with a 1Gbps rate per link to the Sensor, allowing a total of 2Gbps traffic to the IPS engine.

Figure 10: SPAN Port Monitoring

High-Availability

Redundancy is a key element for any network requiring 24x7 uptime. Using an identical

pair of Sensors (same model, software image, signature set) deployed redundant in In-line

Mode, Network Security Platform can provide high availability with no administrator

intervention.