McAfee M-1250 Upgrade Guide

McAfee M-1250 - Network Security Platform Manual

Get McAfee M-1250 - Network Security Platform PDF manuals and user guides View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals

McAfee M-1250 manual content summary:

  • McAfee M-1250 | Upgrade Guide - Page 1
    Upgrade Guide McAfee® Network Security Platform 6.1
  • McAfee M-1250 | Upgrade Guide - Page 2
    ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 3
    this guide 5 Audience 5 Conventions 5 Finding product documentation support matrix for heterogeneous environments 18 3 Upgrading the Central Manager 23 Reviewing Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 4
    and Signature Set Upgrade using Manager 6.0 46 Sensor software upgrade using a TFTP server 48 Updating Sensor software in a failover pair 50 6 Performing NTBA Appliance software upgrade 53 7 Information on downgrade 55 Index 57 4 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 5
    . Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee® Network Security Platform 6.1 Upgrade Guide 5
  • McAfee M-1250 | Upgrade Guide - Page 6
    . 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions. • Click Browse the KnowledgeBase for articles listed by product and version. 6 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 7
    • Manager Server Configuration Guide • Troubleshooting Guide • Custom Attack Definitions Guide • IPS Configuration Guide • System Status Monitoring Guide • Addendum II to 6.0 Documentation An upgrade from 6.1 Beta to 6.0 is not supported. To use Network Security Platform 6.0 in your 6.1 Beta
  • McAfee M-1250 | Upgrade Guide - Page 8
    1 Overview 8 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 9
    Central Manager manages 6.0 Managers and 5.1 Managers. • The Manager and the corresponding Sensors are of different successive major versions. For example, some Sensors are on 5.1.x.x and the rest are on 6.0.x.x, all managed by a 6.0 Manager. McAfee® Network Security Platform 6.1 Upgrade Guide 9
  • McAfee M-1250 | Upgrade Guide - Page 10
    . McAfee strongly advises that you use the heterogeneous support feature only as an interim arrangement until you upgrade all your Managers and Sensors to the latest version. This enables you to make use of the latest features in Network Security Platform. For example, in case of M-series Sensors
  • McAfee M-1250 | Upgrade Guide - Page 11
    feature only the I-series and M-series Sensors, a 6.0 Manager can manage the N-450 and Network Threat Behavior Analysis (NTBA) appliances as well. Scenarios heterogeneous 6.0 Manager environment managed by an MDR pair of Central Managers. McAfee® Network Security Platform 6.1 Upgrade Guide 11
  • McAfee M-1250 | Upgrade Guide - Page 12
    page 3 Performing Signature Set and Sensor Software upgrade on page 3 Scenario 2 This scenario is about an upgrade from a homogeneous 5.1 Manager environment to a heterogeneous 6.0 Manager environment managed by a standalone Central Manager. 12 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 13
    Guide for details. 4 After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the Sensors are up and functioning as configured. Make sure there are no 4.1 Managers or Sensors when you begin to upgrade to 6.0. McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 14
    Guide for details. 4 After you upgrade the 4.1 Sensors to a 5.1 version, do a manual synchronization. Then, ensure the Sensors are up and functioning as configured. Make sure there are no 4.1 Managers or Sensors when you begin to upgrade to 6.0. 14 McAfee® Network Security Platform 6.1 Upgrade
  • McAfee M-1250 | Upgrade Guide - Page 15
    section • The Manager must be of version 5.1.11.22 or above. See the 4.1 to 5.1 Upgrade Guide series Sensors do not support NAC regardless of the Sensor software version. See also Scenario 5 on page 16 Scenario 8 on page 18 Scenario 6 on page 16 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 16
    on page 3 Performing Signature Set and Sensor Software upgrade on page 3 Scenario 6 This scenario is about an upgrade from a homogeneous Sensor environment in 5.1 to a heterogeneous Sensor environment in 6.0, managed by a standalone Manager. 16 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 17
    Sensors are up and functioning as configured. 3 Upgrade the Manager MDR pair to the latest 6.0 version. See Upgrading the Manager. 4 Upgrade the required Sensors to the latest 6.0 version. See Performing Signature Set and Sensor Software Upgrade. McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 18
    This section provides the feature-support matrix and the points that you should note when you work in a heterogeneous environment in Network Security Platform 6.0. The following table contains the major feature x Sensor software version x Sensor model matrix: 18 McAfee® Network Security Platform
  • McAfee M-1250 | Upgrade Guide - Page 19
    above. See the NAC Configuration Guide. I-series Sensors do not support NAC if the Manager is upgraded to 6.0.7.x or above. See the NAC Configuration Guide. You need Manager 6.0.3.x or above with N-450 6.0.3.x. See the NAC Configuration Guide. McAfee® Network Security Platform 6.1 Upgrade Guide 19
  • McAfee M-1250 | Upgrade Guide - Page 20
    the discussion on Release Logic in the IPS Configuration Guide. • Attack Filters: In Network Security Platform 6.0, Alert Filter is renamed as Attack Filter with no functional difference. However, only the latest 6.0 Sensor software for both I and M-series support port-based Attack Filters. That is
  • McAfee M-1250 | Upgrade Guide - Page 21
    modify these settings only from the Scanning Exception node. In an heterogeneous Sensor environment, you need to use the CLI commands for 5.1 Sensors, and the Manager for 6.0 Sensors. For more information see Addendum II to 6.0 Documentation. McAfee® Network Security Platform 6.1 Upgrade Guide 21
  • McAfee M-1250 | Upgrade Guide - Page 22
    2 Managing a Heterogeneous Environment Feature-support matrix for heterogeneous environments 22 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 23
    calculating your database capacity requirements. This section discusses the minimum hardware and software requirements that the Central Manager server should meet. The following are the system requirements for the Central Manager 6.0 server. McAfee® Network Security Platform 6.1 Upgrade Guide 23
  • McAfee M-1250 | Upgrade Guide - Page 24
    , make sure that no processes related to McAfee® Network Security Platform (such as automated database archival) are scheduled during the upgrade time frame. Any such concurrent activity will cause conflicts and result in upgrade failure. 24 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 25
    Reviewing the Upgrade Considerations Review this section supported on Windows Server 2008 R2 (Standard Edition) 64-bit English and Japanese. If you plan to upgrade the OS, then factor this in when you estimate the Central Manager downtime. McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 26
    would extend by that much. The high-level steps involved in this approach are: Task 1 Back up the 5.1 database. See Backing up Network Security Platform data. 2 Upgrade the Central Manager to 6.0. See Stand-alone Central Manager upgrade. 26 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 27
    Reviewing the upgrade requirements on page 23 Stand-alone Central Manager upgrade on page 28 Performing a database backup on page 25 MDR Central Manager upgrade To upgrade the primary and secondary Central Managers configured for Manager Disaster Recovery (MDR): McAfee® Network Security Platform
  • McAfee M-1250 | Upgrade Guide - Page 28
    upgrade considerations discussed in Reviewing the Upgrade Considerations. • You have backed up your 5.1 Central Manager data. See Backing up Network Security Platform data. • You have the required 6.0 Central Manager installable file at hand. You can download it from the McAfee Update Server. See
  • McAfee M-1250 | Upgrade Guide - Page 29
    the upgrade requirements on page 23 Reviewing the Upgrade Considerations on page 25 Backing up Network Security Platform data on page 25 MDR Central Manager upgrade on page 27 Upgrading the Signature Set for the Central Manager on page 30 McAfee® Network Security Platform 6.1 Upgrade Guide 29
  • McAfee M-1250 | Upgrade Guide - Page 30
    View/Edit. • In the Exploit Attacks tab of the IPS Policy Editor, select All Protocols and verify that the attack Central Manager. For a list of currently supported protocols, see KB61036 at mysupport.mcafee.com. What next? The upgrade for McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 31
    calculating your database capacity requirements. This section discusses the minimum and recommended hardware and software requirements that the Manager server should meet. The following are the system requirements for the Manager 6.0 server. McAfee® Network Security Platform 6.1 Upgrade Guide 31
  • McAfee M-1250 | Upgrade Guide - Page 32
    , make sure that no processes related to McAfee® Network Security Platform (such as automated database archival) are scheduled during the upgrade time frame. Any such concurrent activity will cause conflicts and result in upgrade failure. 32 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 33
    Sensor configured for NAC in 5.1, does not enforce NAC when you upgrade the Manager to 6.0 and push the configuration update to the Sensor. If you have I-series Sensors configured for NAC, and you want to upgrade to 6.0, contact McAfee Support. McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 34
    but the functionality is same. Post-upgrade of the Sensor and the Manager, you can also specify the source and destination port numbers for the filter. For details, see the IPS Configuration Guide. Note regarding Network Security Platform extension on McAfee ePO™ ® This note is relevant only if you
  • McAfee M-1250 | Upgrade Guide - Page 35
    zip) from the Manager and install it on McAfee ePO™. For information, see the Integration Guide. 3 If you have the Host Intrusion Prevention extension installed on McAfee ePO™, you can configure the integration between Network Security Platform and Host Intrusion Prevention. For information, see the
  • McAfee M-1250 | Upgrade Guide - Page 36
    have McAfee Custom Attacks (that is, UDS), back them up prior to upgrade. The steps are common for Central Manager and Manager. So, the term "Manager" in this section and secondary Managers configured for Manager Disaster Recovery (MDR): 36 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 37
    high-level steps involved in this approach are: Task 1 Back up the 5.1 database. See Backing up Network Security Platform data. 2 Upgrade the Manager to 6.0. See Stand-alone Central Manager upgrade or Stand-alone Manager upgrade as applicable. McAfee® Network Security Platform 6.1 Upgrade Guide 37
  • McAfee M-1250 | Upgrade Guide - Page 38
    and check the Status page to ensure everything is working fine. See also Reviewing the upgrade requirements on page 23 Stand-alone Manager upgrade on page 39 Performing a database backup on page 25 Manager license file requirement on page 32 38 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 39
    upgrade considerations discussed in Reviewing the upgrade considerations for the Manager. • You have backed up your 5.1 Manager data. See Backing up Network Security Platform data. • You have the 6.0 Manager installable file at hand. You can download it from the McAfee Update Server. See Downloading
  • McAfee M-1250 | Upgrade Guide - Page 40
    run: mysql>source /db/mysql/migrate/alertproc_offline_1.sql If an SQL error message is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. 4 Shut down the Manager. 40 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 41
    an SQL error message is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. Utilities like db backup/restore/ alertproc_offline_2.sql script, the Manager database upgrade is complete. McAfee® Network Security Platform 6.1 Upgrade Guide 41
  • McAfee M-1250 | Upgrade Guide - Page 42
    4 Upgrading the Manager Stand-alone Manager upgrade 42 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 43
    5.1 to 6.0. Minimum required Sensor software versions To upgrade a Sensor to 6.0, its current software must be of the version below: Sensor type I-series Sensors M-1250 and M-1450 Required software version 5.1.5.90 or above 5.1.7.73 or above McAfee® Network Security Platform 6.1 Upgrade Guide 43
  • McAfee M-1250 | Upgrade Guide - Page 44
    on Manager upgrade see, Upgrading the Manager. 2 Your Sensors meet the requirements mentioned in Sensor upgrade requirements. 3 You have read and understood the upgrade considerations discussed in Reviewing the upgrade considerations (sensor). 44 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 45
    Performing Signature Set and Sensor Software upgrade Updating Sensor software image 5 New Sensor software images are released periodically by McAfee and are available on McAfee® Network Security Platform Update Server to registered support customers. You can update a Sensor image using any of the
  • McAfee M-1250 | Upgrade Guide - Page 46
    Manager Server Configuration Guide for details. For a list of currently supported protocols, see KB61036 at mysupport.mcafee.com. Do not push the signature set to your Sensors at this point; it will be sent with the Sensor software in Step 4. 46 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 47
    you have a failover pair configured, then both the Sensors forming the pair should be running on the same Sensor software version. See Updating Sensor software in a failover pair. See also Updating Sensor software in a failover pair on page 50 McAfee® Network Security Platform 6.1 Upgrade Guide 47
  • McAfee M-1250 | Upgrade Guide - Page 48
    reboot. After the reboot process is complete, the Sensor deletes the old signature set. Because the signature set is incompatible with the current Manager version, the Sensor's System Health Status on the CLI is displayed as "uninitialiazed." 48 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 49
    Set and Sensor Software upgrade Updating Sensor software image 5 Then, the Sensor contacts the Manager for the latest signature set. After the signature set is downloaded to the Sensor, its System Health Status is displayed as "good." McAfee® Network Security Platform 6.1 Upgrade Guide 49
  • McAfee M-1250 | Upgrade Guide - Page 50
    correct order. Task 1 Push the software to each of the Sensors that are in the failover pair. You can follow one of these methods: • Sensor Software and Signature Set Upgrade using the Manager. • Sensor software upgrade using a TFTP server. 50 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 51
    from the Threat Analyzer, see Viewing Sensor performance statistics, System Status Monitoring Guide. See also Sensor Software and Signature Set Upgrade using Manager 6.0 on page 46 Sensor software upgrade using a TFTP server on page 48 McAfee® Network Security Platform 6.1 Upgrade Guide 51
  • McAfee M-1250 | Upgrade Guide - Page 52
    5 Performing Signature Set and Sensor Software upgrade Updating Sensor software image 52 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 53
    to McAfee Custom Attacks. • The downloadstatus CLI command is not applicable to NTBA. • Failover is not applicable to NTBA. • Sensor Software and Signature Set Upgrade using the Manager: • In this section, read "Sensor" as "NTBA Appliance". McAfee® Network Security Platform 6.1 Upgrade Guide 53
  • McAfee M-1250 | Upgrade Guide - Page 54
    6 Performing NTBA Appliance software upgrade 54 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 55
    . For example, if you had downgraded from 6.0 to 5.1, then restore your 5.1 database backup. Downgrade all the Managers prior to the Central Manager downgrade. To downgrade Sensor software, see the relevant McAfee KnowledgeBase articles. McAfee® Network Security Platform 6.1 Upgrade Guide 55
  • McAfee M-1250 | Upgrade Guide - Page 56
    7 Information on downgrade 56 McAfee® Network Security Platform 6.1 Upgrade Guide
  • McAfee M-1250 | Upgrade Guide - Page 57
    this guide 5 product-specific, finding 6 documentation (continued) typographical conventions and icons 5 M McAfee ServicePortal, accessing 6 S ServicePortal, finding product documentation 6 T Technical Support, finding product information 6 McAfee® Network Security Platform 6.1 Upgrade Guide 57
  • McAfee M-1250 | Upgrade Guide - Page 58
    700-2364-00
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
Upgrade Guide
McAfee
®
Network Security Platform 6.1