McAfee M4050 Troubleshooting Guide

McAfee M4050 - Network Security Platform Manual

Get McAfee M4050 - Network Security Platform PDF manuals and user guides
UPC - 731944582832
View all McAfee M4050 manuals
Add to My Manuals
Save this manual to your list of manuals

McAfee M4050 manual content summary:

  • McAfee M4050 | Troubleshooting Guide - Page 1
    Troubleshooting Guide Revision 6.0 McAfee® Network Security Platform version 6.0 McAfee® Network Protection Industry-leading network security solutions
  • McAfee M4050 | Troubleshooting Guide - Page 2
    FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND
  • McAfee M4050 | Troubleshooting Guide - Page 3
    Introducing McAfee Network Security Platform v About this Guide...v Audience ...v Conventions used in this book ...vi Related Documentation...vii Contacting Technical Support ...viii Information requested for Troubleshooting viii Chapter 1 Before You Install 1 Pre-installation recommendations
  • McAfee M4050 | Troubleshooting Guide - Page 4
    full ...31 Error on accessing the Configuration page 31 Sensor response if its throughput is exceeded 31 MySQL issues ...32 How Sensors handle various types ...81 How the Manager Watchdog Works 81 Installing Manager Watchdog...82 Starting Manager Watchdog...82 Using Manager Watchdog with
  • McAfee M4050 | Troubleshooting Guide - Page 5
    in the McAfee® Network Security Manager [formerly McAfee® IntruShield® Security Manager] and McAfee® Network Security Sensor [formerly McAfee® IntruShield® Sensor] software in a step-by- step manner; right from installing Network Security Platform to troubleshooting the system. This guide provides
  • McAfee M4050 | Troubleshooting Guide - Page 6
    McAfee® Network Security Platform 6.0 Arial Narrow bold font. The Service field on the Properties tab specifies the name of the requested service. Menu or action group selections shown in italics. Parameters that you must supply set Sensor ip are shown enclosed in angle brackets.
  • McAfee M4050 | Troubleshooting Guide - Page 7
    McAfee® Network Security Platform 6.0 Preface Related Documentation The following documents and on-line help are companions to this guide. Refer to Quick Tour for more information on these guides.  Quick Tour  Installation Guide  Upgrade Guide  Getting Started Guide  IPS Deployment Guide 
  • McAfee M4050 | Troubleshooting Guide - Page 8
    McAfee® Network Security Platform 6.0 Preface  Special Topics Guide-Sensor High Availability  Special Topics Guide-Virtualization  Special Topics Guide-Denial-of-Service  NTBA Appliance Administrator's Guide  NTBA Monitoring Guide  NTBA Appliance T-200 Quick Start Guide  NTBA Appliance T-
  • McAfee M4050 | Troubleshooting Guide - Page 9
    McAfee® Network Security Platform 6.0 Preface  Did you make any changes in your environment/setup/configuration that may have introduced the issue? Manager-specific information We may ask you to use our troubleshooting tool, which is called InfoCollector. This tool will collect all Manager-
  • McAfee M4050 | Troubleshooting Guide - Page 10
    required number of wires and (supported) GBICs, SFPs, or XFPs. Ensure these are approved hardware from McAfee or a supported vendor. Ensure that the required number of Network Security Platform dongles, which ship with the McAfee Network Security Sensors (Sensors), are available.  Crossover cables
  • McAfee M4050 | Troubleshooting Guide - Page 11
    McAfee® Network Security Platform 6.0 Before You Install  Identify hosts that may cause false positives, for example, HTTP cache servers, DNS servers, mail relays, SNMP managers, and vulnerability scanners. Functional requirements Following are the functional requirements to be taken care of: 
  • McAfee M4050 | Troubleshooting Guide - Page 12
    McAfee® Network Security Platform 6.0 Before You Install 8501 8502 Port # 8503 8504 8555 443 80 22 Protocol TCP TCP TCP TCP TCP TCP TCP TCP Description Direction of communication Proprietary (install port) Sensor-->Manager Proprietary (alert channel/control channel) Sensor or SNMP server,
  • McAfee M4050 | Troubleshooting Guide - Page 13
    McAfee® Network Security Platform 6.0 Before You Install Port # 1812 Protocol UDP Description RADIUS Integration Direction of communication Manager-->RADIUS server  Close all open programs, including email, the Administrative Tools > Services window, and instant messaging before installation
  • McAfee M4050 | Troubleshooting Guide - Page 14
    McAfee® Network Security Platform 6.0 Before You Install 1 Launch the VirusScan Console. 2 Right-click the task called Access Protection and choose Properties from the right-click menu. 3 Highlight the rule called Prevent mass
  • McAfee M4050 | Troubleshooting Guide - Page 15
    within the McAfee Network Security Platform. Some of these required for Manager--McAfee® Network Security Sensor (Sensor) and Manager client-server communication. All remaining unnecessary ports should be closed. The ports used by Network Security Platform are listed in Install a desktop firewall
  • McAfee M4050 | Troubleshooting Guide - Page 16
    McAfee® Network Security Platform 6.0 Hardening the Manager Server for Windows 2003 Remove test database Remove the 'test" database from the server. 1. Start MYSQL and LF) if you are using the default Network Security Platform installation of MySQL. mysql> show databases; Remove local anonymous
  • McAfee M4050 | Troubleshooting Guide - Page 17
    McAfee® Network Security Platform 6.0 Hardening the Manager Server for Windows 2003 Start MySQL. mysql> use mysql; Back up the users' remote access Do ONE of the following:  Remove admin (Network Security Platform user) remote access mysql> delete from user where host!='localhost' and user
  • McAfee M4050 | Troubleshooting Guide - Page 18
    McAfee® Network Security Platform 6.0 Hardening the Manager Server for Windows 2003 Rolling syntax in the Apache Server's httpd.conf file (available in the "/Apache/conf" directory). RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule
  • McAfee M4050 | Troubleshooting Guide - Page 19
    all partitions. Post Installation After installation of Manager perform the following installations:  Install the latest Windows Server 2008 patches, service packs, and hot fixes from Microsoft.  Install a Virus Scanner and update the signatures. Note: Exclude "Network Security Manager" and "MySQL
  • McAfee M4050 | Troubleshooting Guide - Page 20
    McAfee® Network Security Platform 6.0 Hardening the Manager Server for Windows 2008 Disabling non-required Services Disable the following services.  DHCP Client  FTP  Print spooler  Remote access auto connection manager  Remote procedure call locator  Remote registry  Server  TCP/IP Sensor
  • McAfee M4050 | Troubleshooting Guide - Page 21
    McAfee® Network Security Platform 6.0 Hardening the Sensor Install port(TCP) Sensor to Manager Alert channel(TCP) Sensor to Manager Packet log channel(TCP) Sensor to Manager File transfer channel(TCP) Sensor to Manager Alert viewer(TC) Client to Manager When email notification or SNMP
  • McAfee M4050 | Troubleshooting Guide - Page 22
    McAfee® Network Security Platform 6.0 Hardening the Manager Server for Windows 2008  Audit policy change (Success)  Audit privilege use (Failure)  Audit system events (Success) 13
  • McAfee M4050 | Troubleshooting Guide - Page 23
    CHAPTER 4 Troubleshooting Network Security Platform This section lists some troubleshooting tips for McAfee® Network Security Platform. Facilitating troubleshooting When an in-line device experiences problems, most people's instinct is to physically pull it out of the path; to disconnect the cables
  • McAfee M4050 | Troubleshooting Guide - Page 24
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Starting your troubleshooting Before you get too deep into troubleshooting techniques, it is a good practice to consider the following questions:  Were there physical changes to your network that occurred recently? 
  • McAfee M4050 | Troubleshooting Guide - Page 25
    6.0 Troubleshooting Network Security Platform Firewall between the devices If there is a firewall between the Sensor and the Manager server, make sure the devices are able to communicate by opening the appropriate ports. Note : Ports used by the Manager server are listed in the section Install
  • McAfee M4050 | Troubleshooting Guide - Page 26
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sensors. I-Series sensors support only 10/100 Mbps for Management port Example: set mgmtport speed 100 duplex half Connectivity issues between the Sensor and other network devices The most common Sensor problems manually
  • McAfee M4050 | Troubleshooting Guide - Page 27
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of Switch Resulting Resulting (Speed/Duplex) Sensor Catalyst (Speed/Duplex) (Speed/Duplex) Comments 100 Mbps Full-duplex 100
  • McAfee M4050 | Troubleshooting Guide - Page 28
    Network Security Platform and the switch port. Symptoms include poor port performance and frame check sequence (FCS) errors that increment on the switch port. To troubleshoot this issue, manually configure the switchport to 100 Mbps, half-duplex. If this action resolves the connectivity problems
  • McAfee M4050 | Troubleshooting Guide - Page 29
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Counter Alignment Errors FCS Xmit-Err Rcv-Err UnderSize Single Collisions Multiple Collisions Explanation of CatOS show port Command Counters Description Possible Causes Alignment errors are a count of the number
  • McAfee M4050 | Troubleshooting Guide - Page 30
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Counter Description Possible Causes Late send cable, or switch port). data and the counter is incremented when there is an error in the process. Runts These are frames smaller than 64 bytes with a bad FCS value
  • McAfee M4050 | Troubleshooting Guide - Page 31
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Situations that may lead to Auto-negotiation issues Auto-negotiation issues with the Sensor displays configuration information (such as Sensor image version, type, name, Manager and Sensor IP addresses, and so on). On
  • McAfee M4050 | Troubleshooting Guide - Page 32
    of flows supported as well as the number of active TCP and UDP flows.  IP Spoofing Statistics: Statistics on the number of IP spoofing attacks detected by McAfee Network Security Platform. Statistics are displayed per direction.  Packet Drop Statistics: Packet drop rate on a Sensor. The statistics
  • McAfee M4050 | Troubleshooting Guide - Page 33
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Checking whether a signature or software update was successful To see if your Sensor successfully received a signature update or software upgrade, you can use the status command as shown in the following procedure, or
  • McAfee M4050 | Troubleshooting Guide - Page 34
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform  Certain internal software errors may cause the Sensor to reboot itself. See a description of Sensor fault messages later in this chapter. For more information on Operational Status Viewer, see System Status
  • McAfee M4050 | Troubleshooting Guide - Page 35
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set l3 Description Enables or disables the layer 3 packet processing on datapaths. Note: This setting should be reconfigured if the Sensor is rebooted. show l3 status set l7 Available
  • McAfee M4050 | Troubleshooting Guide - Page 36
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show saved alerts of a datapath for an ID range. It includes the following information TCP total packets  TCP total packets  TCP drop count  TCP error count. Displays the alert
  • McAfee M4050 | Troubleshooting Guide - Page 37
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show statistics ipfrag show datapath processunits Description Displays the IP fragment statistics in a data path. It includes the following information.  Total number of IP  Fragments
  • McAfee M4050 | Troubleshooting Guide - Page 38
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set aidlog Available parameters:  off  enable  disable where is the attack ID false positives on the Sensor for a specific attack ID. Configures the Layer2
  • McAfee M4050 | Troubleshooting Guide - Page 39
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform  Check to ensure the Management port on the Sensor is configured with the proper speed and duplex mode as described in Management port configuration.  Has the time been reset on the Manager server? The
  • McAfee M4050 | Troubleshooting Guide - Page 40
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Manager database is full We recommend that the customer monitor the disk space on a continuous basis to prevent this from happening. If the Manager database
  • McAfee M4050 | Troubleshooting Guide - Page 41
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform 4000/I-4010/M3050/M4050/M6050 and M8000.Sensor, which all have a much higher throughput. MySQL issues The common symptoms that occur if your database tables become corrupt:  .MYI or .MYD errors reported in the ems.log
  • McAfee M4050 | Troubleshooting Guide - Page 42
    McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sensor failover issues By having a check on the following connections and settings may resolve Sensor failover issues.  The Sensor model and Sensor image version on both the peer Sensors should be the same.  The
  • McAfee M4050 | Troubleshooting Guide - Page 43
    false positives. Reducing false positives Your policy determines what traffic analysis your McAfee® Network Security Sensor (Sensor) will perform. McAfee® Network Security Platform provides a number of policy templates to get you started toward your ultimate goal: prevent attacks from damaging your
  • McAfee M4050 | Troubleshooting Guide - Page 44
    McAfee® Network Security Platform 6.0 Determining False Positives  Take steps to reduce false positives and noise from the start. If you allow a large number of "noisy" alerts to continue to sound on a very busy network, parsing and pruning the database can quickly become cumbersome tasks. It is
  • McAfee M4050 | Troubleshooting Guide - Page 45
    McAfee® Network Security Platform 6.0 Determining False Positives Correct identification; significance subject to user sensitivity (also known as noise) There is another type of event which you may not be interested in, due to the perceived severity of the event. For example, Network Security
  • McAfee M4050 | Troubleshooting Guide - Page 46
    McAfee® Network Security Platform 6.0 Determining False Positives  Create an Evidence Report (within Threat Analyzer) with the packet log  Be ready to tell Technical Support how often you are seeing the alerts and whether they are ongoing 37
  • McAfee M4050 | Troubleshooting Guide - Page 47
    column for potential troubleshooting tips. Fault Sensor. on the Sensor. Cannot start Critical control channel service (certificate) Cannot start control channel service not work, you may need to manually repair the database. Contact McAfee Technical Support. If you have a database backup
  • McAfee M4050 | Troubleshooting Guide - Page 48
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Cluster software mismatch status Severity Critical Description/Cause The software versions on the cluster primary and cluster secondary are not the same. Action Check for errors in software image download to cluster.
  • McAfee M4050 | Troubleshooting Guide - Page 49
    McAfee® Network Security Platform 6.0 System Fault Messages Fault DB Connectivity Problems Severity Critical Description/Cause Problems Communicating To Database Action Please check if the database service is running and connectivity is present. Database backup Critical failed Database System
  • McAfee M4050 | Troubleshooting Guide - Page 50
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Failover peer status Fan error Severity Critical Critical Fail-Open Bypass Critical Switch timeout Failed to update Critical the failOver sensor configuration Description/Cause This fault indicates whether the Sensor peer is up
  • McAfee M4050 | Troubleshooting Guide - Page 51
    ® Network Security Platform 6.0 System Fault Messages Fault Illegal In-line, failopen configuration of . Severity Critical Description/Cause The Sensor is configured to operate with an external FailOpen Module hardware component, but cannot detect the hardware. Action This error
  • McAfee M4050 | Troubleshooting Guide - Page 52
    Network Security Platform license has expired. Contact [email protected] for a current license. This fault clears when the license is current. The link between a Monitoring Contact your IT department to port on the Sensor and the troubleshoot are set correctly; check power to the switch or
  • McAfee M4050 | Troubleshooting Guide - Page 53
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Memory error Severity Critical Description/Cause A recoverable software memory error has occurred within the sensor. Action Reboot the sensor, which may then resolve the issue causing the fault. Ondemand scan failed because
  • McAfee M4050 | Troubleshooting Guide - Page 54
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Network Security Central Manager UDS signature synchronization failed Severity Critical Description/Cause Action Port conflict in Network Security Free this port for Network Central Manager UDS Security Central Manager
  • McAfee M4050 | Troubleshooting Guide - Page 55
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Port pair is in Bypass Mode. Severity Critical Power supply error Critical Description/Cause Action This fault indicates that the indicated GBIC ports are unable to remain in In-line Mode as configured. This has
  • McAfee M4050 | Troubleshooting Guide - Page 56
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor configuration download failure Severity Critical Sensor device license expired Critical Sensor discovered Critical with cluster secondary license. Description/Cause Action The Manager cannot push original Sensor
  • McAfee M4050 | Troubleshooting Guide - Page 57
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor internal configuration error Severity Critical Sensor reboot required for SSL decryption configuration change Sensor rediscovery failure Critical Critical Description/Cause An internal communication error occurred within
  • McAfee M4050 | Troubleshooting Guide - Page 58
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports a signature set error Severity Critical Sensor switched to Critical Layer 2 mode Description/Cause Indicates that an error has occurred with a signature set that has been successfully applied on a Sensor. Action
  • McAfee M4050 | Troubleshooting Guide - Page 59
    action can be taken in Network Security Platform. You must re-import a signature set before performing any action on the Manager. Occurs when the Manager Contact your IT department to cannot push the signature set file troubleshoot connectivity to a Sensor. Could result from a issues: check
  • McAfee M4050 | Troubleshooting Guide - Page 60
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Software error Severity Critical SSL decryption key Critical download failure Temperature error Critical Temperature Sensor status Critical Description/Cause Action Indicates a recoverable software error within the Sensor.
  • McAfee M4050 | Troubleshooting Guide - Page 61
    McAfee® Network Security Platform the IP addresses of the underlying MDR pair has changed. The fault gives the old and new IP Network Security Central Manager and the Manager. 2) Access the Manager/Network Security Central Manager directly. This fault clears when the Manager detects the Sensor
  • McAfee M4050 | Troubleshooting Guide - Page 62
    McAfee® Network Security Platform 6.0 System Fault Messages Fault The Manager is and Manager; 2) Access the Manager directly. This fault clears when the Manager detects the Sensor again. The Central Manager server is in If the Central Manager server Standby mode.The Manager
  • McAfee M4050 | Troubleshooting Guide - Page 63
    McAfee® Network Security Platform 6.0 System Fault Messages Fault The be down, or Central Manager has been administratively disconnected. The Manager IP address is not configured. Check whether Manager is configured in Central request failed due an internal error. Check the log for details. 54
  • McAfee M4050 | Troubleshooting Guide - Page 64
    McAfee® Network Security Platform 6.0 System Fault Messages Fault VIDS creation failure NTBA severity of Error. Fault Alert channel is down Severity Error Description/Cause Indicates a failure to communicate with the Sensor via the channel on which the Manager listens for Sensor alerts. Action
  • McAfee M4050 | Troubleshooting Guide - Page 65
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Invalid SSL decryption key Severity Error Description/Cause Action The Sensor detects that a particular Re-import the key (which is SSL decryption key is no longer identified within the error valid; for example, it may be
  • McAfee M4050 | Troubleshooting Guide - Page 66
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Packet log channel is down Severity Error Put peer DoS profile failure Error Error Error Queue size full Real-time Scheduler signature set update from Manager to Sensor failed Error Description/Cause Action Indicates a
  • McAfee M4050 | Troubleshooting Guide - Page 67
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Severity Scheduled realtime update from Update Server to Manager failed Error file to McAfee Technical Support for troubleshooting. The Sensor has detected an error on av-dat file segment Ensure that the Sensor is online and
  • McAfee M4050 | Troubleshooting Guide - Page 68
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports that the alert channel is down Severity Error Sensor reports an out-of-range configuration Error Sensor configuration update failed Error Description/Cause Action This fault indicates that the Sensor is
  • McAfee M4050 | Troubleshooting Guide - Page 69
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Unarchived, queued alert count full Severity Error Unarchived, queued packet log count full Error have sufficient disk space/processing power to accommodate the number/rate of alerts your Sensors are generating. Rectify the
  • McAfee M4050 | Troubleshooting Guide - Page 70
    McAfee® Network Security Platform 6.0 System Fault Messages Warning faults The faults listed in the following table have a severity of Warning. Fault Attempt to disable failover failed Severity Warning Description/Cause The Manager's attempt to disable failover on the Sensor failed. This is
  • McAfee M4050 | Troubleshooting Guide - Page 71
    McAfee® Network Security Platform 6.0 Sensor Warning Download Started This warning denotes the failure to update the McAfee NAC-installation-related configuration. De install and try to update the McAfee NAC- installation-related configuration. Reinstall McAfee NAC if you Reinstall McAfee
  • McAfee M4050 | Troubleshooting Guide - Page 72
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Physical configuration changed Severity Warning Description/Cause The physical configuration has changed of Sensor. New physical configuration has been discovered. Action Occurs when the Sensor connects to the Manager with a
  • McAfee M4050 | Troubleshooting Guide - Page 73
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor is not initialized Severity Warning Description/Cause Action The Sensor is not properly initialized. Either it is in the process of starting up and is not ready, or the signature set is missing on the Sensor. The Sensor
  • McAfee M4050 | Troubleshooting Guide - Page 74
    McAfee® Network Security Platform 6.0 System Fault Messages Informational faults The faults listed in the complete The alert archival process This message is for has started. user information. No action required. Sensor software has initialized correctly. On initialization failure, check if
  • McAfee M4050 | Troubleshooting Guide - Page 75
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity message is for user information. No action required. This message indicates that an attempt to manually back up the database backup has failed. The most likely cause of failure is insufficient
  • McAfee M4050 | Troubleshooting Guide - Page 76
    McAfee® Network Security Platform Network Security Informational Central Manager Attack filter is applied on resource Description/Cause Manager is archiving the alerts, and this is in progress Action Wait for the Alert archival to complete A manual Analyzer (2) Generating IDS reports on alerts
  • McAfee M4050 | Troubleshooting Guide - Page 77
    Informational mismatch. Secondary Manager has latest version Network Security Platform- Informational defined UDS overridden by signature set. MDR manual switch over successful; the Secondary is in control of Informational The two Managers in an
  • McAfee M4050 | Troubleshooting Guide - Page 78
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational MDR automatic switchover has been completed; the Secondary is in control of Informational MDR configuration information retrieval from
  • McAfee M4050 | Troubleshooting Guide - Page 79
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational MDR pair is changed Informational Network Security Manager Informational Type mismatch No Syslog Forwarder configured Informational Manager Request is not from Trusted IP
  • McAfee M4050 | Troubleshooting Guide - Page 80
    Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Report creation complete Informational Report generation in progress Informational Reset to standalone has been invoked; the Primary is in control of
  • McAfee M4050 | Troubleshooting Guide - Page 81
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Real-time signature file update from Manager to Sensor(s) successful Informational Sensor software image or signature set import in progress Informational Scheduled backup
  • McAfee M4050 | Troubleshooting Guide - Page 82
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Scheduler - Signature Informational download from Manager to Sensor failed Scheduled Vulnerability Informational Manager vulnerability data import failed Sensor configuration
  • McAfee M4050 | Troubleshooting Guide - Page 83
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Sensor software image or signature set import in progress Informational Informational Sensor software image or signature set import in progress Informational Sensor software
  • McAfee M4050 | Troubleshooting Guide - Page 84
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Signature set update not Informational successful. Switchback has been completed, the primary Manager has got the control of Sensors now Informational System startup in process;
  • McAfee M4050 | Troubleshooting Guide - Page 85
    McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Vulnerability data import from McAfee quarantine and remediation functionality, see IPS Quarantine settings in the IPS Sensor, IPS Configuration Guide You can view the faults from
  • McAfee M4050 | Troubleshooting Guide - Page 86
    Messages This section lists the error messages displayed in McAfee® Network Security Manager (Manager). Error messages for RADIUS servers The table lists the error messages displayed in the Manager. Error Name RADIUS Connection Successful Description/Cause RADIUS server is up and running Action
  • McAfee M4050 | Troubleshooting Guide - Page 87
    McAfee® Network Security Platform 6.0 Error Messages Error Name Edit RADIUS server Delete RADIUS server Description/Cause IP Address/Host set port ,set Enabled Deleted RADIUS Server IP Address/Host , port
  • McAfee M4050 | Troubleshooting Guide - Page 88
    choose information that McAfee needs from your installation of Network Security Platform. You simply open the definition file within the InfoCollector and it will automatically select the information that McAfee needs from your installation of the Manager. Alternatively, a manual approach can also
  • McAfee M4050 | Troubleshooting Guide - Page 89
    Network Security Platform. Running the InfoCollector To run InfoCollector, follow the following steps: 1. If you do not already have InfoCollector installed, download the InfoCollector.zip file from the McAfee as instructed by McAfee. iv. Select a Duration. Select Date to specify a start and
  • McAfee M4050 | Troubleshooting Guide - Page 90
    Watchdog Works (on page 81)  Installing Manager Watchdog (on page 82)  Starting Manager Watchdog (on page 82)  service to start automatically after a system reboot. Caution 2: If you have chosen to change the Manager service setting from its default (Auto) to "Manual," (during a troubleshooting
  • McAfee M4050 | Troubleshooting Guide - Page 91
    default, not started after installation; you must start the Manager watchdog process manually. To start/stop Manager Watchdog: 1. Select Start > Settings > Control Panel. Double-click Administrative Tools, and then double-click Services. 2. Click Network Security Platform Watchdog Service. 3. Do one
  • McAfee M4050 | Troubleshooting Guide - Page 92
    server at Mon Jun 09 14:48:53 GMT+05:30 2006 SERVER STDOUT: The Network Security Platform Manager Service is starting. SERVER STDOUT: The Network Security Platform Manager Service was started successfully. SERVER STDOUT: SERVER STDOUT: If the Manager Watchdog fails after five attempts to restart
  • McAfee M4050 | Troubleshooting Guide - Page 93
    the McAfee® Network Security Sensor (Sensor) VLAN limitations for Network Security Platform Maximum number of SSL keys for McAfee® Network Security Manager (Manager) or Sensor Submitting Network Security Platform incorrect identifications (false positive/incorrect detection) to support Support for
  • McAfee M4050 | Troubleshooting Guide - Page 94
    ® Network Security Platform 6.0 Utilizing the McAfee Knowledge Base Old Number New Number Topic KB40582 KB56071 Configuring authentication on the Manager for the update server KB41752 KB61131 KB65523 NAI32011 NAI32008 KB56364 KB59347 KB59344 3rd Party Recommended Hardware for Sensors Error
  • McAfee M4050 | Troubleshooting Guide - Page 95
    the MySQL installation 7 I InfoCollector tool 86 informational faults 69 M management port configuration 18 MySQL issues 36 O other faults 82 P problems with sensor reboot 27, 28 R rolling back changes 10 S sensor failover status 26 system health 25 T technical support x W Watchdog 89
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
McAfee
®
Network Protection
Industry-leading network security solutions
Troubleshooting Guide
McAfee® Network Security Platform
version 6.0
Revision 6.0