McAfee DTP-1650-MGRA Installation Guide - Page 13

Setting up the hardware Select an integration mode for McAfee DLP Monitor 1 Network tap configuration A network tap configuration enables monitoring by injecting a tap in between two network devices (generally the LAN switch and the WAN router) using additional cabling, then connecting the tap to McAfee DLP Monitor. The network tap captures traffic through a tap that is attached to the LAN switch and WAN router through two network ports. Traffic from these ports flows directly to the capture ports on McAfee DLP Monitor. In environments where there is a firewall or a series of devices separating the LAN switch from the WAN router, the network tap should be installed between the LAN switch and the first device. Figure 1-5 Network tap configuration 1 Capture ports 2 Analyzer ports 3 Network tap 4 LAN 5 LAN switch 6 Router 7 WAN This method requires physical disconnection and reconnection of network cables, so it disrupts traffic. A service window is required. With this configuration, full traffic capture is done even under heavy load conditions. Network tap types Network taps are available in copper or fiber media. Regeneration taps for both types can be used to extend monitoring to multiple ports. When these taps are used, signals are regenerated before sending a copy of the packets to the monitor port. Table 1-1 Network tap types Network tap type Description Copper and copper regenerative These taps use twisted pair copper cabling (preferably CAT6 twisted pair). Fiber and fiber regenerative These taps use multimode fiber cabling with an LC connector on one end (which connects to a capture port on the appliance) and an SC connector on the other (which connects to a port on the tap). McAfee Data Loss Prevention 9.2.1 Installation Guide 13