McAfee M-1250 IPS Configuration Guide - Page 216
Deleting SSL key files from Manager, Configuring at the interface level
View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 216 highlights
McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Deleting SSL key files from Manager To delete escrowed SSL key files from Manager, do the following: 1 Click Sensor_Name > SSL Decryption > Key Management. 2 Select the radio button in the Update column for the desired Sensor. 3 Click Next. 4 Click Delete. Confirm the deletion. Configuring at the interface level Configuring at the interface level involves enabling McAfee-NAC-based response action for the ports. For ports deployed in inline mode, you can enable McAfee NAC forwarding, Network Security Platform quarantine and remediation for each port in a port-pair. For ports deployed in tap and SPAN modes, you can only enable McAfee NAC forwarding. If a McAfee-NAC-enabled attack is detected passing through a port for which you have enabled McAfee NAC forwarding, then the Network Security Sensor alerts the corresponding McAfee NAC server with the details of the attack. This also depends whether you have enabled McAfee NAC notification at the policy level. Warning: McAfee NAC uses the MAC addresses of attacking hosts to quarantine them. Network Security Sensors forward details of attacking hosts, including their MAC addresses, to the McAfee NAC server. However, if there is a Layer 3 device between the Network Security Sensor and an attacking host, then the device rewrites the source MAC address with its own. That is, the Network Security Sensor will receive the MAC address of the device as the source MAC address instead of the MAC address of the attacking host. Because of this reason, you should not enable alert forwarding to the McAfee NAC server for the Sensor ports that are connected to only Layer 3 devices. If a port is connected to a mixture of Layer 3 and Layer 2 devices, then you should include the MAC addresses of the Layer 3 devices in the Excluded MAC address list so that these devices are not quarantined by McAfee NAC. To enable or disable McAfee NAC forwarding for the ports in a Sensor: 1 Select Sensors > Sensor_Name > NAC > Port Settings or Sensors > Sensor_Name > Interface_Name > NAC. In the Enable Port Settings page, you can view the McAfee NAC configuration details as well as Network Security Sensor quarantine details of the ports in the Sensor. For information on Network Security Sensor quarantine details, Updating Quarantine and Remediation Status, Sensor Configuration Guide. 2 Select a port by clicking the check box adjacent to the Port column and then select or clear the Quarantine, Remediate, and Enable McAfee NAC based on your requirements: To just forward the attack details to McAfee NAC, select only Enable McAfee NAC. To forward the attack details to McAfee NAC and also quarantine the attacking host based on McAfee NAC response, select Quarantine and Enable McAfee NAC. Select Remediate, if required. 208