McAfee M-1250 Network Protection - Page 19

Failover: con two Sensors in inline mode, Create a Failover Pair

Get McAfee M-1250 - Network Security Platform PDF manuals and user guides View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

CHAPTER 5 Failover: configure two Sensors in inline mode In a failover configuration, the two Sensors are placed inline, connected to each other via cables, and configured to act as a Failover Pair. All traffic is copied and shared between them in order to maintain state. Sensor A copies the packets received on its monitoring ports to Sensor B using the interconnection ports and vice versa. Since both Sensors see all traffic and build state based on it, their state information is synchronized at all times. All packets are seen by both Sensors (when both are operational); however, only one Sensor in the pair raises an alert whenever an attack is detected. When deploying the two Sensors in failover mode, you must ensure the following: • The Sensor interconnection ports must be cabled appropriately so the two Sensors can communicate. • Both Sensors must be of the identical model type, and have the same signature set and software loaded. (One of the two Sensors may be a "Fail-over (FO)" Sensor model, which is a fully functional Sensor limited to operation as part of a failover pair; it cannot operate standalone.) • Additionally, all ports on both the Sensors must be configured to run in inline mode. Note: The exceptions are the ports that will be used for the heartbeat. For example, on the I-2700, you do not need to explicitly configure ports 4A/4B to run in inline mode because 4A will be automatically configured for the heartbeat and 4B will be disabled when the failover pair is created. Create a Failover Pair You can create a Failover Pair using McAfee® Network Security Manager (Manager) System Configuration tool. Failover Pair creation happens in real time; there is no need to explicitly update the configuration. Note 1: By design, the configuration of the primary Sensor is copied to the secondary Sensor, overwriting the original configuration on the secondary. If you intend to configure both Sensors to fail-closed or fail open, you need only configure the ports on the Sensor you intend to designate as the primary during the Failover Pair creation. Note 2: If you intend to have one Sensor fail-closed and the other fail open, however, you must revisit the Port Configuration page of each Sensor after Failover Pair creation and make the appropriate changes. 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
C
HAPTER
5
Failover: configure two Sensors in inline mode
In a failover configuration, the two Sensors are placed inline, connected to each other via
cables, and configured to act as a
Failover Pair
. All traffic is copied and shared between
them in order to maintain state. Sensor A copies the packets received on its monitoring
ports to Sensor B using the interconnection ports and vice versa. Since both Sensors see
all traffic and build state based on it, their state information is synchronized at all times.
All packets are seen by both Sensors (when both are operational); however, only one
Sensor in the pair raises an alert whenever an attack is detected.
When deploying the two Sensors in failover mode, you must ensure the following:
The Sensor interconnection ports must be cabled appropriately so the two Sensors
can communicate.
Both Sensors must be of the identical model type, and have the same signature set
and software loaded. (One of the two Sensors may be a “Fail-over (FO)” Sensor
model, which is a fully functional Sensor limited to operation as part of a failover pair;
it cannot operate standalone.)
Additionally, all ports on both the Sensors must be configured to run in inline mode.
Note:
The exceptions are the ports that will be used for the heartbeat. For example,
on the I-2700, you do not need to explicitly configure ports 4A/4B to run in inline
mode because 4A will be automatically configured for the heartbeat and 4B will be
disabled when the failover pair is created.
Create a Failover Pair
You can create a Failover Pair using McAfee
®
Network Security Manager (Manager)
System Configuration tool. Failover Pair creation happens in real time; there is no need to
explicitly update the configuration.
Note 1:
By design, the configuration of the primary Sensor is copied to the
secondary Sensor, overwriting the original configuration on the secondary. If you
intend to configure both Sensors to fail-closed or fail open, you need only configure
the ports on the Sensor you intend to designate as the primary during the Failover
Pair creation.
Note 2:
If you intend to have one Sensor fail-closed and the other fail open,
however, you must revisit the
Port Configuration
page of each Sensor after Failover
Pair creation and make the appropriate changes.
11