Contents
Preface
...........................................................................................................
v
Introducing McAfee Network Security Platform
.............................................................................
v
About this Guide
............................................................................................................................
v
Conventions used in this guide
.....................................................................................................
v
Related Documentation
.................................................................................................................
vi
Contacting Technical Support
......................................................................................................
vii
Chapter 1 What is inline mode?
...................................................................
1
Benefits of running inline
...............................................................................................................
1
Chapter 2 Inline deployment walkthrough
.................................................
3
Chapter 3 Determine your high availability strategy
.................................
4
Failover, or High-Availability
..........................................................................................................
4
Fail-open or fail-closed functionality
..............................................................................................
5
Chapter 4 Install and cable the Sensor
.......................................................
6
Cable the Fast Ethernet monitoring ports
......................................................................................
7
Cable the Gigabit Ethernet monitoring ports
.................................................................................
7
Cable a failover pair
......................................................................................................................
7
Configure the Sensor monitoring ports
..........................................................................................
8
About Sensor port configuration
.............................................................................................
8
Chapter 5 Failover: configure two Sensors in inline mode
....................
11
Create a Failover Pair
.................................................................................................................
11
Download configuration, signature set, and software updates to the Sensor
......................
12
Chapter 6 Configure policies
.....................................................................
13
Tune your policies
.......................................................................................................................
13
About false positives and "noise"
................................................................................................
14
Incorrect identification
..........................................................................................................
14
Correct identification; significance subject to usage policy
..................................................
14
Correct identification; significance subject to user sensitivity (also known as noise)
...........
14
Chapter 7 Block attacks
.............................................................................
16
Methods for blocking attacks
.......................................................................................................
16
Block exploit traffic
......................................................................................................................
16
How blocking works for exploit traffic
...................................................................................
17
Verify dropped exploit attacks using the Threat Analyzer
....................................................
17
Block DoS traffic
..........................................................................................................................
17
How blocking works for DoS traffic
......................................................................................
18
Verify blocked DoS attacks using the Threat Analyzer
........................................................
18
Drop DoS Attacks from the Threat Analyzer
........................................................................
18
Block using ACLs
........................................................................................................................
18
Utilize traffic normalization
..........................................................................................................
19
Blocking based on configured TCP & IP Settings
.......................................................................
20
Blocking of IP-spoofed packets
...................................................................................................
20
Chapter 8 Troubleshooting
........................................................................
21
iii