McAfee M3050 Installation Guide - Page 33

Consider that you want to use one Manager server to manage two Sensors

Get McAfee M3050 - Network Security Platform PDF manuals and user guides View all McAfee M3050 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

McAfee® Network Security Platform 6.0 Installing the Manager/Central Manager  Network Security Platform assumes that all the IP addresses are bound to the same host name. McAfee recommends that you use a separate system for the Manager to avoid using multiple host names.  If the Manager has an IPv6 address then you can add Sensors with IPv6 addresses to it.  If an IP address is not displayed in the drop-down list or if a deleted IP address is displayed, then cancel the installation, restart the server, and re-install the Manager.  Post-installation, if you want to change the dedicated IP that you already specified, you need to re-install the Manager.  Do not specify a dedicated interface if you plan to use one Manager server for Sensors deployed in different networks that are not reachable to one another. Assume that you have a Sensor deployed in the 10.0.10.x network and another Sensor in 172.16.10.x network and that you wish to manage both these Sensors using one Manager server. Assume that the Manager server is connected to both these networks with IP addresses of 10.0.10.10 and 172.16.10.10. Now if you specify 10.0.10.10 as the dedicated interface during installation, then it will use this IP address even to communicate with the Sensor in 172.16.10.x, which will fail. So, for such cases do not specify a dedicated interface. An alternative solution could be deploying the Manager in a DMZ such that it can communicate with both the Sensors using the DMZ IP address.  Consider that you want to use one Manager server to manage two Sensors deployed in two different networks that are reachable to one another. Assume that the Manager server has two IP addresses - one for each network. In this case, it is recommended that you configure both the Manager IPs in both the Sensors (using the set manager secondary ip command) regardless of whether you specify a dedicated interface or not.  If you plan to configure Manager Disaster Recovery (MDR), then the dedicated IP address that you choose now must be specified as the peer Manager IP address during MDR configuration. For example, if this is the secondary Manager, then the dedicated interface that you choose now must be specified as the peer manager IP address when configuring MDR on the primary. Figure 10: Selecting the dedicated interface 25

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
McAfee® Network Security Platform 6.0
Installing the Manager/Central Manager
Network Security Platform assumes that all the IP addresses are bound to the
same host name. McAfee recommends that you use a separate system for the
Manager to avoid using multiple host names.
If the Manager has an IPv6 address then you can add Sensors with IPv6
addresses to it.
If an IP address is not displayed in the drop-down list or if a deleted IP address is
displayed, then cancel the installation, restart the server, and re-install the Manager.
Post-installation, if you want to change the dedicated IP that you already
specified, you need to re-install the Manager.
Do not specify a dedicated interface if you plan to use one Manager server for
Sensors deployed in different networks that are not reachable to one another.
Assume that you have a Sensor deployed in the 10.0.10.x network and another
Sensor in 172.16.10.x network and that you wish to manage both these Sensors
using one Manager server. Assume that the Manager server is connected to both
these networks with IP addresses of 10.0.10.10 and 172.16.10.10. Now if you
specify 10.0.10.10 as the dedicated interface during installation, then it will use this
IP address even to communicate with the Sensor in 172.16.10.x, which will fail. So,
for such cases do not specify a dedicated interface. An alternative solution could be
deploying the Manager in a DMZ such that it can communicate with both the
Sensors using the DMZ IP address.
Consider that you want to use one Manager server to manage two Sensors
deployed in two different networks that are reachable to one another. Assume that
the Manager server has two IP addresses - one for each network. In this case, it is
recommended that you configure both the Manager IPs in both the Sensors (using
the
set manager secondary ip
command) regardless of whether you specify a
dedicated interface or not.
If you plan to configure Manager Disaster Recovery (MDR), then the dedicated IP
address that you choose now must be specified as the peer Manager IP address
during MDR configuration. For example, if this is the secondary Manager, then the
dedicated interface that you choose now must be specified as the peer manager IP
address when configuring MDR on the primary.
Figure 10: Selecting the dedicated interface
25