McAfee M4050 Troubleshooting Guide - Page 11
Functional requirements, Install a desktop firewall, Upgrade, Guide - snmp
UPC - 731944582832
View all McAfee M4050 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 11 highlights
McAfee® Network Security Platform 6.0 Before You Install Identify hosts that may cause false positives, for example, HTTP cache servers, DNS servers, mail relays, SNMP managers, and vulnerability scanners. Functional requirements Following are the functional requirements to be taken care of: Install Wireshark (formerly known as Ethereal http://www.wireshark.com http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer for Unix and Windows servers, used to analyze the packet logs created by Sensors. Ensure the correct version of JRE is installed on the client system, as described in the Release Notes. This can save a lot of time during deployment. Determine a way in which the Manager maintains the correct time. To keep time from drifting, for example, point the Manager server to an NTP timeserver. (If the time is changed on the Manager server, the Manager will lose connectivity with all Sensors and the McAfee® Network Security Update Server because SSL is time sensitive.) If Manager Disaster Recovery (MDR) is configured, ensure that the time difference between the Primary and Secondary Managers is less than 60 seconds. (If the spread between the two exceeds more than two minutes, communication with the Sensors will be lost.) If you are upgrading from a previous version, we recommend that you follow the instructions in the respective version's release notes or, if applicable, the Upgrade Guide. Install a desktop firewall McAfee strongly recommends that you configure a packet-filtering firewall to block connections to ports 8551, 3306, 8007, 8009, and 8552 of your Manager server. The firewall can either be a host-based or a network-based. Set your firewall to deny connections to these ports if the connections are not initiated by the localhost. The only connections that should be allowed are those from the Manager server itself; that is, the localhost. For example, if another machine attempts to connect to port 8551, 8552, 3306, 8007 and 8009 the firewall should automatically block any packets sent. If you need assistance in blocking these, contact Technical Support. If a firewall will reside between the Sensor, Manager, or administrative client, which includes a personal firewall on the Manager, the following ports must be opened: Port # 4167 (high ports) (source port on the Manager) and 8500 (destination port on the Sensor) Protocol UDP Description Direction of communication Default SNMPv3 Manager-->Sensor (command channel) 2