McAfee M4050 Troubleshooting Guide - Page 11

Functional requirements, Install a desktop firewall, Upgrade, Guide - snmp

Get McAfee M4050 - Network Security Platform PDF manuals and user guides
UPC - 731944582832
View all McAfee M4050 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

McAfee® Network Security Platform 6.0 Before You Install  Identify hosts that may cause false positives, for example, HTTP cache servers, DNS servers, mail relays, SNMP managers, and vulnerability scanners. Functional requirements Following are the functional requirements to be taken care of:  Install Wireshark (formerly known as Ethereal http://www.wireshark.com http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer for Unix and Windows servers, used to analyze the packet logs created by Sensors.  Ensure the correct version of JRE is installed on the client system, as described in the Release Notes. This can save a lot of time during deployment.  Determine a way in which the Manager maintains the correct time. To keep time from drifting, for example, point the Manager server to an NTP timeserver. (If the time is changed on the Manager server, the Manager will lose connectivity with all Sensors and the McAfee® Network Security Update Server because SSL is time sensitive.)  If Manager Disaster Recovery (MDR) is configured, ensure that the time difference between the Primary and Secondary Managers is less than 60 seconds. (If the spread between the two exceeds more than two minutes, communication with the Sensors will be lost.)  If you are upgrading from a previous version, we recommend that you follow the instructions in the respective version's release notes or, if applicable, the Upgrade Guide. Install a desktop firewall McAfee strongly recommends that you configure a packet-filtering firewall to block connections to ports 8551, 3306, 8007, 8009, and 8552 of your Manager server. The firewall can either be a host-based or a network-based. Set your firewall to deny connections to these ports if the connections are not initiated by the localhost. The only connections that should be allowed are those from the Manager server itself; that is, the localhost. For example, if another machine attempts to connect to port 8551, 8552, 3306, 8007 and 8009 the firewall should automatically block any packets sent. If you need assistance in blocking these, contact Technical Support. If a firewall will reside between the Sensor, Manager, or administrative client, which includes a personal firewall on the Manager, the following ports must be opened: Port # 4167 (high ports) (source port on the Manager) and 8500 (destination port on the Sensor) Protocol UDP Description Direction of communication Default SNMPv3 Manager-->Sensor (command channel) 2

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
McAfee® Network Security Platform 6.0
Before You Install
2
Identify hosts that may cause false positives, for example, HTTP cache servers, DNS
servers, mail relays, SNMP managers, and vulnerability scanners.
Functional requirements
Following are the functional requirements to be taken care of:
Install Wireshark (formerly known as Ethereal
http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer
for Unix and Windows servers, used to analyze the packet logs created by Sensors.
Ensure the correct version of JRE is installed on the client system, as described in the
Release Notes. This can save a lot of time during deployment.
Determine a way in which the Manager maintains the correct time. To keep time from
drifting, for example, point the Manager server to an NTP timeserver. (If the time is
changed on the Manager server, the Manager will lose connectivity with all Sensors
and the McAfee
®
Network Security Update Server because SSL is time sensitive.)
If Manager Disaster Recovery (MDR) is configured, ensure that the time difference
between the Primary and Secondary Managers is less than 60 seconds. (If the spread
between the two exceeds more than two minutes, communication with the Sensors
will be lost.)
If you are upgrading from a previous version, we recommend that you follow the
instructions in the respective version’s release notes or, if applicable, the
Upgrade
Guide
.
Install a desktop firewall
McAfee strongly recommends that you configure a packet-filtering firewall to block
connections to ports 8551, 3306, 8007, 8009, and 8552 of your Manager server. The
firewall can either be a host-based or a network-based.
Set your firewall to deny connections to these ports if the connections are not initiated by
the localhost. The only connections that should be allowed are those from the Manager
server itself; that is, the localhost.
For example, if another machine attempts to connect to port 8551, 8552, 3306, 8007 and
8009 the firewall should automatically block any packets sent. If you need assistance in
blocking these, contact Technical Support.
If a firewall will reside between the Sensor, Manager, or administrative client, which
includes a personal firewall on the Manager, the following ports must be opened:
Port #
Protocol
Description
Direction of communication
4167 (high ports)
(source port on the Manager)
and
8500
(destination port on the
Sensor)
UDP
Default SNMPv3
(command
channel)
Manager-->Sensor