Esm 960 Ig En-Us PDF

Installation Guide
McAfee Enterprise Security Manager 9.6.0
COPYRIGHT
Copyright 2016 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Installation Guide
Contents
Preface
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Find localized information . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use ESM Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Frequently asked questions . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5
5
6
6
7
7
Introduction
Installing McAfee ESM devices
11
Preparing to install McAfee ESM devices . . . . . . . . . . . . . . . . . . . . . . . .

Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . .
Inspect packaging and device . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying a location for installation . . . . . . . . . . . . . . . . . . . . . . .
Connect and start the devices . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying connector and equipment types . . . . . . . . . . . . . . . . . . . .
Identifying network cables . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying network ports . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting up McAfee ESM devices

Configure the network interface on
Configure for IPv6 . . . . . . .
Log on to McAfee ESM console . .
23
the Nitro IPS . . . . . . .

the Receiver, ELM, and ACE .
the DEM and ADM . . . . .
the ESM . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
About FIPS mode

FIPS mode information . . . . . . . . .
Select FIPS mode . . . . . . . . . . .
Check FIPS integrity . . . . . . . . . .
Adding a keyed device in FIPS mode . . .
Backup and restore information for a
11
11
12
12
13
14
14
15
23
24
24
25
25
26
29
. . . . . .
. . . . . .
. . . . . .
. . . . . .
device in FIPS
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
mode . . . . . . . . . . . . . .
30
30
31
32
32
Enable communication with multiple ESM devices in FIPS mode . . . . . . . . . . . . 33

Troubleshooting FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
VM ESXi requirements
37
Stripe the storage drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Install the virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Key the VM device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
38
38
39
Installation Guide
Contents
Install the qLogic 2460 or 2562 SAN adapters
41
Install DAS
43
Installing devices in a rack
45
Install AXXVRAIL rail set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Remove the chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Regulatory notices
51
KVM requirements
55
VM models for KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Deploy KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Index
57
Installation Guide
Preface
This guide provides the information you need to work with your McAfee product.
Contents
About this guide
Find product documentation
About this guide

This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Users People who use the computer where the software is running and can access some or all of
its features.
Conventions
This guide uses these typographical conventions and icons.
Italic
Title of a book, chapter, or topic; a new term; emphasis
Bold
Text that is emphasized
Monospace
Commands and other text that the user types; a code sample; a displayed message
Narrow Bold
Words from the product interface like options, menus, buttons, and dialog boxes
Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, or
provide an alternative method
Tip: Best practice information
Caution: Important advice to protect your computer system, software installation,
network, business, or data
Warning: Critical advice to prevent bodily harm when using a hardware product
Installation Guide
Preface

On the ServicePortal, you can find information about a released product, including product
documentation, technical articles, and more.
Task
1
Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.
In the Knowledge Base pane under Content Source, click Product Documentation.
Select a product and version, then click Search to display a list of documents.
Tasks
Find localized information on page 6

We provide localized (translated) McAfee ESM release notes, online Help, product guide,
and installation guide for:
Use ESM Help on page 7

Have questions about how to use ESM? Use the online Help as your context-sensitive
information source, where you find conceptual information, reference materials, and
step-by-step instructions on how to use ESM.
Frequently asked questions on page 7

Here are answers to frequently asked questions.
Find localized information

We provide localized (translated) McAfee ESM release notes, online Help, product guide, and
installation guide for:
Chinese, Simplified
Japanese
Chinese, Traditional
Korean
English
Portuguese, Brazilian
French
Spanish
German
Access localized online Help

Changing the language setting in ESM automatically changes the language used in the online Help.
1
Log on to ESM.
On the system navigation pane of the ESM console, select Options.
Select a language, then click OK.
Click the Help icon in the upper right corner of the ESM windows or select the Help menu. The Help
displays in the language you selected.
If the Help appears in English only, localized Help is not yet available. A future update installs
localized Help.
Installation Guide
Preface
Find localized product documentation on the Knowledge Center

1
Visit the Knowledge Center.
Search for localized product documentation using the following parameters:
Search terms product guide, installation guide, or release notes
Product SIEM Enterprise Security Manger
Version 9.6.0
In the search results, click the relevant document title.
On the page with the PDF icon, scroll down until you see language links on the right side. Click the
relevant language.
Click the PDF link to open the localized version of the product document.
Use ESM Help

Have questions about how to use ESM? Use the online Help as your context-sensitive information
source, where you find conceptual information, reference materials, and step-by-step instructions on
how to use ESM.
Task
1
To open ESM Help, do one of the following:
Select the menu option Help | Help Contents.
Click the question mark in the upper right of ESM screens to find context-sensitive Help specific
to that screen.
From the Help window:
Use the Search field to find any word in the Help. Results appear below the Search field. Click the
relevant link to display the Help topic in the pane on the right.
Use the Contents tab (table of contents) to view a sequential list of topics in the Help.
Use the Index to find a specific term in the Help. Keywords are organized alphabetically so you
can scroll through the list until you find the keyword you want. Click the keyword to display that
Help topic.
Print the current Help topic (without scroll bars) by clicking the printer icon in the upper right of
the Help topic.
Find links to related Help topics by scrolling to the bottom of the Help topic.
Frequently asked questions

Here are answers to frequently asked questions.
Where can I find ESM information in other languages?
We localize the ESM release notes, Help, product guide, and installation guide. Find localized
information on page 6
Where can I learn more about McAfee ESM?
Use ESM Help on page 7
Visit the Knowledge Center
Installation Guide
Preface
Visit the Expert Center
Watch McAfee ESM videos
Which SIEM devices are supported?

Visit the McAfee ESM website
How do I configure specific data sources?
Find current data source configuration guides on the Knowledge Center
How do I learn about changes and additions to data sources, custom types, rules, and
content packs?
Log on to the Knowledge Center and subscribe to the KB75608 article. You will receive
notifications when the article is changed.
For information about content packs, read the KB article on the Knowledge Center.
Installation Guide
Introduction
This guide describes how to install and set up these devices:
McAfee Nitro Intrusion Prevention System

(IPS)
McAfee Enterprise Log Manager (ELM)
McAfee Enterprise Security Manager

(McAfee ESM)
McAfee Advanced Correlation Editor (ACE)
McAfee Event Receiver
McAfee Direct Attached Storage (DAS)
McAfee ESM/Event Receiver (ESMREC)
McAfee Receiver/ELM (ELMERC)
McAfee Database Event Monitor (DEM)
McAfee ESM/Receiver/ELM (ESMELM)
McAfee Application Data Monitor (ADM)
It is divided into two main sections:
Installing a McAfee ESM device, which provides you with the steps to follow to inspect, mount,
connect, and start the device.
Setting up a McAfee ESM device, which describes how to configure the network interface for each
device type, configure for IPv6, log on to the McAfee ESM console, and key the device.
Installation Guide
Introduction
10
Installation Guide
You must install your McAfee devices before you can use them to protect your network from intrusions
or collect network data. These installation instructions apply to all current models of McAfee ESM
devices.
Contents
Preparing to install McAfee ESM devices
Connect and start the devices

Before you install devices, verify that your system meets minimum requirements and that the
equipment was not damaged during shipping. Select the location to set up the equipment.
Hardware and software requirements

Your system must meet the minimum hardware and software requirements.
System requirements
Processor P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7) or AMD AM2 class or

higher (Turion64/Athlon64/Opteron64,A4/6/8)
RAM 1.5 GB
Windows operating system Windows 2000, Windows XP, Windows 2003 Server, Windows Vista,
Windows 2008 Server, Windows Server 2012, Windows 7, Windows 8, Windows 8.1
Browser Internet Explorer 9 or later, Mozilla Firefox 9 or later, Google Chrome 33 or later
Flash Player Version 11.2.x.x or later

ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for
the IP address or host name of your ESM.
Virtual Machine requirements
Processor 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64
or higher
RAM Depends on the model (4 GB or more)
Disk space Depends on the model (250 GB or more)
Installation Guide
11

ESXi 5.0 or later
Thick versus thin provisioning You must decide the hard disk requirements for your server. The
minimum requirement is 250 GB unless the VM purchased has more. See the specifications for
your VM product.
The ENMELM VM uses many features that require CPU and RAM. If the ESXi environment shares the
CPU/RAM requirements with other VMs, the performance of the ENMELM VM is impacted. Make sure
that you include what the CPU and RAM need within the requirements.
Inspect packaging and device

Before installing your equipment, make sure that there is no sign of damage or tampering.
Task
1
As soon as you receive your device, inspect the packaging and the device for signs of damage or
mishandling.
If you are performing a FIPS installation, inspect the tamper-evident packing tape that is securing
the shipping container. If there is evidence of tampering, contact McAfee Support immediately for
instructions, and do not install the product.
Verify that all items listed on the packing slip are included in the package.
When performing a FIPS installation, find the tamper-evident seal in the shipping container's
accessories package. Apply the seal so it completely blocks the USB ports, preventing their use
without leaving evidence of tampering (see Diagram 1).
Diagram 1: Placement of third tamper-evident seal.
Contact McAfee Support immediately if not fully satisfied with the inspection.
Identifying a location for installation

You must analyze your existing network and identify a network and physical location for your device.
Proper location selection impacts the effective use of your devices.
When selecting a location for your devices:
12
Installation Guide

Install your ESM device in a network location where it can manage devices and be accessible by
any systems accessing the ESM. If direct communication between devices managed by the ESM or
systems running ESM is not possible, configure your network to route network traffic between
them.
Place the Nitro IPS device between the trusted and untrusted sides of your network. Trusted is the
side you want to protect and untrusted is the side you intend to leave unprotected. For example,
you could locate your Nitro IPS between your firewall (untrusted side) and your switch (trusted
side). Because network configurations vary greatly, the location you select depends on your
individual security requirements and network environment.
This equipment is intended for installation in a restricted-access location.
Your Receiver and DEM devices must be accessible to the devices they are monitoring. If direct
communication isn't possible, you must configure your network to allow proper routing of network
traffic between them.

After inspecting the device and identifying the preferred location for installation, perform the steps in
this section to install it.
Task
1
Mount the device.

To protect the device and the cabling from accidental damage or disconnection, mount the device in
a rack (see Appendix F - Install AXXVRAIL rail set).
Prepare a space for the device in the mounting location.
Mount the device securely in the location you selected.
Connect the power supply to the device. Properly install and ground the equipment in accordance
with this instruction manual and national, state, and local codes.
We highly recommend connecting all ESM devices to an uninterruptible power supply (UPS).
Redundant power cords and power modules operating at normal conditions balances the load share
through its parallel design, resulting in a reliable power system. Since the Nitro IPS device is inline,
it must be connected to a UPS.
Start the device.

a
Cable with turn off and make sure that traffic is passing.
Turn on the device.
Select the network cable.
Installation Guide
13

Connect the cables to the untrusted and trusted ports. If you are connecting fiber cables, remove
the cable and network connector covers only when you are ready to connect the cables.
Verify the connectivity of the device by pinging from the trusted side of your network to a valid IP
address on the untrusted side.
See also
Identifying connector and equipment types on page 14
Identifying network cables on page 14
Identifying network ports on page 15
Identifying connector and equipment types

You can connect your Nitro IPS device to the network using either copper or fiber connectors,
depending on the model of your device.
Table 2-1 Connection type per device
Nitro IPS model
Connector type
TX
RJ-45 (Copper)
SX
LC-Multimode (Fiber)
LX
LC-Singlemode (Fiber)
Connect your ESM, Receiver, and DEM devices to the network using copper connectors, and identify
the copper or fiber cables by looking at the connectors. The CAT5 copper cable has RJ-45 connectors
(1) while LC fiber cable uses fiber connectors (2).
We recommend using CAT5 or higher for your copper connection. For gigabit connection, we
recommend CAT5e.
Equipment type
There are two types of equipment you can connect your ESM devices to: Data Circuit-Terminating
Equipment (DCE) and Data Terminal Equipment (DTE). Firewall and routers are DTE and switches are
DCE. The ESM devices are DTE.
Identifying network cables

If your device uses a fiber connection, you must select the fiber cables and connect them to the ports.
If your device uses a copper connection, use either a straight-through or a crossover copper cable.
To connect an ESM device RJ-45 port to DCE, use a straight-through cable. To connect to a DTE, use a
crossover cable. To distinguish between a straight-through and crossover cable, hold the two ends of
the cable as illustrated:
14
Installation Guide

On a straight-through cable, the colored wires are the same sequence at both ends. On a crossover
cable, the first (far left) colored wire at one end is the same color as the third wire at the other end of
the cable.
Identifying network ports

After identifying the cables you need for your network, identify the ports in the McAfee device that you
connect these cables to.
Always turn off any laser sources before you inspect fiber connectors, optical components, or
bulkheads. Fiber optic laser radiation might be emitted from connected fiber cables or connectors. Do
not stare directly into fiber optic equipment. Always keep a protective cap on unplugged fiber
connectors.
The devices contain management ports so they can be managed from McAfee ESM. In addition, your
Nitro IPS and ADM devices contain trusted and untrusted ports to connect the device to the trusted
and untrusted sides of your network.
The following images identify the management ports and the trusted and untrusted ports on your
devices.
NTP-1260
For NTP-1250 devices, port 2 = Mgmt 2 and port 3 = Mgmt 1.
ERC-1260, APM-1260
Installation Guide
15

For APM-1250 and 1260 devices, ports 47 are collection (sniffer) ports, not management ports. For
APM-1250 devices, port 2 = Mgmt 2 and port 3 = Mgmt 1. For ERC-1250 devices, ports 47 are
management ports.
NTP-2600/3450-4BTX, 3460
For NTP-1250 and 1260 devices, ports are collection (sniffer) ports, not management ports.
NTP-2600/3450-8BTX, DSM-4600
16
Installation Guide

NTP-2600/3450-4BSX
NTP-3450-2BSX
ERC-2600/3450/4600, DSM-2600/3450, and APM-3450/3460
Installation Guide
17

ETM-5600/6000/X4/X6, ELMERC-2600/3450/4600, ELM-4600/5600/6000, ACE2600/3450, ENMELM-4600/5600/6000, ERU-5600
DAS data cables
Step 1 - Create connection between 1U HA receivers
18
Installation Guide

Step 2 - Connect 1U HA receivers to the network switch/router
Installation Guide
19

Step 1 - Create connection between 2U HA receivers
20
Installation Guide

Step 2 - Connect 2U HA receivers to the network switch/router
Installation Guide
21

See also
Identifying a location for installation on page 12
22
Installation Guide
Setting up the devices is essential for proper operation. To set them up, configure IPv6 and the
network interface for each device type, and log on to McAfee ESM.
Contents
Configure the network
Configure for IPv6
Log on to McAfee ESM
interface
interface
interface
interface
on
on
on
on
the
the
the
the
Nitro IPS
Receiver, ELM, and ACE
DEM and ADM
ESM
console
Configure the network interface on the Nitro IPS

Follow these steps to configure your IP information.
Before you begin
Turn on the Nitro IPS and ensure that the boot process is complete. Attach a monitor and
keyboard to the device.
Task
1
Press Alt + F1 to go to the LCD page, then press Esc twice.
Scroll down to MGT IP Conf and press Enter.
Select Mgt 1 and press Enter.
On the Active menu, select IP Address and press Enter.
Set the value and press Enter.
Scroll down to Netmask and set the value.
Scroll down to Done and press Enter.
Scroll down to Gateway and press Enter.
Set the gateway address, scroll down to Done, and press Enter.
10 Scroll down to Port Number, set the value, and press Enter.
Make note of the new port number and enter it when keying the device. If the system operates in
FIPS mode, do not change the communication port number.
11 Scroll down to Save Changes and press Enter.
Installation Guide
23

Configure the network interface on the Receiver, ELM, and ACE
Configure the network interface on the Receiver, ELM, and ACE

Follow these steps to configure the network interface on a Receiver, ELM, or ACE device.
Before you begin
Attach a monitor and keyboard to the device.
Task
1
Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
Select Mgt 1 and press Enter, then select IP Address and press Enter.
Scroll down to DNS 1, press Enter, and set the value.
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number. Enter it when keying the device. Do not change the TCP
communication port.
Configure the network interface on the DEM and ADM

Follow these steps to configure the network interface on a DEM or ADM device.
Before you begin
Task
24
On the Active menu, select IP Address and press Enter.
Installation Guide

Configure the network interface on the ESM
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number and enter it when keying the device. Do not change the TCP
communication port.
Configure the network interface on the ESM

Follow these steps to configure the network interface on an ESM.
Before you begin
Turn on the ESM and make sure that the restart process is complete, then attach a monitor
and keyboard to the device.
Task
1
Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
Select Mgt 1 and press Enter, then select IP Address and press Enter.
Scroll down to DNS 1, press Enter, and set the value.
Configure for IPv6

If you want to use IPv6 on any of your devices and your network supports IPv6 stateless auto
configuration, configure your system to manage IPv6.
Before you begin
To manually configure an address for the ESM, see the Network Settings section in the McAfee
Enterprise Security ManagerProduct Guide. To manually configure an address for each type of device,
see the Interfaces section for the specific device.
Task
1
Scroll down to IPv6 Config and press Enter.
Installation Guide
25

Log on to McAfee ESM console
Scroll down to Save and press Enter.
To locate the automatically configured IPv6 address:

a
Start the device and wait for the menu to load.
Scroll down to IPv6 Global and press Enter.
Confirm the IPv6 address, then press Enter to return to the menu.
Scroll down to Cancel Changes and press Enter.

When you have installed and set up ESM and devices, you can log on the console to begin configuring
the system and device settings.
Before you begin
Verify whether you are required to operate the system in FIPS mode (see Step 5).
Task
1
Open a web browser on your client computer and go to the IP address you set when you configured
the network interface.
Click Login, select the language for the console, then type the default user name and password.
Default user name: NGCP
Default password: security.4u
Click Login, read the End User License Agreement, then click Accept.
When prompted, change your user name and password, then click OK.
Select whether to enable FIPS mode.

If you must work in FIPS mode, enable it the first time you log on so all future communication with
McAfee devices is in FIPS mode. Do not enable FIPS mode if you are not required to. For more
information on FIPS, see Appendix A.
Follow the instructions that appear to obtain your user name and password, which are necessary
for access to rule updates.
Perform initial ESM configuration:

a
Select the language to be used for system logs.
Select the time zone this ESM is in and the date format to be used with this account, then click
Next.
26
Define the settings on the five Initial ESM Configuration wizard pages, clicking the Help icon
each page for instructions.
Click OK.
Installation Guide
on

You are ready to key and configure the devices. See the McAfee Enterprise Security Manager Product
Guide.
Installation Guide
27

28
Installation Guide
About FIPS mode
The Federal Information Processing Standard (FIPS) consists of publicly announced standards
developed by the United States Federal government. If you are required to meet these standards, you
must operate this system in FIPS mode.
FIPS mode must be selected the first time you log on to the system and can't subsequently be changed.
Contents
FIPS mode information
Select FIPS mode
Check FIPS integrity
Adding a keyed device in FIPS mode
Troubleshooting FIPS mode
Installation Guide
29
About FIPS mode


Due to FIPS regulations, some ESM features aren't available, some available features are not
compliant, and some features are only available when in FIPS mode. These features are noted
throughout the document and are listed here.
Feature
status
Description
Removed
features
High Availability Receivers.

GUI Terminal.
Ability to communicate with the device using SSH protocol.
On the device console, the root shell is replaced by a device management menu.
Features
available only in
FIPS mode
There are four user roles that do not overlap: User, Power User, Audit Admin, and Key &
Certificate Admin.
All Properties pages have a Self-Test option that allows you to verify that the system is
operating successfully in FIPS mode.
If FIPS failure occurs, a status flag is added to the system navigation tree to reflect
this failure.
All Properties pages have a View option that, when clicked, opens the FIPS Identity Token
page. It displays a value that must be compared to the value shown in those
sections of the document to ensure that FIPS hasn't been compromised.
On System Properties | Users and Groups | Privileges | Edit Group, the page includes the FIPS
Encryption Self Test privilege, which gives the group members the authorization to run
FIPS self-tests.
When you click Import Key or Export Key on IPS Properties | Key Management, you are
prompted to select the type of key you want to import or export.
On the Add Device Wizard, TCP protocol is always set to Port 22. The SSH port can be
changed.
Select FIPS mode

The first time you log on to the system you are prompted to select whether you want the system to
operate in FIPS mode. Once this selection is made, it can't be changed.
Task
For details about product features, usage, and best practices, click ? or Help.
1
The first time you log on to the ESM:

a
In the Username field, type NGCP.
In the Password field, type security.4u.

You are prompted to change your password.
30
Enter and confirm your new password.
Installation Guide
About FIPS mode

On the Enable FIPS page, click Yes.

The Enable FIPS warning displays information requesting confirmation that you want this system to
operate in FIPS mode permanently.
Click Yes to confirm your selection.

If you are operating in FIPS mode, FIPS 140-2 requires software integrity testing on a regular basis.
This testing must be performed on the system and each device.
Task
For details about product features, usage, and best practices, click ? or Help.
1
On the system navigation tree, select System Properties, and make sure that System Information is
selected.
Do any of the following.

In
Do this...
this
field...
FIPS
Status
View the results of the most recent FIPS self-test performed on the ESM.
Test or Run the FIPS self-tests, which test the integrity of the algorithms used within the
FIPS
crypto-executable. The results can be viewed on the Message Log.
Self-Test
If the FIPS self-test fails, FIPS is compromised or device failure is occurring. Contact McAfee
Support.
View or
FIPS
Identity
Open the FIPS Identity Token page to perform power-up software integrity testing. Compare the
value below to the public key that appears on this page:
If this value and the public key don't match, FIPS is compromised. Contact McAfee Support.
Installation Guide
31
About FIPS mode


There are two methods in FIPS mode to add a device that has already been keyed to an ESM. This
terminology and file extensions are useful as you follow these processes.
Terminology
Device key Contains the management rights that an ESM has for a device, and is not used for
crypto.
Public key The ESM public SSH communication key, which is stored in the authorized keys table of
a device.
Private key The ESM private SSH communication key, which is used by the SSH executable on an
ESM to establish the SSH connection with a device.
Primary ESM The ESM that was originally used to register the device.
Secondary ESM The additional ESM that communicates with the device.
File extensions for the different export files
.exk Contains the device key.
.puk Contains the public key.
.prk Contains the private key and the device key.
Backup and restore information for a device in FIPS mode

This method is used to back up and restore communication information for a device on the ESM.
It is primarily intended for use in the event of a failure that requires ESM replacement. If the
communication information is not exported prior to the failure, communication with the device can't be
re-established. This method exports and imports the .prk file.
The private key for the primary ESM is used by the secondary ESM to establish communication with
the device initially. Once communication is established, the secondary ESM copies its public key to the
device's authorized keys table. The secondary ESM then erases the private key for the primary ESM,
and initiates communication with its own public or private key pair.
32
Installation Guide
About FIPS mode

Action
Steps
Export the .prk

file from the
primary ESM
1 On the system navigation tree of the primary ESM, select the device with
communication information you want to back up, then click the Properties icon.
2 Select Key Management, then click Export Key.

3 Select Backup SSH Private key, then click Next.
4 Type and confirm a password, then set the expiration date.
After the expiration date passes, the person who imports the key is unable to
communicate with the device until another key is exported with a future expiration
date. If you select Never Expire, the key never expires if imported into another ESM.
5 Click OK, select the location to save the .prk file created by the ESM, then log out
of the primary ESM.
Add a device to 1 On the system navigation tree of the secondary device, select the system or
the secondary
group level node you want to add the device to.
ESM and import
the .prk file
2 From the actions toolbar, click Add Device.
3 Select the type of device that you want to add, then click Next.
4 Enter a name for the device that is unique in this group, then click Next.
5 Enter the target IP address of the device, enter the FIPS communication port,
then click Next.
6 Click Import Key, browse to the previously exported .prk file, then click Upload.
Type the password specified when this key was initially exported.
7 Log out of the secondary ESM.
Enable communication with multiple ESM devices in FIPS mode

You can allow multiple ESMs to communicate with the same device by exporting and importing .puk
and .exk files.
This method uses two export and import processes. First, the primary ESM is used to import the
secondary ESM device exported .puk file and send the contained secondary ESM public key to the
device, thus allowing both ESM devices to communicate with the device. Second, the device's .exk file
is exported from the primary ESM and imported into the secondary ESM, thus giving the secondary
ESM the ability to communicate with the device.
Installation Guide
33
About FIPS mode

Action
Steps
Export the .puk file 1 On the System Properties page of the secondary ESM, select ESM Management.
from the secondary
2 Click Export SSH, then select the location to save the .puk file.
ESM
3 Click Save, then log out.
Import the .puk file 1 In the system navigation tree of the primary ESM, select the device you want
to the primary ESM
to configure.
2 Click the Properties icon, then select Key Management.
3 Click Manage SSH Keys.
4 Click Import, select the .puk file, then click Upload.
5 Click OK, then log out of the primary ESM.
Export the
device's .exk file
from the primary
ESM
1 In the system navigation tree of the primary ESM, select the device you want
to configure.
2 Click the Properties icon, then select Key Management.
3 Click Export Key, select the backup device key, then click Next.
4 Type and confirm a password, then set the expiration date.
After the expiration date passes, the person who imports the key is unable to
communicate with the device until another key is exported with a future
expiration date. If you select Never Expire, the key never expires if imported into
another ESM.
5 Select the .exk file privileges, then click OK.

6 Select the location to save this file, then log out of the primary ESM.
Import the .exk file 1 In the system navigation tree of the secondary device, select the system or
to the secondary
group level node that you want to add the device to.
ESM
2 From the actions toolbar, click Add Device.
3 Select the type of device you want to add, then click Next.
4 Enter a name for the device that's unique to this group, then click Next.
5 Click Import Key, then browse to the .exk file.
6 Click Upload and enter the password that was specified when this key was
initially exported.
7 Log out of the secondary ESM.
34
Installation Guide
About FIPS mode


Issues might arise when operating the ESM in FIPS mode.
Issue
Description and resolution
Can't talk to
the ESM
Check the LCD on the front of the device. If it says FIPS Failure, contact McAfee
Support.
Check for an error condition through the HTTP interface by viewing the ESM FIPS
Self-test webpage in a browser.
- If a single digit 0 is displayed, indicating that the device has failed a FIPS self-test,
reboot the ESM device and attempt to correct the problem. If the failure condition
persists, contact Support for further instructions.
- If a single digit 1 is displayed, the communication problem is not due to FIPS
failure. Contact Support for further troubleshooting steps.
Can't talk to
the device
If there is a status flag next to the device on the system navigation tree, place the
cursor over it. If it says FIPS Failure, contact McAfee Support by going to the support
portal.
Follow the description under the Can't talk to the ESM issue.
The file is invalid

error when
adding a
device
You cannot export a key from a non-FIPS device and then import it to a device
operating in FIPS mode. Also, you cannot export a key from an FIPS device and then
import it to a non-FIPS device. This error appears when you attempt either scenario.
Installation Guide
35
About FIPS mode

36
Installation Guide
The VM must meet the following minimum requirements.
Processor 8 cores or higher, depending on model, 64-bit, Dual Core2/Nehalem or higher or AMD
Dual Athlon64/Dual Opteron64 or later
RAM 4 GB minimum (depends on the model)
Disk 250 minimum (depends on the model)
ESXI 5.0 or later
You can select the hard disk requirement needs for your server. But, the VM requirement depends on
the model of the device (at least 250 GB). If you don't have a minimum of 250 GB available, you
receive an error when deploying the VM.
The VM uses many features that require CPU and RAM. If the ESXi environment shares the CPU or
RAM requirements with other VMs, the performance of the VM is impacted.
McAfee recommends setting the provisioning option to Thick.
Contents
Stripe the storage drive
Install the virtual machine
Configure the virtual machine
Key the VM device
Stripe the storage drive

If the model is more than 250 GB and needs the 256 MB to 2 MB setting, stripe the virtual machine's
storage drive. The VM uses many features that require CPU and RAM. If the ESXi environment shares
the CPU/RAM requirements with other VMs, the performance of the VM is impacted. Plan CPU and RAM
needs within the requirements.
Task
1
Select the ESX server, click the Configuration tab, then click Storage in the Hardware section.
Click Add Storage, then select Disk/LUN.
Select an available disk, then select the correct option for your available disk space. Use 'Free space'
for an existing drive or Use all available partitions for an available drive.
The requirement for the VM is 500 GB. If you do not have 500 GB available, you receive an error
when deploying the VM. McAfee recommends setting the provisioning to Thick.
Give the storage drive a name, then select 512 GB, Block size: 2 MB on the Maximum file size drop-down list
to make sure that the 500-GB drive space is available.
Installation Guide
37

Once you install and key a VM, it mimics normal ESM operation.
Task
1
Access the root of the CD drive (for CD installation) or download the files from the download site.
In vSphere Client, click the server IP address in the device tree.
Click File and select Deploy OVF Template.
Designate the name, the folder to install the VM, the disk provisioning setting, and the VM Networking
option.
Deploy the files to the ESXi server, select the VM, and set the Edit Virtual Machine setting.
Select the correct networking settings for your ESXi network switches/adapters, then click Play to
start the VM.
Using the VM menu, set MGT1 IP, netmask, gateway, and DNS addresses, then press Esc to
activate the menu.
Configure the network interface on the VM, save the changes before exiting the Menu window, then
key the device.
Configure the virtual machine

Once you have installed the VM, configure the network interface.
Task
1
Click Esc, then scroll down to MGT IP Conf on the LCD and click Enter twice.
Set the IP address using the arrows to change the value of the current digit and to switch between
digits, then press Enter.
Scroll to Netmask and set it using the arrows.
Scroll to Done and press Enter. Then scroll to Gateway and pressEnter.
Set the gateway address using the arrows, then scroll down to Done and pressEnter.
Scroll down to DNS1, press Enter, then select the DNS server address using the arrows.
To change the communication port when the system is in FIPS mode (see About FIPS Mode), press
the down arrow twice, then press Enter.
Do not change the TCP communication port.
Change the port number, then press Enter.

Make note of the new port number. Enter it when keying the device.
10 Scroll to Save Changes and press Enter.
38
Installation Guide
Key the VM device
Key the VM device

You must key the device to establish a link between the device and the ESM.
Before you begin
Physically connect the device to your network (see Installing McAfee ESM devices).
Task
1
On the system navigation tree, click the system or a group, then click the Add Device icon in the
actions pane.
Enter the information requested on each page of the Add Device Wizard.
Installation Guide
39
Key the VM device
40
Installation Guide
Install the qLogic 2460 or 2562 SAN

adapters
The qLogic QLE2460 is a single, Fibre Channel PCIe x4 adapter, rated at 4 GB. The QLE2562 is a
single, Fiber Channel PCIe x8 adapter, rated at 8 GB. They can connect directly to the SAN device or
through a SAN switch.
Before you begin
Make sure that the SAN device or SAN switch you are attaching to auto-negotiates.
Make sure that the SAN administrator allocates and creates space on the SAN and
assigns it to the channel where the qLogic adaptor is attached. Use the World Wide Port
Name (WWPN) for the adaptor. The WWPN is on the adapter's card, anti-static bag, and
box.
Task
1
Turn off the device where you are installing the SAN adapter.
Insert the adapter, then place the device back on the rack and connect the cables.
For a 3U device, insert the adapter in the slot closest to the protective memory cover.
The adapter BIOS boot message informs you that the adapter is installed and functioning. If you do
not see this message or if the card does not have red, yellow, or green lights, the card is not
recognized. If so, make sure that the card is seated correctly or insert it into a different PCI slot.
3
Start the device.

The operating environment detects it and loads the QLAXXX driver. The Mounting Storage Facilities
message displays OK and continues starting.
Using the ESM console, key the device.
When the device is keyed, the Properties page includes the SAN Volumes option.
Installation Guide
41
Install the qLogic 2460 or 2562 SAN adapters
42
Installation Guide
Install DAS
The DAS is an add-on device to a 4xxx/5xxx/6xxx series ESM or ELM.

The DAS unit ships with a chassis and an LSI 9280-8e RAID card for:
ETM-5205
ENMELM-4600
ETM-5510
ENMELM-5205
ETM-5600
ENMELM-5510
ETM-5750
ENMELM-5600
ETM-6000
ENMELM-6000
ETM-X3
ELM-4600
ETM-X4
ELM-5205
ETM-X5
ELM-5510
ETM-X6
ELM-5600
ESMREC-5205
ELM-5750
ESMREC-5510
ELM-6000
Task
1
Turn off the ESM following a normal shutdown procedure.
Pull the device from the rack and open the top case. You might need to remove a small screw at
the front or rear of the top case.
Install the LSI 9280-8e RAID card in slot 4 of the ESM.
For devices with an orange face, if the Areca or 3Ware RAID card is in slot 4, move the RAID
card to slot 6. If the McAfee ESM device has an Areca or 3Ware RAID card and also has an SSD
card installed, install the LSI 9280-8e RAID card in slot 5.
For devices with a black face, install the card in an open slot.
Replace the top on the McAfee ESM and reinsert it back in the rack.
Insert the cable connectors into slot 1 and slot 2 on the LSI 9280-8e RAID card external slots. The
cable clicks into place.
Verify that all drives are fully inserted in the DAS, then attach the inner rails to the DAS device and
insert the device into the rack.
Insert the data cables into the first and third slots on the rear of the DAS device. The cables click
into place.
Installation Guide
43
Install DAS
8
9
Insert power cables, then turn on the DAS device.

A test light appears for all drives. The drive with the red light is the hot spare for the DAS.
10 Turn on the McAfee ESM device and look for the LSI 9280-8e RAID card BIOS utility.
The DAS device is preformatted and doesn't require configuring a RAID set on the device. If you see
a RAID not present message, call McAfee support to create the RAID.
11 Log on and run a df h command to make sure that you have a /das1_hd drive.
On System Properties of the ESM console, the Hardware field on the System Information tab reflects the
increased size of the hard drive labeled /data_hd.
44
Installation Guide
We recommend installing devices in a rack to protect the devices and the cabling from accidental
damage or getting disconnected.
Contents
Install AXXVRAIL rail set
Remove the chassis
Installation Guide
45


An AXXVRAIL rail set is shipped with each device so you can install it in a rack.
Task
1
Install rails in the rack.

a
Pull the release button (F) to remove the inner member (D) from the slides.
Components
A - front bracket
B - outer member
C - rear bracket
D - inner member
E - safety locking pin
F - release button
46
Installation Guide

Align the brackets to the wanted vertical position on the rack, then insert the fasteners.
Move the ball retainer to the front of the slides.
Installation Guide
47

48
Install the chassis.

a
Align the inner member key holes to standoffs on the chassis.
Move the inner member in the direction shown in the following picture.
Install the chassis to the fixed slides by pulling the release button in the inner member to
release the lock and allow the chassis to close.
Installation Guide

Remove the chassis
Remove the chassis

You can remove the chassis from the rails.
Task
1
Fully extend the slides until the slides are in a locked position.
Pull the release button to release the lock and disconnect the inner member from the slides.
Press the safety locking pin to release the inner member from the chassis.
Installation Guide
49

Remove the chassis
50
Installation Guide
Regulatory notices
This regulatory information applies to the different platforms you might use.
Table F-1
SuperMicro-based platforms
Electromagnetic emissions
Electromagnetic immunity
Safety
McAfee 1U
McAfee 2U or 3U
FCC Class B, EN 55022 Class B,
FCC Class B, EN 55022 Class B,
EN 61000-3-2/-3-3
EN 61000-3-2/-3-3
CISPR 22 Class B
CISPR 22 Class B
EN 55024/CISPR 24,
EN 55024/CISPR 24,
(EN 61000-4-2, EN 61000-4-3,
(EN 61000-4-2, EN 61000-4-3,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-11) 55024
EN 61000-4-11) 55024
EN 60950/IEC 60950-Compliant,
EN 60950/IEC 60950-Compliant,
UL Listed (USA)
UL Listed (USA)
CUL Listed (Canada)
CUL Listed (Canada)
TUV Certified (Germany)
TUV Certified (Germany)
CE Marking (Europe)
CE Marking (Europe)
Table F-2 DAS-based platforms

DAS-50, DAS-100
Input voltage
100/240 VAC
Input frequency
50/60 Hz
Power supply
1400 W X3
Power consumption
472W@120VAC
461W@240VAC
Amps (Max)
9.4A
Altitude (Max)
-45 to 9,500 feet
Temperature (Max)
10 to 35 C (operating)
-40 to 70 C (non-operating)
Altitude
-45 to 9500 feet (operating) -45 to 25,000 feet (non-operating)
Installation Guide
51
Regulatory notices
Table F-2 DAS-based platforms (continued)

DAS-50, DAS-100
BTU
BTU/HR 1609
Humidity
Operating 10% to 85%

(non-condensing)
non-operating 10% to 90%
Table F-3 Intel-based platform 1U

Parameter
Limits
Operating temperature
+10 C to +35 C with the maximum rate of change not to exceed

10 C per hour
Non-operating temperature
-40 C to +70
Non-operating humidity
90%, non-condensing at 35 C
Acoustic noise
Sound Power: 7.0 BA in an idle state at typical office ambient

temperature. (23 +/- 2 degrees C)
Shock, operating
Half sine, 2 g peak, 11 msec
Shock, unpackaged
Trapezoidal, 25 g, velocity change 136 inches/sec ( 40 lbs to > 80

lbs)
Shock, packaged
Non-palletized free fall in height 24 inches (40 lbs to > 80 lbs)
Shock, operating
Half sine, 2 g peak, 11 mSec
Vibration, unpackaged
5 Hz to 500 Hz, 2.20 g RMS random
ESD
+/-12kV for air discharge and 8K for contact
System cooling requirement in

BTU/Hr
1660 BTU/hour
Table F-4 Intel-based platform 2U

Parameter
Limits
Temperature Operating
ASHRAE Class A2 Continuous operation. 10C to 35C

(50F to 95F) with the maximum rate of change not to
exceed 10C per hour.
ASHRAE Class A3 Includes operation up to 40C for up to
900 hrs per year
ASHRAE Class A4 Includes operation up to 45C for up to
90 hrs per year
Shipping
-40C to 70C (-40F to 158F)
Altitude (Operating)
Support operation up to 3050 m with ASHRAE class deratings
Humidity (Shipping)
50% to 90%, non-condensing with a maximum wet bulb of

28C (at temperatures from 25C to 35C)
Shock
Operating
Half sine, 2 g, 11 mSec
Unpackaged
Trapezoidal, 25 g, velocity change is based on packaged weight
Packaged
Product Weight: 40 to < 80

Non-palletized free fall height = 18 inches
Palletized (single product) free fall height = NA
52
Installation Guide
Regulatory notices
Table F-4 Intel-based platform 2U (continued)

Parameter
Limits
Vibration
5 Hz to 500 Hz
2.20 g RMS random
Packaged
5 Hz to 500 Hz
1.09 g RMS random
AC-DC
Voltage
90 Hz to 132 V and 180 V to 264 V
Frequency
47 Hz to 63 Hz
Source Interrupt
No loss of data for power line drop-out of 12 mSec
Surge non-operating
and operating
Unidirectional
Installation Guide
53
Regulatory notices
54
Installation Guide
KVM requirements
This appendix describes how to deploy McAfee ESM on Linux Kernel-based Virtual Machine (KVM)
servers.
Minimum requirements
KVM must meet the following minimum requirements:
Processor 8 cores or higher, depending on model, 64-bit, Dual Core2/Nehalem or higher or AMD
Dual Athlon64/Dual Opteron64 or higher (for processors)
RAM Depends on the model (4 GB or more)
Disk Depends on the model (250 GB or more)

Sharing CPU or RAM with other VMs impacts KVM performance.
Contents
VM models for KVM
Deploy KVM
VM models for KVM

This table lists the available VM models, how many events per second (EPS) each model can process,
the recommended mechanical storage, the storage capacity of the solid-state drive (SSD), and the
requirements for the platform that runs the VM.
Model
number
EPS
capacity
Mechanical storage
(recommended VM
environment)
SSD
Platform requirements
ELU4
1000
250 GB
None 8 processor cores

(Intel Xeon Processor E5 or E7), 4 GB
ETM4
1500
250 GB

EV2
500
250 GB

ELM4
1500
250 GB

Installation Guide
55
KVM requirements
Deploy KVM
Deploy KVM
To run McAfee ESM in a KVM environment, you must import the hard drive image from the tarball
(.Tgz file).
Before you begin
Obtain the current tarball (.Tgz) file from the McAfee Enterprise Security Manager
download page.
The tarball contains sample config files.
Ensure that you have:
8 vCPUs
4 GB RAM
2 Virtio Ethernet interfaces for ESM
Receiver Class devices / 3 for IPS class devices

These interfaces use sequential MAC addresses.
1 Virtio/Virtio-SCSI Disk Controller, which controls the Virtio virtual hard drive
Task
1
Move the tarball file to the directory where you want the virtual hard drive to reside.
Extract the tarball by running tar xf McAfee_ETM_VM4_250.tgz

To deploy multiple VMs of the same type in the same location, change the name of the virtual hard
drive, such as, ERC-VM4-disk-1.raw, ERC-VM4-disk-1.raw -> my_first_erc.raw,
my_second_erc.raw.
56
Create a VM on your KVM hypervisor (libvirt, qemu-kvm, proxmox, virt-manager, ovirt).
Point the VM image to the existing virtual hard drive (Virtio disk .raw file) where you extracted the
tarball.
Installation Guide
Index
A
about this guide 5
ACE, configure network interface 24
ADM, configure network interface 24
AXXVRAIL rails
install 46
remove chassis 49
C
cables, identify network 14
connect device 13
connector type, identify 14
conventions and icons used in this guide 5
FIPS mode (continued)

check integrity 31
communicate with multiple ESM devices 33
enable 30
features available only in FIPS mode 30
file extensions 32
keyed device, add 32
non-compliant available features 30
removed features 30
restore information 32
select 30
terminology 32
troubleshoot 35
Frequently asked questions 7
DAS, install 43
DEM, configure network interface 24
device, inspect 12
devices
connect 13
set up 23
start 13
devices, identify network ports 15
documentation
audience for this guide 5
product-specific, finding 6
typographical conventions and icons 5
hardware, minimum requirements 11
I
inspect packaging and device 12
install
identify location 12
install device
prepare to 11
IPv6, configure 25
K
KVM
deploy 56
requirements 55
VM models 55
E
ELM, configure network interface 24
equipment type, identify 14
ESM, configure network interface 25
export and import
exk file 33
puk file 33
L
location for installation 12
log on to ESM console 26
F
file extensions for export files 32
FIPS
enable 26
FIPS mode
backup information 32
McAfee ServicePortal, accessing 6

minimum requirements for hardware and software 11
N
network cables, identify 14
Installation Guide
57
Index
network interface
configure DEM and ADM 24
configure ESM 25
configure Nitro IPS 23
network interface, configure
ACE 24
ELM 24
Receiver 24
network ports, identify for each device 15
Nitro IPS, configure network interface 23
S
SAN adapter, install 41
ServicePortal, finding product documentation 6
software, minimum requirements 11
start device 13
T
technical support, finding product information 6
troubleshoot FIPS mode 35
P
packaging, inspect 12
password for ESM console 26
platforms, regulatory notices for 51
ports, identify network for each device 15
Q
qLogic 2460 SAN adapter, install 41
user name for ESM console 26
V
virtual machine
configure 38
install 38
key 39
requirements 37
strip storage drive 37
Receiver, configure network interface 24

regulatory notices for platforms 51
58
Installation Guide

Esm 960 Ig En-Us PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Esm 960 Ig En-Us PDF

Transféré par

Droits d'auteur :

Formats disponibles

Installation Guide

McAfee Enterprise Security Manager 9.6.0

McAfee Enterprise Security Manager 9.6.0

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Installing McAfee ESM devices

Preparing to install McAfee ESM devices . . . . . . . . . . . . . . . . . . . . . . . .

Setting up McAfee ESM devices

the Nitro IPS . . . . . . .

About FIPS mode

Enable communication with multiple ESM devices in FIPS mode . . . . . . . . . . . . 33

Stripe the storage drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

McAfee Enterprise Security Manager 9.6.0

Install the qLogic 2460 or 2562 SAN adapters

Installing devices in a rack

Install AXXVRAIL rail set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

VM models for KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

McAfee Enterprise Security Manager 9.6.0

About this guide

Title of a book, chapter, or topic; a new term; emphasis

Text that is emphasized

Hypertext blue A link to a topic or to an external website

McAfee Enterprise Security Manager 9.6.0

Find product documentation

Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

Find localized information on page 6

Use ESM Help on page 7

Frequently asked questions on page 7

Find localized information

Access localized online Help

On the system navigation pane of the ESM console, select Options.

Select a language, then click OK.

McAfee Enterprise Security Manager 9.6.0

Find localized product documentation on the Knowledge Center

Visit the Knowledge Center.

Search for localized product documentation using the following parameters:

Search terms product guide, installation guide, or release notes

Product SIEM Enterprise Security Manger

In the search results, click the relevant document title.

Use ESM Help

To open ESM Help, do one of the following:

Select the menu option Help | Help Contents.

From the Help window:

Frequently asked questions

Use ESM Help on page 7

Visit the Knowledge Center

McAfee Enterprise Security Manager 9.6.0

Visit the Expert Center

Watch McAfee ESM videos

Which SIEM devices are supported?

McAfee Enterprise Security Manager 9.6.0

This guide describes how to install and set up these devices:

McAfee Nitro Intrusion Prevention System

McAfee Enterprise Log Manager (ELM)

McAfee Enterprise Security Manager

McAfee Advanced Correlation Editor (ACE)

McAfee Event Receiver

McAfee Direct Attached Storage (DAS)

McAfee ESM/Event Receiver (ESMREC)

McAfee Receiver/ELM (ELMERC)

McAfee Database Event Monitor (DEM)

McAfee ESM/Receiver/ELM (ESMELM)

McAfee Application Data Monitor (ADM)

It is divided into two main sections: