Network Security Platform v6.0 Page 5
700-2360F00
Release Notes
Support for Concurrent Sensor Updates
In the earlier 6.0 releases, when multiple Sensors were configured to the Manager, Sensor software and signature
updates were applied sequentially on each Sensor. In this release, the Manager provides an option for parallel
processing of Sensor software and signature set updates.
Note: This option is available in the Device List > Device List > Software Upgrade page at the parent domain. The
Sensor updates at the child admin domain must be performed using the same method as in earlier releases.
The Manager supports automatic refresh of the progress during the process. In the case of software upgrades, the
Manager also provides the option to configure an automatic reboot of the Sensor once the new software is installed.
For details, see Device Configuration Guide.
Capturing Data Packets on the Sensor Port
Network Security Platform supports configuring a port of your Sensor to capture data packets on ingress traffic in your
network, which can then be sent to an external device. Once captured, these data packets can be used to perform
forensics analysis that help in identifying network security threats. Analysis of the captured data packets can help you
monitor whether the data communication and network usage of your production environment comply with the outlined
policies of your organization. The captured data packets can also be used for troubleshooting Sensor issues. Note that
packet capturing is limited to the configured SPAN port alone.
Instead of configuring SPAN and TAP from third-party devices, packet capture in Network Security Platform can also be
used to forward selected traffic [like HTTP, SMTP] to McAfee Data Loss Prevention and McAfee Network Threat
Response.
Note the following:
Network Security Platform supports packet capturing on M-series Sensor models only.
Capturing of jumbo frame packets is also not supported.
In case of a failover setup, each Sensor captures data packets separately.
When a port is designated for capturing packets, it should not be used for IPS inspection.
Using the Manager, you can configure filter rules to capture packets based on protocols, VLAN ID, fragmented traffic etc.
Rules can be set to capture packets on a single monitoring port or all ports.
Packet capture does not occur when:
The Sensor is in layer 2 mode
Scanning Exceptions is enabled on the Sensor
Tunneling is enabled and the packet filter rule is set to any protocol (other than ALL), then tunneled packets that
match the rule will not be captured
When the application protocol [like FTP, HTTP, DNS] filter rules are configured and the Sensor receives fragmented
traffic matching these filter rules, the Sensor captures only the first fragmented packet of the flow and not the subsequent
ones. This is because the port information is present in the first fragment alone.
McAfee recommends that you ensure that the capture traffic volume is less than the capacity of the configured capture
port of the Sensor. Otherwise, this can affect the Sensor performance.
For details, see Device Configuration Guide.
Vulnerability Manager Integration Enhancements
With this release, the Manager supports integration with Vulnerability Manager version 7.0 as well.
In the earlier versions of Manager, Vulnerability Manager integration with the Manager was possible only at the root
admin domain level. With this release, Vulnerability Manager integration can be enabled at root as well as child admin
domains.
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals