manualshive.com logo in svg

Lancope StealthWatch System, Hardware Installation Manual

The Lancope StealthWatch System is an advanced network security solution. Ensure seamless installation with our comprehensive Hardware Installation Manual. Download the manual for free from our website manualshive.com, and gain access to step-by-step instructions, diagrams, and troubleshooting tips to optimize your product setup.

Share
Download
background image

Pre-Configuration Considerations

17

I

NTEGRATING

 

THE

 F

LOW

S

ENSOR

 

INTO

 Y

OUR

 

N

ETWORK

The StealthWatch FlowSensor is versatile enough to integrate with a wide variety of 
network topologies, technologies, and components. While not all network configura-
tions can be discussed here, the examples may help you determine the best setup for 
your monitoring needs.

Before you install a FlowSensor, you must make several decisions about your network 
and how you want to monitor it. Be sure to analyze both your network's topology and 
your specific monitoring needs. It is recommended that you connect a FlowSensor so 
that it receives network transmissions to and from the monitored network, and, if 
desired, receives interior network transmissions as well.

The following sections explain how to integrate a StealthWatch FlowSensor appliance 
into your network using the following Ethernet network devices:

TAPs

SPAN Ports

TAPs

When a Test Access Port (TAP) is placed 

in line

 with a network connection, it repeats 

the connection on a separate port or ports. For example, an Ethernet TAP placed in line 
with an Ethernet cable will repeat each direction of transmission on separate ports. 
Therefore, use of a TAP is the most reliable way to use the FlowSensor. The type of 
TAP you use depends on your network.

Summary of Contents for StealthWatch System

Page 1: ...StealthWatch System Hardware Installation Guide for StealthWatch System v6 7 0 ...

Page 2: ... 0 Hardware 2015 Lancope Inc All rights reserved Document Date March 19 2015 Trademarks Lancope StealthWatch and other trademarks are registered or unregistered trademarks of Lancope Inc All other trademarks are properties of their respective owners ...

Page 3: ... 10 FlowCollector 10 FlowSensors 11 UDP Director also known as FlowReplicator 11 Identity Devices 11 Placement Considerations 12 Placing the SMC 12 Placing the StealthWatch FlowCollector 13 Placing the StealthWatch FlowSensor 13 Placing Other StealthWatch Products 13 Configuring Your Firewall for Communications 14 Communication Ports 14 Integrating the FlowSensor into Your Network 17 TAPs 17 Using...

Page 4: ... root User Password 34 Connecting the Appliance to the Network 38 Types of Servers 38 SMCs 1000 2000 and FlowCollectors 1000 2000 38 UDP Director 2000 FlowSensors 2000 and 3000 39 FlowSensor 4000 39 FlowCollector 4000 40 FlowCollector 5000 Engine 40 FlowCollector 5000 Database 41 FlowSensor 250 41 FlowSensor 1000 and UDP Director also known as FlowReplicator 1000 41 SMC 1010 FlowCollectors 1010 40...

Page 5: ...udes the following topics Audience How to Use This Guide Documentation Icons Common Abbreviations Other Resources Audience This guide is designed for the person responsible for installing StealthWatch system hardware We assume that you already have some general understanding of installing network equipment FlowSensor FlowCollector UDP Director also known as FlowReplicator and the StealthWatch Mana...

Page 6: ...iguration of the firewall for communications 3 Installation Describes the mounting and installation of StealthWatch hardware Icon Meaning Description Note Additional information you may find useful Tip Helpful information such as shortcuts or easier ways of performing certain tasks Important Information you must observe to prevent significant consequences such as the malfunction of software Cautio...

Page 7: ...Hz Hertz IP Internet Protocol ISE Identity Services Engine Mbps Megabits per second ms Milliseconds NAT Network Address Translation NIC Network Interface Card NTP Network Time Protocol PCIe Peripheral Component Interconnect Express SCP Secure Copy SMC StealthWatch Management Console SNMP Simple Network Management Protocol SPAN Switch Port Analyzer SSH Secure Shell TAP Test Access Port UPS Uninterr...

Page 8: ...s blog http www lancope com blog provides a wealth of information about NetFlow the NetFlow industry and new StealthWatch features as well as tips and tricks on using StealthWatch StealthWatch Video Library The StealthWatch online video library http www lancope com resource center videos showcases the benefits of StealthWatch for network performance and security management Contacting Support If yo...

Page 9: ...e installing and configuring your StealthWatch appliances It explains where to place StealthWatch system products and how to integrate them into your network This chapter includes the following topics StealthWatch Components Placement Considerations Configuring Your Firewall for Communications Integrating the FlowSensor into Your Network 2 ...

Page 10: ...independence the SMC enables Centralized management configuration and reporting for up to 25 StealthWatch FlowCollectors Graphical charts for visualizing traffic Drill down analysis for troubleshooting Consolidated and customizable reports Trend analysis Performance monitoring Immediate notification of security breaches FlowCollector The StealthWatch FlowCollector for NetFlow gathers NetFlow cFlow...

Page 11: ...cket loss for TCP sessions It includes all of these additional fields in the NetFlow records that it sends to the StealthWatch FlowCollector for NetFlow UDP Director also known as FlowReplicator The StealthWatch UDP Director also known as FlowReplicator is a high speed high performance UDP packet replicator The UDP Director s very helpful in redistributing NetFlow sFlow syslog or Simple Network Ma...

Page 12: ... network at the perimeter or in the DMZ Placing the SMC As the management device the StealthWatch Management Console SMC should be installed at a location on your network that is accessible to all the devices sending data to it If you have a failover pair of SMCs it is recommended that you install the primary SMC and the secondary SMC in separate physical locations This strategy will enhance a dis...

Page 13: ...etwork as follows Inside your firewall to monitor traffic and determine if a firewall breach has occurred Outside your firewall monitoring traffic flow to analyze who is threatening your firewall At sensitive segments of your network offering protection from disgruntled employees or hackers with root access At remote office locations that constitute vulnerable network extensions On your business n...

Page 14: ...unicate through the network Consult with your network administrator to ensure that the following ports are open and have unrestricted access TCP 22 TCP 25 TCP 389 TCP 443 TCP 2393 UDP 53 UDP 123 UDP 161 UDP 162 UDP389 UDP 514 UDP 2055 UDP 3514 UDP 6343 Communication Ports The following table shows how the ports are used in the StealthWatch system From Client To Server Port Protocol Admin User PC A...

Page 15: ...FlowReplicator 3rd Party event management systems UDP 514 SYSLOG FlowSensor SMC TCP 443 HTTPS FlowSensor FlowCollector NetFlow UDP 2055 NetFlow IDentity SMC TCP 2393 SSL NetFlow Exporters FlowCollector NetFlow UDP 2055 NetFlow sFlow Exporters FlowCollector sFlow UDP 6343 sFlow SMC Cisco ISE TCP 443 HTTPS SMC DNS UDP 53 DNS SMC FlowCollector TCP 443 HTTPS SMC FlowSensor TCP 443 HTTPS SMC IDentity T...

Page 16: ...rious connections used by the StealthWatch system The ports marked as optional are ones that may be used according to your own network needs continued SMC Email gateway TCP 25 SMTP SMC SLIC TCP 443 SSL User PC All appliances TCP 22 SSH From Client To Server Port Protocol ...

Page 17: ...ring needs It is recommended that you connect a FlowSensor so that it receives network transmissions to and from the monitored network and if desired receives interior network transmissions as well The following sections explain how to integrate a StealthWatch FlowSensor appliance into your network using the following Ethernet network devices TAPs SPAN Ports TAPs When a Test Access Port TAP is pla...

Page 18: ...s 1 and 2 as shown Using Optical TAPs Two splitters are required for fiber optic based systems You can place a fiber optic cable splitter in line with each direction of transmission and use it to repeat the optical signal for one direction of transmission Note In a network using TAPs the FlowSensor can capture performance monitoring data only if it is connected to an aggregating TAP that is captur...

Page 19: ... your firewall and other networks connect the StealthWatch management port to a switch or port outside of the firewall Note If the connection between the monitored networks is an optical connection then the StealthWatch FlowSensor appliance is connected to two optical splitters The management port is connected to either the switch of the monitored network or to another switch or hub WARNING Lancop...

Page 20: ... Your Firewall To monitor traffic between internal networks and a firewall the FlowSensor must be able to access all traffic between the firewall and the internal networks You can accomplish this by configuring a mirror port that mirrors the connection to the firewall on the main switch Make sure that the FlowSensor Monitor Port 1 is connected to the mirror port as shown in the following illustrat...

Page 21: ...shown below An optical splitter configuration is shown below SPAN Ports You can also connect the FlowSensor to a switch However because a switch does not repeat all traffic on each port the FlowSensor will not perform properly unless the switch can repeat packets transmitted to and from one or more switch ports This type of switch port is sometimes called a mirror port or Switch Port Analyzer SPAN...

Page 22: ...network of interest and to other networks In this instance a network may be made up of some or all of the hosts connected to the switch A common way of configuring networks on a switch is to zone them into virtual local area networks VLANs which are logical rather that physical connections of hosts If the mirror port is configured to mirror all ports on a VLAN or switch the FlowSensor can monitor ...

Page 23: ...is chapter includes the procedures for installing the StealthWatch hardware into your environment This chapter includes the following topics Mounting the Appliance Changing the Default User Passwords Connecting the Appliance to the Network 3 ...

Page 24: ...uded with StealthWatch System products AC power cord Access keys for front face plate Rail kit for rack mounting or mounting ears for smaller appliances For the FlowCollector 5000 a 10G SFP cable Additional Required Hardware You must provide the following additional required hardware Mounting screws for a standard 19 rack Uninterruptible power supply UPS for each StealthWatch System product you ar...

Page 25: ...pper Up to 3 Copper FC 5000 en 1 Copper FC 5000 db 1 Copper FS 250 1 Copper Up to 2 Copper FS 1000 1 Copper Up to 3 Copper FS 2000 1 Copper Up to 5 Copper OR Up to 3 Copper and Up to 2 Fiber Optic FS 3000 1 Copper Up to 2 Fiber optic FR 2000 1 Copper Up to 3 Copper SMC 500 1 Copper Not Used SMC 1000 1 Copper Not Used SMC 2000 1 Copper Not Used Total Ethernet Cables Needed Product Management Port M...

Page 26: ...000 engine is above and the database is below Use the supplied 10G SFP cable to connect these units at the port labeled eth2 Place these servers adjacent vertically to each other in the rack in order for the 10G SFP cable to reach Each server uses a 1G copper Ethernet port to be used as a Management Port Each server also has a dedicated iDRAC Enterprise port Two onboard ports that are not used The...

Page 27: ...ompletely Do not interrupt the boot up process 3 Connect the keyboard If you have a standard keyboard connect it to the standard keyboard connector If you have a USB keyboard connect it to a USB connector 4 Connect the video cable to the video connector The login prompt appears 5 Continue with the section Changing the Default IP Addresses on page 29 Note For new products SSH is disabled You must l...

Page 28: ...p 3 Connect power to the appliance Press the Power button to turn on the appliance 4 On the laptop make a connection into the appliance 5 Apply the following the settings BPS 9600 Data bits 8 Stop bit 1 Parity None Flow Control None The login screen and login prompt are displayed 6 Continue with the next section Changing the Default IP Addresses Note The power supply fans turn on for some models w...

Page 29: ...ould configure them to suit your network 1 Log in to the System Configuration program by doing the following Type sysadmin and then press Enter When the password prompt appears type lan1cope and then press Enter At the next prompt type SystemConfig and then press Enter The System Configuration menu opens 2 Select Management and then press Enter The IP Address page opens 3 Do the following ...

Page 30: ...with the default value 4 Do the following Accept the default value or enter a new IP Netmask address based on your environment Select OK and then press Enter to continue The Broadcast Address page opens 5 Do the following Accept the default value or enter a new one based on your environment Select OK and then press Enter to continue ...

Page 31: ...The confirmation page opens 7 Review the information Are the settings correct If yes select Yes and then press Enter to continue The system restarts and implements the changes On completion the Login page opens If no select No to make corrections The IP Address page opens so that you can enter your changes After the changes are made and you accept the settings the Restart page opens Press Enter to...

Page 32: ...word complete the following steps 1 On the System Configuration menu select Password and press Enter Note Be sure that you have logged in as sysadmin to begin this procedure Important If you change the trusted hosts list from the defaults you must make sure each StealthWatch appliance is included in the trusted host list for every other StealthWatch appliance in your deployment Otherwise the appli...

Page 33: ...2 Type the current password and then press Enter The prompt for a new password appears 3 Type the new password and then press Enter Note The password must be between 5 and 30 alphanumeric characters in length with no spaces You also may use the following special characters _ ...

Page 34: ...tion Change the root User Password Change the root User Password After you change the default sysadmin user password you need to change the default root user password to protect the security of your network further 1 To change the root user password complete the following steps Now in following steps you can change the password for the root login First you need to go to the root shell ...

Page 35: ...nu appears 3 Select RootShell and then press Enter A prompt for the root password appears 4 Type the current root password and then press Enter The root shell prompt appears 5 Type SystemConfig and then press Enter This returns you to the System Configuration menu so that you can change the root password ...

Page 36: ...pe the new root password and then press Enter A second prompt appears 8 Retype the new root password and then press Enter 9 When your password change is successful press Enter You have now changed both of your default sysadmin and root passwords This returns you to the System Configuration Console menu ...

Page 37: ...The System Configuration Console closes and the root shell prompt appears 11 Type exit and press Enter The login prompt appears 12 Press Ctrl Alt to exit the Console environment 13 Continue with the next section Connecting the Appliance to the Network ...

Page 38: ...e Network on page 43 Types of Servers This section illustrates the types of StealthWatch appliances used in a network SMCs 1000 2000 and FlowCollectors 1000 2000 This appliance is used for the SMCs 500 1000 1000 and 2000 the FlowCollectors 1000 and 2000 and the FlowSensors 2000 and 3000 Height 1 68 inches 4 3 cm Width 18 99 inches 48 24 cm with rack latches 17 08 43 4 cm without rack latches Depth...

Page 39: ...es and has four monitor ports Height 1 68 inches 4 26 cm Width 18 99 inches 48 24 cm with rack latches 17 08 43 4 cm without rack latches Depth 27 8 inches 70 67 cm with power supplies and bezel 28 6 72 53 cm without power supplies and bezel Heat Dissipation 2 891 BTUs per hour maximum Power 750 W AC 50 60 Hz Auto Ranging 100V to 240V Height 1 68 inches 4 26 cm Width 18 99 inches 48 24 cm with rac...

Page 40: ... 559 BTUs per hour Power 2 redundant hot swappable 750W Auto Ranging 100V 250V Height 1 68 inches 4 26 cm Width 18 99 inches 48 24 cm with rack latches 17 08 43 4 cm without rack latches Depth 27 8 inches 70 67 cm with power supplies and bezel 28 6 72 53 cm without power supplies and bezel Heat Dissipation 2 891 BTUs per hour maximum Power 1100 W AC 50 60 Hz Auto Ranging 100V to 240V The picture s...

Page 41: ...FlowSensor 1000 and the UDP Director 1000 Height 3 42 inches 8 67 cm Width 18 99 inches 48 24 cm Depth 32 02 inches 81 33 cm Heat Dissipation 2 891 BTUs per hour Power 2 redundant hot swappable 750W Auto Ranging 100V 240V Height 1 75 inches 4 4 cm Width 16 93 inches 43 cm Depth 10 83 inches 27 5 cm Heat Dissipation 341 BTUs per hour Power Single 100W Height 1 67 inches 4 2 cm Width 17 09 inches 43...

Page 42: ...r 1010 and the UDP Director 1010 SMC 2010 and FlowCollector 2010 This appliance is used for the SMC 2010 and the FlowCollector 2010 Height 1 68 inches 4 3 cm Width 17 09 inches 43 4 cm Depth 29 25 inches 74 3 cm Heat Dissipation 2 891 BTUs per hour Power Redundant 750W Height 1 67 inches 4 2 cm Width 17 09 inches 43 4 cm Depth 15 5 inches 39 4 cm Heat Dissipation 1040 BTUs per hour Power Single 25...

Page 43: ...are Configuration Guide Important For the UDP Director also known as FlowReplicator HA connect the two UDP Directors by crossover cables Connect the eth2 port of one UDP Director also known as FlowReplicator to the eth2 port of the second UDP Director Similarly connect the eth3 port of each UDP Director with a second crossover cable The cable can be fiber or copper Note Be sure to note the Etherne...

Page 44: ...44 Installation ...

Page 45: ......

Page 46: ...ights reserved Lancope StealthWatch and other trademarks are registered or unregistered trademarks of Lancope Inc All other trademarks are properties of their respective owners sw hware install v0670 03192015 www lancope com ...

Reviews:

No comments

Related manuals for StealthWatch System

Lightning SA MultiCom User Manual preview
MultiCom
Brand: Lightning SA Pages: 172
ZyXEL Communications ZyWALL SEM-DUAL User Manual preview
ZyWALL SEM-DUAL
Brand: ZyXEL Communications Pages: 2
ZyXEL Communications ZYWALL 35 - V4.03 Quick Start Manual preview
ZYWALL 35 - V4.03
Brand: ZyXEL Communications Pages: 142
KeeLog KeyGrabber PS/2 User Manual preview
KeyGrabber PS/2
Brand: KeeLog Pages: 24
Watchguard Firebox T80 Quick Start Manual preview
Firebox T80
Brand: Watchguard Pages: 2
Watchguard QMS 1000 Quick Start Manual preview
QMS 1000
Brand: Watchguard Pages: 8
Watchguard CL58AE32 Quick Start Manual preview
CL58AE32
Brand: Watchguard Pages: 2
Watchguard Firebox 2500 Series Hardware Manual preview
Firebox 2500 Series
Brand: Watchguard Pages: 30
Watchguard Firebox T40 Hardware Manual preview
Firebox T40
Brand: Watchguard Pages: 18
Watchguard DS1AE3 Quick Start Manual preview
DS1AE3
Brand: Watchguard Pages: 37
Watchguard Firebox T55 Quick Start Manual preview
Firebox T55
Brand: Watchguard Pages: 29
Watchguard Firebox Vclass V100 Administration Manual preview
Firebox Vclass V100
Brand: Watchguard Pages: 38
Watchguard BF4S16E5W User Manual preview
BF4S16E5W
Brand: Watchguard Pages: 208
Excelsecu Data Technology Co., Ltd. eSecu FIDO2 User Manual preview
eSecu FIDO2
Brand: Excelsecu Data Technology Co., Ltd. Pages: 17

Brands by name

Popular brands

Load more brands