manualshive.com logo in svg

Broadcom Symantec S550, Руководство по установке, Страница: 12 / 49

Поделиться
Скачать
Broadcom Symantec S550 Скачать руководство пользователя страница 12

 

Symantec

 Endpoint Detection and Response 4.5 Installation Guide for the S550

appliance

Symantec EDR operating modes and network connections

 describes the Symantec EDR modes that are available for

the appliances and the network connections that are required for each role. You must assign a static IP address to each

Symantec EDR network connection.

Table 6: Symantec EDR operating modes and network connections

Mode

Description

Network connections required

Inline Block

In Inline Block mode, network traffic passes through the

appliance between the endpoints and the Internet. Any file

downloads, accessed websites, and traffic that are considered

malicious are blocked. Only Inline Block mode provides real-

time protection against threats.

1 Management

2 WAN

2 LAN

Inline Monitor

In Inline Monitor mode, network traffic passes through the

appliance between the endpoints and the Internet. Malicious

files, websites, and traffic are logged for visibility but are not

blocked. Any threats that are found in Inline Monitor mode must

be mitigated manually.

Inline Monitor mode is often used as a test for system

performance and to analyze potential behavior for blocking

(from reports) before blocking is implemented. The physical

connections for Inline Block and Inline Monitor modes are

identical, so no re-cabling is necessary when you switch

between these modes.

The physical appliance has two Inline interfaces in Inline

Monitor mode.

1 Management

2 WAN

2 LAN

Bypass (Inline

mode failsafe)

Installed out of the box:
Standard NIC mode

Configured for Inline deployment:
Bypass mode

Configured for Tap deployment:
Standard NIC mode

Reimaged (factory reset) after any previous deployment:
Standard NIC mode

Same as Inline Block or Inline Monitor

Tap

In Tap mode, the appliance connects to a Tap or Span port on

a switch. The appliance monitors a copy of the traffic between

the endpoints and the Internet so monitoring incidents and

logging incidents do not affect network performance. Because

the monitoring and logging engines work at different intervals,

there may be a slight delay in detecting incidents. All threats

must be mitigated manually.

The appliance can monitor up to four monitor ports on separate

networks in Tap mode.

1 Management

1 Monitor connection for each network

monitored

Management

platform

In management platform mode, all communications and

management go through the management port. Since a

management platform appliance does not scan, only the

management connection is required.

1 Management

You choose the operating mode for an all-in-one device or network scanner from the EDR appliance console. A

management platform operates in management platform mode automatically.

About network configurations and port connections
Where to place the appliance in your network for best results

 

12

Содержание Symantec S550

Страница 1: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance ...

Страница 2: ...9 Proxy recommendations 23 Symantec EDR platform support matrix 23 Obtaining a Symantec EDR license file and installing it 24 Installing the physical appliance 25 S550 appliance installation workflow 25 Connecting the cables on the S550 appliance 26 Powering on the S550 appliance and verifying the LEDs 27 Configuring the serial terminal or terminal emulation software 28 Rack mounting the S550 appl...

Страница 3: ...allation Guide for the S550 appliance Appendix B Hardward specifications 43 Symantec S550 appliance specifications 43 Appendix C Re installing Symantec EDR onto the S550 45 Re installing Symantec EDR onto the 550 appliance from a USB stick or DVD 45 3 ...

Страница 4: ...ies For more information please visit www broadcom com Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability function or design Information furnished by Broadcom is believed to be accurate and reliable However Broadcom does not assume any liability arising out of the application or use of this information nor the application or use...

Страница 5: ...d providing Endpoint Communications Channel ECC functionality Symantec EDR has certain version requirements based on various components of SEP The minimum SEPM version is 12 1 RU6 or later Symantec EDR can connect to multiple SEP sites with one connection per SEP site up to a total of ten connections to SEPM hosts Symantec EDR can manage the client endpoints that run SEP version 12 1 RU 6 MP3 or l...

Страница 6: ...stallation Guide for the S550 appliance Windows 7 64 bit only Windows 8 64 bit only Windows Server 2008 Windows Server 2012 Windows Server 2012 R2 or later recommended See the Symantec Endpoint Protection documentation for SEPM system requirements 6 ...

Страница 7: ...a specialized standalone internal server or a Windows server that runs PUTTY It can be convenient if it provides remote access via RDP or HTTP This computer also needs to be local to the appliance Configuring the serial terminal or terminal emulation software Have Ethernet cables up to four normal cables and two crossover cables available The number and types of cables depends on your network conf...

Страница 8: ...lly prior to commencing installation Provide this checklist to the administrators who will be performing the installation tasks You should also retain a copy for your records for archival and backup purposes Table 3 Set up serial terminal or terminal emulation software S550 appliance only Configuration Description Value to input Configure the terminal emulation software You must configure the term...

Страница 9: ...of a second name server ________ yes ________ ________ ________ ________ ________ no Network scanner role only IP address of the Management Platform The management port IP address of the management platform appliance that controls this scanner ________ ________ ________ ________ Management platform or network scanner roles only Communication Channel password A secure password to encrypt communicat...

Страница 10: ...xists Symantec EDR license location ______________________________________ SMTP Settings Symantec strongly recommends that you specify the SMTP settings in the setup wizard Doing so lets you recover a lost password Otherwise you can check Skip adding SMTP server configuration and specify the settings later in the EDR appliance console SMTP Server and Port The fully qualified domain name and port n...

Страница 11: ...d as network scanners Each network scanner can monitor traffic on a different network and send its incident data to the management platform Depending on the operating mode the network scanner may block malicious traffic in real time A network scanner does not have the EDR appliance console You configure and manage the network scanner from the management platform Its incident data is consolidated w...

Страница 12: ...e cabling is necessary when you switch between these modes The physical appliance has two Inline interfaces in Inline Monitor mode 1 Management 2 WAN 2 LAN Bypass Inline mode failsafe Installed out of the box Standard NIC mode Configured for Inline deployment Bypass mode Configured for Tap deployment Standard NIC mode Reimaged factory reset after any previous deployment Standard NIC mode Same as I...

Страница 13: ...points in the organization While each deployment varies the physical appliance has a capacity of approximately 25K simultaneous connections These numbers are for inline mode In Tap mode hardware can support approximately twice the number of connections as inline Symantec EDR features If the deployment is to use mostly network scanning then a separate scanner and management platform deployment prov...

Страница 14: ...witch that is set to span mode Not used Port span tap with multiple monitor ports This configuration uses two monitor ports and one management connection Extra monitor ports allow the same appliance to connect to multiple switches from different subnets This configuration does not block file transfers or websites Port on your LAN switch Connect Monitor1 to network tap or port on your LAN switch th...

Страница 15: ...perform the following depending upon its role Scan all network traffic coming into and out of the organization Determine the source and destination of all traffic Detect internal connection endpoints Act as a network proxy for endpoints if integrating with Symantec Endpoint Protection Manager Have a minimal affect on network performance If your architecture includes a demilitarized zone DMZ and yo...

Страница 16: ...endpoints for the endpoint proxy The management network should not be open to the Internet as a whole If you need access to the management network from outside a VPN or short lived Remote Desktop connection is recommended In Inline mode the management port must be on a different subnet from the Inline interface The following figures show examples of network configurations You might need crossover ...

Страница 17: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance 17 ...

Страница 18: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance 18 ...

Страница 19: ... ports Depending on your network layout you may need to open some ports on your firewall and edit your firewall rules These changes let you access the important web addresses that are essential for Symantec Endpoint Detection and Response operations Symantec EDR web and IP addresses lists the web and IP addresses to which Symantec EDR requires access 19 ...

Страница 20: ...identify malicious websites stnd avpg crsi symantec com stnd ipsg crsi symantec com TCP 443 Used to send detection telemetry to Symantec register brightmail com TCP 443 Used to register the appliance swupdate brightmail com TCP 443 Used to check for and download new releases of Symantec EDR shasta rrs symantec com shasta mrs symantec com TCP 443 Used to perform reputation lookups for Windows execu...

Страница 21: ...municate with Symantec EDR RRS endpoint submissions ECC 1 0 HTTPS HTTP HTTP 443 80 8443 SEP Symantec EDR The SEPM private cloud that lets endpoints communicate with Symantec EDR Symantec cloud detection analysis and correlation services and telemetry services If endpoint activity recorder enabled If endpoint activity recorder disabled 443 TCP All appliances Symantec External traffic Cloud service ...

Страница 22: ... when content is blocked at an endpoint Not required for Inline Monitor or Tap Span modes Synapse SEPM connection with Embedded DB optional Supported for SEPM 14 3 MP1 and earlier HTTPS 8081 TCP default Management platform or all in one appliance SEPM server Internal traffic Required if using the embedded database for Synapse connection to SEPM Connection to SEPM database HTTPS 2638 TCP default Ma...

Страница 23: ...ers deploy Symantec EDR between the internal network and the proxy it gives Symantec EDR full visibility of endpoint information You must deploy Symantec EDR when you are load balancing proxies between the internal network and a farm of proxies This information ensures Symantec EDR can failover to the proxy In this scenario the LAN port of the proxy is the good place to plug in Symantec EDR inline...

Страница 24: ...lment confirmation Welcome email that includes your serial number and a license key file attachment If you did not receive a Broadcom Welcome letter or you cannot locate your license key file click here to go to the Broadcom web site where you can access your license key file Save your license key file to a location that you can access from the EDR appliance console Install the license key file in...

Страница 25: ...nfigure the appliance 4 Run the status_check command Run the command status_check to determine if the network connectivity has been set up properly The command lists all of the items that are checked and the status of whether each item is successful or not status_check command 5 Run the setup wizard Management platform or all in one appliances only The Symantec EDR setup wizard guides you through ...

Страница 26: ... see the illustration below 1 Connect the RJ45 end of the included serial cable to the appliance s real panel RJ45 serial port and connect the other DB9 end of the cable to the serial terminal or workstation with terminal emulation software The serial connection is necessary to perform the appliance s initial configuration 2 Connect an Ethernet cable to the RJ45 eth0 port labeled 0 0 and connect t...

Страница 27: ...either of these ports to a Tap Span port on a switch or router Table 10 Port to function summary 0 0 Management port 2 0 WAN1 port 2 1 LAN1 port 2 2 WAN2 port 2 3 LAN2 port Powering on the S550 appliance and verifying the LEDs Table 11 Front panel LEDs colors states Front panel LED Color state Power LED Black Powered off or no power present Amber Powered on and booting up Blinking green Power swit...

Страница 28: ...e in a four post equipment rack CAUTION Before rack mounting the appliance Power off the appliance and disconnect all cables Verify that the weight of the system does not exceed the rack s fully populated weight limit For more information refer to the manufacturer s instructions included with the rack For weight stability load the rack from the bottom up Read the Rack Mount Warnings section of the...

Страница 29: ...mounting configurations 1 Disassemble the two side rail assemblies by fully extending each side rail and sliding out the inner chassis rails 2 Attach the two inner rails to the appliance Align each rail to the mounting posts on each side of the chassis and slide the rails toward the front of the chassis until the mounting posts snap into place 29 ...

Страница 30: ... 3 Attach the rack rails to the rack Insert the front of each rail in the rack while opening and then releasing the front latch Repeat to attach the rear of the rails extending or retracting the rails as necessary so they fit Verify the rack rails are installed at the same rack height 30 ...

Страница 31: ...e 4 Install the appliance in the rack Align the inner rails attached to the appliance with the slide rails in the rack and slide the appliance gently all the way into the rack until it clicks and locks in place The appliance can be installed from either the front or rear of the rack 31 ...

Страница 32: ...the levers immediately so the rail safety locks engage in the fully extended out position Take care not to push or pull too far especially while pressing the blue levers Doing so could cause the appliance to fall from the rack d While continuing to press the levers carefully slide the appliance out the front or rear of the rack Make sure to use two persons or a mechanical aid to lift the appliance...

Страница 33: ... The following table describes the bootstrap prompts New password Type a new secure password for the console This password replaces the default password symantec Weak password Try another y n A password that is similar to a word in the Dictionary is too short or not complex enough is less secure Type y to delete the new password and be prompted to try again Type n to keep the new password you prev...

Страница 34: ...gure IPv4 static routes y n Type y to configure an IPv4 static route or n to skip this configuration step Static routes may be required For example use static routes to connect a network scanner to its management platform Destination CIDR allowed Gateway If you choose to configure IPv4 static routes you are prompted to type the destination IP address and the gateway IP address Add another route y ...

Страница 35: ...1 On a computer that is accessible to the appliance open a window on a supported browser and type https IP address of the management port For example if you assigned the static IP address 10 20 20 20 to the appliance during bootstrap type https 10 20 20 20 NOTE You must use the HTTPS protocol when you type the address of the setup wizard The HTTPS protocol is required 2 If the browser displays an ...

Страница 36: ...ddress where alerts such as a license expiration notification are sent from If your mail server requires a secure logon to receive messages check Authorize Then type a user name and password that Symantec EDR can use to authenticate with the mail server Create an Administrative account Specify a logon name password display name and user email address for the initial administrator account You need ...

Страница 37: ... from your endpoints for example a dump of all its events Configure backups Configure one or more backup schedules and locations Configure secure access to the EDR appliance console Upload a certificate to encrypt EDR appliance console sessions For Inline Block operation you may also want to customize the blocking page Blocking pages are used only when you operate in Inline Block mode and scanning...

Страница 38: ...any messages 3 On the Internet go to the following URL http testatp coe org uk 4 Click on each of the links on the test page You should see a corresponding incident in the database whether you are in Tap mode or Inline Monitor mode Cloud based sandboxing detections may be delayed during virtual execution If you are in Inline Block mode file downloads except the cloud based sandbox new file submiss...

Страница 39: ...o the management port of your management platform or all in one appliance NOTE To view Symantec EDR appliance pages or access the Symantec EDR console through the cloud website you must be connected via your company LAN or VPN or provide Symantec EDR with a public IP address that is accessible from the Internet Otherwise the following error message appears This page can t be displayed If you re us...

Страница 40: ...Symantec Endpoint Detection and Response 4 5 Installation Guide for the S550 appliance Appendix Materials 40 ...

Страница 41: ...nnected to your internal network WAN1 Monitor1 Ethernet port In tap mode connect the Monitor1 port to the network tap device or a monitoring port on a switch for SPAN In inline mode connect the WAN1 port to a switch toward your Internet connection or to your firewall LAN1 Monitor2 Ethernet port In tap mode you may connect the Monitor2 port to the network tap device or a monitoring port on a switch...

Страница 42: ...ndicators Three pairs of LED indicators appear on the bypass NIC card The Link Activity pair is solid green and blinks green on activity when bypass mode is off It is off when bypass mode is on The Bypass pair is solid green when the appliance is running in bypass mode and is off when bypass mode is off The DISC pair is always off not used 42 ...

Страница 43: ...6MHz Common Components on the Mother Board PCH Lewisburg L Intel C628 SSL Interface None Non By pass Ethernet Ports 2x Intel X550 By pass Ethernet Port 4x X557 PHY SAS Controller SAS Mezzanine card BMC IPMC AST2500 Boot Device SSD 2 x SATA III M 2 2242 SSD 64GB Key Storage Device SPI FLASH 1x ME 64MB fixed image 2x 32M re image able Power Supply 2 x PSU BEL POWER AC1600W System Fans 40W 6 Serial P...

Страница 44: ...e Carrier 3 dual half height O2B O3A None Super cap for Mezz card RMSP3AD160F IOC 16port Mez Card None ROC 16port Mez Card 1 RAID Controller Intel R IntegratedRAIDModuleRMSP3AD160 LCM None Default Option Cards only one of the following delivered as Field Replaceable Unit PE310G4BPI71 SR 1 PE310G4BPI71 LR 1 44 ...

Страница 45: ...wizard To follow the installer To perform a USB stick installation 7 Obtain an ISO image from Symantec 8 Create a bootable USB stick For Linux Click the following link to learn more about how to create a bootable USB stick on Linux https access redhat com documentation en us red_hat_enterprise_linux 7 html installation_guide sect making usb media For Mac A List the mounted devices For example List...

Страница 46: ...e device For example M021204TKG3QD Downloads john_doe diskutil unmountDisk dev disk4 Unmount of all volumes on disk4 was successful C Write ISO image onto the USB stick In this example the USB stick is on dev disk4 M021204TKG3QD Downloads john_doe sudo dd if ATP 4 0 0 3 iso of dev disk4 bs 1m Password 2390 1 records in 2390 1 records out 2506612736 bytes transferred in 776 888341 secs 3226477 byte...

Страница 47: ...3s1 2 Apple_HFS BackupMcBackface 2 0 TB disk3s2 dev disk4 external physical TYPE NAME SIZE IDENTIFIER 0 CDROM 15 9 GB disk4 M021204TKG3QD Downloads john_doe diskutil unmountDisk dev disk4 Unmount of all volumes on disk4 was successful 9 Plug the USB stick into the USB port 10 Boot to the device To boot to the device 11 Follow the installer To follow the installer To boot to the device This procedu...

Страница 48: ...VD or USB stick 15 Select the option Test this media install ATP The install occurs automatically and can take up to 30 minutes The host reboots after the installation is complete Do not shut off the host until the login prompt appears 16 After the reboot completes log in as an administrator and perform the bootstrap 48 ...

Страница 49: ......

Отзывы:

Нет отзывов