Appliance Quick Setup Guide
Part Number N450000567 Rev 001
Published September 2007
Nokia Intrusion Prevention
with Sourcefire
Страница 1: ...Appliance Quick Setup Guide Part Number N450000567 Rev 001 Published September 2007 Nokia Intrusion Prevention with Sourcefire ...
Страница 2: ...s provided by Nokia Inc as is and any express or implied warranties including but not limited to implied warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall Nokia or its affiliates subsidiaries or suppliers be liable for any direct indirect incidental special exemplary or consequential damages including but not limited to procurement of substitute go...
Страница 3: ... Outside USA and Canada 1 512 437 7089 email info ipnetworking_americas nokia com Europe Middle East and Africa Nokia House Summit Avenue Southwood Farnborough Hampshire GU14 ONG UK Tel UK 44 161 601 8908 Tel France 33 170 708 166 email info ipnetworking_emea nokia com Asia Pacific 438B Alexandra Road 07 00 Alexandra Technopark Singapore 119968 Tel 65 6588 3364 email info ipnetworking_apac nokia c...
Страница 4: ...4 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide ...
Страница 5: ... security threats Nokia Intrusion Prevention with Sourcefire consists of the following components Sourcefire 3D Sensor on Nokia consists of the Sourcefire Sensor on Nokia application running on a Nokia Intrusion Prevention with Sourcefire appliance A Sourcefire 3D Sensor on Nokia can be deployed to run any or all of the following Sourcefire Intrusion Prevention System IPS IPS monitors your network...
Страница 6: ...our sensor Set Up the Defense Center You should set up your Defense Center before you install and configure your 3D Sensors To set up the Defense Center see the first two chapters of the Sourcefire Defense Center for Nokia Installation Guide This guide is available on the Documentation and Restore CD that is shipped with the Defense Center Nokia appliances can be configured to synchronize time wit...
Страница 7: ...o operate as a 3D Sensor Each step is described in more detail in the following pages 8 6 5 4 3 2 1 Start Perform the initial configuration Configure system time 7 Enable Sourcefire Sensor software Setup Complete Install the appliance Add sensor to Defense Center Set up communication with Defense Center Configure DNS Install licenses 9 10 Configure detection engine Update sensor software ...
Страница 8: ...n the Product Tracking I D Label on the bottom or side of the appliance You will need the serial number to obtain a license for the Intrusion Prevention System IPS software 4 Install the appliance in the equipment rack 5 Connect the cables as follows Connect the supplied RJ 45 cable to the console port You need to have a console connection to perform the initial configuration DHCP is not supported...
Страница 9: ...ace to be used for the management interface its IP address and network mask length The IP address of the default gateway for the appliance To perform the initial configuration 1 Establish a console connection to the appliance using a terminal or terminal emulation program with the following port settings 9600 bps 8 data bits No parity 1 stop bit 2 The initial configuration begins with the followin...
Страница 10: ...ure This interface should be the same interface as you connected the management cable to 6 When prompted enter the IP address and subnetwork mask length 7 When you see the following message type y the default option Do you wish to set the default route y 8 When prompted enter the IP address of the default router for this interface 9 When prompted to configure speed and duplex mode you can either C...
Страница 11: ...eive warning messages about the sample certificate on the system Accept the connection 3 Log in as admin and use the password that you assigned to the admin user Note As part of configuring the appliance with Network Voyager do not enable the network interfaces that will be used as sensing interfaces The interfaces should be administratively down The only interface that should be enabled is the ma...
Страница 12: ...priate time zone in the Time Zone list box 3 Either set the time manually or specify a time server To set the time manually enter the time and date units to change You do not need to fill in all fields blank fields default to their existing values Specify hours in 24 hour format To set the time using an NTP time server enter the name or IP address of the time server in the NTP Time Server text box...
Страница 13: ...tem Configuration Packages Manage Packages from the tree view 2 Click the Enable check box for the Sourcefire Sensor on Nokia package 3 Click the Submit button After a short wait a message appears tell you that the package has been registered Note Although the message suggests a reboot might be necessary you do not need to reboot the sensor After the Sourcefire Sensor on Nokia package is enabled a...
Страница 14: ... page Management Interface the interface that will be used for Defense Center communications You can choose only from the interfaces that are in the Up status Management Host the IP address or host name of the Defense Center Use a hostname rather than an IP address if your network uses DHCP to assign IP addresses Registration ID an optional alphanumeric value you can define as an additional securi...
Страница 15: ...D if you defined one Registration Key Enter the registration key Store Events and Packets Only on the Defense Center Because you can store data on only the Defense Center and not the sensor this check box is selected automatically You cannot change this setting for Sourcefire Sensors on Nokia Prohibit Packet Transfer to the Defense Center You can prevent packet data from being stored on the Defens...
Страница 16: ...three sensors in aggregate An RUA license to receive RUA events from any sensor running Real time User Awareness RUA As long as the user limits are not exceeded a single RUA license allows the Defense Center to receive user login events from multiple sensors with RUA Obtain and install a license as follows 1 Use the Nokia serial number to obtain a license from the Web based licensing center as des...
Страница 17: ...git number For example for an IPS software license add a leading zero to your appliance serial number If your appliance serial number is 93060305299 enter it as 093060305299 6 The feature license will be sent to you in an email When you receive your license you can then add it to the Defense Center as described in the next procedure To add the license 1 Copy the license from the email 2 Return to ...
Страница 18: ...sensors running RNA and security enhancement updates SEUs for IPS policies If your Defense Center has an internet connection you can download and install updates from the Defense Center For downloading and installing sensor software patches and VDBs go to Operations Update For SEU updates go to Policy Response IPS SEU Sensor software updates SEUs and VDBs are also available for download at the Nok...
Страница 19: ...from the default configuration For example you might be deploying your sensor inline with fail open interfaces which would require creating an inline with fail open interface set Or you might want to also run RNA or RUA over the default passive interface set To change the default configuration you can Edit the default interface set and create new interface sets By removing interfaces from the defa...
Страница 20: ...t have a policy installed Default IPS policies are supplied that you can use as a basis for your IPS policy You should also configure the RNA settings in the system policy RUA detection engines do not require a policy To begin creating or applying detection policies select Policy Response and then either IPS or RNA depending on the type of policy The Sourcefire 3D System for Nokia User Guide provi...
Страница 21: ... known limitations This document might be available only on the Nokia Support Web site CLI Reference Guide for Nokia IPSO LX describes the commands that you can implement from the command line interface CLI for IPSO LX Nokia IPxxx Intrusion Prevention with Sourcefire Installation Guide describes how to install and maintain the appliance The following documentation is available on the Documentation...
Страница 22: ...22 Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide ...
