manualshive.com logo in svg

Source fire Sourcefire 3D System, Руководство по установке

Поделиться
Скачать
Source fire Sourcefire 3D System Скачать руководство пользователя страница 42

Version 5.2

Sourcefire 3D System Installation Guide

42

Understanding Deployment

Deployment Options

Chapter 2

A gateway VPN can be used in a point-to-point, star, or mesh deployment:

Point-to-point deployments connect two endpoints with each other in a 

direct one-to-one relationship. Both endpoints are configured as peer 

devices, and either device can initiate the secured connection. At least one 

device must be a VPN-enabled managed device.
Use a point-to-point deployment to maintain your network security when a 

host at a remote location uses public networks to connect to a host in your 

network.

Star deployments establish a secure connection between a hub and 

multiple remote endpoints (leaf nodes). Each connection between the hub 

node and an individual leaf node is a separate VPN tunnel. Typically, the hub 

node is the VPN-enabled managed device, located at the main office. Leaf 

nodes are located at branch offices and initiate most of the traffic.
Use a star deployment to connect an organization’s main and branch office 

locations using secure connections over the Internet or other third-party 

network to provide all employees with controlled access to the 

organization’s network.

Mesh deployments connect all endpoints together by means of VPN 

tunnels. This offers redundancy in that when one endpoint fails, the 

remaining endpoints can still communicate with each other. 
Use a mesh deployment to connect a group of decentralized branch office 

locations to ensure that traffic can travel even if one or more VPN tunnels 

fails. The number of VPN-enabled managed devices you deploy in this 

configuration controls the level of redundancy.

For more information on gateway VPN configuration and deployments, see 

Gateway VPN in the 

Sourcefire 3D System User Guide

.

Deploying with Policy-Based NAT

L

ICENSE

Control

S

UPPORTED

 D

EVICES

Any

You can use 

policy-based network address translation

 (NAT) to define policies that 

specify how you want to perform NAT. You can target your policies to a single 

interface, one or more devices, or entire networks. 
You can configure static (one-to-one) or dynamic (one-to-many) translation. Note 

that dynamic translations are order-dependent where rules are searched in order 

until the first matching rule applies.
Policy-based NAT typically operates in the following deployments:

Hide your private network address. 
When you access a public network from your private network, NAT 

translates your private network address to your public network address. 

Your specific private network address is hidden from the public network.

Содержание Sourcefire 3D System

Страница 1: ...Version 5 2 Sourcefire 3D System Installation Guide 1 Sourcefire 3D System Installation Guide Version 5 2...

Страница 2: ...ademarks or registered trademarks of Sourcefire Inc in the United States and other countries Other company product and service names may be trademarks or service marks of others 2004 2013 Sourcefire I...

Страница 3: ...Sourcefire 3D System Components 16 Licensing the Sourcefire 3D System 19 Using Legacy RNA Host and RUA User Licenses 22 Security Internet Access and Communication Ports 23 Internet Access Requirements...

Страница 4: ...i Site Environments 53 Integrating Managed Devices within Complex Networks 55 Chapter 3 Installing a Sourcefire 3D System Appliance 57 Included Items 58 Security Considerations 58 Identifying the Mana...

Страница 5: ...lti Function Keys 113 Idle Display Mode 114 Network Configuration Mode 115 Allowing Network Reconfiguration Using the LCD Panel 117 System Status Mode 118 Information Mode 119 Error Alert Mode 121 Cha...

Страница 6: ...Rules During Restore 211 Downloading the ISO and Update Files and Mounting the Image 212 Invoking the Restore Process 213 Saving and Loading Restore Configurations 215 Restoring a DC1000 or DC3000 Usi...

Страница 7: ...249 Appendix B Using SFP Transceivers on a 3D7115 or 3D7125 251 3D7115 and 3D7125 SFP Sockets and Transceivers 251 Inserting an SFP Transceiver 253 Removing an SFP Transceiver 254 Appendix C Inserting...

Страница 8: ...lled on network segments monitor traffic for analysis Devices in a passive deployment monitor traffic flowing across a network for example using a switch SPAN virtual switch or mirror port Passive sen...

Страница 9: ...c sensing managed device or a managing Defense Center Physical devices are fault tolerant purpose built network appliances available with a range of throughputs and capabilities Defense Centers serve...

Страница 10: ...ices with a Defense Center Depending on model and license managed devices gather detailed information about your organization s hosts operating systems applications users files networks and vulnerabil...

Страница 11: ...aging resets devices in inline deployments to a non bypass configuration and disrupts traffic on your network For more information see Traffic Flow During the Restore Process on page 199 When running...

Страница 12: ...elivered with Version 5 2 The following table lists the appliances that Sourcefire delivers with Version 5 2 of the Sourcefire 3D System Although Sourcefire does not deliver Version 5 2 on Series 2 ap...

Страница 13: ...el on page 13 and Licensing the Sourcefire 3D System on page 19 The Defense Center column for device based capabilities such as stacking switching and routing indicates whether that Defense Center can...

Страница 14: ...AMP DC1000 DC3000 FireAMP integration n a n a n a fast path rules 3D9900 8000 Series strict TCP enforcement configurable bypass interfaces except where hardware limited tap mode 3D9900 switching and...

Страница 15: ...ns and safety 7000 Series Chassis Designations The 7000 Series Chassis Models table lists the chassis designations for the 7000 Series models available world wide device clustering clustered stacks 3D...

Страница 16: ...Resource Sharing The redundancy and resource sharing features of the Sourcefire 3D System allow you to ensure continuity of operations and to combine the processing resources of multiple physical dev...

Страница 17: ...access control and modify intrusion rule states Access Control Access control is a policy based feature that allows you to specify inspect and log the traffic that traverses your network As part of ac...

Страница 18: ...allow the file FireAMP is Sourcefire s enterprise class endpoint based AMP solution If your organization has a FireAMP subscription individual users install FireAMP Connectors on their computers and m...

Страница 19: ...is required to perform host application and user discovery The FireSIGHT license on your Defense Center also determines how many individual hosts and users you can monitor with the Defense Center and...

Страница 20: ...It also allows you to view trajectories which track files transmitted over your network A Malware license requires a Protection license VPN A VPN license allows you to build secure VPN tunnels among t...

Страница 21: ...nted by that license such as switching or routing Although the DC500 can manage devices with Protection and Control licenses you cannot perform Security Intelligence filtering or user control For deta...

Страница 22: ...ning Version 5 2 gives you the higher limit For your convenience the web interface displays only the licenses that represent the higher limits IMPORTANT Because FireSIGHT license limits are matched to...

Страница 23: ...f the Sourcefire 3D System require this direct connection and others support use of a proxy server Additionally the system requires that certain ports remain open for basic intra appliance communicati...

Страница 24: ...primary failure you must switch roles URL filtering data download cloud based URL category and reputation data for access control and perform lookups for uncategorized URLs The primary Defense Center...

Страница 25: ...ectional allow the RSS Feed dashboard widget to connect to a remote web server use for auto update Adding inbound access allows the Defense Center to update custom and third party Security Intelligenc...

Страница 26: ...re 3D System User Guide 3306 Sourcefire User Agent TCP Inbound allow communication between the Defense Center and Sourcefire User Agents 8302 eStreamer TCP Bidirectional use for an eStreamer client 83...

Страница 27: ...or attacks that might affect the availability integrity or confidentiality of hosts on the network A device can be deployed in an inline switched routed or hybrid Layer 2 Layer3 environment To learn m...

Страница 28: ...ces on page 28 for more information How will you connect the managed devices to the network Hubs Taps Spanning ports on switches Virtual switches See Connecting Devices to Your Network on page 32 for...

Страница 29: ...hysical ports on a managed device as passive interfaces For more information see Connecting Devices to Your Network on page 32 Inline Interfaces LICENSE Any SUPPORTED DEVICES Any You configure an inli...

Страница 30: ...ass to stop traffic if the device fails Note that reimaging resets appliances in bypass mode to a non bypass configuration and disrupts traffic on your network until you reconfigure bypass mode For mo...

Страница 31: ...tructions for Setting Up Virtual Switches in the Sourcefire 3D System Guide Routed Interfaces LICENSE Control SUPPORTED DEVICES Series 3 You can configure routed interfaces on a managed device in a La...

Страница 32: ...responds to the traffic depending on the destination IP address If the system receives any other traffic it handles it as Layer 2 traffic and switches it appropriately To create a hybrid interface yo...

Страница 33: ...interface set to the span port you can monitor the combined traffic from all ports generally both incoming and outgoing If you already have a switch that includes this feature on your network in the...

Страница 34: ...ifferent network cards Note that some 8000 Series NetMods do not allow bypass configuration The network interface cards NICs in the device support a feature called Auto Medium Dependent Interface Cros...

Страница 35: ...tions Note that a Layer 2 port functions as a straight through MDI endpoint in the deployment and a Layer 3 port functions as a crossover MDIX endpoint in the deployment The total crossovers cables an...

Страница 36: ...f you allow the network interfaces to auto negotiate If your network environment requires that you turn off the Auto Negotiate option on the Network Interface page then you must specify the correct MD...

Страница 37: ...each virtual switch the system switches traffic only to the set of ports configured as switched interfaces For example if you configure a virtual switch with four switched interfaces when the system r...

Страница 38: ...virtual switch indicated by the blue line and from computer B to computer A through the same virtual switch indicated by the green line Similarly traffic can pass to and from the file and web servers...

Страница 39: ...system receives a VLAN tagged packet and you have not configured a logical routed interface it also drops the packet Virtual routers have the advantage of scalability Where physical routers limit the...

Страница 40: ...figured as a virtual switch to pass traffic on a local network and virtual routers to route traffic to networks either private or public To create a hybrid interface you first configure a virtual swit...

Страница 41: ...PORTED DEVICES Series 3 You can create a gateway virtual private network gateway VPN connection to establish a secure tunnel between a local gateway and a remote gateway The secure tunnel between the...

Страница 42: ...tion s network Mesh deployments connect all endpoints together by means of VPN tunnels This offers redundancy in that when one endpoint fails the remaining endpoints can still communicate with each ot...

Страница 43: ...nt See the Sourcefire 3D System User Guide for more information on this feature An access control policy determines how the system handles traffic on your network You can add access control rules to y...

Страница 44: ...te locations or on mobile devices Inside the Firewall Managed devices inside the firewall monitor inbound traffic allowed by the firewall or traffic that passes the firewall due to misconfiguration Co...

Страница 45: ...s such as mail relay and web proxy to users on the internal network Content stored in the DMZ is static and changes are planned and executed with clear communication and advance notice Attacks in this...

Страница 46: ...es a strict access control policy for all internal traffic in addition to outbound traffic Add access control rules to tightly control traffic between users and applications On the Core Network Core a...

Страница 47: ...ccess to the primary network Mobile devices and the use of personal devices for business purposes for example using a smart phone to access corporate email are becoming increasingly common These netwo...

Страница 48: ...PORTANT Although each port is capable of receiving the full throughput for which the device is rated the total traffic on the managed device cannot exceed its bandwidth rating without some packet loss...

Страница 49: ...t with a gigabit optical tap as shown in the illustration below both sets of ports on the managed device are used by the connectors from the tap You can use the virtual switch to replace both the tap...

Страница 50: ...s you can use the virtual switch capability of the device to replace both switches in your deployment Complex Network Deployments Your enterprise s network may require remote access such as using a VP...

Страница 51: ...the terminating endpoints of the VPN connections ensures that all packet information can be accessed The following diagram illustrates how managed devices can be deployed in a VPN environment You can...

Страница 52: ...2 Sourcefire 3D System Installation Guide 52 Understanding Deployment Complex Network Deployments Chapter 2 how managed devices can be installed at key locations on a complex network with multiple ent...

Страница 53: ...he Sourcefire 3D System supports this by offering the Defense Center which aggregates and correlates events from managed devices deployed throughout the organization s many locations Unlike deploying...

Страница 54: ...urcefire 3D System Installation Guide 54 Understanding Deployment Complex Network Deployments Chapter 2 the managed devices over a VPN or with some other secure tunneling protocol as shown in the foll...

Страница 55: ...tworks You can deploy managed devices in more complex network topologies than a simple multi sector network This section describes the issues surrounding network discovery and vulnerability analysis w...

Страница 56: ...ing system changes and cannot deliver a static operating system identification with a high confidence value Depending on the number of different operating systems on the affected hosts the system may...

Страница 57: ...ense Center which manages one or more devices to correlate data across your full deployment and coordinate and respond to threats to your security See the following sections for more information about...

Страница 58: ...Place a desktop device 3D500 1000 2000 within a secure location that prevents access by unauthorized personnel Allow only trained and qualified personnel to install replace administer or service the S...

Страница 59: ...pliance The following illustration of the rear of the chassis indicates the location of the management interface on a DC750 Rev 1 DC750 Rev 1 The following illustration of the rear of the chassis indi...

Страница 60: ...es the location of the management interface Sourcefire 3D500 1000 2000 The 3D500 1000 2000 is available as a desktop appliance The following illustration indicates the location of the management inter...

Страница 61: ...the management interface The 3D8250 is available as a 2U appliance The 3D8260 8270 8290 is available as a 2U appliance with one two or three secondary 2U appliances The following illustration of the...

Страница 62: ...interfaces to passively sense up to four separate network segments You also can use paired interfaces in inline or inline with bypass mode which allows you to deploy the device as an intrusion preven...

Страница 63: ...urable bypass capability The following illustration of the front of the chassis indicates the location of the sensing interfaces Eight Port 1000BASE T Copper Configurable Bypass Interfaces You can use...

Страница 64: ...y monitor up to eight separate network segments You can also use paired interfaces in inline or inline with bypass mode to deploy the device as an intrusion prevention system on up to four networks If...

Страница 65: ...d performance If you want to take advantage of the device s automatic bypass capability you must connect either the two interfaces on the left or the two interfaces on the right to a network segment A...

Страница 66: ...rfaces as an inline set and enable bypass mode on the inline set SFP Interfaces When you install Sourcefire SFP transceivers into the SFP sockets you can passively monitor up to eight separate network...

Страница 67: ...ing modules contain configurable bypass sensing interfaces a quad port 1000BASE T copper interface with configurable bypass capability a quad port 1000BASE SX fiber interface with configurable bypass...

Страница 68: ...ce with configurable bypass capability See Quad Port 1000BASE T Copper Configurable Bypass NetMod on page 69 for more information a quad port 1000BASE SX fiber interface with configurable bypass capab...

Страница 69: ...3D8250 and is provided in the 3D8260 8270 8290 stacked configurations See 8000 Series Stacking Module on page 73 for more information Quad Port 1000BASE T Copper Configurable Bypass NetMod You can use...

Страница 70: ...ou must also use the web interface to configure a pair of interfaces as an inline set and enable bypass mode on the inline set Dual Port 10GBASE MMSR or SMLR Fiber Configurable Bypass NetMod The dual...

Страница 71: ...pable device displays 3D 8250 40G on the LCD Panel You can use this configuration to passively monitor up to two separate network segments You also can use the paired interface in inline or inline wit...

Страница 72: ...1000BASE SX Fiber Non Bypass NetMod The quad port 1000BASE SX fiber non bypass configuration uses LC type Local Connector optical transceivers You can use these connections to passively monitor up to...

Страница 73: ...Stacking Module A stacking module combines the resources of two or more identically configured appliances The stacking module is optional on the 3D8140 and 3D8250 and is provided in the 3D8260 8270 82...

Страница 74: ...hey are not used You can stack devices in the following configurations two 3D8140s up to four 3D8250s a 3D8260 a 10G capable primary device and a secondary device a 3D8270 a 40G capable primary device...

Страница 75: ...ary device installed below the primary device To connect a 3D8140 secondary device Use an 8000 Series stacking cable to connect the left stacking interface on the primary device to the left stacking i...

Страница 76: ...each secondary device directly to the primary device as required for the number of secondary devices in the configuration 3D8250 Primary Device with One Secondary Device The following example shows a...

Страница 77: ...8270 which includes a 40G capable 3D8250 primary device and two dedicated secondary devices One secondary device is installed above the primary device and the other is installed below the primary devi...

Страница 78: ...ing module on the primary device to the left interface on the stacking module on the secondary device 2 Use a second 8000 Series stacking cable to connect the right interface on the stacking module on...

Страница 79: ...an 8000 Series stacking cable To insert the cable hold the cable end with release tab facing up then insert the keyed end into the port on the stacking module until you hear the latch click into plac...

Страница 80: ...following s IP address 192 168 45 2 netmask 255 255 255 0 default gateway 192 168 45 1 Using an Ethernet cable connect the network interface on the local computer to the management interface on the ap...

Страница 81: ...want to analyze using the appropriate cables for your interfaces Copper Sensing Interfaces If your device includes copper sensing interfaces make sure you use the appropriate cables to connect them to...

Страница 82: ...e Deployments on Copper Interfaces on page 34 7 Continue with the next chapter Setting Up a Sourcefire 3D System Appliance on page 86 Redirecting Console Output By default Sourcefire appliances direct...

Страница 83: ...ter or Series 2 managed device type sudo su and provide the password again On a Series 3 managed device type expert to display the shell prompt Then type sudo su and provide the password again The roo...

Страница 84: ...ing Inline Sets in the Sourcefire 3D System User Guide for instructions on configuring an interface set for inline bypass mode 2 Set all interfaces on the switch the firewall and the device sensing in...

Страница 85: ...ardware bypass 9 Wait 30 seconds Verify that your ping traffic resumes 10 Power the device back on and verify that your ping traffic continues to pass 11 For appliances that support tap mode you can t...

Страница 86: ...tem creates and applies The purpose of these initial configurations and policies is to provide an out of the box experience and to help you quickly set up your deployment not to restrict your options...

Страница 87: ...o set up an appliance without powering it down However if you need to power down for any reason use the procedure in the Managing Devices chapter in the Sourcefire 3D System User Guide the system shut...

Страница 88: ...management and analysis tasks for your deployment Physical managed devices have a restricted web interface that you can use only to perform basic administration For more information see Next Steps on...

Страница 89: ...omplete the setup of a managed device using its web interface see Initial Setup Page Devices on page 93 To complete the setup of a Defense Center using its web interface see Initial Setup Page Defense...

Страница 90: ...faults are listed in square brackets such as y Press Enter to confirm a choice Note that the script prompts you for much of the same setup information that the appliance s setup web page does For more...

Страница 91: ...llowing the setup prompts options are listed in parentheses such as y n Defaults are listed in square brackets such as y Press Enter to confirm a choice Note that the CLI prompts you for much of the s...

Страница 92: ...d on how you deployed the device For more information see Detection Mode on page 98 The console may display messages as your settings are implemented When finished the device reminds you to register t...

Страница 93: ...me IPv4_address IPv6_address DONTRESOLVE reg_key nat_id where hostname IPv4_address IPv6_address DONTRESOLVE specifies either the fully qualified host name or IP address of the Defense Center If the D...

Страница 94: ...or a device where network settings are already configured use a computer on your management network to browse to the IP address of the device s management interface The login page appears 2 Log in usi...

Страница 95: ...t interface to the management network If you need to access the device s web interface at any time direct a browser on a computer on the management network to the IP address or host name that you conf...

Страница 96: ...otocol IPv4 IPv6 or Both Depending on your choice the setup page displays various fields where you must set the IPv4 or IPv6 management IP address netmask or prefix length and default gateway For IPv4...

Страница 97: ...u must manage a Sourcefire device with a Defense Center For your convenience the setup page allows you to preregister the device to the Defense Center that will manage it Leave the Register This Devic...

Страница 98: ...evice determines how the system initially configures the device s interfaces and whether those interfaces belong to an inline set or security zone The detection mode is not a setting you can change la...

Страница 99: ...cation user and URL control A device configured to perform access control usually fails closed and blocks non matching traffic Rules explicitly specify the traffic to pass You should also choose this...

Страница 100: ...lure As part of the initial setup you can Enable Automatic Backups Enabling this setting creates a scheduled task that creates a weekly backup of the configurations on the device End User License Agre...

Страница 101: ...nce Model on page 13 and Licensing the Sourcefire 3D System on page 19 To complete the initial setup on a Defense Center using its web interface ACCESS Admin 1 Direct your browser to https mgmt_ip whe...

Страница 102: ...address or host name that you just configured and complete the rest of the procedures in this guide 4 Use the Task Status page System Monitoring Task Status to verify that the initial setup was succes...

Страница 103: ...k protocol IPv4 IPv6 or Both Depending on your choice the setup page displays various fields where you must set the IPv4 or IPv6 management IP address netmask or prefix length and default gateway For...

Страница 104: ...trusion rules and preprocessor rules modified states for existing rules and modified default intrusion policy settings Rule updates may also delete rules and provide new rule categories and system var...

Страница 105: ...eployment Sourcefire recommends that you Enable Recurring Weekly Updates You can specify the weekly update frequency for the GeoDB Click the time zone to change it using a pop up window To download th...

Страница 106: ...e licenses your organization has purchased If you do not add licenses now any devices you register during initial setup are added to the Defense Center as unlicensed you must license each of them indi...

Страница 107: ...urrently supported by the Sourcefire 3D System You can add most pre registered devices see Remote Management on page 97 to the Defense Center during the initial setup process However if a device and t...

Страница 108: ...chitecture and resource limitations not all licenses can be applied to all managed devices However the setup page does not prevent you from enabling unsupported licenses on managed devices or enabling...

Страница 109: ...ify its success Sourcefire recommends that you complete various administrative tasks that make your deployment easier to manage You should also complete any tasks you skipped during the initial setup...

Страница 110: ...ail relay host preferences and time synchronization settings Sourcefire recommends that you use the Defense Center to apply the same system policy to itself and all the devices it manages By default t...

Страница 111: ...12 explains how to identify the components of the LCD panel and display the panel s main menu Using the LCD Multi Function Keys on page 113 explains how to use the multi function keys on the LCD panel...

Страница 112: ...in the Sourcefire 3D System User Guide Understanding LCD Panel Components The LCD panel on the front of a Series 3 device has a display and four multi function keys The display contains two lines of t...

Страница 113: ...ying system information see Information Mode on page 119 IMPORTANT Pressing a multi function key as the LCD panel enters Idle Display mode can cause the panel to display an unexpected menu Using the L...

Страница 114: ...als between displaying the CPU utilization and free memory available and the chassis serial number A sample of each display might look like this CPU 50 FREE MEM 1024 MB or Serial Number 3D99 101089108...

Страница 115: ...t the ability to change s using the LCD panel is disabled You can enable it during the initial setup process or using the device s web interface For more information see Allowing Network Reconfigurati...

Страница 116: ...o the next digit in the IP address To edit the digit press the minus or plus keys on the top row to decrease or increase the digit by one To move to the next digit in the IP address press the right ar...

Страница 117: ...risk the ability to change s using the LCD panel is disabled by default You can enable it during the initial setup process see Setting Up a Series 3 Device on page 89 or using the device s web interf...

Страница 118: ...and free memory available Note that Idle Display mode also shows this information Link State Displays a list of any inline sets currently in use and the link state status for that set The first line...

Страница 119: ...hrough the options by pressing the down arrow key until the LCD panel displays the LCD Brightness and LCD Contrast options LCD Brightness LCD Contrast 2 Press the right arrow key in the row next to th...

Страница 120: ...y on the bottom row to access Information mode 4 Scroll through the options by pressing the down arrow key Press the right arrow key in the row next to the information you want to view Depending on th...

Страница 121: ...ll through the list of error alerts For more information see the LCD Panel Multi Function Keys table on page 114 To exit Error Alert mode Press the appropriate multi function key as indicated on the L...

Страница 122: ...re Series 2 Devices on page 142 Sourcefire 7000 Series Devices on page 146 Sourcefire 8000 Series Devices on page 172 Rack and Cabinet Mounting Options You can mount Sourcefire appliances in racks and...

Страница 123: ...delivered on two different chassis Rev 1 and Rev 2 Specifications vary but the appliances function identically See the following sections for more information about the appliance DC750 Chassis Front...

Страница 124: ...2 3 and 4 activity status and the power button are also the LEDs DC750 Rev 2 Front Panel Components Rev 1 A USB port E Fixed disk drive status LED B Power button F NIC 1 activity status LED C System s...

Страница 125: ...s the system is operating normally No light indicates the system is off A blinking green light indicates the system is sleeping The sleep indication is maintained on standby by the chipset If the syst...

Страница 126: ...processors or processor incompatibility critical event logging errors including System Memory Uncorrectable ECC error and fatal uncorrectable bus errors such as PCI SERR and PERR Non critical A non c...

Страница 127: ...stem Components Rear View FEATURE DESCRIPTION Power supply Provides power to the Defense Center through an AC power source Serial port VGA port USB ports Allows you to attach a monitor keyboard and mo...

Страница 128: ...120 VAC 9 5 Ampere maximum at 110 volts 50 60 Hz 4 75 Ampere maximum at 220 volts 50 60 Hz Operating temperature 50 F to 95 F 10 C to 35 C with the maximum rate of change not to exceed 18 F 10 C per h...

Страница 129: ...n x 1 67 in 55 37 cm x 43 82 cm x 4 24 cm Max weight 33 lbs 15 kg Power supply 250 W power supply for 120 VAC 6 0 Ampere maximum at 110 volts 50 60 Hz 3 0 Ampere maximum at 220 volts 50 60 Hz Operatin...

Страница 130: ...operating state The DC1500 Front Panel LEDs table describes the LEDs on the front panel Front Panel Controls Hard Drives RAID 1 Front Panel Components A NIC 2 activity LED G ID LED B NIC 1 activity LE...

Страница 131: ...e fault No light indicates there is no drive activity or the system is powered off or sleeping Drive activity is determined from the onboard hard disk controllers The server board also provides a head...

Страница 132: ...or processor incompatibility critical event logging errors including System Memory Uncorrectable ECC error and fatal uncorrectable bus errors such as PCI SERR and PERR Non critical A non critical cond...

Страница 133: ...nagement interface is used for maintenance and configuration purposes only and is not intended to carry service traffic Alternate eStreamer interface Provides an alternate interface for the eStreamer...

Страница 134: ...nments PIN SIGNAL DESCRIPTION 1 DCD Carrier detect 2 RD Received data 3 TD Transmitted data 4 DTR Data terminal ready 5 GND Ground 6 DSR Data set ready 7 RTS Request to send 8 CTS Clear to send 9 RI R...

Страница 135: ...f the appliance includes controls and LED displays for the front panel Non operating humidity 90 non condensing at 82 4 F 28 C Acoustic noise 7 0 dBA rack mount in an idle state at typical office ambi...

Страница 136: ...ot have power System status Indicates the system status A green light indicates the system is operating normally A blinking green light indicates the system is operating in a degraded condition A blin...

Страница 137: ...or processor incompatibility critical event logging errors including System Memory Uncorrectable ECC error and fatal uncorrectable bus errors such as PCI SERR and PERR Non critical A non critical con...

Страница 138: ...e appliance to its original factory delivered state using the thumb drive delivered with the appliance RJ45 serial port Allows you to establish a direct workstation to appliance connection using an RJ...

Страница 139: ...t activity Indicates activity on the port A blinking light indicates activity No light indicates there is no activity Right link Indicates whether the link is up A light indicates the link is up No li...

Страница 140: ...nments PIN SIGNAL DESCRIPTION 1 DCD Carrier detect 2 RD Received data 3 TD Transmitted data 4 DTR Data terminal ready 5 GND Ground 6 DSR Data set ready 7 RTS Request to send 8 CTS Clear to send 9 RI R...

Страница 141: ...x 1 7 in 66 5 cm x 43 0 cm x 4 3 cm Weight 38 lbs 17 2 kg Power supply Dual 650 W redundant power supplies for 120 VAC 8 5 Amp max at 110 volts 50 60 Hz 4 2 Amp max at 220 volts 50 60 Hz Operating te...

Страница 142: ...devices Optionally you can rack mount the device using a 1U rack mounting kit See the following sections for more information about the appliance 3D500 3D1000 or 3D2000 Chassis Front View on page 142...

Страница 143: ...the device as an intrusion prevention system The 3D500 can monitor one network as an IPS while the 3D1000 and 3D2000 can monitor two networks as an IPS If you want to take advantage of the device s au...

Страница 144: ...workstation to appliance connection This gives you direct access to all of the appliance s management services VGA port Allows you to attach a monitor to the appliance as an alternative to using the s...

Страница 145: ...D2000 Physical and Environmental Parameters PARAMETER DESCRIPTION Form factor 1U rack mounted or desktop device Dimensions D x W x H 6 7 in x 11 8 in x 1 25 in 17 cm x 30 cm x 3 2 cm Power Adapter AC...

Страница 146: ...3D7030 The 3D7010 3D7020 and 3D7030 also called the 70xx Family are 1U appliances one half the width of the rack tray and delivered with eight copper interfaces each with configurable bypass capabilit...

Страница 147: ...111 Sensing interfaces Contain the sensing interfaces that connect to the network For information see Sensing Interfaces on page 149 10 100 1000 Ethernet management interface Provides for an out of ba...

Страница 148: ...is powered up and operating normally or powered down and attached to AC power An amber light indicates a system fault See the 70xx Family System Status table on page 149 for more information Hard dri...

Страница 149: ...power up due to incorrectly installed processors or processor incompatibility critical event logging errors including System Memory Uncorrectable ECC error and fatal uncorrectable bus errors such as P...

Страница 150: ...r The speed of the traffic on the interface is 10Mb or 100Mb Link green The speed of the traffic on the interface is 1Gb Activity blinking green The interface has link and is passing traffic 70xx Fami...

Страница 151: ...USB Ports 70xx Family System Components Rear View FEATURE DESCRIPTION System ID LED Helps identify a system installed in a high density rack with other similar systems The blue LED indicates that the...

Страница 152: ...ASE T Gigabit copper ethernet bypass capable interfaces in a paired configuration Cable and distance Cat5E at 50 m Power supply 200 W AC power supply Voltage 100 VAC to 240 VAC nominal 90 VAC to 264 V...

Страница 153: ...sical and Environmental Parameters on page 161 3D7110 and 3D7120 Chassis Front View The front of the chassis contains the LCD panel USB port front panel and either copper or fiber sensing interfaces 3...

Страница 154: ...he LCD Panel on a Series 3 Device on page 111 Front panel USB 2 0 port Allows you to attach a keyboard to the device Front panel Houses LEDs that display the system s operating state as well as variou...

Страница 155: ...m Status on page 156 for more information Reset button Allows you to reboot the appliance without disconnecting it from the power supply Hard drive activity Indicates the hard drive status A blinking...

Страница 156: ...a threshold crossing associated with the following events temperature voltage or fan non critical threshold crossing chassis intrusion Set fault indication command from system BIOS the BIOS may use th...

Страница 157: ...faces Link LED Activity LED Bypass LED 3D7110 and 3D7120 Copper Link Activity LEDs STATUS DESCRIPTION Both LEDs off The interface does not have link Link amber The speed of the traffic on the interfac...

Страница 158: ...ESCRIPTION Top activity For an inline interface the light is on when the interface has activity If dark there is no activity For a passive interface the light is non functional Bottom link For an inli...

Страница 159: ...o attach a monitor keyboard and mouse to the device to establish a direct workstation to appliance connection 10 100 1000 Ethernet management interface Provides for an out of band management network c...

Страница 160: ...activity on the port A blinking light indicates activity No light indicates there is no activity Right link Indicates whether the link is up A light indicates the link is up No light indicates there...

Страница 161: ...Fiber bypass capable interfaces with LC connectors Cable and distance SX is multimode fiber 850 nm at 550 m standard Power supply 450 W dual redundant 1 1 AC power supplies Voltage 100 VAC to 240 VAC...

Страница 162: ...d Environmental Parameters on page 170 3D7115 and 3D7125 Chassis Front View The front of the chassis contains the LCD panel USB port front panel copper sensing interfaces and SFP sockets 3D7115 and 3D...

Страница 163: ...eries 3 Device on page 111 Front panel USB 2 0 port Allows you to attach a keyboard to the device Front panel Houses LEDs that display the system s operating state as well as various controls such as...

Страница 164: ...page 165 for more information Reset button Allows you to reboot the appliance without disconnecting it from the power supply Hard drive activity Indicates the hard drive status A blinking green light...

Страница 165: ...ctable ECC error and fatal uncorrectable bus errors such as PCI SERR and PERR Non critical A non critical condition is a threshold crossing associated with the following events temperature voltage or...

Страница 166: ...ployments See Using SFP Transceivers on a 3D7115 or 3D7125 on page 251 Link LED Activity LED Bypass LED 3D7115 and 3D7125 Copper Link Activity LEDs STATUS DESCRIPTION Both LEDs off The interface does...

Страница 167: ...Fiber Sample Copper Front with Bale Rear with Contacts Link LED Activity LED 3D7115 and 3D7125 SFP Socket Activity Link LEDs STATUS DESCRIPTION Top activity For an inline interface the light is on whe...

Страница 168: ...cal connectors LC duplex LC duplex Bit rate 1000Mbps 1000Mbps Baud rate encoding tolerance 1250Mbps 8b 10b encoding 1250Mbps 8b 10b encoding Optical interface Multimode Single mode only Operating dist...

Страница 169: ...sed for maintenance and configuration purposed only and is not intended to carry service traffic System ID LED Helps identify a system installed in a high density rack with other similar systems The b...

Страница 170: ...le failure a blown fuse or a fan failure the power supply shuts down Blinking red A power supply warning event such as high temperature or a slow fan the power supply continues to operate Blinking gre...

Страница 171: ...er supply 1 5A maximum for 187 VAC to 264 VAC per supply Frequency range 47 Hz to 63 Hz Operating temperature 5o C to 40o C 41o F to 104o F Non operating temperature 20oC to 70oC 29oF to 158oF Operati...

Страница 172: ...es You can add up to three stacking kits for a total 8U configuration 3D8260 part of the 82xx Family is a 4U configuration with two 2U chassis The primary chassis contains one stacking module and up t...

Страница 173: ...eries chassis can be in the 81xx Family or 82xx Family See Sourcefire Series 3 Information on page 232 for safety considerations for 81xx Family and 82xx Family appliances 81xx Family Chassis Front Vi...

Страница 174: ...amily Front Panel 8000 Series System Components Front View FEATURE DESCRIPTION Module slots Contain the modules For information on available modules see 8000 Series Modules on page 185 LCD panel Opera...

Страница 175: ...re 8000 Series Devices Chapter 6 82xx Family Front Panel 8000 Series Front Panel Components A NIC activity LED F Reset button B Reserved G ID button C Hard drive activity LED H Power button and LED D...

Страница 176: ...een indicates the system is operating normally Blinking green indicates the system is operating in a degraded condition Blinking amber indicates the system is in a non critical condition Amber indicat...

Страница 177: ...is a threshold crossing associated with the following events temperature voltage or fan non critical threshold crossing chassis intrusion Set Fault Indication command from system BIOS the BIOS may us...

Страница 178: ...ment interface and the power supplies 81xx Family Chassis CHAS 1U AC DC Rear View 82xx Family Chassis Rear View The rear view of the chassis contains power supplies connection ports and the management...

Страница 179: ...ess to all of the management services on the device The RJ45 serial port is used for maintenance and configuration purposes only and is not intended to carry service traffic See the 8000 Series RJ45 t...

Страница 180: ...eries Power Supply LEDs LED DESCRIPTION Off The power supply is not plugged in Amber No power supplied to this module OR A power supply critical event such as module failure a blown fuse or a fan fail...

Страница 181: ...Cat5E at 50 m Fiber 10GBASE configurable bypass MMSR or SMLR NetMod Dual port fiber configurable bypass interfaces with LC connectors Cable and distance LR is single mode at 5000 m available SR is mul...

Страница 182: ...0 m Cooling requirements 1725 BTU hour You must provide sufficient cooling to maintain the appliance within its required operating temperature range Failure to do this may cause a malfunction or damag...

Страница 183: ...lable SR is multimode fiber 850 nm at 550 m standard Fiber 1000BASE SX configurable bypass NetMod Quad port fiber configurable bypass interfaces1000BASE SX with LC connectors Cable and distance SX is...

Страница 184: ...Cooling requirements up to 2225 BTU hour You must provide sufficient cooling to maintain the appliance within its required operating temperature range Failure to do this may cause a malfunction or dam...

Страница 185: ...pability See Dual Port 10GBASE MMSR or SMLR Fiber Configurable Bypass NetMod on page 188 for more information a dual port 40GBASE SR4 fiber interface with configurable bypass capability 2U devices onl...

Страница 186: ...opper interfaces Link LED Activity LED Bypass LED Copper Link Activity LEDs STATUS DESCRIPTION Both LEDs off The interface does not have link and is not in bypass mode Link amber The speed of the traf...

Страница 187: ...Link LED Ports Bypass LED Activity LED Fiber Link Activity LEDs STATUS DESCRIPTION Top For an inline or passive interface A blinking light indicates the interface has activity No light indicates ther...

Страница 188: ...d contains two fiber ports and link activity and bypass LEDs 1000BASE SX NetMod Optical Parameters PARAMETER 1000BASE SX Optical connectors LC duplex Bit rate 1000Mbps Baud rate encoding tolerance 125...

Страница 189: ...passive interface A blinking light indicates the interface has activity No light indicates there is no activity Bottom For an inline interface A light indicates the interface has activity No light in...

Страница 190: ...100 ppm Optical interface Multimode Single mode only Operating distance 840 860 nm 850 nm typical 26m 85 ft to 33 m 108 ft for 62 5 m 125 m fiber modal BW 160 to 200 respectively 66 m 216 ft to 82 m 2...

Страница 191: ...interface on a device that is not 40G capable the 40G interface screen on its managing Defense Center web interface displays red A 40G capable device displays 3D 8250 40G on the LCD panel See 8000 Se...

Страница 192: ...affic Steady amber The interface has been intentionally brought down Blinking amber The interface is in bypass mode that is it has failed open 40GBASE SR4 NetMod Optical Parameters PARAMETER 40GBASE S...

Страница 193: ...ity LEDs table to understand copper LEDs Maximum average power at receiver 2 4 dBm Receiver sensitivity 9 5 dBm 40GBASE SR4 NetMod Optical Parameters Continued PARAMETER 40GBASE SR4 Link LED Activity...

Страница 194: ...ers of the fiber interfaces Link LED Activity LED Ports Non Bypass Fiber Link Activity LEDs STATUS DESCRIPTION Top Activity For an inline or passive interface the light flashes when the interface has...

Страница 195: ...o understand the link and activity LEDs on fiber interfaces Transmitter wavelength 770 860 nm 850 nm typical Maximum average launch power 0 dBm Minimum average launch power 9 5 dBm Maximum average pow...

Страница 196: ...00 ppm Optical interface Multimode Single mode only Operating distance 840 860 nm 850 nm typical 26 m 85 ft to 33 m 108 ft for 62 5 m 125 m fiber modal BW 160 to 200 respectively 66 m 216 ft to 82 m 2...

Страница 197: ...le to understand the stacking LEDs Note that the stacking module is available for the 3D8140 and 3D8250 and is included in the 3D8260 3D8270 and 3D8290 Link LED Activity LED Stacking LEDs STATUS DESCR...

Страница 198: ...anding the Restore Process on page 199 Obtaining the Restore ISO and Update Files on page 201 Beginning the Restore Process on page 203 Using the Interactive Menu to Restore an Appliance on page 207 R...

Страница 199: ...ed configuration disrupting traffic on your network Traffic is blocked until you configure bypass enabled inline sets on the device For more information about editing your device configuration to conf...

Страница 200: ...ble you can restore Series 3 appliances and the 3D9900 without having physical access Serial Connection Laptop You can use a serial cable to connect a computer to any Sourcefire appliance except the 3...

Страница 201: ...ds that you always use the most recent ISO image available for your appliance Most Sourcefire appliances use an external USB or internal flash drive to boot the appliance so you can run the restore ut...

Страница 202: ...ins downloading 5 Optionally download system software and intrusion rule updates System software updates are on the same page of the Support Site as the ISO images You can click one of the links on th...

Страница 203: ...agement on page 205 explains how use LOM to start the restore process for a Series 3 appliance via an SOL connection Restoring a DC1000 or DC3000 Using a CD on page 217 explains how to restore a DC100...

Страница 204: ...fire splash screen appears 4 Monitor the reboot status On a DC500 Defense Center or 3D500 1000 2000 device press Ctrl U slowly and repeatedly when the splash screen appears For all other appliances th...

Страница 205: ...ting the Restore Utility Using Lights Out Management SUPPORTED DEVICES Series 3 SUPPORTED DEFENSE CENTERS Series 3 If you need to restore a Series 3 appliance to factory defaults and do not have physi...

Страница 206: ...System_Restore 4 At the boot prompt start the restore utility by typing System_Restore The boot prompt appears after the following choices 0 Load with standard console 1 Load with serial console 5 Typ...

Страница 207: ...in the following table Restore Menu Options OPTION DESCRIPTION FOR MORE INFORMATION SEE 1 IP Configuration Specify network information about the management interface on the appliance you want to rest...

Страница 208: ...sion currently installed on the appliance a two pass restore process is required The first pass updates the operating system and the second pass installs the new version of the system software If this...

Страница 209: ...dentify the management interface on the appliance you want to restore so that the appliance can communicate with the server where you copied the ISO and any update files If you are using LOM remember...

Страница 210: ...and Update Files on page 201 and stored on a web server FTP server or SCP enabled host The interactive menu prompts you to enter any necessary information to complete the download as listed in the fol...

Страница 211: ...sion Rules During Restore If no continue with Downloading the ISO and Update Files and Mounting the Image on page 212 Note that you can use the system s web interface to manually install updates after...

Страница 212: ...are using SCP enter your password when prompted to display the list 3 Select the rule update if any you want to use You do not have to select an update press Enter without selecting an update to cont...

Страница 213: ...ferent major version a first pass by the restore utility updates the appliance s operating system and if necessary the restore utility itself IMPORTANT If you are restoring an appliance to the same ma...

Страница 214: ...s 0 Load with standard console 1 Load with serial console 5 Select a display mode for the restore utility s interactive menu For a keyboard and monitor connection type 0 and press Enter For a serial o...

Страница 215: ...e restore process begins When it completes if prompted confirm that you want to reboot the appliance WARNING Make sure you allow sufficient time for the restore process to complete On appliances with...

Страница 216: ...he best time to save a restore configuration is after you provide the information listed above but before you download and mount the ISO image Note that if you update a restore USB drive to be compati...

Страница 217: ...e Centers you cannot install updates as part of the restore process on those appliances Instead update the appliances afterward To restore a DC1000 or DC3000 using a CD ACCESS Admin 1 Place the restor...

Страница 218: ...cluding bypass configurations for devices deployed inline For more information see Traffic Flow During the Restore Process on page 199 After you restore an appliance you must complete an initial setup...

Страница 219: ...nstraints WARNING Scrubbing your hard drive results in the loss of all data on the appliance which is rendered inoperable To scrub the hard drive ACCESS Admin 1 Follow the instructions in one of the f...

Страница 220: ...refore for IPMItool ipmitool I lanplus H IP_address U username command Or for ipmiutil ipmiutil command V4 J3 N IP_address U username P password LOM Command Syntax IPMITOOL LINUX MAC IPMIUTIL WINDOWS...

Страница 221: ...rial port For more information see the following sections Enabling LOM and LOM Users on page 221 Installing an IPMI Utility on page 222 Redirecting Console Output on page 82 Enabling LOM and LOM Users...

Страница 222: ...y the LOM IP address netmask and default gateway or use DHCP to have these values automatically assigned On 7000 Series devices select Lights Out Management to configure LOM settings 7000 Series devic...

Страница 223: ...evelopment and System Tools in newer versions or Command Line Support in older versions Finally install MacPorts and IPMItool For more information use your favorite search engine or see these sites ht...

Страница 224: ...lines when working with the appliance Sourcefire strongly recommends that you follow industry guidelines for general safety and electromagnetic emissions The following sections include more informatio...

Страница 225: ...the machine 7 Keep your tool case away from walk areas so that other people do not trip over it 8 Do not wear loose clothing that can be trapped in the moving parts of a machine Ensure that your slee...

Страница 226: ...outlet Connect to properly wired outlets any equipment that will be attached to this product When possible use one hand only to connect or disconnect signal cables Never turn on any equipment when th...

Страница 227: ...covers of the laser product could result in exposure to hazardous laser radiation There are no serviceable parts inside the device Use of controls or adjustments or performance of procedures other tha...

Страница 228: ...quirements do not exceed the branch circuit protection requirements Statement 9 CAUTION Hazardous voltage current and energy levels might be present Only a qualified service technician is authorized t...

Страница 229: ...urcefire 3D500 Information on page 230 Sourcefire Series 3 Information on page 232 Sourcefire Defense Center 750 1500 3500 Information This product complies with the following safety standards and cer...

Страница 230: ...B 9254 CNCA Certification China GB 17625 Harmonics CNCA Certification China Certifications Registrations Declarations The following information applies to the DC750 1500 3500 UL Certification US Canad...

Страница 231: ...or by unauthorized changes or modifications to this equipment Unauthorized changes or modifications could void the user s authority to operate the equipment This device complies with Part 15 of the F...

Страница 232: ...s is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Sourcefire Series 3 Information The followin...

Страница 233: ...regulatory compliance of the Series 3 appliances 70xx Family Appliances The following information applies to all 70xx Family appliances Emissions FCC 47 CFR Part 15 Class A digital device EN 55022 201...

Страница 234: ...PR22 2022 Information Technology Equipment Radio Disturbance Characteristics FCC 47 CFR Part 15 Class A digital device Radio Frequency Devices Subpart B Unintentional Radiators ICES 003 Issue 4 Feb 20...

Страница 235: ...able lists the chassis designations for the 7000 Series models available world wide and in the Republic of Korea EC Council Directive 2006 95 EC LVD EC Council Directive 2004 108 EC Electromagnetic co...

Страница 236: ...HARDWARE CHASSIS CODE 3D8120 3D8130 3D8140 AC power CHAS 1U AC 3D8120 3D8130 3D8140 DC power CHAS 1U DC 3D8250 3D8260 3D8270 3D8290 AC power CHAS 2U AC 3D8250 3D8260 3D8270 3D8290 DC power CHAS 2U DC...

Страница 237: ...t 2 NM R2 0 or blank 1 Slot 3 NM C4 0 or blank Slot 4 NM FX4 0 or blank Slot 5 NM FX4 0 or blank Slot 6 NM R2 0 or blank 1 Slot 7 NM C4 0 or blank 3D8250 3D8260 3D8270 3D8290 DC power CHAS 2U DC 0005...

Страница 238: ...fety Notice for Korea Required statement indicating that Sourcefire s equipment is Class A Safety Notice for Japan Safety Notice for Taiwan Waste Electrical and Electronic Equipment Directive WEEE Sou...

Страница 239: ...fety and Regulatory Information Waste Electrical and Electronic Equipment Directive WEEE Chapter 8 For more information contact Sourcefire EMEA C O Seko Benelux BV Operations Valkweg 1 1118 EC Schipho...

Страница 240: ...age Cautions are requirements for proper function Failure to follow cautions may result in improper operation Interface Connections WARNING The intra building ports of the equipment or subassembly are...

Страница 241: ...wing sections See Installation on page 241 for circuit installation voltage current frequency range and power cord information See Grounding Earthing Requirements on page 242 for bonding locations rec...

Страница 242: ...ation A ground bonding location is provided on the rear of the chassis An M4 stud is provided An outside toothed lock washer is provided for attaching a ring terminal A standard ground symbol is avail...

Страница 243: ...nstalled in accordance with the requirements of Article 250 of NFPA 70 National Electric Code NEC Handbook and local electrical codes Separate circuits are required to create redundant power sources U...

Страница 244: ...of the AC power supply is 47 Hz to 63 Hz Frequencies outside this range may cause the appliance to not operate or to operate incorrectly Power Cords The power connections on the power supplies are IEC...

Страница 245: ...ction are 3D8120 8130 8140 CHAS 1U AC CHAS 1U DC or CHAS 1U AC DC 3D8250 8260 8270 8290 CHAS 2U AC CHAS 2U DC or CHAS 2U AC DC These Sourcefire devices are suitable for installation by qualified perso...

Страница 246: ...Same Circuit Installation If the same circuit is used to feed both supplies then the power rating of one supply applies to the whole box This configuration only provides protection from a power suppl...

Страница 247: ...installed Separate Circuit Installation If separate circuits are used each circuit must be rated to the full rating of the appliance This configuration provides for circuit failure and power supply f...

Страница 248: ...rovided The circuit breaker must meet the following requirements UL Recognized CSA Approved Recommended VDE Approved Recommended Support the maximum load 20A Support the installation voltage 40V to 72...

Страница 249: ...s the bonding locations on the 2U chassis Recommended Terminals You must use UL Approved terminals for the ground connection Ring terminals with a clearance hole for 4mm or 8 studs may be used For 10...

Страница 250: ...lies The DC power supplies have additional ground connections on each supply This allows the hot swappable supply to be connected to power return and ground so that it may be safely inserted This grou...

Страница 251: ...sockets and transceivers in a 3D7115 and 3D7125 3D7115 and 3D7125 SFP Sockets and Transceivers on page 251 Inserting an SFP Transceiver on page 253 Removing an SFP Transceiver on page 254 3D7115 and...

Страница 252: ...gh 12 in a vertical pattern and oriented in a tab to center configuration the upper row faces up and the lower row faces down The accompanying LEDs to the left of the sockets display information on ac...

Страница 253: ...loyment you can use any combination of transceivers in up to eight sockets to monitor up to eight network segments For an inline deployment you can use any combination copper fiber or mixed of transce...

Страница 254: ...discharge ESD procedures when removing the transceiver Avoid touching the contacts at the rear and keep the contacts and ports free of dust and dirt To remove an SFP transceiver 1 Disconnect all cabl...

Страница 255: ...ppliance The following sections describe how to insert remove or replace an 8000 Series module Module Slots on the 8000 Series Appliances on page 255 Included Items on page 257 Identifying the Module...

Страница 256: ...ing module see Using Devices in a Stacked Configuration on page 74 81xx Family The 81xx Family appliances can use the modules in the following slots Stacking Configuration Considerations Configure the...

Страница 257: ...Copper Configurable Bypass NetMod on page 186 quad port 1000BASE SX fiber configurable bypass NetMod For more information see Quad Port 1000BASE SX Fiber Configurable Bypass NetMod on page 187 dual po...

Страница 258: ...more information see Stacking Module on page 197 If you install a NetMod in an incompatible slot on your appliance or a NetMod is otherwise incompatible with your system an error or warning message a...

Страница 259: ...ng Devices in a Stacked Configuration on page 74 3D8140 slot 3 3D8250 8260 primary slot slot 5 3D8270 primary slots slots 5 and 1 3D8290 primary slots slots 5 1 and 4 3D82xx secondary slot S Confirm t...

Страница 260: ...and reserve the T8 Torx screw from the lever of the module using the included screwdriver 2 Pull the lever away from the module to release the latch 3 Slide the module out of the slot Inserting a Mod...

Страница 261: ...C To insert a module or slot cover 1 Remove and reserve the T8 Torx screw from the lever of the module using the included screwdriver 2 Pull the lever away from the module to open the latch The near e...

Страница 262: ...ever toward the module so that the latch engages and pulls the module into the slot WARNING Do not use excessive force If the latch does not engage remove and realign the module and then try again Nea...

Страница 263: ...nserting a Module or Slot Cover Appendix C 5 Press firmly on the screw hole to push the lever fully against the module to secure the latch The lever is fully against the module and the module is flush...

Страница 264: ...evention file control and advanced malware protection features and also determines the traffic you can inspect with the discovery feature access control policy A policy that you apply to managed devic...

Страница 265: ...fic event You can alert based on intrusion events including their impact flags discovery events malware events correlation policy violations health status changes and connections logged by specific ac...

Страница 266: ...on about your monitored network using intrusion connection file geolocation malware and discovery policy Distinct sections present information in the form of vivid line bar pie and donut graphs accomp...

Страница 267: ...onent of intrusion detection and prevention that places sniffed packets into a format that can be understood by a preprocessor default action As part of an access control policy determines how to hand...

Страница 268: ...about the changing health status of appliances your use of the web interface rule updates and launched remediations Finally the system presents certain other information as events even though these ev...

Страница 269: ...tion based FireAMP deployment FireAMP subscription A separately purchased subscription that allows your organization to use FireAMP as an advanced malware protection AMP solution Compare with a Malwar...

Страница 270: ...A feature that allows you to import data from third party sources using scripts or command line files to augment the information in the network map The web interface also provides some host input fun...

Страница 271: ...iolations and security breaches The system compares packets against rule conditions If the packet data matches the conditions the rule triggers and generates an intrusion event Intrusion rules include...

Страница 272: ...s the file or allows its upload or download Compare this functionality with FireAMP Sourcefire s endpoint based AMP tool that requires a FireAMP subscription malware event An event generated by one of...

Страница 273: ...data the system collects for specific network segments including networks monitored by NetMod enabled devices The network discovery policy also manages import resolution preferences and active detect...

Страница 274: ...specific GID generator ID protected network Your organization s internal network that is protected from users of other networks by a device such as a firewall Many of the intrusion rules delivered wi...

Страница 275: ...rules shared object rules and preprocessor rules A rule update may also delete rules modify default intrusion policy settings and add or delete system variables and rule categories scheduled task An...

Страница 276: ...tures Series 2 devices include the 3D500 3D1000 3D2000 3D2100 3D2500 3D3500 3D4500 3D6500 and 3D9900 Series 2 Defense Centers include the DC500 DC1000 and DC3000 Series 3 The third series of Sourcefir...

Страница 277: ...database table When performing event analysis you can use drill down pages to constrain the events you want to investigate before moving to the table view that shows you the details about the events y...

Страница 278: ...r awareness A feature that allows your organization to correlate threat endpoint and network intelligence with user identity information and that allows you to perform user control user control A feat...

Страница 279: ...VLAN In Layer 2 and Layer 3 deployments you can configure virtual switches and virtual routers on managed devices to appropriately handle VLAN tagged traffic VPN A feature that allows you to build se...

Страница 280: ...efire 3D System User Guide 280 web application to zone Glossary web application A type of application that represents the content of or requested URL for HTTP traffic widget See dashboard widget zone...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды