mvm2200 appliance hardware guide - mcafee · network recommendations although the appliance...

McAfee MVM2200 Appliance

Appliance Guide

COPYRIGHT

Copyright © 2014 McAfee, Inc. Do not copy without permission.

TRADEMARKS

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,

McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,

McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,

TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States

and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS

FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU

HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR

A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS

SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF

PURCHASE FOR A FULL REFUND.

McAfee Vulnerability Manager Appliance Guide 700-4283A00

McAfee MVM2200 Appliance Guide iii

Contents

Introducing McAfee Vulnerability Manager ..................................................... 5 Audience .......................................................................................................................... 5 Find product documentation ............................................................................................... 5 Before installing the appliance............................................................................................. 5

Network recommendations, hardware specifications, and environment requirements ........... 6

Unpacking the appliance ................................................................................. 6 MVM2200 front panel description ......................................................................................... 7 MVM2200 back panel description ......................................................................................... 8

Install the hardware ....................................................................................... 8 Positioning the appliance .................................................................................................... 8 Installing the appliance in a rack ......................................................................................... 9 Connecting the appliance to power and the network .............................................................. 9 Starting the appliance ........................................................................................................ 9 Using the appliance wizard ................................................................................................. 9 Using the Network Security Wizard .................................................................................... 10 Resetting the appliance to factory defaults ......................................................................... 12 Virtual local area network on the appliance ......................................................................... 12

Accessing the VLAN properties on the NIC card ............................................................. 12

Troubleshooting ........................................................................................... 13 The appliance is not receiving power .................................................................................. 13 The appliance is not communicating with the network .......................................................... 13

McAfee MVM2200 Appliance Guide 5

Introducing McAfee Vulnerability

Manager McAfee Vulnerability Manager is an agentless network scanner that helps you identify and protect the

assets (systems) on your network. This protection allows managers to monitor and respond to changing risks in their environment.

Audience This guide is intended for administrators responsible for adding an MVM2200 to their existing McAfee Vulnerability Manager deployment.

Find product documentation McAfee provides the information you need during each phase of product implementation, from installing to using and troubleshooting.

1 Go to the McAfee Product Download (https://secure.mcafee.com/apps/downloads/my-products/login.aspx) site.

2 Type in your grant number, then click Submit.

3 Select McAfee Vulnerability Manager.

After a product is released, information about the product is entered into the McAfee online KnowledgeBase at http://mysupport.mcafee.com.

Before installing the appliance Before you install the appliance, we recommend that you do the following:

Read the provided safety information.

Make sure that you have selected a suitable location for installing the appliance.

Check that you have all the necessary equipment and components as described in this document.

Familiarize yourself with the appliance NIC ports and connectors as described in this document.

Know the ports and IP address to be used by the appliance.

Know the location or port number of the configuration manager.

Determine a host name for the appliance. Make sure that the name can be resolved from the enterprise manager server. This is done by adding the name to the hosts file on the enterprise manager server, or by registering the name in the Domain Name Server (DNS).

Caution

To ensure the safe operation of the appliance, read all documentation before installing.

Appliance power on/off – the push-button on/off power switch on the front panel of the appliance – does not turn off the AC power. To remove AC power from the appliance, you must unplug the AC power cord from the power supply or wall outlet.

https://secure.mcafee.com/apps/downloads/my-products/login.aspx

https://secure.mcafee.com/apps/downloads/my-products/login.aspx

http://mysupport.mcafee.com/

Unpacking the appliance

Before installing the appliance


Warning

The power supplies in your system might produce high voltages and energy hazards, which can cause bodily harm. Do not remove the cover. Only trained service technicians are authorized to remove the covers and access any of the components inside the system.

Hazardous conditions – devices and cables: Hazardous electrical conditions might be present on power, telephone, and communication cables. Turn off the appliance and disconnect telecommunications systems, networks, modems, and the power cords attached to the appliance before opening it. Otherwise, personal injury or equipment damage can result.

Avoid injury: Lifting the appliance and attaching it to the rack is a two-person job. The appliance weighs approximately 15 kg (33 lb).

Network recommendations, hardware specifications, and environment requirements

This section describes the network recommendations, hardware specifications, and environmental requirements for the appliance.

Network recommendations

Although the appliance supports both DHCP and static IP address networks, McAfee strongly recommends that you use static IP addresses.

In addition, McAfee recommends having a DNS server on your network. This allows reverse mapping

between discovered IP addresses and host names, providing better reports and more information from your scans. It also provides the ability to specify credentials using fully-qualified domain names.

Hardware specifications and environmental requirements

Dimensions

1.70” (43mm) H x 17.25” (438mm) W x 22.25” (565mm) D

Power delivery

Power Supply 350 watt AC power supply, fixed, non-redundant

Environment

Ambient Temperature

Operating: +10°C to +35°C, with a maximum rate of change not to exceed 10°C per hour.

Non-operating: -40°C to +70°C

Non-Operational Humidity

50% to 90%, non-condensing with a maximum wet bulb of 28°C (at temperatures from 25°C to 35°C)

Unpacking the appliance Carefully unpack and remove the contents of the shipping box. Verify that you have all of the

components listed. If you do not, contact McAfee Technical Support.

You should have the following:

McAfee Vulnerability Manager 2200 Appliance

Accessory kit, containing:

Unpacking the appliance

MVM2200 front panel description


Power cord

Rack mount kit, containing:

Rails (2)

Fastener pack, containing screws

Accessory bag, containing:

Safety Warning document

McAfee Vulnerability Manager 2200 Appliance Installation Guide

USB flash drive – Restore to factory default image

USB flash drive – Hardware diagnostics tool

McAfee Limited Warranty on Hardware document

MVM2200 front panel description The following illustration shows the location of connectors and indicator lights on the front panel of the appliance.

Figure 1: MVM2200 front panel

Front panel connectors

A USB ports

B System ID button (with integrated LED)

C NMI Button (recessed, tool required for use)

D NIC-1 activity LED

E NIC-3 Activity LED (Not used)

F Reset button

G System status LED

H Power button (with integrated LED)

I Hard Drive activity LED

J NIC-4 activity LED (Not used)

K NIC-2 activity LED

Install the hardware

Positioning the appliance


MVM2200 back panel description The following illustration shows the locations of connectors on the back panel of the appliance.

Figure 2: MVM2200 back panel

Back panel connectors

A AC power connector

B Power supply status LED

C NIC 1 and 2

D Empty slot for PCI Express add-in

E Serial port

F Video out

G Dual USB 2.0 ports

H Dual USB 3.0 ports

I Empty slots for IO module external connectors

Install the hardware This section describes how to attach rails and mount the appliance in a rack.

Positioning the appliance The appliance must be installed in a suitable location, such as a rack. Since it is designed to be

operated remotely, physical access to the appliance is needed only for initial setup. Initial setup


Using the appliance wizard


requires attaching a single network cable to the back of the appliance. Once the network setup is finished, physical access to the appliance is necessary only to reset the appliance.

A rack mounting kit is supplied with the appliance so you can install the appliance in a 19-inch rack, as described in the following rack mounting instructions.

Installing the appliance in a rack Use the rack mounting kit included with the appliance to install the unit. Follow the rack installation instructions that are included with the rack mounting kit.

Connecting the appliance to power and the network Once you have installed the appliance in the rack, connect it to the power source and to your

network. Connect a monitor, keyboard, and mouse, which are required to configure the McAfee Vulnerability Manager software.

1 Plug the AC cord into the back of the appliance, then plug the other end of the cord into an appropriate power source.

2 Connect a network cable to each network interface card (NIC). If only one NIC is required,

connect the network cable to NIC 1. See the MVM2200 back panel description (page 8) for more information.

3 Connect a monitor, mouse, and keyboard to the rear of the appliance.

Note: Once the initial installation and configuration are completed, you can manage the

appliance from a remote computer. To access the appliance using RDP, RDP must be enabled.

Starting the appliance After the appliance hardware is set up, you can turn on the appliance. The BIOS on the MVM2200 is password-protected and you have the option of changing it.

1 Turn on the power for the appliance using the power button on the front panel.

2 If you want to change the BIOS password, press F2 during the boot process. The factory default BIOS password is MCAFEE. Change the password to one that follows your security guidelines. Once it’s changed, press F10 to save and reboot.

3 During the operating system setup, type a password for the applianceadmin user.

4 When the appliance has finished booting, the appliance wizard appears. Follow the wizard to configure the appliance.

Using the appliance wizard Once the appliance is turned on and the operating system setup is complete, the setup wizard appears to guide you through configuring the IP address and port number for the appliance.

After the setup is complete, the appliance appears in the configuration manager as a scan engine. You can then assign the scan engine to a scan controller.


Using the Network Security Wizard


1 From the Welcome screen, click Next.

2 From the Restore Appliance Settings screen, select No, then click Next.

3 Select a network interface to configure (the appliance has two network interface cards installed).

If you use only one and want to disable the other, select the network interface you want to disable, then deselect Enable.

4 Select dynamic host configuration protocol (DHCP) or static IP addressing, then click Next.

a If you use DHCP, make sure Obtain IP addressing automatically is selected.

b If you use a static IP address, deselect Obtain IP addressing automatically, type the IP address,

subnet mask, default gateway, and DNS server information.

5 Type in the address (IP address or fully-qualified domain name) for the configuration manager,

then click Next. If the configuration manager uses a custom port number, deselect Use Default Port, type in the port number used by the configuration manager.

Note: You can type a NetBIOS name, but it only works when the name can be properly resolved.

6 Type the database address (IP address, fully-qualified domain name, or host name), then the Faultline user name and password. Optionally, you can include the SQL port or SQL instance name with the database address.

7 Click Test Credentials to test the Faultline user password and then click Next. If the test fails, retype the password. Also make sure the database is online and the appliance can connect to it.

8 Review the settings for the appliance, then click Apply. The MVM2200 appliance communicates

with the configuration manager. The configuration manager then sends information back to the appliance, including which product version you are currently using.

9 Click Restart Appliance.

Using the Network Security Wizard Use the Advanced setup in the Network Security Wizard to adjust the system firewall settings, change service communication ports, and add additional rules for your network security settings.

Caution: If you leave an IP address field blank, the service is open to any host on the network.

1 Select Start | All Programs | McAfee | MVM Network Security Wizard | Configure

Network Security.

2 On the Welcome screen, click Next.

3 Select the Windows Advanced Firewall profiles, ICMP Echo Requests, and Edge Traversal options.

Windows Advanced Firewall profiles – Select the firewall profiles (Domain, Public, Private) that should be modified by the Network Security wizard.

Allow ICMP Echo Requests – Select this option to allow the appliance to respond to ICMP echo requests (ping).

Enable Edge Traversal – Select this option to make sure that inbound tunneled traffic is

passed through the firewall. If devices in your McAfee Vulnerability Manager environment tunnel traffic, select this checkbox.

4 Select Advanced, then click Next.

5 If a scan controller is installed, select Scan Controller Firewall options, then click Next. The

Scan Controller Firewall allows you to specify host IP address ranges that are permitted to access the scan controller.

Allow access to the Scan Controller – Allow other systems access to the scan controller.

Allow all hosts – Allow all hosts access to the scan controller.


Using the Network Security Wizard


Allow only these hosts – Allow only the IP addresses specified access to the scan controller. Type in the IP addresses or address ranges.

Override Default Port – Change the scan controller service port. Type in a port number.

6 Select the Remote Desktop Firewall options, then click Next.

Enable Remote Desktop service – Enable the remote desktop service on this system.

Allow all hosts – Allow all hosts remote access to this system.

Allow only these hosts – Allow only the IP addresses specified remote access to this system. Type in the IP addresses or address ranges.

Override Default Port – Change the remote desktop service port. Type in a port number.

7 Create additional firewall rules, then click Next. When you add or edit a firewall rule, you must click OK to save your settings.

Add – Add a custom firewall rule.

Edit – Edit the selected firewall rule.

Delete – Delete the selected firewall rule.

The following options are available when you create or edit a firewall rule.

Service Name – Type the name of the service.

Protocol – Select the TCP or UDP protocol.

Service Port – Type the port number used by the service.

Allow access to the service – Open this service to other hosts.

Allow all hosts – Allow all hosts access to this service.

Allow only these hosts – Allow only the IP addresses specified access to this service. Type in the IP addresses or address ranges.

Figure 3: Custom firewall rules

8 On the Confirm Settings screen, click Apply to confirm the firewall settings.

9 On the Firewall Configuration Complete screen, click Finish to restart the system.

Note: If you selected Advanced and then accepted the default settings, the Network Security

Wizard doesn't prompt you to restart the appliance. If this happens, restart the appliance. Some changes don't take effect until after the system is restarted.


Virtual local area network on the appliance


10 Log on with the administrator account name and password you created in the previous steps.

Note: McAfee recommends running McAfee Vulnerability Manager Update after upgrading to

make sure you have the latest product updates.

Resetting the appliance to factory defaults Resetting the MVM2200 to factory defaults overwrites all existing data on the appliance and applies the factory default (fresh) image, stored on the USB flash drive.

1 Connect a keyboard, mouse, and monitor to the appliance.

2 Insert the McAfee Vulnerability Manager restore to factory image USB flash drive (2200 W2K8R2 Image) into the USB port and restart the appliance.

3 Press F6 to select a boot option, enter the BIOS password, then choose to boot the recovery image using USB.

4 On the system installation screen, click Restore to continue. The restoration process might take several minutes.

5 When the restoration process is complete, system reboots.

6 Once the MVM2200 has started, type a password for the “applianceadmin” account, then retype it to confirm. The system reboots again.

7 Once the MVM2200 has rebooted, log on using “applianceadmin” credentials and the password entered in the previous step. The MVM2200 Setup Wizard appears.

Virtual local area network on the appliance A virtual local area network (VLAN) allows you to group systems together and allows those systems to communicate as if they were on the same local area network, even if those systems are not located on the same physical network. The MVM2200 supports up to 64 VLANs.

There are two types of VLANs:

Tagged VLANs are based on the IEEE 802.1Q specification. Each packet has a four-byte tag added to the packet header. The switch must support IEEE 802.1Q tagging and be properly configured. Check your switch documentation for the correct switch configuration.

Untagged or Port-based VLANs are statically configured on the switch. They are transparent to connected devices.

For additional information on VLANs, visit the Intel Networking website.

Accessing the VLAN properties on the NIC card

You can enter your VLAN information on the VLAN properties tab of the appliance NIC card.

Note: You must be logged on as the console administrator if you are connecting to the appliance

using RDP.

Troubleshooting

The appliance is not communicating with the network


1 Log on to the appliance.

2 Select Start |Control Panel.

3 Select Hardware, then select Device Manager.

4 Under Network adapters, right-click a network adapter and select Properties.

5 Select the VLAN tab, then click New. Type in your VLAN information and select your options.

6 Click OK.

Troubleshooting This section provides information on common issues that you might encounter as you configure and use the appliance.

The appliance is not receiving power Check the following:

The appliance is connected properly to a working power outlet, using the supplied power cord. If the power outlet has a switch, make sure it is on.

The power cord is plugged in to the back of the appliance.

If the appliance is still not receiving power, check the power outlet by plugging other equipment into it. If the power outlet is working, there is a problem with the appliance or its power cord. Contact your supplier or McAfee Technical Support.

The appliance is not communicating with the network Check the following:

The appliance is turned on and its software is running, indicated by the lights on the front display panel.

The network cables that you are using are undamaged and connected properly to the appliance ports and your existing network equipment. Ensure that the cables you use are the correct specification.

You have used the correct LAN ports when connecting the appliance to your existing network equipment.

There are no IP address conflicts.

If the appliance is still not receiving network traffic, check the network cables and the network ports on your existing network equipment. If the cables and ports are working, there is a problem with the appliance. Contact your supplier or McAfee Technical Support.

McAfee Vulnerability Manager Appliance Guide 700-4283A00

mvm2200 appliance hardware guide - mcafee · network recommendations although the appliance...

Documents