McAfee GUARD DOG 2 Installationsanleitung PDF herunterladen (Seite 9)

McAfee

IntruShield

IPS System IntruShield Best Practices

Special Topics: Best Practices Ensuring connectivity between the sensor and other network devices

This pushes the sensor into Layer2 Passthru (L2) mode, causing traffic to flow

through the sensor while bypassing the detection engine. Check to see whether

your services are still affected; if they are, then you have eliminated certain sensor

hardware issues; the problem could instead be a network issue or a configuration

issue. (The

layer2 mode deassert command pushes the sensor back to detection

mode.)

 McAfee recommends that you configure Layer2 Passthru Mode on each sensor.

This enables you to set a threshold on the sensor that pushes the sensor into L2

bypass mode if the sensor experiences a specified number of errors within a

specified timeframe. Traffic then continues to flow directly through the sensor

without passing to the detection engine.

 Connect a fail-open kit, which consists of a bypass switch and a controller, to any GE

monitoring port pairs on the sensor. If a kit is attached to the sensor, disabling the

sensor ports forces traffic to flow through the bypass switch, effectively pulling the

sensor out of the path. For FE monitoring ports, there is no need for the external kit.

Sensors with FE ports contain an internal tap; disabling the ports will send traffic

through the internal tap, providing fail-open functionality.

Ensuring connectivity between the sensor and other

network devices

The most common sensor deployment problems relate to configuration of the

monitoring port speed and duplex settings. Speed determination issues may result in

no connectivity between the sensor and its network device partners on either side.

Duplex mismatches

A duplex mismatch (e.g., one end of the link in full-duplex and the other in half-duplex)

may result in performance issues, intermittent connectivity, and loss of

communication. It can also create subtle problems in applications. For example, if a

Web server is talking to a database server through an Ethernet switch with a duplex

mismatch, small database queries may succeed, while large ones fail due to a timeout.

Manually setting the speed and duplex to full-duplex on only one link partner generally

results in a mismatch. This common issue results from disabling auto-negotiation on

one link partner and having the other link partner default to a half-duplex configuration,

creating the mismatch. This is the reason why speed and duplex cannot be hard-coded

on only one link partner. If your intent is not to use auto-negotiation, you must manually

set both link partners' speed and duplex settings to full-duplex.

Caution

Note that the sensor will need to reboot to move out of L2 mode only if the sensor

entered L2 mode because of internal errors. (It does not need a reboot if the layer2

mode assert command was used to put the sensor into L2 mode).

A sensor reboot breaks the link connecting the devices on either side of the sensor

and requires the renegotiation of the network link between the two devices

surrounding the sensor.

Depending on the network equipment, this disruption should range from a couple of

seconds to more than a minute with certain vendors’ devices.

A very brief link disruption might occur while the links are renegotiated to place the

sensor back in in-line mode.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 ... 24 25

Kommentare zu diesen Handbüchern

Keine Kommentare

McAfee GUARD DOG 2 Installationsanleitung Seite 9

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Nein McAfee GUARD DOG 2