Your SlideShare is downloading. ×

test upload

2,158

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,158
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. McAfee Firewall Enterprise Control ® Center (CommandCenter™) Administration Guide version 4.0.0.04
  • 2. COPYRIGHT Copyright © 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions This product includes software developed by Inferno Nettverk A/S, Norway. Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002 Inferno Nettverk A/S, Norway. All rights reserved. This product includes software developed by Todd C. Miller. Copyright (c) 1996 Todd C. Miller <Todd.Miller@courtesan.com> All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. Copyright (c) 1983, 1988, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved. This product includes software developed by Red Hat, Inc. Copyright Red Hat, Inc., 1998, 1999, 2001, 2002. This product includes software developed by Julianne F. Haugh. Copyright 1988 - 1997, Julianne F. Haugh. All rights reserved. This product includes software developed by Info-ZIP. Copyright (c) 1990-2004 Info-ZIP. All rights reserved. This product includes software developed by the Apache Software Foundation http://www.apache.org. Copyright (c) 1999, 2000 The Apache Software Foundation. All rights reserved. This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). Copyright (c) 2000 Carnegie Mellon University. All rights reserved. This product includes software developed by Ian F. Darwin and others. Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. This product includes software developed by Silicon Graphics, Inc. Copyright (c) 1991-1997. Portions by Sam Leffler. Copyright (c) 1988-1997. This product includes software developed by Purdue Research Foundation, West Lafayette, Indiana 47907. Copyright 2002. All rights reserved. Portions by Victor A. Abell This product includes software developed by Thomas E. Dickey <dickey@invisible-island.net>. Copyright 1997-2002, 2003. All Rights Reserved. This product includes software developed by David L. Mills. Copyright (c) David L. Mills 1992-2001. This product includes software developed by University of Cambridge. Copyright (c) 1997-2001 University of Cambridge; ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ This product contains db4 software - Portions distributed by Sleepycat Software. Copyright (c) 1990-2001 Sleepycat Software, and by The President and Fellows of Harvard University, copyright (c) 1995, 1996. All rights reserved. This product includes software developed by Keith Packard. Copyright © 2001,2003. This product includes krb5 software developed by the Massachusetts Institute of Technology, Copyright (c) 1985-2001. This product includes libjpeg software developed by Thomas G. Lane, Copyright (C) 1991-1998. All Rights Reserved. This software is based in part on the work of the Independent JPEG Group. This product includes libradius software developed by Juniper Networks, Inc., Copyright 1998. All rights reserved. This product includes LInux LOader (LILO) software developed in part by Werner Almesberger, Copyright 1992-1998. Portions by John Coffman, Copyright 1999-2005. All rights reserved. This product includes software developed by The OpenSSL Project for use in the OpenSSL Toolkit. (http:// www.openssl.org) Copyright © 1998-2006. The toolkit includes cryptographic software written by Eric Young (eay@cryptsoft.com). Copyright (c) 1995-1998. This product includes software written by Tim Hudson (tjh@cryptsoft.com) Copyright (c) 1993-2001 Spread Concepts LLC. All rights reserved. This product includes software developed by The XFree86 Project, Inc. (http://www.xfree86.org/) and its contributors. Copyright (C) 1994-2004 The XFree86 Project, Inc. All rights reserved. Part of the software embedded in this product is gSOAP software. Portions created by gSOAP are Copyright (C) 2001-2004 Robert A. van Engelen, Genivia Inc. All Rights Reserved. This product includes software developed by Internet Systems Consortium, Inc. Copyright © 2004-2006 Internet Systems Consortium, Inc. ("ISC"). Copyright © 1996-2003 Internet Software Consortium. This product includes software developed by Jython Developers. Copyright © 2000-2007 Jython Developers. All rights reserved. This product contains certain other third party software which include the following additional terms: Redistribution and use in source and binary forms of the above listed software, with or without modification, are permitted provided that the following conditions are met: 1 Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2 Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3 Neither the name of the author may be used to endorse or promote products derived from this software without specific prior written permission. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  • 3. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LICENSORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes or may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format that the source code also be made available to those users. For any such software, the source code is made available in a designated directory created by installation of the Software or designated internet page. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in the McAfee End User License Agreement, then such rights shall take precedence over the rights and restrictions herein. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  • 4. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  • 5. Contents About this Document 11 1 Introduction 13 About the McAfee Firewall Enterprise Control Center (CommandCenter) . . . . . . . . . . . . . . . . . . . . . . . . . 13 Features of the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 About the Client Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Reporting and Monitoring Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Software Updates Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2 Administrator Basics 19 Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server . . . . . . . 19 Configuring the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Logging into the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Managing configuration data for the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Backing up configuration data for the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Restoring configuration data to the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Disaster recovery restoration for Management Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Restoring a standalone Management Server that has failed completely . . . . . . . . . . . . . . . . . . . . . . . 34 Restoring a primary Management Server that has failed completely and that is part of a high availability (HA) pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Restoring a backup Management Server that has failed completely and that is part of a high availability (HA) pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Restoring both Management Servers in a high availability (HA) pair that have failed completely . . . . . . 37 Adding firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Adding firewalls by using rapid deployment registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Adding firewalls by using manual registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Managing firewall interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Routed mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Transparent (bridged) mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Navigating the Control Center user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Administration Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Configuration Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Reporting and Monitoring Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Software Updates Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Administration Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Configuration Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Reporting and Monitoring Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Software Updates Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Customizing a toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Administration Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Configuration Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Reporting and Monitoring Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Software Updates Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3 Administration Tool 79 Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Configuring Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Changing user passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Control Center roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Managing roles for Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Activating configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 5
  • 6. Configuring configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Moving a firewall or cluster from one configuration domain to another . . . . . . . . . . . . . . . . . . . . . . . 96 Changing from one configuration domain to another . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Configuration domain version management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuration domain version management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Managing versions of configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Audit data management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Managing audit trail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Configuring change tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Control Center Management Server licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Managing Control Center licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Configuring common license information for the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Configuring Control Center network settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 System settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Configuring system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Viewing the status of your backup Management Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Creating backup files of your Management Server data by using the GUI . . . . . . . . . . . . . . . . . . . . 123 Restoring the Management Server configuration files from a backup file . . . . . . . . . . . . . . . . . . . . . 126 Uploading a backup configuration file from the Client to the Management Server . . . . . . . . . . . . . . . 128 Changing login information for remote system backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Setting the date and time on the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Restarting the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 ePolicy Orchestrator settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Configuring access to the ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Viewing ePolicy Orchestrator host data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 How High Availability (HA) works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 HA configuration and status support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring the High Availability (HA) feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Removing the High Availability (HA) configuration feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Configuring Control Center user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Control Center Authentication Configuration window: Authentication Servers tab . . . . . . . . . . . . . . . 150 Configuring external authentication servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 4 Configuration Tool Overview 153 Configuration Tool . . . . . . . . . . . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Configuration Tool operations . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Configurable objects . . . . . . . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Viewing details about objects . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 5 Configuration Tool - Firewalls 163 Firewall objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 163 McAfee Firewall Enterprise (Sidewinder) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 164 Registering your firewalls by using the rapid deployment option . . . . . . . . . . . . . . . . .. .. ... . . . . 164 Registering a firewall manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 166 Retrieving firewall components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 168 Configuring settings for a standalone firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 169 Configuring the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 170 Firewall window-related tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 204 Converting network objects in rules for the IPv6 protocol . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 204 Deleting firewall objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 213 McAfee Firewall Enterprise (Sidewinder) clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 215 Managing clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 215 Configuring, promoting and demoting cluster objects and cluster nodes . . . . . . . . . . .. .. ... . . . . 216 Overview of configuring a cluster on the McAfee Firewall Enterprise Admin Console . . .. .. ... . . . . 225 Adding a cluster that was created on the McAfee Firewall Enterprise Admin Console . . .. .. ... . . . . 226 Configuring configuration information for a cluster . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 228 Modifying cluster interface properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 253 Configuring configuration data for a cluster member . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 255 Device groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 261 Configuring groups of related device objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 261 6 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 7. 6 Configuration Tool - Firewall Settings 263 Firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Common (global) settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Configuring common (global) settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Audit export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Configuring audit archive settings for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 McAfee Firewall Profiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Configuring McAfee Firewall Profiler settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Firewall Reporter / Syslog settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Configuring the exportation of audit data to a McAfee Firewall Reporter or to designated syslog servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 274 Network defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 278 Configuring network defense audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 279 Managing servers and service configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 291 Viewing and managing IPS signatures by using the IPS Signature Browser . . . . . . . . . . . .. .. .. . . . . . 302 TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 304 Configuring TrustedSource settings for rules and mail filtering . . . . . . . . . . . . . . . . . .. .. .. . . . . . 305 Virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 308 Configuring virus scanning properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 308 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 310 Creating Quality of Service profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 311 DNS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 312 Configuring DNS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 315 Scheduled jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 322 Scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 322 Third-party updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 326 Configuring third-party update schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 326 Software update package status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 331 Establishing a schedule to check for software updates . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 331 7 Configuration Tool - Policy 333 Policy objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Network objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 Configuring endpoints (network objects) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 Creating adaptive endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Creating Geo-Location objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Configuring burbs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Configuring groups of burb objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Configuring groups of endpoint objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Importing network objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Configuring proxy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Configuring filter services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Configuring service groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Configuring HTTP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Configuring HTTPS application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Configuring Mail (Sendmail) application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Configuring Mail (SMTP proxy) application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 Configuring Citrix application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 Configuring FTP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Configuring IIOP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Configuring T120 application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Configuring H.323 application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Configuring Oracle application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Configuring MS SQL application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Configuring SOCKS application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Configuring SNMP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Configuring SIP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 Configuring SSH application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Configuring Packet Filter application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Configuring application defense groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 7
  • 8. IPS inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 419 Configuring IPS response mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 420 Configuring IPS signature groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 421 Authentication services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 424 Configuring password authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 426 Configuring passport authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 428 Configuring RADIUS authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 431 Configuring Safeword authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 435 Configuring Windows Domain authenticators . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 438 Configuring iPlanet authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 440 Configuring Active Directory authenticators . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 445 Configuring OpenLDAP authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 450 Configuring custom LDAP authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 455 Configuring CAC authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 459 Firewall users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 461 Firewall administrators, users, user groups, and external groups . . . . . . . . . . .. ... .. .. . . . . . . . 461 Configuring firewall users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 462 Configuring firewall administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 464 Configuring firewall user groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 468 Configuring external firewall groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 469 Time periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 470 Managing time periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 470 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 471 Configuration features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 472 Components and considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 474 Client configurations and XAUTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 475 Creating VPN channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 475 Managing firewall certificates for VPN gateways . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 481 Configuring VPN gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 482 Configuring VPN peer objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 484 Building Star, Mesh, and remote access VPN communities . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 491 Creating a network configuration for a VPN client . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 507 Defining fixed addresses for VPN clients . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 510 Adding a VPN client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 511 CA certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 512 Managing certificate names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 514 Creating certificates or importing them into the certificate database . . . . . . . . .. ... .. .. . . . . . . . 515 Importing certificates into the known certificates database . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 518 Exporting certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 519 Loading certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 522 Managing remote certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 523 Bypassing IPsec policy evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 525 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 527 How rules work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 527 Rule management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 528 Creating, viewing, or modifying rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 528 Configuring columns to display on the Rules page . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 532 Configuring rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 533 Configuring default settings for creating rules . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 540 Replacing objects in rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 541 Verifying the objects to be replaced in your rules . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 543 Filtering rules to display on the Rules page . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 545 Loading and managing previously saved rule filters . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 549 Displaying filtered rules on the Rules page . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 550 Configuring groups of rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 551 Merging rules with common elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 552 Deleting duplicate rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 556 Viewing configuration information for duplicate rules . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 558 URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 559 Viewing your URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 559 Configuring URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 560 Alert processing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 563 Viewing alert processing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 564 8 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 9. Modifying pre-defined alert processing rules ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 565 Assigning priority levels to alerts . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 567 SSH known hosts . . . . . . . . . . . . . . . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 568 Configuring strong known host associations . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 569 Creating strong SSH known host keys . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 570 Configuring host associations . . . . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 571 8 Configuration Tool - Monitor 573 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Firewall configuration management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Viewing the overall status of your firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Viewing the status of a specific firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Configuring settings for the Firewall Status page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 Viewing configuration information about each firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 Validating firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 Troubleshooting validation configuration warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587 Applying firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Troubleshooting apply configuration warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 Viewing the status of Apply Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 Reviewing your configured firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594 Comparing impacts of proposed configuration changes for a firewall . . . . . . . . . . . . . . . . . . . . . . . . 595 Configuring compliance report settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596 Viewing the compliance status of the current firewall configuration . . . . . . . . . . . . . . . . . . . . . . . . . 597 Viewing your firewall enrollment (deployment) status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Configuring the firewall for usage inside the Control Center Client . . . . . . . . . . . . . . . . . . . . . . . . . 599 Viewing real-time Web data for your network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600 Viewing services and managing service agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 Viewing details about a firewall service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Configuring alert notification for e-mail accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Configuring blackholes for suspected hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Viewing IPS attack responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608 Configuring IPS attack responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 Viewing system responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 Configuring system responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 Audit trail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 Viewing audit trail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 Configuring a custom audit trail filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 Audit archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Firewall reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Viewing firewall report data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620 Generating firewall reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Firewall audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624 Configuring and generating audit reports for one or more firewalls . . . . . . . . . . . . . . . . . . . . . . . . . 625 Configuring filters for audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632 Viewing event-specific audit information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 Configuring on-screen color schemes for the audit records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Displaying system information for the Control Center Management Server . . . . . . . . . . . . . . . . . . . 638 Selecting the criteria for the firewall policy report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 Viewing information about the security policy for firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Firewall license reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Selecting the firewall for the license report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Viewing the status of all of the licenses for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645 9 Configuration Tool - Maintenance 647 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 647 Firewall maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 648 Viewing object usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 648 Locking configuration objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 649 Managing unused objects on the Control Center Management Server .. .. .. . . . . . . . . . . . . . . . . . 651 Merging objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 652 Setting the date and time on a firewall . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 655 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 9
  • 10. Managing firewall shutdown and suspension states and other maintenance settings . . . . . . . . . . . . . 656 Viewing and managing firewall licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658 Control Center maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662 Viewing Management Server logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663 Configuring Management Server properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 Exporting firewall audit files that are stored on the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . 667 Customizing the Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669 10 Reporting and Monitoring Tool 671 Reporting and Monitoring Tool . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 671 Viewing the properties of a firewall . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 672 Investigating alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 673 Column data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 674 Mapping sound files to alarms . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 676 Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 677 Managing alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 678 Viewing events for a specific alert . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 682 Configuring the columns on the Event Browser window . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 683 Viewing additional event information . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 684 Configuring columns for the Alert Browser page . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 685 Filtering the alerts to be displayed in the Alert Browser . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 686 Secure Alerts Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 686 Functionality of the Secure Alerts Server . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 687 Viewing Secure Alerts Server status information . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 687 Firewall reports in the Reporting and Monitoring Tool . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 689 11 Software Updates Tool 691 Software Updates Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 691 Automatically identify updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 691 Configuring update download settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 692 Downloading and applying Management Server updates . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 693 Installing software and firmware updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 697 Managing updates for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 699 Scheduling device software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 703 Backing up and restoring firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 704 Confirming a configuration backup of one or more firewalls . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 708 Storing software and firmware updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 709 Manually downloading software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 711 Index 715 10 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 11. About this Document This Administration Guide leads you through planning and configuration of your initial Firewall Enterprise Control Center (CommandCenter) Management Server. It also covers basic post-installation tasks for integrating a new firewall into your network. While problems are not anticipated, this guide also includes troubleshooting tips. This guide is for anyone assigned to initially set up a McAfee Firewall Enterprise Control Center Management Server. It assumes that you are familiar with McAfee Firewall Enterprise (Sidewinder) devices. It also assumes you are familiar with networks and network terminology. You can find additional information at the following locations: • Online help — Online help is built into the Control Center. Click F1. • Manuals — View product manuals at mysupport.mcafee.com. • Knowledge Base — Visit the Knowledge Base at mysupport.mcafee.com. You’ll find helpful articles, troubleshooting tips and commands, and the latest documentation. The following table lists the various documentation resources for Control Center administrators: Table 1 Summary of Control Center documentation Document Description Firewall Enterprise Control Leads you through your initial firewall configuration. Includes instructions for configuring Center (CommandCenter) and installing the High Availability (HA) Management Server and registering firewalls. Setup Guide Firewall Enterprise Control Provides an introduction to Control Center and includes reference information and Center (CommandCenter) procedures for using the Control Center Client Suite to centrally define and manage the Administration Guide enterprise security policies for the firewall. McAfee Firewall Enterprise Complete administration information on all of the firewall functions and features. You (Sidewinder) should read this guide if your Control Center enterprise includes firewalls. Administration Guide Online help Online help is built into Control Center Client Suite programs and the Control Center Initialization tool. Knowledge Base Supplemental information for all other Control Center documentation. Articles include helpful troubleshooting tips and commands. All manuals and application notes are also posted here. The Knowledge Base is located at mysupport.mcafee.com. Any time that there is a reference to a “firewall”, this is always the McAfee Firewall Enterprise. Additionally, refer to Table 2 for a list of the text conventions that are used in this document. Table 2 Conventions Convention Description Courier bold Indicates commands and key words that you specify at a system prompt. Note: A backslash () indicates a command that does not fit on the same line. Specify the command as shown, ignoring the backslash. Courier italic Indicates a placeholder for text that you specify. <Courier italic> When enclosed in angle brackets (< >), this indicates optional text. nnn.nnn.nnn.nnn Indicates a placeholder for an IP address that you specify. Courier plain Indicates text that is displayed on a computer screen. Plain text italics Indicates the names of files and directories. Also used for emphasis (for example, when introducing a new term). McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 11
  • 12. Table 2 Conventions (continued) Convention Description Plain text bold Identifies buttons, field names, and tabs that require user interaction. [ ] Indicates conditional or optional text and instructions (for example, instructions that pertain only to a specific configuration). Caution Indicates that you must be careful. In this situation, you might do something that could result in the loss of data or in an unpredictable outcome. Note Indicates a helpful suggestion or a reference to material that is not covered elsewhere in this documentation. Security Alert Indicates information that is critical for maintaining product integrity or security. Tip Indicates time-saving actions. It also might help you solve a problem. Note: The IP addresses, screen captures, and graphics that are used within this document are for illustration purposes only. They are not intended to represent a complete or appropriate configuration for your specific needs. Features might be configured in screen captures because of contingency displays. However, not all features are appropriate or desirable for your setup. Additionally, many of the windows and pages in the Client tools have tables that can be edited. The first column of a table that can be edited can display different symbols, depending on the action being taken. In the help files, this is listed as the Edit column. The following example shows the symbols, along with their descriptions. For the remainder of the help files, only a verbal description of the symbol will be used. • Edit — This column identifies the edit status of the row in the table. The following icons can be displayed: • [blank] — Indicates an existing line with associated values that is not the currently selected line. • — (Pencil) Indicates that this row is the one that is being edited. • — Indicates that you are creating a new row or entry. • — Indicates that this row is currently selected and it contains previously specified values. 12 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 13. 1 Introduction Contents About the McAfee Firewall Enterprise Control Center (CommandCenter) About the Client Suite About the McAfee Firewall Enterprise Control Center (CommandCenter) The Control Center is an enterprise-class management tool for creating and applying security policies across multiple firewalls. Network administrators can remotely manage, maintain, and monitor firewalls for one or more domains. The Control Center consists of the following entities: • Control Center Client Suite — a set of tools that resides on a desktop computer that is running a Windows operating system. The tools provide the graphical user interfaces (GUIs) to configure, manage, ® and monitor supported firewalls and to perform Control Center administrative tasks. For more information, see About the Client Suite on page 15. • Control Center Management Server — a hardened Linux platform that provides the firewall ® management and monitoring capabilities that are required to centrally implement security policy. It manages the framework for secure communication between the server, Client Suite, and supported firewalls. The Control Center Management Server requires at least one installation of the Control Center Client Suite. • At least one firewall in a heterogeneous network of security devices that exist in a single domain. • One or more domains that represent a complete, inclusive network security policy. Figure 1 Basic Control Center Management Server environment Control Center Client Suite Managed firewall (Windows) Control Center Management Server R Managed firewall Managed firewall Client application: Control Center Managed firewalls: Client Suite tools connect Management Server: The configuration and to the Control Center All firewall management is initialization is similar to Management Server to accomplished through a standalone firewalls. Then push create, edit, and deploy connection to the Control policy from the Control Center policy to the managed Center. Management Server to each firewalls. firewall. The Client Suite and tiers of firewalls securely communicate with the Management Server by using SOAP over HTTPS. SSL, using Client Certificates generated by the built-in Certificate Authority, is used to encrypt and authenticate the client/server communication. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 13
  • 14. About the McAfee Firewall Enterprise Control Center (CommandCenter) You can also implement Control Center Management Servers in a High Availability (HA) configuration, in which one Management Server actively manages the registered firewalls, while another Management Server acts as a standby or backup. If the active Management Server fails, the management responsibilities can be switched to the standby or backup Management Server. For more information about this, see High Availability (HA) on page 136. Features of the Control Center The Control Center is the central security appliance management solution from McAfee. It provides the foundation for a suite of products that is used to: • Define and distribute rules to hundreds of firewalls. • Share configuration data among firewalls. • Configure Virtual Private Network (VPN) connectivity. • Implement and selectively activate multiple security policies. • Manage software releases on all of your firewalls. • Simplify routine administrative tasks. • Manage ongoing changes to your security policies. The Control Center supports the following features and functionality: • Object-based design — Using an object-based configuration technique, objects can be defined once and can be reused anywhere that the object is needed. Network objects represent one example of this implementation. Network objects include firewalls and device groups, hosts, networks, address ranges, interfaces, and endpoint groups. These objects are used when you define rules. Over time, hundreds of rules can be defined by using these objects. If the properties of a network object must be changed, you have to update the object once. The resulting changes will propagate wherever that object is used. • Auditing of object management events and archiving of audit tracking data — The Control Center has an audit tracking and archive management feature that can be configured to monitor object changes and purge or archive audit tracking data. The auditing data contains information about the requested operation performed, time, date and user name. This information can be displayed or printed using the Audit Trail report. Because the audit tracking table grows without bounds and consumes disk space, you also have the option to periodically remove the data from the database or archive it to another location. This is true for both Control Center audit data and audit data that is currently stored on the Management Server that was retrieved from one or more firewalls. • Configuration domains — Use configuration domains to partition your managed firewalls into separate collections of objects and configuration data. Each collection is independent of any other collection, and changes to one collection do not affect the others. For more information, see Configuration domains on page 92. • Rule set queries — Because firewall configurations often require numerous rules, the Control Center can produce views of these rules as a subset of the rules. This added convenience helps to manage and validate the many rules that are stored in the Control Center database. • Firewall configuration retrieval — After a firewall has been added to the list of managed firewalls, you can use the Firewall Retrieval Options window to choose the configuration components to be retrieved and stored as Control Center objects. You can select all components or limit your selection to specific components. This feature saves time and effort when you are performing the initial setup to manage a firewall. • Policy validation and reports — After making configuration changes and before applying them, you can determine whether firewall configurations in the Control Center database are valid. You can view a report that shows the status of the validation process and a report that details the differences between the current and proposed firewall configurations. 14 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 15. About the Client Suite • Configuration status report — After the configuration has been propagated to one or more firewalls, a status report is produced to list warnings or errors that may have occurred. • Certificate Authority (CA) framework — A built-in CA framework lets you quickly issue certificates for the various architectural components. A built-in CA saves time when using SSL with client certificates. • Simultaneous, multiple users — The Control Center provides a locking mechanism that accommodates simultaneous use of the Control Center Client Tools by multiple users. Administrators have the option of locking entire object trees or allowing the system to lock individual objects on a first-come, first-served basis. This approach allows single-user environments to function without explicit locking. • High Availability (HA) feature — You can configure redundant Management Servers by using the High Availability Server Configuration (HA) feature. The HA feature uses a multi-server configuration to continue Control Center Management Server functions if the active Management Server fails. For more information, see High Availability (HA) on page 136. • Apply Configuration enhancements — The Apply Configuration window includes a checkbox that determines whether the network is automatically re-initialized when configuration changes are applied to a firewall. If the network is not re-initialized automatically, the Client displays all of the firewalls that need to be re-initialized in the Configuration Status report. In addition, the apply mechanism on the firewall supports the running of a script after the apply operation has been completed. The apply process also supports the listing files that are to be excluded from management. About the Client Suite The McAfee Firewall Enterprise Control Center Client Suite is the suite of tools that provides the user interfaces for task-grouped operations of the Control Center. Each tool encapsulates related operations to deliver the functionality required by Control Center users. Administration Tool The Administration Tool aggregates the McAfee Firewall Enterprise Control Center administrative functions into a single tool. You can accomplish the following tasks by using the features and functions of the Administration Tool: • Control Center users — You can create and manage the unique Control Center user names and passwords that are used to authenticate user access to the Control Center Management Server. For more information, see Control Center users on page 81. • Control Center roles — After a user is defined, he or she is assigned a role that determines the tasks that he or she is allowed to perform. Although a default set of roles has been pre-defined, you can create additional user-defined roles that can be assigned to Control Center users. For more information, see Control Center roles on page 89. • Configuration domains — Activate the configuration domains option to segregate configuration data views and management into multiple domains. The operation and configuration data associated with a configuration domain is accessible only when the specific domain is selected during the login process. All other configuration data is obscured and cannot be acted upon or seen. If configuration domains are activated, configuration domain versions and version management can be accessed from the Administration Tool, as well as from the Configuration tool. For more information about configuring and managing configuration domains, see Configuration domains on page 92. For more information about versions and version management for configuration domains, see Configuration domain version management on page 97. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 15
  • 16. About the Client Suite • Audit Trail — The Control Center can track when firewalls, endpoints, services, rules, alert processing rules, and many other objects are updated, added, or removed by Control Center users. You can define the actions that are to be tracked, the objects that are to be tracked, the archiving (or not) of the tracked data, and a way to view and filter the tracked data. For more information, see Audit data management on page 100. Note: Do not confuse the Control Center Audit Trail that provides a record of actions performed by Control Center users with security firewall-specific audit reports. • Control Center license — You can manage the Control Center license by selecting License from the System menu. For more information, see Control Center Management Server licensing on page 104. • System settings — You can manage specific Control Center system settings in the Administration Tool. These settings include: defining the default login disclaimer information that is posted in the login window for each tool in the Client Suite, the failed login lockout settings, and the default application time-out period. For more information, see Configuring system settings on page 121. • Alternate authentication — Use the Administration Tool to configure the way that Control Center users authenticate with the Management Server. The Control Center supports an internal authentication mechanism, as well as LDAP and RADIUS for off-box authentication. For more information, see Authentication on page 145. • Management Server backup and restore operations — Use the Administration Tool (and the Configuration Tool under certain circumstances) to manage the backup and restoration of the Control Center configuration and the operational data. A full system backup can be requested and an FTP off-box location can be specified. For more information, see Managing configuration data for the Management Server on page 23. • Backup server status — If the High Availability (HA) Management Server Configuration option is used, you can view the status condition of the backup Management Servers in the Backup Server Status page. For more information, see Viewing the status of your backup Management Servers on page 122. Configuration Tool Use the Configuration Tool to define, configure, and maintain multiple firewalls and security policies for a distributed homogeneous or heterogeneous configuration of firewalls. You can accomplish the following tasks by using the features and functions of the Configuration Tool: • Create configurable objects — The components that comprise a security policy include a set of configurable objects that defines the characteristics of the building blocks that are used to implement the security policy. Use this object model of defined objects to share characteristics, options, and functionality, instead of having to provide raw configuration information for each aspect of an implemented security policy. Use the Configuration Tool to retrieve, create, and manage configurable object characteristics. For more information, see Configurable objects on page 154. • Manage configurable objects — After configurable objects have been defined or retrieved, you can edit, validate, and apply changes to the configured object. You can manage the implemented security policy across all of the supported firewalls in your configuration. For more information, see Firewall configuration management on page 574. • Create and manage rules — Rules provide the network security mechanism that controls the flow of data into and out of the internal network. They specify the network communications protocols that can be used to transfer packets, the hosts and networks to and from which packets can travel, and the time periods during which the rules can be applied. Rules are created by the system administrator and should reflect the internal network site's security policy. You can retrieve, create, and manage rules in the Configuration Tool. For more information, see Creating, viewing, or modifying rules on page 528. 16 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 17. About the Client Suite Reporting and Monitoring Tool The Reporting and Monitoring Tool aggregates all of the McAfee Firewall Enterprise Control Center security firewall monitoring and reporting functions into a single tool. Use the Reporting and Monitoring Tool to centrally manage multiple firewalls in a homogeneous or heterogeneous device configuration that is employed in an implemented security policy. You can accomplish the following tasks by using the features, functions, and reports in the Reporting and Monitoring Tool: • View Secure Alerts for the firewall — An integrated Secure Alerts Server collects the alerts and activities that are generated by the supported firewalls. This server also normalizes the data and stores it the Secure Alerts Server database. This data is the source of information that is presented in the Alert Browser and the Event Browser. Use the Secure Alerts Server Status page to view the status of the associated server. For more information, see Functionality of the Secure Alerts Server on page 687. • Determine firewall status — A comprehensive visual display of the operational status for all of the supported firewalls is provided. The Firewall Status page lists firewall-specific status reports based on the audit log data that is sent to the Management Server by each configured firewall. For more information, see Firewall audit reports on page 624. • Manage audit reports — You can generate user-defined, firewall-specific audit reports based on the audit log data that is sent to the Management Server by each configured firewall. For more information, see Firewall audit reports on page 624. • Generate and view firewall-specific reports — You can generate and display a variety of firewall-specific reports. For those reports that require it, you provide the report-specific parameters or options for the specific report that is being generated through the provided interface. For more information, see Firewall reports in the Reporting and Monitoring Tool on page 689. Software Updates Tool Use the Software Updates tool to apply software and firmware updates to supported firewalls, and to store and manage the updates on the Management Server. You can accomplish the following tasks by using the features and functions of the Software Updates Tool: • Install updates — Determine the current version of software or firmware that is installed on each firewall; install, uninstall, or roll back an update; schedule an update action for a particular date and time; view the status of an update action; and view the history of previously completed update actions. For more information, see Installing software and firmware updates on page 697. • Back up firewall configuration — Back up and restore configurations for selected firewalls. You can do this both here, in the Software Updates Tool, and in the Configuration Tool. Use the saved configuration files to restore a default firewall configuration, to maintain a version of a working configuration before you make any configuration changes, or to recover from an unexpected loss of firewall configuration data. When you are installing software updates, this features is a convenience and a precaution. For more information, see Backing up and restoring firewall configurations on page 704. • Store updates — Download, manage, and store firewall software and firmware updates on the Management Server. Use the interface to identify the name of the update, the type of firewall to which the update applies, the release date, and its download status. You can also view an associated Readme file. For more information, see Installing software and firmware updates on page 697. • Update settings — Enable the downloading of files by using a proxy server, configure auto-discovery settings for software updates, and control whether update packages that have been removed from the Management Server are displayed on the Store Updates page. For more information, see Configuring update download settings on page 692. • Update Control Center — Upload software updates to the Control Center Management Server and then install them. For more information, see Downloading and applying Management Server updates on page 693. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 17
  • 18. About the Client Suite 18 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 19. 2 Administrator Basics Contents Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server Managing configuration data for the Management Server Disaster recovery restoration for Management Servers Adding firewalls Managing firewall interfaces Navigating the Control Center user interface Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server The Control Center Management Server provides the firewall management and monitoring capabilities required to centrally implement security policy. This section explains how to log onto, add, delete, and back up Management Servers. • Configuring the Management Server on page 20 • Adding primary or backup (standby) Management Servers on page 21 • Removing (deleting) primary or backup (standby) Management Servers on page 21 • Logging into the Management Server on page 21 • Backing up configuration data for the Management Server on page 24 • Restoring configuration data to the Management Server on page 29 • Restoring a standalone Management Server that has failed completely on page 34 • Restoring a primary Management Server that has failed completely and that is part of a high availability (HA) pair on page 35 • Restoring a backup Management Server that has failed completely and that is part of a high availability (HA) pair on page 36 • Restoring both Management Servers in a high availability (HA) pair that have failed completely on page 37 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 19
  • 20. Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server Configuring the Management Server The first time that you log onto the Management Server by using any of the Client Tools (except the Control Center Initialization Tool), you must configure a new Management Server. Use the Add New Server window to configure the Management Server that you are going to access by using the Control Center Client tools. During subsequent logins, you can configure additional primary or backup (standby) servers. You can also remove Management Servers in this window. Figure 2 Add New Server window Accessing this window 1 From the Start menu, select All Programs > McAfee > McAfee Firewall Enterprise Control Center > any tool except for the Initialization tool. The Login window displays. 2 Specify the user name and password in their respective fields. 3 In the Service field, make sure that <Add New Server> is displayed and click . The Add New Server window is displayed. Fields and buttons This window has the following fields and buttons: • Name — Specify a name that quickly identifies this Management Server. • Server address — Specify the node name or IP address of this Management Server. • Server Type — Use the fields in this area to determine whether this server will be a primary server or a backup (standby) server. The following fields are available: • Primary server — Indicates that this Management Server will perform as a primary server. This is the default value. This does not imply that high availability or failover clustering is configured. The following additional fields must be completed if this value is selected: • User name — Specify the name of the user who has access to this Management Server. This value will be required in future logins. • Password — Specify the password for the user name that was specified in the User name field. • Backup server — Indicates that this Management Server will perform as a backup or standby server. In addition to selecting the primary server in the next field, you must perform additional tasks to implement the high availability or clustering environment. For more information about this, see Configuring, promoting and demoting cluster objects and cluster nodes on page 216. • Primary server — Specify the Management Server that will act as the primary server for this Management Server in a high availability or cluster environment. 20 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 21. Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server • OK — Continue with the configuration and login process. For more information, see Adding primary or backup (standby) Management Servers on page 21. • Cancel — Close this window without configuring a new server. If this is your first time after installation, you must access this window again to configure your primary server. • Remove — Delete the Management Server that is displayed in the Server field. To use this Management Server in the future, you must re-configure it in this window. For more information about the removal process, see Removing (deleting) primary or backup (standby) Management Servers on page 21. Adding primary or backup (standby) Management Servers 1 From the Start menu, select All Programs > McAfee > McAfee Firewall Enterprise Control Center > and then any tool except for the Initialization tool. The Login window displays. 2 Specify the user name and password in their respective fields. 3 In the Service field, make sure that <Add New Server> is displayed and click . The Add New Server window is displayed. 4 Configure the fields in this window, specifying whether you are adding a primary or a backup (standby) server and then specifying the related field information. For more information, see Configuring the Management Server on page 20. 5 Click OK. The Certificate Problem message is displayed because the Management Server imports a non-Certificate Authority (CA) certificate before it imports the CA certificate from the Control Center. Click Yes. Another message is displayed. Click Yes. The login window is displayed. 6 In the Server list, select the server to which you want to log in. Then specify the user name and password for that server and click Connect. Removing (deleting) primary or backup (standby) Management Servers 1 From the Start menu, select All Programs > McAfee > McAfee Firewall Enterprise Control Center > and then any tool except for the Initialization tool. The Login window displays. 2 Specify the user name and password in their respective fields. 3 In the Service field, select the server to be removed and click . The Add New Server window is displayed. 4 Click Remove. The Management Server is removed from the list of available Management Servers. Logging into the Management Server Use any of the Client Suite tools (except for the Control Center Initialization Tool) to log into the Management Server. Each of these tools in the Client Suite supports a similar login interface. The Control Center supports a user-configurable lock-out mechanism for logins. It is initially set to lock out a user after three unsuccessful attempts to authenticate. After the user is locked out, he or she will not be able to successfully authenticate until a pre-configured amount of time has elapsed. (The default value is 30 minutes.) For more information about configuring these settings, see Configuring system settings on page 121. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 21
  • 22. Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server To log into the Management Server by using the Administration Tool, Configuration Tool, Reporting and Monitoring Tool, or the Software Updates Tool: 1 From the Start menu, select McAfee > McAfee Firewall Enterprise Control Center >. Then select the appropriate tool. The Login window is displayed. Note: If this is the first time that you are logging into the Management Server, see Configuring the Management Server on page 20. 2 Specify a valid Control Center user name in the User Name field. After the initial installation of the Management Server, the default user name is the default password value that is specified in the ccinit.txt file. 3 [Optional] Select the Remember User Name checkbox to preserve the specified user name in the field or the default user value that is specified in the ccinit.txt file. 4 Specify the corresponding password in the Password field to preserve the default password value that is specified in the ccinit.txt file. 5 Select a previously defined Management Server connection from the Server list. 6 Click Connect. A certificate validation message is displayed: 7 Click Yes. You are now logged into the Control Center Management Server. You can start multiple Client Suite tools from the Tools menu in any tool without logging in again. Note: If you attempt to log into a Management Server by using a Client Suite Tool from an earlier version (that is, earlier than the Management Server version), you will be prompted to update the Client Suite Tools before proceeding. Use the Login window to log into the Administration Tool, Configuration Tool, Reporting and Monitoring Tool, or the Software Updates Tool. Each of these tools supports a similar login window. Figure 3 Login window 22 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 23. Managing configuration data for the Management Server Fields and buttons This window has the following fields and buttons: • User Name — Specify the name of the Control Center user. The user name must have been previously defined. The default value is the name of the user who last logged in to the tool. After you have initially installed the Control Center Management Server, the default value for the User Name field is the value that is specified in the ccinit.txt file. • Remember User Name — Determines whether to save the value that was specified in the User Name field so that it can be displayed in the User Name field on subsequent login attempts. • Password — Specify the password that is associated with the user that was specified in the User Name field. After you have initially installed the Control Center Management Server, the default value is the value that is specified in the ccinit.txt file. • Server — Specify the name of a Control Center Management Server to which to log on. To create a new connection name or to connect to a different Management Server, select <Add New Server>. The Add New Server window is displayed. Specify values in the following fields as needed and click OK: Name, Server Address, either Primary Server or Backup Server and related fields. The Certificate Problem message is displayed because a new connection is being defined. Click OK. The Root Certificate Store message is displayed. Click Yes. The main login window is now displayed and the newly created server is selected. To delete a connection name, select the name to be deleted in the list and click . The Modify Server window is displayed. Click Remove. A confirmation window is displayed. Click Yes. • Domain — [Not available on the Administration Tool] Specify the configuration domain to log into if configuration domains have been activated. To refresh the list of configuration domains to ensure that all of the recently configured domains are displayed in the list, click . A valid user name and password must be supplied to refresh the list. The user will be able to log into only a domain for which he or she has been given access. If configuration domains have not been activated, ignore this field. For general information about configuration domains, see Configuration domains on page 92. For specific information about activating configuration domains, see Configuring configuration domains on page 95. • Connect — Displays a certificate problem message as part of the connection process. Click Yes. If the client tool software is the same version as the Management Server, the tool is displayed. If the client tool software is older than the Management Server, you are prompted to update the Client Suite Tools before proceeding. • Exit — Close this window without attempting to log into the Management Server. Managing configuration data for the Management Server The Control Center Management Server contains all of the configuration information for one or more security policies that have been implemented for the enterprise, or, as in the case where configuration domains have been configured, multiple enterprise class domains. The data that is stored on the Management Server is, therefore, critical to the management of the firewalls and their implemented security policies. Establishing a security practice to ensure the ability to restore this critical data in case of catastrophic failure is fundamental to the operation of the enterprise. This section contains the following topics: • Backing up configuration data for the Management Server on page 24 • Restoring configuration data to the Management Server on page 29 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 23
  • 24. Managing configuration data for the Management Server Backing up configuration data for the Management Server You can back up your data in three different ways: • Automatic nightly backups — For more information, see Automatic nightly backups on page 24. • By using the GUI (the Backup Control Center System window) — For more information, see Backing up the Management Server by using the GUI on page 25. • By using the command line — For more information, see Backing up the Management Server files by using the command line on page 26. Note: Before you continue on with the command line procedures, make sure that you see dbadmin and root user accounts and using the command line on page 25. The following table provides information about the types of files that are backed up by each of these methods. Table 3 Backed up files by backup method Type of Files Automatic nightly GUI (Backup Control GUI (Backup Control backuptool backup Center System window Center System window command with Full system backup with Full system checkbox selected) backup checkbox cleared) Configuration database Yes Yes Yes Yes (cg_configuration) System database (cg_system) Yes Yes No Yes Events database (cg_events) Yes Yes No Yes CA and SSL certificates and private No Yes No Yes keys Firewall and Control Center No Yes No Yes Management Server software updates Secure Alerts Server configuration No Yes No Yes files and miscellaneous other files Firewall audit log files and No Yes if the checkbox for the No Yes, unless the -L configuration backups backups.auditlogs option is specified setting is selected in the Server Property Editor window Backup files contained in the No Yes if the checkbox for the No Yes, unless the -D /opt/security/var/gccserver/cfgbac backups.dbbackups option is specified kups and setting is selected in the /opt/security/var/gccserver/nightly Server Property Editor backups. This includes the nightly window backups and the backups that were created by using the GUI. Automatic nightly backups By default, backup files of the configuration (cg_configuration), system (cg_system), and events (cg_events) database data occur at midnight each night. Note: These files are stored locally on the Control Center Management Server. It is recommended that you also back up these files to an off-box location. • cg_system – This database includes information about the Control Center system, software update data, backup information, deployment information, version and licensing information, and similar data. • cg_configuration – This database includes all of the firewall configuration data, configurable objects data, certificates, and similar data. • cg_events – This database includes all of the information that the reporting and monitoring tool extracts from the syslog files that are used to monitor firewall activity and to generate various reports. 24 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 25. Managing configuration data for the Management Server Seven revisions of this data are stored in the /opt/security/var/gccserver/nightlybackups directory. Each revision is identified by a date and a numeric identifier. The dbadmin Linux account has the necessary privileges to modify the characteristics of this cron job, as required, and to restore individual configuration, system, and events database data. For more information, see Restoring a single database on page 31. Backing up the Management Server by using the GUI You can perform backups of your Control Center Management Server by using the Backup Control Center System window. By using this window, you can perform the following tasks: • Save your configuration files immediately (either locally or off-box) • Create a schedule on which to save your configuration files (either locally or off-box) If configuration domains are active, you can access the Backup System and Restore System menu options from the System menu only in the Administration Tool. If configuration domains are not active, you can access these options from the System menu in either the Administration Tool or the Configuration Tool. Additionally, if domains are active, you can create versions of domains that can serve as backups. These are separate from system backups, but they do provide an additional backup option. For more information, see Configuration domain version management on page 97. To access this functionality, in the Administration Tool, from the Configuration Domains menu, select Manage Versions. Backing up your configuration files 1 If configuration domains are activated, you must access the Backup Control Center System window from the Administration Tool. From the System menu, select Backup System…. The Backup Control Center System window is displayed. or If configuration domains are not activated, in either the Configuration Tool or the Administration Tool, from the System menu, select Backup System…. The Backup Control Center System window is displayed. Note: If configuration domains are activated, you can also manage different versions of domains. In the Administration Tool, from the Configuration Domains menu, select Manage Versions. 2 Configure the fields on this window, depending on whether you are saving the configuration locally or sending it off-box and whether you are scheduling the backup or performing it immediately. If you save the configuration files locally, they are saved into the following directory: /opt/security/var/gccserver/cfgbackups 3 To create a full system backup, make sure that the Full system backup checkbox is selected. If you do not select this checkbox, only the cg_configuration database will be included in this backup file. The full system backup file includes all of the firewall configuration data, configurable objects, certificates, and similar data. 4 Click OK to save your configuration information. For more information about this window, see Creating backup files of your Management Server data by using the GUI on page 123. dbadmin and root user accounts and using the command line Some of the following commands can be run only by the dbadmin user. If you have not already configured the dbadmin user account (and you can always do this again if it has already been configured), you must follow the procedure that is specified in Configuring the dbadmin user account on page 26. After you have configured this account, you can log into the Management Server as mgradmin and switch to the dbadmin user by using the su command. You may be prompted for the root password during certain phases of the command line backup and restore process. Additionally, if you did not configure a password for the root user during the initial setup of the Control Center, you must do so before continuing with the command line backup and restore processes. For information about how to configure the root password, see the “Tips and Troubleshooting” appendix of the McAfee Firewall Enterprise Control Center Startup Guide. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 25
  • 26. Managing configuration data for the Management Server Backing up the Management Server files by using the command line As the mgradmin user, you can manage the configuration, system, and events database data by using the backuptool command. To back up databases only, use the backupdb command. For more information about these commands and the related procedures that use them, see the following topics: • Backuptool command overview on page 26 • Creating backup files for all databases on page 28 • Creating backup files for a single database on page 28 • Creating a backup file for a full system restoration on page 29 Configuring the dbadmin user account After the initial configuration, the dbadmin account is locked and does not have an assigned password. You will need to unlock this account to perform database-related operations, including certain backup and restore operations, from the command line. To unlock the dbadmin account and assign a password to it: 1 Log into the console or through SSH by using the mgradmin account. A prompt is displayed. 2 Switch to the sso account by specifying the following command: su - sso 3 Specify the sso account password. 4 Assign a password to the dbadmin account by specifying the following command: /usr/sbin/cg_usermod -s /bin/bash -p newpassword dbadmin where newpassword is the password that you are assigning to the account. The password should be at least seven alphanumeric characters long. 5 Exit the sso account by specifying the following command: exit To switch to the dbadmin user, run the following command: su dbadmin Backuptool command overview Use the backuptool command to back up or restore full backups of your Management Server configuration. Access the backuptool command in the /usr/sbin/ directory by using the sudo command as follows: sudo -u backup /usr/sbin/backuptool <options> Run this command without arguments to view all of the available options. The following commands are examples of the backup command of the backuptool and all of the available parameters. To view the procedures that you need to perform for this command, see Creating backup files for all databases on page 28, Creating backup files for a single database on page 28, or Creating a backup file for a full system restoration on page 29. 26 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 27. Managing configuration data for the Management Server It is important that you review these procedures because there are some important prerequisites that are included in them. sudo -u backup /usr/sbin/backuptool backuptool backup -f filename[.des3] [-k passphrase] [-L] [-D] backuptool restore -f filename[.des3] [-k passphrase] [-L] [-D] [-b] [-i] backuptool extract -f filename backuptool download -f filename -s scheme -h hostname -d remote-directory -u username -p password backuptool upload -f filename -s scheme -h hostname -d remote-directory -u username -p password where: [.des3] = Optionally use to encrypt file during backup and decrypt during restore [-k] = Encryption passphrase is the next argument in the command. The filename must have a .des3 extension. [-L] = Excludes files in /opt/security/var/gccserver/auditlogs from the backup or restore operation [-D] = Excludes files in /opt/security/var/gccserver/cfgbackups and in /opt/security/var/gccserver/nightlybackups from the backup or restore operation [-b] = Treats the backup file as having been created on a CC HA system [-i] = Ignore the release level of the backup file filename = filename of archive file passphrase = encryption passphrase scheme = one of FTP,FTPS,SCP host = host name [:port(optional)] (When using FTPS, port is either 21 or 990. Consult your FTP server documentation.) remote-directory = directory on remote host username = username on remote host password = password on remote host %GCC: REASON = The first argument passed to backuptool was incorrect. %GCC: STATUS = ERROR %GCC: CODE = 1 The lines prefixed by %GCC indicate the result of the backuptool command. Here, the output indicates a problem with the arguments that were passed. Therefore, the command prints usage information, as well as the summarized result. If the backuptool command fails, it returns STATUS=ERROR and CODE=<a non-zero error code>. It might optionally return a REASON=<the cause of the error>. The -k option requires a passphrase argument and the filename must have a .des3 extension. The passphrase that you provide will be used to encrypt backup files for backup operations and decrypt backup files for restore operations. The restore will fail if the passphrase that is used for restoring backups does not match the passphrase that was used to create the backup. Tip: When you specify a passphrase from the command line, shell quoting rules apply. The following command is an example of the command to create a backup file by using hello'world as the passphrase: /usr/sbin/backuptool backup -f test.bak.des3 -k 'hello'''world' The -L option omits the audit log files. Audit log files can get very large and can significantly increase the amount of time that it takes to back up or restore the system. If you do not back up audit log files, historical information that is used in reporting functions for all managed firewalls when a Management Server is restored from a backup is eliminated. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 27
  • 28. Managing configuration data for the Management Server The -D option omits the backup files in the /opt/security/var/gccserver/cfgbackups and /opt/security/var/gccserver/nightlybackups directories. The current database configuration is preserved. However, the daily backup files that are automatically created each night (a total of seven files) and the user-created backup files that are created by using the GUI are not included in the backup. If you include these files in the backup, the amount of time it takes to backup or restore the system can significantly increase. If you do not back up these database backup files, you lose the ability to restore them when a Management Server is restored from a backup. The -f option requires a path argument. The path identifies the complete path and filename of the archive file that is being created or restored. The filename must be identical to the name of the file on the remote host. (The directory part does not need to match.) If the path argument for the -f option ends in .des3, the backup file will be encrypted or decrypted, respectively, for the backup and restore operations. The -i option ignores the release version of the backup file. The backup file will be restored, even if it was created while running a different release of the Management Server. This is not usually recommended. The hostname argument that is supplied with the -h option must be able to be resolved by the Management Server, or the administrator can alternately specify an IP address. An optional port value can be specified if it is required by the host. Creating backup files for all databases Use this procedure to back up all of the database files. Before you begin, make sure that no users are accessing any of the databases. 1 Log in to the Management Server and switch to the dbadmin user. Database backup files are written to the current directory. Ensure that the current directory is the one that will be written to by the dbadmin user (for example: /home/dbadmin). 2 Run the following command: /usr/sbin/backupdb all Backup files are created for each of the three databases in the current working directory. Creating backup files for a single database Use this procedure to back up any one of the database files. 1 Ensure that no other users are accessing the database. 2 Log in as the mgradmin user and then switch to the dbadmin account. Database backup files are written to the current directory. Ensure that the current directory is the one that will be written to by the dbadmin user (for example, /home/dbadmin). 3 Run the following command: /usr/sbin/backupdb [-k passphrase] <database-name> <backup-file>[.des3] where <database-name> is cg_system for the system database, cg_configuration is the name for the configuration database, or cg_events is the name for the events database data collected by the Secure Alerts server. To create an encrypted backup file, append the optional .des3 file extension to the backup file name. You can specify a customized encryption passphrase for encrypted backup files by using the optional -k parameter. Note that standard shell quoting rules apply. (See the Tip in Backuptool command overview on page 26.) For example, /usr/sbin/backupdb -k ‘secret’ cg_events cg_events.bak.des3 28 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 29. Managing configuration data for the Management Server Creating a backup file for a full system restoration You should designate a specially named directory on the remote FTP server to store the backup so that it can be easily located during the restore process. You can view the progression of a backup on the Restore System from Backup window. For more information about this window, see Restoring the Management Server configuration files from a backup file on page 126. Use the following procedure to create a full system backup that will include: • Backup files in the /opt/security/var/gccserver/cfgbackups and /opt/security/var/gccserver/nightlybackups directories • Firewall audit log files 1 Log in as the mgradmin user. 2 Make sure that the backup user has access to the current directory (for example, /tmp). Database backup files are written to the current directory. 3 As mgradmin, create the backup file: sudo -u backup /usr/sbin/backuptool backup -f filename[.des3] [-k passphrase] where: filename = filename of archive file [.des3] = Optionally use to encrypt file during backup and decrypt during restore [-k passphrase] = Optionally encrypt the file by using a custom encryption passphrase. The filename must use the .des3 extension. A default passphrase will be used if no passphrase is specified. 4 Move this backup file to a safe, off-box location by using the following command-line command as mgradmin: sudo -u backup /usr/sbin/backuptool upload -f filename -s scheme -h hostname -d remote-directory -u username -p password where: filename = filename of archive file scheme = one of FTP,FTPS,SCP host = host name [:port(optional)] (When using FTPS, port is either 21 or 990. Consult your FTP server documentation.) remote-directory = directory on remote host username = username on remote host password = password on remote host Restoring configuration data to the Management Server You can restore configuration data to a Control Center Management Server by using the GUI (the Restore System from Backup window), or by using the command line interface. For procedural information, see the following topics: • Restoring configuration data by using the GUI on page 30 • Restoring data by using the command line on page 30 For information about restoring data when a complete failure has occurred to a standalone Management Server or one or more servers in a high availability (HA) configuration, see Disaster recovery restoration for Management Servers on page 33. If you want to restore configuration backup files from Management Servers in an HA configuration, you should use the command line tools. For more information, see Restoring data by using the command line on page 30. However, you can restore full backup files for HA Management Servers by using the GUI. See Restoring configuration data by using the GUI on page 30. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 29
  • 30. Managing configuration data for the Management Server Restoring configuration data by using the GUI Use the Restore System from Backup window to restore a user-defined configuration file that is stored locally or off-box or to restore a system-generated configuration file that was automatically generated before a retrieve was performed. The system-generated backups that are displayed on this window contain the cg_configuration database data only, which includes all of the firewall configuration data, configurable objects data, certificates, and similar data. For more information about this window, see Restoring the Management Server configuration files from a backup file on page 126. 1 If configuration domains are activated, you must access the Restore System from Backup window from the Administration Tool. From the System menu, select Restore System…. The Restore System from Backup window is displayed. or If configuration domains are not activated, in either the Configuration Tool or the Administration Tool, from the System menu, select Restore System…. The Restore System from Backup window is displayed. Tip: If the backup file that you want to restore is stored on the Client system, you can upload the file to the Control Center Management Server by clicking Upload and then following the instructions on the window. After the file has been uploaded, the backup file should be displayed in the list of available backups. 2 Select the backup file to use and click Restore. 3 If this is a local backup, go to the step 5. or If this backup file is located on a remote server, the Remote Username and Password window is displayed. 4 Click Yes to proceed. The following results can occur: • Successful restore of full backup — You will be logged off of the tool and the Management Server will be restarted. You will not be allowed to log back in until the restore has finished. • Successful restore of configuration backup — A message is displayed, indicating that the restoration was successful and advising you to log out and to restart the Management Server. Click OK and take the recommended actions—log out, restart the Management Server, and then log in again. • Failed to restore — If the errors cannot be resolved, contact Technical Support for additional assistance. Restoring data by using the command line The following procedures address restoration of various components of configuration data by using the command line interface: Note: Before you continue on with the command line procedures, make sure that you see dbadmin and root user accounts and using the command line on page 25 and Backuptool command overview on page 26. • Restore all of the databases for a Management Server (restoredb all command) — See Restoring all of the databases for a Management Server on page 31. • Restore a single database for a Management Server (restoredb command) — See Restoring a single database on page 31. • Restore the full Management Server configuration (backuptool restore command) — See Restoring the Management Server configuration files from the command line on page 33. 30 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 31. Managing configuration data for the Management Server Restoring all of the databases for a Management Server 1 Ensure that no other users are accessing the database. 2 Log in as the mgradmin user. 3 Stop all GUI clients, Tomcat, and Secure Alerts because open database connections will interfere with the restore process. To stop Tomcat: su root /etc/init.d/tomcat stop To stop Secure Alerts: su root /etc/init.d/dcserver stop 4 Switch to the dbadmin user. Change the directory to the location where the backup files are located. Ensure that the current directory contains all of the databases that were previously saved by using the /usr/sbin/backupdb all command. Note: When you have configured the Control Center HA Management Server feature, you must remove this functionality before you restore any data. For more information, see Removing the High Availability (HA) configuration feature on page 143. 5 Run the following command: /usr/sbin/restoredb [-d] [-b] all The optional [-d] parameter is used primarily by Technical Support. Use this parameter only if instructed to do so by Technical Support. The [-b] parameter must be specified when the backup being restored was created while the HA feature was operational. Note: During this restoredb session, you will be prompted to specify the password for the root user account several times. You must provide it for the restoration to continue. 6 After successfully restoring the backup file, you should start Tomcat and the Secure Alerts server: To start Tomcat: su root /etc/init.d/tomcat start To start the Secure Alerts server: su root /etc/init.d/dcserver start Restoring a single database 1 Ensure that no other users are currently accessing the database. 2 Log in as the mgradmin user. 3 Stop all GUI clients, Tomcat, and Secure Alerts because open database connections will interfere with the restore process. To stop Tomcat: su root /etc/init.d/tomcat stop To stop Secure Alerts: su root /etc/init.d/dcserver stop To switch to the dbadmin user, run the following command: su dbadmin McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 31
  • 32. Managing configuration data for the Management Server 4 Change directories to the location where the backup is located (for example: /home/dbadmin). If you are restoring a database file from the nightly backups, change the current directory to the nightly backup directory (/opt/security/var/gccserver/nightlybackups). Note: When you have configured the Control Center HA Management Server feature, you must remove this functionality before you restore any data. For more information, see Removing the High Availability (HA) configuration feature on page 143. 5 Run the following command: /usr/sbin/restoredb [-d] [-b] [-k passphrase] database-name backup-file[.des3] where <database-name> is cg_system for the system database, cg_configuration is the name for the configuration database, or cg_events is the name for the events database data that is collected by the Secure Alerts server. The optional [-d] parameter is used primarily by Technical Support. Use this parameter only if instructed to do so by Technical Support. The [-b] parameter must be specified when the backup being restored was created while the HA feature was operational. The optional .des3 file extension indicates that the file will be automatically decrypted. Use the optional [-k] parameter to decrypt the backup file with a custom encryption passphrase if a custom passphrase was specified when the backup file was created. The following example restores an encrypted cg_events database file to the cg_events database on the current Management Server: /usr/sbin/restoredb cg_events cg_events.bak.des3 Note: During this restoredb session, you will be prompted to specify the password for the root user account several times. You must provide it for the restoration to continue. This next example restores a cg_configuration database file that was encrypted with a custom passphrase: /usr/sbin/restoredb -k 'secret' cg_configuration cg_configuration.bak.des3 6 After successfully restoring the backup file, you should start Tomcat and the Secure Alerts server: To start Tomcat: su root /etc/init.d/tomcat start To start the Secure Alerts server: su root /etc/init.d/dcserver start 32 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 33. Disaster recovery restoration for Management Servers Restoring the Management Server configuration files from the command line Use the mgradmin user account to access the backuptool restore command in the /usr/sbin/ directory by using the sudo command. The following command is an example of the restore command of the backuptool and all of the available parameters. To view the procedures that you need to perform for this command, see Restoring all of the databases for a Management Server on page 31, Restoring a single database on page 31, or Restoring the Management Server configuration files from the command line on page 33. It is important that you review these procedures because there are some important prerequisites that are included in them. sudo -u backup /usr/sbin/backuptool restore -f filename[.des3] [-k passphrase] [-L] [-D] [-b] [-i] where: filename = filename of archive file [.des3] = Optionally use to encrypt file during backup and decrypt during restore [-k passphrase] = Optionally use the specified passphrase to encrypt the backup file [-L] = Do not include audit log files [-D] = Do not include database files [-b] = This argument must be specified if file was created when CC HA was active [-i] = Ignore the release level of the backup file For more information about these options, see Backuptool command overview on page 26. Disaster recovery restoration for Management Servers If you have a standalone Management Server or one or both servers in a high availability (HA) configuration that has or have failed completely, the following topics provide procedural information for restoring the Management Server (or Servers): • Restoring a standalone Management Server that has failed completely on page 34 • Restoring a primary Management Server that has failed completely and that is part of a high availability (HA) pair on page 35 • Restoring a backup Management Server that has failed completely and that is part of a high availability (HA) pair on page 36 • Restoring both Management Servers in a high availability (HA) pair that have failed completely on page 37 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 33
  • 34. Disaster recovery restoration for Management Servers Restoring a standalone Management Server that has failed completely If a Control Center Management Server experiences a total system failure and it must be recovered from backup, perform the following steps: 1 Perform a complete installation of the Control Center Management Server on the new server by using the USB flash drive that was included with the Control Center. Follow the installation instructions. 2 Log into the Management Server console as the mgradmin user. 3 Make sure that the backup user has access to the current directory (for example, /tmp). Then run the backuptool command as listed below to move the backup file to be restored into the current directory location. cd /tmp sudo -u backup /usr/sbin/backuptool download -f filename -s scheme -h hostname -d remote-directory -u username -p password where: filename = path and filename of archive file scheme = one of FTP,FTPS,SCP hostname = host name [:port (optional)] (When using FTPS, port is either 21 or 990. Consult your FTP server documentation.) remote-directory = directory on remote host username = username on remote host password = password on remote host 4 Stop all GUI clients, Tomcat, and Secure Alerts because open database connections will interfere with the restore process. To stop Tomcat: su root /etc/init.d/tomcat stop To stop Secure Alerts: su root /etc/init.d/dcserver stop 5 The backup file can now be restored. When the backup is restored, the backuptool will check to make sure that the release level of the backup file matches the release that is currently running on the Control Center Management Server. If the release levels do not match, the backup will not be restored. If the backup file was created by using the command line process, any components that were excluded from the backup (such as database backups or audit log files) should be indicated during the restore process by using the [-L] and [-D] parameters. As mgradmin, issue the command line restore command: sudo -u backup /usr/sbin/backuptool restore -f filename[.des3] [-k passphrase] [-L] [-D] [-b] [-i] where: filename = filename of archive file [.des3] = Optionally use to encrypt file during backup and decrypt during restore [-k passphrase] = Optionally use the specified passphrase to encrypt the backup file [-L] = Do not include audit log files [-D] = Do not include database files [-b] = This argument must be specified if file was created when CC HA was active [-i] = Ignore the release level of the backup file 34 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 35. Disaster recovery restoration for Management Servers 6 After successfully restoring the backup file, you should start Tomcat and the Secure Alerts server: To start Tomcat: su root /etc/init.d/tomcat start To start the Secure Alerts server: su root /etc/init.d/dcserver start 7 After Tomcat and the Secure Alerts server have been restarted, you can log into the Management Sever by using any of the client tools in the Client Suite of tools to continue managing your firewalls. No certificates need to be re-issued because they have been restored from the backup. Restoring a primary Management Server that has failed completely and that is part of a high availability (HA) pair If you have two Management Servers that are configured as an HA pair and the primary Management Server has a complete failure, refer to the following high-level steps to recover from this event: 1 Using the GUI, log into the backup Management Server. You are prompted to switch this backup server to be the primary server. If you select to do so, the backup server is promoted to the primary server and, after a brief period of time, you are logged into the Client tool. If you choose not to change the role, you cannot proceed. 2 Remove the High Availability (HA) feature from the backup server by running the High Availability Removal Wizard. (From the System menu, select High Availability Removal Wizard…. The wizard starts.) The HA feature will be removed from this server. At this point, you no longer have a primary server. You have a standalone server that was your original backup server. From this point forward in this procedure, this server will be referred to as the old server. Verify that the removal wizard successfully removed the HA feature: a Go to the Administration Tool and open the Backup Server Status page. (From the System menu, select Backup Server Status….) If the removal wizard was successful, this page will be blank. Continue on to step b. However, if any data is displayed on this page (as in the backup Management Server displays a status of FAILED), the removal was not successful. Continue on to step b and then to step c. b The removal wizard generates an haStop.log log file. View the contents of this log file in the Server Logs window. (From the Administration Tool System menu, select Server Logs…. Then select the High Availability Setup node and then the haStop.log node.) If you see information at the end of this log that indicates something other than the configuration completed, the removal wizard was not successful. c If either step a or b or both steps were unsuccessful, you must troubleshoot this problem. Go back to the Configuration Tool for the old backup server and try to run the High Availability Removal wizard again. If it is not available to you (that is, you see the High Availability Setup menu option as opposed to the High Availability Removal menu option), you must contact Technical Support. 3 Create a new Management Server (hereafter referred to as the replacement server) to replace the failed primary server by re-installing the Control Center Management Server software and ensuring that licensing and any applicable patches are in place. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 35
  • 36. Disaster recovery restoration for Management Servers 4 On the old server, run the High Availability Setup wizard and specify the replacement Management Server as the backup server. (From the System menu, select High Availability Setup Wizard….) You must run the High Availability Setup wizard from the old server and not from the replacement server because the old server has the current management data. If you run the High Availability Setup wizard from the replacement server, the old server's data will be lost. At that point, you will need to restore your data from a full backup. See Restoring both Management Servers in a high availability (HA) pair that have failed completely on page 37". 5 The last step depends on whether you want to make the replacement Management Server the new primary server or keep the old server as the new primary server. • To switch server roles and make the replacement Management Server the primary server, log out of the old server and log into the replacement server. You are asked whether to make this server the new primary server. Click OK. You now have a new primary server with your old server resuming its backup role. or • To maintain the current backup role of the replacement server as it has been configured by the High Availability Setup wizard, no additional steps are required. Restoring a backup Management Server that has failed completely and that is part of a high availability (HA) pair In this scenario, the primary Management Server in an HA pair is running. However, the backup Management Server has failed completely. You want to add a new backup Management Server to your HA pair. 1 On the primary Management Server, log into the Administration Tool and run the High Availability Removal wizard. Verify that the removal wizard successfully removed the HA feature: a Go to the Administration Tool and open the Backup Server Status page. (From the System menu, select Backup Server Status….) If the removal wizard was successful, this page will be blank. Continue on to step b. However, if any data is displayed on this page (as in the backup Management Server displays a status of FAILED), the removal was not successful. Continue on to step b and then to step c. b The removal wizard generates an haStop.log log file. View the contents of this log file in the Server Logs window. (From the Administration Tool System menu, select Server Logs…. Then select the High Availability Setup node and then the haStop.log node.) If you see information at the end of this log that indicates something other than the configuration completed, the removal wizard was not successful. c If either step a or b or both steps were unsuccessful, you must troubleshoot this problem. Go back to the Configuration Tool for the old backup server and try to run the High Availability Removal wizard again. If it is not available to you (that is, you see the High Availability Setup menu option as opposed to the High Availability Removal menu option), you must contact Technical Support. 2 Create a new backup Management Server (hereafter referred to as the replacement server) to replace the failed backup server by re-installing the Control Center Management Server software and ensuring that licensing and any applicable patches are in place. 3 Go back to the primary Management Server and run the High Availability Setup wizard, specifying the replacement server as the backup server. 36 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 37. Disaster recovery restoration for Management Servers Restoring both Management Servers in a high availability (HA) pair that have failed completely In this scenario, both of the Management Servers in your HA pair have failed completely. You can restore a full backup by using the Upload Backup Wizard from the Restore System from Backup window. For more information, see Uploading a backup configuration file from the Client to the Management Server on page 128. The following procedure is a combination of GUI and command line steps. 1 On the new primary Management Server, install the Control Center Management Server on the device, including all of the license and patch information. 2 On the new backup Management Server, install the Control Center Management Server software on the device, including all of the license and patch information. 3 On the primary Management Server, retrieve the backup data. From the command line, log into the new primary Management Server as mgradmin and specify the following commands: cd /tmp sudo -u backup /usr/sbin/backuptool download -f filename -s scheme -h hostname -d remote-directory -u username -p password where filename = Filename of archive file scheme = one of FTP,FTPS,SCP hostname = host name [:port (optional)] (When using FTPS, port is either 21 or 990. Consult your FTP server documentation.) remote-directory = Directory on the host username = Username on the host password = Password on the host 4 Stop all GUI clients, Tomcat, and Secure Alerts because open database connections will interfere with the restore process. To stop Tomcat: su root /etc/init.d/tomcat stop To stop Secure Alerts: su root /etc/init.d/dcserver stop 5 Restore the retrieved backup data to the primary Management Server by specifying the following commands: sudo -u backup /usr/sbin/backuptool restore -f filename[.des3] [-k passphrase] [-L] [-D] -b where [.des3] = Optionally use to encrypt file during backup and decrypt during restore [-k passphrase] = Optionally use the specified passphrase to encrypt the backup file [-L] = Excludes files in /opt/security/var/gccserver/auditlogs from the backup or restore operation [-D] = Excludes files in /opt/security/var/gccserver/cfgbackups and in /opt/security/var/gccserver/nightlybackups from the backup or restore operation -b = Treats the backup file as having been created on a CC HA system McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 37
  • 38. Adding firewalls 6 After successfully restoring the backup file, you should start Tomcat and the Secure Alerts server: To start Tomcat: su root /etc/init.d/tomcat start To start the Secure Alerts server: su root /etc/init.d/dcserver start 7 On the primary Management Server, log into the Administration Tool and run the High Availability Removal Wizard. (From the System menu, select High Availability Removal Wizard…. The wizard starts.) When the wizard has completed, the Control Center Management Server will be ready to re-establish HA. 8 On the same (primary) Management Server, run the High Availability Setup Wizard. (From the System menu, select High Availability Setup Wizard…. The wizard starts.) When the wizard has completed, the HA feature will have been configured on your two Management Servers. Adding firewalls A firewall must be configured and enrolled before it can be managed by the Control Center. • If you have a new, unconfigured firewall, you can use the rapid deployment option. See Adding firewalls by using rapid deployment registration on page 38. • If you have a standalone firewall that already has a configured policy, or if you have an HA cluster, use the manual registration procedure. See Adding firewalls by using manual registration on page 39. Note: To simultaneously manage groups of related objects, see Overview of configuring a cluster on the McAfee Firewall Enterprise Admin Console on page 225. Adding firewalls by using rapid deployment registration Use the rapid deployment method if you have a new, unconfigured firewall. Do not use this method if you want to use the firewall in a managed High Availability (HA) cluster. To register your firewall during its initial configuration: 1 Begin the McAfee Firewall Enterprise Quick Start Wizard. On the Control Center Registration window, select the Auto-register to Control Center checkbox. Complete these fields: • Primary Server host name — Specify the fully qualified domain name (FQDN) of the Control Center Management Server. If you are using a High Availability Management Server configuration, specify the node name of the active Management Server. • Primary Server IP address — Specify the IP address of the Control Center Management Server. • Sign Up password — Specify a password that will be used when you enroll this firewall by using the Control Center Configuration Tool. The password must be a minimum of eight characters and a maximum of 256 characters. You can use a default password for all of your firewalls or specify unique passwords for each firewall. 2 Complete the initial configuration. 3 In the Control Center Configuration Tool, select the Firewalls group bar. Right-click the Firewalls node and select Sign Up Firewalls…. The Sign Up Firewalls window is displayed. 4 [Conditional] If you used the same password when registering each firewall, specify that password in the Default Sign Up Password field. 38 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 39. Adding firewalls 5 Provide the FQDN, IP address, and password for each firewall that has been configured by using the rapid deployment option by performing either of the following steps: • In the table, specify registration information for each firewall. Starting with the Host Name field, specify the FQDN, IP address, and password for a firewall that was registered by using the rapid deployment option. Repeat this step for each firewall that is ready to be registered. • Import registration information for multiple firewalls from a file. a Create a a space-delimited text file that contains a host name and IP address for each firewall that has been prepared for enrollment. The following list is an example: fw1.company.net 172.26.113.171 fw2.company.net 198.115.56.121 fw3.company.net 191.21.115.101 b Click Import and then browse to the file that you created in the step a. The Sign Up Firewalls window is populated with information from the text file. c In the Password field, specify the sign up password for each firewall. Tip: If a password is not specified for a particular firewall, the value in the Default Sign Up Password field is used. 6 Click OK and then confirm that you want to register these firewalls. The Deployment Status Report is displayed. • If the status value is Operation successful, the Control Center successfully connected to that firewall. • If the status value is Operation failed, double-click Details and address the issue that is described there. After the Control Center successfully connects to a firewall, you must retrieve its policy. This must be done on an firewall-by-firewall basis. 7 In the Configuration Tool, make sure that the Firewalls group bar is selected. 8 Select the Firewalls node to display the list of firewalls. 9 Perform the following steps to retrieve the necessary objects: a Right-click the firewall that you have just added and select Retrieve Security Device Objects. The Firewall Retrieval Options window is displayed. b In the Retrieval Item Description column heading, right-click and select Select All. Note: If you have previously retrieved items from this firewall, consider clearing some of the checkboxes, such as rules, to avoid creating duplicates of those items. c Click OK. The Control Center initiates a connection with the firewall and retrieves the selected items. Adding firewalls by using manual registration Use this procedure if you are registering: • A standalone firewall that already has a configured policy. • An existing HA cluster. To register a firewall to your Control Center Management Server after the firewall is fully operational: 1 In the McAfee Firewall Enterprise Admin Console, register the target firewall or cluster to the Control Center Management Server: a Select Maintenance > Control Center Registration. b Specify the hostname and IP address of the Control Center Management Server. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 39
  • 40. Adding firewalls c [Optional] If you are using a High Availability Control Center Management Server configuration, select the Configure backup server checkbox. • In the Backup Server Name field, specify the host name of the Management Server that is acting as a backup to the active Management Server. • In the IP Address field, specify the IP address of the Management Server that is acting as a backup to the active Management Server. d Click Register with the Control Center Now. An authentication window is displayed. e Specify the Control Center administrator user name and password and click OK 2 In the Control Center Configuration Tool, make sure that the Firewalls group bar is selected and perform one of the following steps: • If you are registering a standalone firewall, right-click the Firewalls node and select Add Object. The Add New Firewall window is displayed. Specify the required information about the firewall. For more information about this window, see Registering a firewall manually on page 166. • If you are registering a cluster, right-click the Clusters node and select Add Object. The Add Cluster window is displayed. Specify the following information about the cluster: • In the Cluster Name field, specify any name that quickly identifies the cluster. Do not use the fully qualified domain name (FQDN) of either cluster member node. • In the Cluster Mgmt Address field, specify the management address for the cluster node. • In the Version field, specify the software version of the cluster. 3 In the Retrieval Items tab, right-click the column heading and select Unselect All. This instructs the Control Center to establish connectivity without passing policy information. This saves time during an initial firewall registration if the firewall is unreachable for some reason. 4 Click OK. The Control Center attempts to connect to the firewall. 5 Verify communication between the firewall and the Management Server. From the Reports menu, select Firewall Status and verify that a green light appears next to the firewall. 6 After a connection has been established, go back to the Firewalls group bar and select the Firewalls node or the Clusters node, depending on the object that you are configuring. 7 Perform the following steps to retrieve the necessary objects: a Right-click the firewall that you just added and select Retrieve Firewall Objects. The Firewall Retrieval Options window is displayed. b In the Retrieval Item Description column heading, right-click and select Select All. Note: If you have previously retrieved items from this firewall, consider clearing some of the checkboxes, such as rules, to avoid creating duplicates of those items. Performing multiple retrievals of the same objects is not recommended. c Click OK. A system update message is displayed. d Click Yes. The Control Center initiates a connection with the firewall and retrieves the selected items. After the Control Center has successfully connected to the firewall and has retrieved the selected items, you can begin managing policy information for that firewall. 40 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 41. Managing firewall interfaces Managing firewall interfaces The internal and external network interfaces of the firewall are defined during initial configuration. However, you can configure additional interfaces to suit the needs of your network infrastructure. The firewall can be used in any or all of the following ways: • As a gateway between your internal network and the Internet. • As a gateway between any networks with different security needs. • As a transparent firewall inside of a single network. Traffic is passed through the firewall by arriving on one interface and leaving on a different interface. The relationship between configured interfaces can be classified in the following ways: • Routed – A firewall interface is connected to each unique network, and the firewall allows traffic to pass between the networks like a router, which enforces your security policy. For more information, see Routed mode on page 41. • Transparent (bridged) – Two firewall interfaces are connected inside of a single network and are bridged to form one transparent interface. Traffic passes through the firewall like a switch, allowing you to enforce security policy inside the network without having to re-address the network. In other words, this firewall can be placed anywhere inside of your network without having to reconfigure your network. For more information, see Transparent (bridged) mode on page 41. Note: You can configure only one transparent interface (bridge) on each firewall. The routed and transparent modes are not exclusive; your firewall can be simultaneously configured with a single bridged interface and additional routed interfaces. This is called hybrid mode. Routed mode In routed mode, your firewall is deployed at the intersection of multiple networks. • The firewall is connected to each network by a network interface. • Each firewall interface must be assigned a unique IP address in the connected subnet. • The protected networks must be unique—each network must be a different subnet. • Hosts in a protected network communicate with other networks by using the firewall’s IP address as their gateway. • Each firewall interface is assigned to a unique burb. When traffic attempts to cross from one burb to another, the configured security policy is enforced. For examples of deploying a firewall in single or multiple networks, see McAfee Firewall Enterprise (Sidewinder) Administration Guide. Transparent (bridged) mode In transparent (bridged) mode, your firewall is deployed inside of a single network. A transparent interface consists of two interfaces that are connected inside of the same network and that are assigned to unique burbs. The following table shows the default firewall interface configuration. These interfaces, or any other two interfaces, can be used to configure a transparent interface. Table 4 Standard interfaces User defined interface name NIC or NIC Group Burb name external_network em0 external internal_network em1 internal McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 41
  • 42. Navigating the Control Center user interface The following table shows a transparent interface that is configured by using the default interfaces. Note that bridge0 consists of em0 and em1. Table 5 Transparent interface User defined transparent interface name NIC or NIC Group bridged_network bridge0 (em0, em1) When traffic attempts to cross the transparent interface (from one burb to the other), a rule check is performed to enforce security policy. Because hosts inside of the network are not aware that the firewall is deployed, they communicate with each other as though they were directly connected by a switch. • If two hosts reside in the same burb (that is, on the same side of the transparent interface), they communicate directly over the network and no security policy is enforced. • If two hosts reside in different burbs (that is, on different sides of the transparent interface), they communicate through the firewall and security policy is enforced. For examples of transparently enforcing security policy inside of a single subnet or transparently protecting a single network, see McAfee Firewall Enterprise (Sidewinder) Administration Guide. For information about how to configure a transparent interface, see Creating a transparent (bridged) interface on page 179. Navigating the Control Center user interface The Control Center Client Suite has four tools that have a similar design and navigation, although the functionality of each tool is mostly unique. (You can access some features from more than one tool and, in some situations, from all of the tools.) The following figure is an example of the Configuration Tool main window, which is the most complex of all of the tool main windows. Figure 4 Example of the Control Center Client Suite main window Menu bar Toolbars Object Configuration area Page area Docking pin Work area Group bars Status bar 42 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 43. Navigating the Control Center user interface Each tool consists of the following graphical interface areas: • Main window — The main window is displayed after you have successfully logged into one of the Control Center tools. For information about the main window for each tool, see the following: • Administration Tool main window on page 44 • Configuration Tool main window on page 45 • Reporting and Monitoring Tool main window on page 48 • Software Updates Tool main window on page 49 • Menus — Each Control Center tool has menus that are shared with other tools, that are unique to that tool, and that are unique to a specific feature of that tool. For information about the tool menu for each tool, see the following: • Administration Tool menus on page 50 • Configuration Tool menus on page 56 • Reporting and Monitoring Tool menus on page 62 • Software Updates Tool menus on page 66 • Toolbars — Each Control Center tool has various toolbars that can be displayed, depending on the page that is displayed in the work area.You can also customize any toolbar. For information about the toolbar for each tool, see the following: • Administration Tool toolbars on page 70 • Configuration Tool toolbars on page 70 • Reporting and Monitoring Tool toolbars on page 73 • Software Updates Tool toolbars on page 76 • Page area — Each Control Center tool has a page area to display the associated page that is displayed in the work area. Any page that is currently active in the work area can be closed and removed from the tab area by selecting the icon on the right corner of the page area. There are many different pages, depending on your toolbar and menu selections. For example, every tool has a Start page. • Docking pin — Each Control Center tool has a docking pin to manage the Object Configuration area and Group bars. This feature allows for more visible area in the main screen when viewing pages in the work area. Use the appropriate options on the View menu to reveal or hide the data that is displayed in the Object Configuration area and in the Group bars. • Work area — This portion of the GUI is where the data that is associated with the pages is displayed when the associated tab for the page is selected. • Group Bars — [Available only in the Configuration Tool and the Reporting and Monitoring Tool] These two tools have group bars that assist in accessing object trees. Select the group bar and then select the node in the tree with which you want to work. • Status Bar — Each Control Center tool has a status bar in which different information is displayed. For information about the status bar for each tool, see the following information: • Administration Tool: Status bar on page 45 • Configuration Tool: Status bar on page 47 • Reporting and Monitoring Tool: Status bar on page 49 • Software Updates Tool: Status bar on page 50 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 43
  • 44. Navigating the Control Center user interface In addition to the window- and page-specific descriptions, there is additional functionality that is provided in the Control Center Client Suite to help you configure and manage the security policy for your firewalls. • Shortcut keys — Each menu bar has a keyboard shortcut to allow faster selection if you prefer to access these items by keyboard as opposed to the mouse. As is the Windows standard, the keyboard shortcut is indicated by an underscore (_) beneath the letter in the menu or menu option name. Press this character on the keyboard to select the menu option. • Right-click menus — Right-click menus are available for the objects that appear in the Object Configuration area of the Administration Tool, Configuration Tool, and the Reporting and Monitoring Tool. You can also use the right-click menu in the pages that appear in the work area of the various tools. Many of these menu options are also accessible through another way in the Tool, such as a menu option, a tool on the toolbar, or a button on the interface itself. • Edit status column — Many tables include an Edit column that identifies the edit status of a row in a table. The following icons can be displayed: • [blank] — Indicates an existing line with associated values that is not the currently selected line. • — Indicates that this row is the one that is being edited. • — Indicates that you are creating a new row or entry. • — Indicates that this row is currently selected and it contains previously specified values. Administration Tool main window Use the following areas of the Administration Tool main window to manage the administrative functions that are associated with operating the Control Center. For more information, see Administration Tool on page 79. Administration Tool: Menu bar The Menu bar on the Administration Tool includes all of the menus and menu options for the Administration Tool. There are some menu options that are shared by all of the Client Suite tools and there are others that are unique. To view the Administration Tool menu information, see Administration Tool menus on page 50. Administration Tool: Users and Roles toolbar Use the Users and Roles toolbar to manage the Control Center users and their assigned roles. You can access all of the defined users and all of the defined roles in this area. For more information, see Control Center users on page 81 and Control Center roles on page 89. Administration Tool: Page area Use the tab area to display or close tool-specific pages. For the Administration Tool, the following pages can be displayed: • Start Page • Audit Trail • Backup Server Status Administration Tool: Work area Use this area to view the data that is associated with tabs or pages. Administration Tool: Docking pin Use the docking pin to hide the Users and Roles toolbar. By hiding the toolbar, you can have more visible area in the main screen when you are viewing one of the tabs. When the pin is undocked, you can access the Users and Roles toolbar by moving the mouse over the Object Configuration tab on the upper left side of the main window. 44 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 45. Navigating the Control Center user interface Administration Tool: Status bar Use the status bar to view the following information: • Management Server — [Read-only] Displays the name and connection status of the Management Server. • Users — [Read-only] Displays the name, IP address, and number of tools that the user is currently logged into for each user who is currently logged into this domain of the Management Server. A message is displayed to all other users who are currently running a specific tool when another user logs in or out of the Management Server. The status bar will be updated accordingly. • Date/Time — [Read-only] Displays the current date and time. • License Status — [Read-only] Displays the license status of the Management Server. To view your license configuration from any tool in the Client Suite, move the pointer over the license icon that is located in the lower right corner of the status line. A ToolTip displays the duration of the shortest license and the accumulated licenses for each firewall in your configuration. For more complete information about the status of the licensing, open the Administration Tool and select License… from the System menu. One of the following icons will be displayed: • Valid license — Indicates that the program is fully licensed. For more information, see Licensing the Control Center Management Server on page 104. • Demo version — Indicates that the program is a demo version and it cannot connect to a firewall. • Evaluation version — Indicates that this program is an evaluation license. The evaluation license may be restricted to managing a limited number of firewalls for 30, 60, or 90 days. When the evaluation license is within five (5) days of its expiration, the number of days that remain in the evaluation are displayed in the current status area, which is located in the lower right corner of the status bar in each tool of the Client Suite. Configuration Tool main window Use the following commands, windows, and options in the user interface for the Control Center Configuration Tool to configure and manage multiple security policies and firewalls. For more information, see Configuration Tool on page 153. Configuration Tool: Menu Bar Each tool in the Control Center Suite has a different set of menu bar menus to correspond to the features and functions of the individual tool. Each menu bar menu has a keyboard shortcut to allow faster selection for users who are more comfortable using the keyboard. These keyboard shortcuts are denoted by an underscore designation on the menu option. These are the menus for the Configuration Tool, along with the functionality that is available in each menu: • File — Load a previously saved configuration from the file system into the Control Center database, save the entire Control Center configuration to a file, or exit the Configuration Tool. • View — Access the Start page, Rules page, and Alert Processing Rules page in the work area, access the various configurable objects in the Objects toolbar, and access options to hide or display the various toolbars that accompany the user interface. • Configuration — Validate and apply configuration changes to supported firewalls, lock objects to prevent multiple users from making simultaneous changes to the same objects, back up an individual firewall configuration, and apply user-defined sorting views to simplify the management of multiple firewalls. • System — Access the Device Control window. Use the Device Control window to manage firewalls. You can initiate various shutdown or suspend states on selected firewalls. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 45
  • 46. Navigating the Control Center user interface • Reports — Access firewall status information, view configuration and validation reports, or access the Control Center audit trail report. • Tools — Start the other tools in the Control Center Client Suite. You can initiate only one instance of each tool on a single system. If the selected tool is already displayed, no action occurs. The tools that appear in the menu differ, depending on the tool that is in use when the Tools menu is accessed. • Rules — [Available only when either the Rules page or the URL Translation Rules page is the active page in the work area] Access the information that is used to manage individual rules. The options that are displayed on the menu vary, depending on the specific page that is displayed when the Rules menu is accessed. • Window — The Window menu is universally available on all of the tools in the Control Center Client Suite. Use the options on this menu to control the layout of objects and components in the Control Center Client Suite. • Help — The Help menu is universally available on all of the tools in the Control Center Client Suite. Use the options on this menu to obtain context-sensitive help for using the features and fields that are associated with each window, to obtain additional information about the services and features that are associated with each tool, and to obtain background information about specific concepts that are associated with using or operating the Control Center. Configuration Tool: Toolbars The Configuration Tool Toolbar has an Actions toolbar, a Rule Options toolbar, an Alert Processing Rules Options toolbar, a System/Attack Responses toolbar, and a URL Rules Options toolbar that provide options to access the various fields, buttons, and commands that are associated with the Configuration Tool. Right-click in the toolbar area to manage individual toolbars. Configuration Tool: Page area Use the tab area to display the associated tab for a page that is displayed in the work area. Any page that is currently active in the work area can be closed and removed from the tab area by clicking in the right corner of the tab area. To the left of this icon is , which allows you to select any available page to view from the displayed list. There are many different tabs, depending on your toolbar and menu selections. The following list is an example of some of these pages: • Start page — This page provides introductory information. • Firewall Status page — View a status summary of the firewalls that are configured for your operation. You can also use this page to quickly determine the status information about the operation of each firewall in your configuration. For more information, see Viewing the overall status of your firewalls on page 574. • Rules page —View a complete list of the rules that have been defined on your system. You can also use this page to view, add, insert, change, delete, or prioritize rules. For more information about the Rules page, see Creating, viewing, or modifying rules on page 528. • Object Details page — View data that is related to all of the objects for the object type node that was selected in the tree. For more information, see Viewing details about objects on page 160. • Alert Processing Rules page — View a complete list of the alert processing rules that available. For more information, see Viewing alert processing rules on page 564. • Configuration Status Report page — Use this page to view information about the propagation of configuration data from the Control Center database to each selected firewall. When the Configuration Status Report window is displayed, the propagation status is refreshed every 15 seconds. For more information, see Viewing configuration information about each firewall on page 584. • Validation Status Report page — Use this page to view the status of the validation process for each of the firewall configurations in the Control Center database and to view the differences between the current configuration and the proposed configuration of a firewall. For more information, see Viewing the status of Apply Configurations on page 593. 46 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 47. Navigating the Control Center user interface Configuration Tool: Docking pin Use the docking pin to manage the Object Configuration area and the Object Details page). You can use this docking pin to hide or display toolbars so that you can have more visible area in the main screen when you are viewing one of the tabs. Use the appropriate options on the View menu to display or hide the data that is displayed in the Object Configuration area or to show or hide the Object Details page. Configuration Tool: Work area Use this area to view the data that is associated with tabs or pages. Configuration Tool: Object Configuration area Use this area to view, create, modify, and manage the configurable objects that form the foundation data that is used to manage a security policy. Use the docking pin controls or the appropriate options on the View menu to display or hide the data that is displayed in the Object Configuration area. Configuration Tool: Group bars Use the Group bars to access object trees, which, in turn, allow you to work with the objects. The Configuration Tool has the following group bars: • Firewalls — The object tree in this group bar includes firewalls, clusters, cluster members, and device groups. For more information, see Configuration Tool - Firewalls on page 163. • Firewall Settings — The object tree in this group bar includes all of the objects that can be configured for firewalls, including such objects as network defenses and global settings. For more information, see Configuration Tool - Firewall Settings on page 263. • Policy — The object tree in this group bar includes objects that are used to determine the policy for your firewalls, such as rules, application defenses, and authenticators. For more information, see Configuration Tool - Policy on page 333. • Monitor — The object tree in this group bar includes objects that are used to monitor different types of data for firewalls, such as IPS attack and system responses, audit events, and so on, plus several reports. For more information, see Configuration Tool - Monitor on page 573. • Maintenance — The object tree in this group bar includes objects that are used to maintain the firewall, such as licensing, and to maintain the Control Center Management Server, such as backing up and restoring the Management Server. For more information, see Configuration Tool - Maintenance on page 647. Configuration Tool: Status bar Use the status bar to view the following information: • Management Server — [Read-only] Displays the name and connection status of the Management Server. • Users — [Read-only] Displays the name, IP address, and number of tools that the user is currently logged into for each user who is currently logged into this domain of the Management Server. A message is displayed to all other users who are currently running a specific tool when another user logs in or out of the Management Server. The status bar will be updated accordingly. • Date/Time — [Read-only] Displays the current date and time. • License Status — [Read-only] Displays the license status of the Management Server. To view your license configuration from any tool in the Client Suite, move the pointer over the license icon that is located in the lower right corner of the status line. A ToolTip displays the duration of the shortest license and the accumulated licenses for each firewall in your configuration. For more complete information about the status of the licensing, open the Administration Tool and select License… from the System menu. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 47
  • 48. Navigating the Control Center user interface One of the following icons will be displayed: • Valid license — Indicates that the program is fully licensed. For more information, see Licensing the Control Center Management Server on page 104. • Demo version — Indicates that the program is a demo version and it cannot connect to a firewall. • Evaluation version — Indicates that this program is an evaluation license. The evaluation license may be restricted to managing a limited number of firewalls for 30, 60, or 90 days. When the evaluation license is within five (5) days of its expiration, the number of days that remain in the evaluation are displayed in the current status area, which is located in the lower right corner of the status bar in each tool of the Client Suite. Reporting and Monitoring Tool main window Use following areas of the Reporting and Monitoring Tool to monitor and manage alerts, select and investigate chronological activities that are recorded by firewalls, generate and view standard and custom reports, and observe overall firewall status. For more information, see Reporting and Monitoring Tool on page 671. Reporting and Monitoring Tool: Menu bar The Menu bar on the Reporting and Monitoring Tool includes all of the menus and menu options for the Reporting and Monitoring Tool. There are some menu options that are shared by all of the Client Suite tools and there are others that are unique. To view the Reporting and Monitoring Tool menu information, see Reporting and Monitoring Tool menus on page 62. Reporting and Monitoring Tool: Toolbar The Reporting and Monitoring Tool has a Firewalls and Reports toolbar that provides options to access the tabs, fields, buttons, and windows that you use to manage alerts and generate firewall-specific and audit log reports. For more information, see Reporting and Monitoring Tool toolbars on page 73. Reporting and Monitoring Tool: Page area Use the page area to display or close tool-specific pages. For the Reporting and Monitoring Tool, the following pages can be displayed: • Start Page • Firewall Status • Alert Browser • Audit Trail • Secure Alerts Server Status Reporting and Monitoring Tool: Work area Use this area to view the data that is associated with tabs or pages. Reporting and Monitoring Tool: Docking pin Use the docking pin to hide the toolbar. By hiding the toolbar, you can have more visible area in the main screen when you are viewing one of the tabs. When the pin is undocked, you can access the toolbar by moving the mouse over the Object Configuration tab on the upper left side of the main window. 48 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 49. Navigating the Control Center user interface Reporting and Monitoring Tool: Status bar Use the status bar to view the following information: • Management Server — [Read-only] Displays the name and connection status of the Management Server. • Users — [Read-only] Displays the name, IP address, and number of tools that the user is currently logged into for each user who is currently logged into this domain of the Management Server. A message is displayed to all other users who are currently running a specific tool when another user logs in or out of the Management Server. The status bar will be updated accordingly. • Date/Time — [Read-only] Displays the current date and time. • License Status — [Read-only] Displays the license status of the Management Server. To view your license configuration from any tool in the Client Suite, move the pointer over the license icon that is located in the lower right corner of the status line. A ToolTip displays the duration of the shortest license and the accumulated licenses for each firewall in your configuration. For more complete information about the status of the licensing, open the Administration Tool and select License… from the System menu. One of the following icons will be displayed: • Valid license — Indicates that the program is fully licensed. For more information, see Licensing the Control Center Management Server on page 104. • Demo version — Indicates that the program is a demo version and it cannot connect to a firewall. • Evaluation version — Indicates that this program is an evaluation license. The evaluation license may be restricted to managing a limited number of firewalls for 30, 60, or 90 days. When the evaluation license is within five (5) days of its expiration, the number of days that remain in the evaluation are displayed in the current status area, which is located in the lower right corner of the status bar in each tool of the Client Suite. Software Updates Tool main window Use the following areas of the Software Updates Tool to manage the software updates functions associated with operating the Control Center. For more information, see Software Updates Tool on page 691. Software Updates Tool: Menu bar The Menu bar on the Software Updates Tool includes all of the menus and menu options for the Software Updates Tool. There are some menu options that are shared by all of the Client Suite tools and there are others that are unique. To view the Software Updates Tool menu information, see Reporting and Monitoring Tool menus on page 62. Software Updates Tool: Toolbar The Software Updates Tool has the Action toolbar that is used to access the main page options that are available in the work area and an options toolbar that is associated with each main page. For more information, see Customizing a toolbar on page 70. Software Updates Tool: Page area Use the page area to display or close tool-specific pages. For the Software Updates Tool, the following pages can be displayed: • Start Page • Install Updates page • Store Updates page • Firewall Configuration Backup page McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 49
  • 50. Navigating the Control Center user interface Software Updates Tool: Work area Use this area to view the data that is associated with tabs or pages. Software Updates Tool: Status bar Use the status bar to view the following information: • Management Server — [Read-only] Displays the name and connection status of the Management Server. • Users — [Read-only] Displays the name, IP address, and number of tools that the user is currently logged into for each user who is currently logged into this domain of the Management Server. A message is displayed to all other users who are currently running a specific tool when another user logs in or out of the Management Server. The status bar will be updated accordingly. • Date/Time — [Read-only] Displays the current date and time. • License Status — [Read-only] Displays the license status of the Management Server. To view your license configuration from any tool in the Client Suite, move the pointer over the license icon that is located in the lower right corner of the status line. A ToolTip displays the duration of the shortest license and the accumulated licenses for each firewall in your configuration. For more complete information about the status of the licensing, open the Administration Tool and select License… from the System menu. One of the following icons will be displayed: • Valid license — Indicates that the program is fully licensed. For more information, see Licensing the Control Center Management Server on page 104. • Demo version — Indicates that the program is a demo version and it cannot connect to a firewall. • Evaluation version — Indicates that this program is an evaluation license. The evaluation license may be restricted to managing a limited number of firewalls for 30, 60, or 90 days. When the evaluation license is within five (5) days of its expiration, the number of days that remain in the evaluation are displayed in the current status area, which is located in the lower right corner of the status bar in each tool of the Client Suite. Administration Tool menus The following menus are available in the Administration Tool: • File — Administration Tool: File menu on page 50 • View — Administration Tool: View menu on page 51 • Users — Administration Tool: Users menu on page 51 • Roles — Administration Tool: Roles menu on page 51 • Configuration Domains — Administration Tool: Configuration Domains menu on page 52 • Audit Trail — Administration Tool: Audit Trail menu on page 52 • System — Administration Tool: System menu on page 53 • Tools — Administration Tool: Tools menu on page 54 • Window — Administration Tool: Window menu on page 55 • Help — Administration Tool: Help menu on page 55 Administration Tool: File menu Select Exit in the File menu to close the Administration Tool. 50 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 51. Navigating the Control Center user interface Administration Tool: View menu Use the View menu options on the Administration Tool to manage the areas that are displayed (or hidden) on the main window. To show each area, make sure that the menu option is selected. To close or hide the area, clear the checkbox or click X on the page or area to close it. This menu has the following options: • Users and Roles — Displays or closes the Users and Roles Object Configuration area. This area displays user, role, and configuration domain objects in a tree. • Start Page — Displays the Start Page (the McAfee Firewall Enterprise Control Center home page) if it has been previously closed. Administration Tool: Users menu Use the Users menu options on the Administration Tool to manage Control Center users. Control Center users are defined as the users who are permitted to log into the various tools in the Control Center Client Suite. For more information, see Control Center users on page 81. To edit, copy, or delete a user, highlight the user in the tree and then select the respective menu option. Note: Control Center users should not be confused with the users who are configured to access firewalls. Control Center users are the users who have access to the tools in the Control Center Client Suite. This menu has the following options: • Add User… — Displays the Control Center User Manager window, in which you can add a Control Center user. For more information, see Configuring Control Center users on page 82. • Modify User… — Displays the Control Center User Manager window, in which you can modify the attributes of an existing user. Highlight the user in the tree and select this menu option. Edit the information and click OK. • Copy User… — Displays the Control Center User Manager window, in which you can use an existing user as the basis of a new user definition. Highlight the user in the tree and select this menu option. Edit the attributes of this copy that you want to be unique and click OK. • Change Password… — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] Displays the Change User Password window, in which you can change the current user’s password. For more information, see Changing user passwords on page 88. • Remove User(s) — Delete the highlighted user or users. Administration Tool: Roles menu Use the Roles menu options on the Administration Tool to manage the roles that are assigned to Control Center users. Roles are created to limit or allow users to perform specific actions or administration-specific activities for specified objects. For more information, see Control Center roles on page 89. To edit, copy, or delete a role, highlight the role in the tree and then select the respective menu option. This menu has the following options: • Add Role… — Displays the Control Center Role Manager window, in which you can add a Control Center role. For more information, see Managing roles for Control Center users on page 90. • Modify Role… — Displays the Control Center Role Manager window, in which you can modify the attributes of an existing role. Highlight the role in the tree and select this menu option. Edit the information and click OK. • Copy Role… — Displays the Control Center Role Manager window, in which you can use an existing role as the basis of a new role definition. Highlight the role in the tree and select this menu option. Edit the attributes of this copy that you want to be unique and click OK. • Remove Role(s) — Delete the highlighted role or roles. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 51
  • 52. Navigating the Control Center user interface Administration Tool: Configuration Domains menu Use the Configuration Domains menu on the Administration Tool to activate and manage configuration domains, and to create and manage configuration versions for configuration domains. For more information about configuration domains, see Configuration domains on page 92. For more information about configuration domain versions and version management, see Configuration domain version management on page 97. To edit, copy, or delete a configuration domain, highlight the configuration domain in the tree and then select the respective menu option. This menu has the following options: • Add Domain… — Displays the Configuration Domain Manager window, in which you can add a Control Center configuration domain. For more information, see Configuring configuration domains on page 95. If configuration domains have not been previously activated, adding a second configuration domain (in addition to the pre-defined Default domain) will activate the configuration domain option. To better understand the implications of activating configuration domains, see Configuration domains on page 92. • Modify Domain… — Displays the Configuration Domain Manager window, in which you can modify the attributes of an existing configuration domain. Highlight the configuration domain in the tree and select this menu option. Edit the information and click OK. • Remove Domain — Delete the highlighted domain and all associated data from the database for this domain. Caution: Deleting a configuration cannot be undone. If a configuration domain is deleted, only a previously saved backup of the entire Management Server configuration data can restore the data. This action restores the configuration data for all of the configuration domains to the conditions that existed when the backup was made. • Manage Versions — [Available only when configuration domains have been activated] Displays the Manage Configuration Domain Versions window, in which you can add, edit, delete, or activate a configuration version. Highlight the configuration domain in the tree (or the Default configuration domain if configuration domains have not been activated) and select this menu option. Edit the information and click OK. For more information about version management, see Configuration domain version management on page 97. Administration Tool: Audit Trail menu Use the Audit Trail menu on the Administration Tool to manage the content of the McAfee Firewall Enterprise Control Center user audit report and view the resulting report. For more information, see Audit data management on page 100. This menu has the following options: • Manage Audit Trail — Displays the Audit Tracking and Archive Management window, in which you can select the settings to be updated in, added to, or removed from the audit trail report. Additionally, you can determine whether this data is to be archived and the way in which it is formatted. For more information, see Managing audit trail information on page 101. • View Audit Trail — Displays the Audit Trail page in the work area, in which you can view the audit report information that is recorded according to the settings that were defined in the Audit Tracking and Archive Management window. For more information, see Viewing audit trail information on page 615. 52 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 53. Navigating the Control Center user interface Administration Tool: System menu Use the System menu on the Administration Tool to manage various options for the Control Center. You can manage the following entities: • Control Center licenses (License option) • Universal system settings (System Settings option) by accessing the options that are used to set these settings • Authentication strategy (Authentication option) • Status of all of the Management Servers when you are using the Control Center High Availability (HA) Management Server option (Backup Server Status option) • System backup and restore commands (Backup System option and Restore System option). This menu has the following options: • License… — Displays the License Management window, in which you can manage the Control Center license. For more information, see Control Center Management Server licensing on page 104. The current status of the license is displayed in the status bar at the lower-right corner of each tool in the Client Suite. Hold the mouse over the license to view a ToolTip that displays the license information. The following versions are available: • Valid license — Indicates that the program is fully licensed. For more information about licensing, see Licensing the Control Center Management Server on page 104. • Demo version — Indicates that the program is a demo version and it will not be able to connect to a firewall. • Evaluation version — Indicates that this program is an evaluation license. The evaluation license may be restricted to managing a limited number of firewalls for 30, 60, or 90 days. When the evaluation license is within five (5) days of its expiration, the number of days that remain in the evaluation are displayed in the current status area, which is located in the lower right corner of the status bar in each tool of the Client Suite. • Network Settings… — Displays the Network Settings window, in which you can view and edit Control Center settings, such as host name, servers (NTP, DNS, and mail), network interfaces (IP address, netmask, broadcast, and gateway) and static routes. For more information, see Configuring Control Center network settings on page 115. • System Settings… — Displays the System Settings window, in which you can set system-wide settings for the disclaimer, user lockout, and default application lockout options. For more information, see Configuring system settings on page 121. • ePolicy Orchestrator settings… — Displays the ePolicy Orchestrator Settings window, in which you can configure the Control Center to communicate with the ePolicy Orchestrator (ePO) server. Use this communication to share data about host objects (displayed on the Control Center), firewalls (displayed on ePO), and the Control Center Management Server (displayed on ePO). To use this communication, you must also configure an ePO user in this window. For more information, see Configuring access to the ePolicy Orchestrator server on page 132. • Server Property Editor… — Displays the Server Property Editor window, in which you can display and edit Control Center Management Server properties and add new properties. For more information, see Configuring Management Server properties on page 664. • Start Ticket… or Stop Ticket… — The menu option that you see depends on whether a ticket has been started. If no ticket has been started, the Start Ticket menu option is displayed. If a ticket has already been started, the Stop Ticket menu option is displayed. When you select Start Ticket, the Ticket window is displayed, in which you can specify the name of the ticket. A ticket is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 53
  • 54. Navigating the Control Center user interface • Server Logs… — Displays the Server Logs window, in which you can manage the Control Center Management Server logs. For more information, see Viewing Management Server logs on page 663. • Authentication… — Displays the Control Center Authentication Configuration window, in which you can define your authentication strategy. For more information, see Authentication on page 145. • Common License Information… — Displays the Common License Information window, in which you can manage Control Center common license information. For more information, see Managing Control Center licenses on page 106. • Backup Server Status… — Displays the Backup Server Status page in the work area, in which you can view the current status of each Management Server that is installed in your configuration if the High Availability (HA) Management Server Configuration is configured for your organization. For more information about HA, see High Availability (HA) on page 136. For more information about this window, see Viewing the status of your backup Management Servers on page 122. • Backup System… — Displays the Backup Control Center System window, in which you can save a backup file of the Management Server. For more information, see Creating backup files of your Management Server data by using the GUI on page 123. • Restore System… — Displays the Restore System from Backup window, in which you can restore the system from a backup file of the Management Server. For more information, see Restoring the Management Server configuration files from a backup file on page 126. • Set Server Date and Time… — Displays the Set Server Date and Time window, in which you can set the Management Server date and time. For more information, see Setting the date and time on the Management Server on page 131. • Change Password… — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] Displays the Change User Password window, in which you can change the current user’s password. For more information, see Changing user passwords on page 88. • Restart Server… — Displays the Restart Server window, in which you can restart the Management Server. For more information, see Restarting the Management Server on page 131. Caution: If you select Yes, the server will be restarted immediately. There is no second confirmation request. • Halt Server …— Stop the Management Server and exit the application. Then click Yes to confirm or No to cancel the action. • High Availability Setup Wizard… or High Availability Removal Wizard… — Displays either the High Availability Setup Wizard or Removal Wizard, depending on your menu selection. Use these wizards to establish or remove the High Availability (HA) Management Server configuration. For more information about these wizards, see Configuring the High Availability (HA) feature on page 140 and Removing the High Availability (HA) configuration feature on page 143. Administration Tool: Tools menu Use the menu options on the Tools menu of any tool to launch another tool using the same user name, password, and Management Server that you are currently using. You cannot log into the same tool more than once from a single client. This menu has the following options: • Configuration Tool… — Displays the Configuration Tool, in which you can configure the firewall, manage multiple firewalls, and implement and enforce security policies across those firewalls. For more information, see Configuration Tool on page 153. • Reporting and Monitoring Tool… — Displays the Reporting and Monitoring Tool, in which you can centrally monitor the status of supported firewalls and generate a wide range of firewall-specific reports. For more information, see Reporting and Monitoring Tool on page 671. 54 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 55. Navigating the Control Center user interface • Software Updates Tool… — Displays the Software Updates Tool, in which you can store, manage, and install software and firmware updates for all deployed firewalls and install Management Server software updates. For more information, see Software Updates Tool on page 691. Administration Tool: Window menu Use the menu options on the Window menu to control the layout of objects and components in the Control Center user interface. This menu has the following options: • Refresh — Refresh the window. • Restore Docking State — Restore the default docking state of the toolbar and the Objects Details page (if applicable for the specific tool). The layout of any open rules tab groups is unaffected by this command. • Cascade — Cascade multiple document windows when MDI Tabbed is cleared. • Tile Horizontal — Horizontally tile multiple document windows when MDI Tabbed is selected. • Tile Vertical — Vertically tile multiple document windows when MDI Tabbed is selected. • MDI Tabbed — Determines whether pages are displayed as windows or tabs that are docked in the rules pane. The default value is selected. When you clear this checkbox, rules pages appear as undocked document windows; they can be cascaded or tiled by using the Cascade, Tile Horizontal, and Tile Vertical menu options, respectively. You can also select the page that is displayed in the work area. Administration Tool: Help menu Use the menu options on the Help menu to obtain context-sensitive help for using the features and buttons that are associated with each window. You can also obtain additional information about the services and features options that are associated with each tool, and background information for specific concepts that are associated with using or operating the Control Center. This menu has the following options: • Contents — Displays a complete list of the main topics of the Control Center help system. Click a main help topic to display the complete subtopic list. • Index — Displays the full index for the Control Center help system. Specify a keyword to find a particular entry in the index. • Search — Searches the Control Center help system for a topic or matching words that you provide. • About — Displays the licensing text, versions, and timestamp of the date and time at which the Client Suite, Management Server, and database were built. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 55
  • 56. Navigating the Control Center user interface Configuration Tool menus The following menus are available in the Configuration Tool: • File — Configuration Tool: File menu on page 56 • View — Configuration Tool: View menu on page 56 • Configuration — Configuration Tool: Configuration menu on page 57 • System — Configuration Tool: System menu on page 58 • Reports — Configuration Tool: Reports menu on page 59 • Tools — Configuration Tool: Tools menu on page 60 • Rules — Configuration Tool: Rules menu on page 60 • Window — Configuration Tool: Window menu on page 61 • Help — Configuration Tool: Help menu on page 62 Configuration Tool: File menu As in all of the other tools, you can select Exit in the File menu to close the Configuration Tool. However, when the Rules page is displayed, the following additional options are available: • Switch Domain… — [Available only when configuration domains are enabled] Displays the Switch Domain window, in which you can select the domain that you want to access without having to log out and then back in again. • Export — [Available only when the Rules page is displayed] Displays the Export Rules File window, in which you can specify a name and path for the tab-delimited rules file that you want to save. • Print Preview — [Available only when the Rules page is displayed] Displays the Print Preview window, in which you can view the rules in a preview state, ready to be printed. You can also change the print review format to display one, two, three, four, or six pages on one print-ready page. • Print — [Available only when the Rules page is displayed] Print the rules on the Rules page. Note: To change the format of the printed pages, first go to the Print Preview window and change the display before selecting this option. Configuration Tool: View menu Use the View menu options on the Configuration Tool to access pages in the work area, to access the various configurable objects in the Objects toolbar, and to hide or display various toolbars that accompany the user interface. To show each area, make sure that the menu option is selected. To close or hide the area, clear the checkbox or click X on the page or area to close it. This menu has the following options: • Rules — Displays the Rules page in the work area, in which you can view a complete list of the rules that have been defined on your system. For more information, see Creating, viewing, or modifying rules on page 528. • IPS Attack Responses — Displays the IPS Attack Responses page in the work area, in which you can view a complete list of the IPS attack responses that have been defined on your system. For more information, see Viewing IPS attack responses on page 608. • System Responses — Displays the System Responses page in the work area, in which you can view a complete list of the system responses that have been defined on your system. For more information, see Viewing system responses on page 612. • Alert Processing Rules — Displays the Alert Processing Rules page in the work area, in which you can view all of the alert processing rules that are currently available. For more information, see Viewing alert processing rules on page 564. 56 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 57. Navigating the Control Center user interface • URL Translation Rules — Displays the URL Translation Rules page in the work area, in which you can view a complete list of the URL translation rules that have been defined on your system. • Start Page — Displays the Start Page (the Control Center home page) if it has been previously closed. • Remote Certificates — Displays the Remote Certificates page, in which you can manage remote certificates. For more information, see Managing remote certificates on page 523. • Objects — Either hide or display the Object Configuration area. • Object Details — Either hide or display the Object Details page. • Toolbars — Either hide or display the page-specific toolbars in the toolbar. Configuration Tool: Configuration menu Use the Configuration menu on the Configuration Tool to validate and apply configuration changes to supported firewalls, lock objects to prevent multiple operators from making simultaneous changes to the same objects, backup an individual firewall configuration, and apply user-defined sorting views to simplify managing multiple firewalls. This menu has the following options: • Duplicate Rules Wizard — Start the Duplicate Rule Wizard, in which you can analyze your rule set and delete duplicate rules. For more information, see Deleting duplicate rules on page 556. • Merge Rules Wizard — Start the Merge Rules Wizard, in which you can analyze your rule set and combine rules that have common elements. For more information, see Merging rules with common elements on page 552. • Merge Objects Wizard — Start the Merge Objects Wizard, in which you can analyze your network objects and services and to combine those objects that have common elements. For more information, see Merging objects on page 652. • Apply Configurations... — Displays the Apply Configurations window, in which you can propagate configurations from the Control Center database to the managed firewalls. When you apply the configuration, configuration information is sent to the selected target firewalls. The following events can then occur: • Data on the firewall is transformed and implemented. • Firewall components are restarted as needed. • The results of this “apply” are reported back to the Control Center. For more information, see Applying firewall configurations on page 589. • Validate Configurations... — Displays the Validate Configuration window, in which you can ensure that the firewall configurations that are stored on the Management Server are valid. You can also use this window to view the differences between the current configuration and the proposed configuration of a firewall. For more information, see Policy objects on page 333. • Locking Manager... — Displays the Locking Manager window, in which you can lock selected objects of a given type (for example, address ranges, networks, rules) so that other Control Center users cannot simultaneously add, modify, or delete those types of objects. Multiple Control Center users can be logged onto the same Management Server by using multiple Client Suite clients. This means that, at any given time, multiple users can be making simultaneous changes. The lock includes all existing objects, as well as new objects that you create. You can, for example, specify to lock network objects, which is defined by selecting the Networks checkbox in this window. For more information, see Locking configuration objects on page 649. • Priority Mappings... — Displays the Priority Mappings window, in which you can define the alert priority that is associated with predefined and custom alerts. For more information, see Assigning priority levels to alerts on page 567. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 57
  • 58. Navigating the Control Center user interface • VPN Wizard... — Starts the VPN Wizard, in which you can create mesh, star, and remote (road warrior) VPN channels. For more information, see Creating VPN channels on page 475. • SSH Known Hosts... — Displays the SSH Known Hosts window, in which you can manage the database of SSH known host keys. For more information, see Configuring strong known host associations on page 569. Configuration Tool: System menu Use the System menu on the Configuration Tool to access the following options: • Firewall Sorting... — Displays the Firewall Sorting Manager window, in which you can provide a user-defined view of the firewalls that are configured for your operation. You can select the firewall characteristics and the order of consideration for those characteristics to determine the way in which the firewalls are displayed. The sort characteristics that are available include: Type (type of firewall), Location (uses the user-defined location information), Contact (uses the user-defined contact information associated with a firewall), and any user-defined category/value pair. For more information, see Reviewing your configured firewalls on page 594. • Startup Options... — Displays the Startup Options window, in which you can configure the appearance of Configuration Tool when it is opened. You can configure the windows to initially load when the tools is opened. There is also an optional feature to open the tool with the configuration that existed when the tool was closed. • Start Ticket or Stop Ticket — The menu option that you see depends on whether a ticket has been started. If no ticket has been started, the Start Ticket menu option is displayed. If a ticket has already been started, the Stop Ticket menu option is displayed. When you select Start Ticket, the Ticket window is displayed, in which you can specify the name of the ticket. A ticket is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. When you select Stop Ticket, no window is displayed. However, the change ticket is closed. • Device Control... — Displays the Device Control window, in which you can manage firewalls. You can initiate various shutdown or suspend states for selected firewalls. For more information, see Managing firewall shutdown and suspension states and other maintenance settings on page 656. • Compliance Report Settings... — Displays the Compliance Report Settings window, in which you can enable and configure compliance reports. Compliance Reports are viewed and managed on the Compliance Report page. For more information, see Configuring compliance report settings on page 596. • Firewall Configuration Backup... — Displays the Firewall Configuration Backup page, in which you can create and restore configuration backups for selected firewalls installed in your configuration. You can also access this page from the Software Updates Tool and from the Configuration Tool. For more information, see Backing up and restoring firewall configurations on page 704. • License Firewall... — Displays the Firewall License window, in which you can specify and manage firewall product licenses. For more information, see Viewing and managing firewall licenses on page 658. • Backup System... — Displays the Backup Control Center System window, in which you can create a new backup file of the Control Center Management Server data or replace an exiting backup file. For more information, see Creating backup files of your Management Server data by using the GUI on page 123. • Restore System... — Displays the Restore System from Backup window, in which you can restore a previously saved system backup file to the Management Server. For more information, see Restoring the Management Server configuration files from a backup file on page 126. • Server Property Editor… — Displays the Server Property Editor window, in which you can modify properties that are associated with the Management Server. For more information, see Configuring Management Server properties on page 664. 58 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 59. Navigating the Control Center user interface • Server Logs… — Displays the Server Logs window, in which you can manage the Control Center Management Server logs. For more information, see Viewing Management Server logs on page 663. • Set Server Date and Time… — Displays the Set Server Date and Time window, in which you can set the date and time on the Management Server. For more information, see Setting the date and time on the Management Server on page 131. • Change Password… — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] Displays the Change User Password window, in which you can change the current user’s password. For more information, see Changing user passwords on page 88. • Restart Server… — Displays the Restart Server window, in which you can restart the Management Server. For more information, see Restarting the Management Server on page 131. • Halt Server… — Displays a warning message, asking whether you want to continue with this action to stop the Management Server. Click Yes to continue with the restart or No to cancel this action. Configuration Tool: Reports menu Use the Reports menu on the Configuration Tool to access firewall status information, view configuration and validation reports and access the Control Center audit trail report. This menu has the following options: • Firewall Status — Displays the Firewall Status page, in which you can view a status summary of the firewalls that are configured for your operation. You can also use this page to quickly determine the status information about the operation of each firewall in your configuration. For more information, see Viewing the overall status of your firewalls on page 574. • Configuration Status — Displays the Configuration Status Report page, in which you can view information about the propagation of configuration data from the Control Center database to each selected firewall. When the Configuration Status Report page is displayed, the propagation status is refreshed every 15 seconds. For more information, see Firewall configuration management on page 574. • Validation Status — Displays the Validation Status Report page, in which you can view the status of the validation process for each of the firewall configurations in the Control Center database. You can also view the differences between the current configuration and the proposed configuration of a firewall. When this report is displayed, the validation status is refreshed every 15 seconds. For more information, see Firewall configuration management on page 574. • Compliance Status — Displays the Compliance Report page, in which you can view all of the managed firewalls and status information for all of the firewalls in your configuration that are managed with the Control Center. For more information, see Configuring compliance report settings on page 596. • Audit Trail... — Displays the Audit Trail page, in which you can list, filter, preview, and print the audit trail data. This page is read-only. For more information, see Viewing audit trail information on page 615. • Deployment Status — Displays the Deployment Status Report page, in which you can view the status of the enrollment for a specific firewall. For more information, see Viewing your firewall enrollment (deployment) status on page 598. • McAfee Firewall Reporter — Displays the McAfee Firewall Reporter application, in which you can view, analyze, and manage raw data from a firewall. Note: When you select this menu option the first time, the McAfee Firewall Reporter Settings window is displayed, in which you specify the McAfee Firewall Reporter server address and management port. After you configure these settings, the application displays on the McAfee Firewall Reporter page. For more information, see Viewing real-time Web data for your network on page 600. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 59
  • 60. Navigating the Control Center user interface • System Information — Displays the System Information page, in which you can categorize Management Server information and associated values. Information categories include: IP address, memory capacities, software release, machine type, operating system, processor information, and the current system time. For more information, see Displaying system information for the Control Center Management Server on page 638. • Unused Objects — Displays the Unused Objects page, in which you can retrieve a list of all of the unused objects to which you have access in this configuration domain. You can also double-click an object to edit it or you can delete it. For more information, see Managing unused objects on the Control Center Management Server on page 651. Configuration Tool: Tools menu Use the menu options on the Tools menu of any tool to launch another tool using the same user name, password, and Management Server that you are currently using. You cannot log into the same tool more than once from a single client. This menu has the following options: • Administration Tool — Displays the Administration Tool, in which you can manage McAfee Firewall Enterprise Control Center users and roles, configuration domains, audit trail, licensing, and backup and restore operations. For more information, see Administration Tool on page 79. • Reporting and Monitoring Tool — Displays the Reporting and Monitoring Tool, in which you can centrally monitor the status of supported firewalls and generate a wide range of firewall-specific reports. For more information, see Reporting and Monitoring Tool on page 671. • Software Updates Tool — Displays the Software Updates Tool, in which you can store, manage, and install software and firmware updates for all deployed firewalls and install Management Server software updates. For more information, see Software Updates Tool on page 691. Configuration Tool: Rules menu Use the Rules menu on the Configuration Tool to access the controls used to manage individual rules when the Rules page or the URL Translation Rules page is displayed in the work area. The menu that is displayed depends on the page that is currently displayed. • Rules page menu options • URL Translation Rules page options Rules page menu options This menu has the following options when the Rules page is displayed: • Add New Rule — Displays the Rule Editor window, in which you can create a new rule. For more information, see Configuring rules on page 533. • Edit Rule — Displays the Rule Editor window, in which you can edit an existing rule. For more information, see Configuring rules on page 533. • Delete Rule — Delete the highlighted rule. • Delete Rules… — Displays the Rules Removal window, in which you can specify multiple rules and sets of rules to be deleted. Specify a range as the beginning and ending rule, separated by a hyphen (-). Separate each range of rules or individual rules with a comma (,). • Cut Rule — Cut (or move) the highlighted rule. • Paste Rule — Paste a rule in the location of the insertion point. • Copy Rule — Create a copy of the highlighted rule. • Replace Rule Objects… — Displays the Replace Rule Objects window, in which you can specify an object type that is currently in a rule to be replaced by another type. • Move To Top — Move the highlighted rule to the top of the page. 60 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 61. Navigating the Control Center user interface • Move Up — Move the highlighted rule up one position on the page. • Move Down — Move the highlighted rule down one position on the page. • Move To Bottom — Move the highlighted rule to the bottom of the page. • Move Above Rule… — Move the highlighted rule above a specific rule. • Move Below Rule... — Move the highlighted rule below a specific rule. • Filter Rules — Displays the Rules Filter Selection window, in which you can specify the filter criteria that are used to display subsets of rules. After you define your filter criteria and click OK, the rules that match the filter requirements are displayed in the Rules page. Additionally, (Filter Off) is available as a menu option on the Rules menu of the Configuration Tool. Select the menu option to cancel the filtered view and to return to a view of all of the rules on the Rules page. For more information, see Filtering rules to display on the Rules page on page 545. • Manage Filters — Displays the Manage Filters window, in which you can load and manage previously named filters that are used to display only those rules that meet the filter requirements. For more information, see Loading and managing previously saved rule filters on page 549. • Quick Filter — Displays the Quick Filter window, in which you can view only those rules that have been defined for the selected firewalls on the Rules page. For more information, see Displaying filtered rules on the Rules page on page 550. • Default Rule Settings… — Displays the Default Rule Settings window, in which you can define some of the default settings when new rules are created. For more information, see Configuring default settings for creating rules on page 540. • Create Group — Displays the Rules Group window, in which you can create groups of rules. For more information, see Configuring groups of rules on page 551. • Configure Columns — Displays the Rules Display Columns window, in which you can specify the columns to display on the Rules page. For more information, see Configuring columns to display on the Rules page on page 532. URL Translation Rules page options This menu has the following options when the URL Translation Rules page is displayed in the work area: • Add New Rule — Displays the URL Translation Rules Editor window, in which you can define a new URL translation rule. For more information, see Configuring URL translation rules on page 560. • Edit Rule — Displays the URL Translation Rules Editor window, in which you can edit the highlighted URL translation rule. For more information, see Configuring URL translation rules on page 560. • Copy Rule — Create a copy of the highlighted rule. • Delete Rule — Delete the highlighted rule. • Move Up — Move the highlighted rule up one position on the page. • Move Down — Move the highlighted rule down one position on the page. Configuration Tool: Window menu Use the menu options on the Window menu to control the layout of objects and components in the Control Center user interface. This menu has the following options: • Refresh — Refresh the window. • Restore Docking State — Restore the default docking state of the toolbar and the Objects Details page (if applicable for the specific tool). The layout of any open rules tab groups is unaffected by this command. • Cascade — Cascade multiple document windows when MDI Tabbed is cleared. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 61
  • 62. Navigating the Control Center user interface • Tile Horizontal — Horizontally tile multiple document windows when MDI Tabbed is selected. • Tile Vertical — Vertically tile multiple document windows when MDI Tabbed is selected. • MDI Tabbed — Determines whether pages are displayed as windows or tabs that are docked in the rules pane. The default value is selected. When you clear this checkbox, rules pages appear as undocked document windows; they can be cascaded or tiled by using the Cascade, Tile Horizontal, and Tile Vertical menu options, respectively. You can also select the page that is displayed in the work area. Configuration Tool: Help menu Use the menu options on the Help menu to obtain context-sensitive help for using the features and buttons that are associated with each window. You can also obtain additional information about the services and features options that are associated with each tool, and background information for specific concepts that are associated with using or operating the Control Center. This menu has the following options: • Contents — Displays a complete list of the main topics of the Control Center help system. Click a main help topic to display the complete subtopic list. • Index — Displays the full index for the Control Center help system. Specify a keyword to find a particular entry in the index. • Search — Searches the Control Center help system for a topic or matching words that you provide. • About — Displays the licensing text, versions, and timestamp of the date and time at which the Client Suite, Management Server, and database were built. Reporting and Monitoring Tool menus The following menus are available in the Reporting and Monitoring Tool: • File — Reporting and Monitoring Tool: File menu on page 62 • System — Reporting and Monitoring Tool: System menu on page 63 • View — Reporting and Monitoring Tool: View menu on page 63 • Reports — Reporting and Monitoring Tool: Reports menu on page 64 • Tools — Reporting and Monitoring Tool: Tools menu on page 64 • Options — Reporting and Monitoring Tool: Options menu on page 64 • Window — Reporting and Monitoring Tool: Window menu on page 65 • Help — Reporting and Monitoring Tool: Help menu on page 66 Reporting and Monitoring Tool: File menu Select Exit in the File menu to close the Reporting and Monitoring Tool. This menu also has the following option: • Switch Domain… — [Available only when configuration domains are enabled] Displays the Switch Domain window, in which you can select the domain that you want to access without having to log out and then back in again. 62 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 63. Navigating the Control Center user interface Reporting and Monitoring Tool: System menu Use the System menu on the Reporting and Monitoring Tool to manage server logs, set the server date and time and, if necessary, restart or stop the Management Server. This menu has the following options: • Server Logs… — Displays the Server Logs window, in which you can manage the Control Center Management Server logs. For more information, see Viewing Management Server logs on page 663. • Set Server Date and Time… — Displays the Set Server Date and Time window, in which you can set the Management Server date and time. For more information, see Setting the date and time on the Management Server on page 131. • Change Password… — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] Displays the Change User Password window, in which you can change the current user’s password. For more information, see Changing user passwords on page 88. • Restart Server… — Displays the Restart Server window, in which you can restart the Management Server. For more information, see Restarting the Management Server on page 131. Caution: If you select Yes, the server will be restarted immediately. There is no second confirmation request. • Halt Server… — Stop the Management Server and exit the application. Then click Yes to confirm or No to cancel the action. Reporting and Monitoring Tool: View menu Use the View menu on the Reporting and Monitoring Tool to manage the reporting options, management options, and features that are associated with managing alerts and generating firewall-specific reports and audit log reports. This menu has the following options: • Alert Browser — Displays the Alert Browser page, in which you can view a summary of the alerts that have been generated by the configured firewalls. For more information, see Managing alerts on page 678. Use the Alert Browser page to quickly identify the alerts that are being generated by the configured firewalls, to acknowledge the alert, to annotate the corrective actions that are taken, to resolve the problem, and to clear the alert. • Alarm Sound Mapping — Displays the Alarm Sound Mappings window, in which you can specify and map specific sound files to specific alarms. For more information, see Mapping sound files to alarms on page 676. • Secure Alerts Servers — Displays the Secure Alerts Server page, in which you can view current and historical Secure Alerts Server status information. For more information, see Viewing Secure Alerts Server status information on page 687. This page is divided into the following panes: • Secure Alerts Server Status table on page 688 The upper pane displays the current status of the Secure Alerts Servers. • Secure Alerts Service History table on page 689 The lower pane displays the historical status of when the server was started and stopped. • Start Page — Displays the Start Page (the Control Center home page) if it has been previously closed. • Firewall Status — Displays the Firewall Status page, in which you can view a status summary of the firewalls that are configured for your operation. You can also use this page to quickly determine the status information about the operation of each firewall in your configuration. For more information, see Viewing the overall status of your firewalls on page 574. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 63
  • 64. Navigating the Control Center user interface • Firewalls and Reports — Displays or closes the Firewalls and Reports Object Configuration area. This area includes defined firewall objects and any report objects that have been generated during the current session. Reporting and Monitoring Tool: Reports menu Use the Reports menu on the Reporting and Monitoring Tool to select and run various reports that provide information about the Management Server, (System Information), audit data (Audit Trail), and security policy (Policy). You can also access the McAfee Firewall Reporter. This menu has the following options: • System Information — Displays the System Information page, in which you can categorize Management Server information and associated values. Information categories include: IP address, memory capacities, software release, machine type, operating system, processor information, and the current system time. For more information, see Displaying system information for the Control Center Management Server on page 638. • Audit Trail — Displays the Audit Trail page, in which you can list, filter, preview, and print audit trail data that is displayed on this page in the work area. No information is changed when you use this page. For more information, see Audit trail on page 615. • Policy — Display the Policy Report window, in which you can view the security policy that is defined on a firewall. You can also schedule a firewall-dependent policy report on a one-time or recurrent basis. For more information, see Selecting the criteria for the firewall policy report on page 640. • McAfee Firewall Reporter — Displays the McAfee Firewall Reporter page, in which you can view real-time Web data for your network. For more information, see Viewing real-time Web data for your network on page 600. Reporting and Monitoring Tool: Tools menu Use the menu options on the Tools menu of any tool to launch another tool using the same user name, password, and Management Server that you are currently using. You cannot log into the same tool more than once from a single client. This menu has the following options: • Administration Tool — Displays the Administration Tool, in which you can manage Control Center users and roles, configuration domains, audit trail, licensing, and backup and restore operations. For more information, see Administration Tool on page 79. • Configuration Tool — Displays the Configuration Tool, in which you can configure the firewall, manage multiple firewalls, and implement and enforce security policies across those firewalls. For more information, see Configuration Tool on page 153. • Software Updates Tool — Displays the Software Updates Tool, in which you can store, manage, and install software and firmware updates for all deployed firewalls and install Management Server software updates. For more information, see Software Updates Tool on page 691. Reporting and Monitoring Tool: Options menu [Available only when the Alert Browser page is displayed in the work area] Use the menu options on the Options menu to manage and filter the displayed alerts, change the status condition of an alert (acknowledge or clear), and display and filter the events that are associated with one or more selected alerts. This menu has the following options: • Columns — Displays the Column Selector window, in which you can specify the columns of alert data to be displayed on the Alert Browser page. For more information, see Configuring columns for the Alert Browser page on page 685. • Filters — Displays the Alert Filter window, in which you can specify the alerts to be displayed on the Alert Browser. For more information, see Filtering the alerts to be displayed in the Alert Browser on page 686. 64 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 65. Navigating the Control Center user interface • Export Data — Displays the Export Alerts File window, in which you specify the destination for the exported data and the file name that is used for the exported data. The selected data is exported, in plain text format, to a local platform. • Print — Displays the Print window, in which you can specify the printer name, the print range, and the number of copies of the selected alert data. • Display Ack — Displays the alerts that have been acknowledged. By selecting this option, the Acknowledged checkbox is automatically selected in the Alert Filter window. • Display Cleared — Displays the alerts that have been cleared. By selecting this option, the Cleared checkbox is automatically selected in the Alert Filter window. • Display Open — Displays the alerts that have not been acknowledged. By selecting this option, the Open checkbox is automatically selected in the Alert Filter window. • Annotate — Displays the Annotate window, in which you can record any comments about the associated alert. • Ack — Displays the Annotate window, in which you can record any comments about the associated alert. By selecting this menu option, the acknowledgement checkbox for each selected alert is also selected. This is a one-time activity for each alert. If you select this option, you cannot clear the option. To view alerts that have been acknowledged, click (Display Ack) on the toolbar or select Display Ack from the Options menu. If an alert is acknowledged and more alerts of the same type on the same firewall occur, the alert count is incremented and (Acknowledge Alert) is displayed in the Alert Browser page. • Clear — Clear the selected alerts. To view alerts that have been cleared, click (Display Cleared) on the toolbar or select Display Cleared from the Options menu. Cleared alerts will remain visible until they are removed from the system. A script is automatically run each night to remove the cleared alerts. You can configure the time at which this script runs. • Jump — Displays the Jump To window, in which you can display the selected row number. • Events — Displays the events that are associated with the selected alerts when one or more alerts is highlighted. To view the events that are associated with one alert, click the Row Number column (far-left column) to highlight the alert or to highlight more than one alert, press Ctrl +click or Shift +click. Then, display the Event Browser window by clicking (Events) or selecting Events from the Options menu. • Preview Pane — Horizontally split the view display in half. The top half displays the detailed description of the selected alert and the bottom half displays the list of alerts. • Alarm for Open — Display all of the events for Alarm Open only. • Alarm for Ack — Display all of the events for Alarm Acknowledged only. • Alert Update Summary — Display the Alert Update Summary for the selected event. Reporting and Monitoring Tool: Window menu Use the menu options on the Window menu to control the layout of objects and components in the Control Center user interface. This menu has the following options: • Refresh — Refresh the window. • Restore Docking State — Restore the default docking state of the toolbar and the Objects Details page (if applicable for the specific tool). The layout of any open rules tab groups is unaffected by this command. • Cascade — Cascade multiple document windows when MDI Tabbed is cleared. • Tile Horizontal — Horizontally tile multiple document windows when MDI Tabbed is selected. • Tile Vertical — Vertically tile multiple document windows when MDI Tabbed is selected. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 65
  • 66. Navigating the Control Center user interface • MDI Tabbed — Determines whether pages are displayed as windows or tabs that are docked in the rules pane. The default value is selected. When you clear this checkbox, rules pages appear as undocked document windows; they can be cascaded or tiled by using the Cascade, Tile Horizontal, and Tile Vertical menu options, respectively. You can also select the page that is displayed in the work area. Reporting and Monitoring Tool: Help menu Use the menu options on the Help menu to obtain context-sensitive help for using the features and buttons that are associated with each window. You can also obtain additional information about the services and features options that are associated with each tool, and background information for specific concepts that are associated with using or operating the Control Center. This menu has the following options: • Contents — Displays a complete list of the main topics of the Control Center help system. Click a main help topic to display the complete subtopic list. • Index — Displays the full index for the Control Center help system. Specify a keyword to find a particular entry in the index. • Search — Searches the Control Center help system for a topic or matching words that you provide. • About — Displays the licensing text, versions, and timestamp of the date and time at which the Client Suite, Management Server, and database were built. Software Updates Tool menus The following menus are available in the Software Updates Tool: • File — Software Updates Tool: File menu on page 66 • System — Software Updates Tool: System menu on page 67 • View — Software Updates Tool: View menu on page 67 • Operations — Software Updates Tool: Operations menu on page 68 • Tools — Software Updates Tool: Tools menu on page 69 • Window — Software Updates Tool: Window menu on page 69 • Help — Software Updates Tool: Help menu on page 69 Software Updates Tool: File menu Select Exit in the File menu to close the Reporting and Monitoring Tool. This menu also has the following option: • Switch Domain… — [Available only when configuration domains are enabled] Displays the Switch Domain window, in which you can select the domain that you want to access without having to log out and then back in again. 66 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 67. Navigating the Control Center user interface Software Updates Tool: System menu Use the System menu on the Software Updates Tool to manage server logs and, if necessary, to restart or stop the Management Server. This menu has the following options: • Start Ticket… or Stop Ticket… — The menu option that you see depends on whether a ticket has been started. If no ticket has been started, the Start Ticket menu option is displayed. If a ticket has already been started, the Stop Ticket menu option is displayed. When you select Start Ticket, the Ticket window is displayed, in which you can specify the name of the ticket. A ticket is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. When you select Stop Ticket, no window is displayed. However, the change ticket is closed. • Server Logs… — Displays the Server Logs window, in which you can manage the Control Center Management Server logs. For more information, see Viewing Management Server logs on page 663. • Change Password… — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] Displays the Change User Password window, in which you can change the current user’s password. For more information, see Changing user passwords on page 88. • Restart Server… — Displays the Restart Server window, in which you can restart the Management Server. For more information, see Restarting the Management Server on page 131. Caution: If you select Yes, the server will be restarted immediately. There is no second confirmation request. • Halt Server… — Stop the Management Server and exit the application. Then click Yes to confirm or No to cancel the action. Software Updates Tool: View menu Use the View menu on the Software Updates Tool to manage the McAfee Firewall Enterprise Control Center software and firmware updates for supported firewalls. This menu has the following options: • Start Page — Displays the Start Page (the Control Center home page) if it has been previously closed. • Install Updates — Displays the Install Updates page, in which you can manage and install software updates on each supported firewall that is installed in your configuration. For more information, see Installing software and firmware updates on page 697. • Firewall Configuration Backup — Displays the Firewall Configuration Backup page, in which you can create and restore configuration backups for selected firewalls that are installed in your configuration. For more information, see Backing up and restoring firewall configurations on page 704. • Store Updates — Displays the Store Updates page, in which you can identify, store, and manage firewall software and firmware updates on the Management Server. For more information, see Installing software and firmware updates on page 697. • Control Center Update — Displays the Control Center Update window, in which you can manage and install McAfee Firewall Enterprise Control Center Management Server software updates. For more information, see Downloading and applying Management Server updates on page 693. • Update Settings — Displays the Update Settings window. You can configure the following functionality in this window: • Use a proxy server to download updates. • Use an auto-discovery process to identify and download available updates. For more information, see Configuring update download settings on page 692. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 67
  • 68. Navigating the Control Center user interface Software Updates Tool: Operations menu [Available only when the Install Updates page or Store Updates page is active in the work area. Only the options that apply to the visible tab are displayed.] Use the Operations menu on the Software Update Tool to access page-specific options and functions for the tab page that is currently displayed in the work area. When the Install Updates page is displayed, use the options on the Operations menu to update the selected firewalls, schedule firewalls for updates, clear the last update, and update the firewall status. When the Store Updates page is displayed, use the options on the Operations menu to check for new updates, download selected updates, restart the download process, manually download updates, and remove updates. Operations menu for the Install Updates page This menu has the following options when the Install Updates page is displayed in the work area: • Update Firewalls — Perform the actions that you have specified on the firewalls that you have selected. You must have already selected an update action for all of the selected firewalls before you can select this tool or menu option. If you try to update a firewall with an update that has not been downloaded to the Management Server, the update will first be downloaded and saved on the Management Server. Then it will automatically be installed on the applicable selected firewalls. Note: You cannot initiate a new update on a firewall while it has an update in the “In Progress” state. • Schedule Firewalls — Displays the Schedule Firewall Actions window, in which you can set a date and time to perform actions that are related to one or more firewalls. You can also remove a schedule. For more information, see Scheduling device software updates on page 703. • Clear Last Update — Clear the values of the Last Update and Update Status fields from the table. However, this information is not cleared from the Update History data. Use this tool or menu option to clear field values when an update is stuck in the “In Progress” state. • Update Firewall Status — Send a firewall status request to the selected firewalls. The resulting firewall status is displayed in a column on the left as an icon. • Refresh Grid — Refresh the contents of the table on this page. Operations menu for the Store Updates page This menu has the following options when the Store Updates page is displayed in the work area: • Check For Updates — Check for new updates from the defined, auto-discovery location. For more information about configuring the auto-discovery settings, see Configuring update download settings on page 692. • Download Updates — Download the associated update for each highlighted row from the location that is specified in the auto-discovery settings. For more information about configuring the auto-discovery settings, see Configuring update download settings on page 692. • Restart Download — Restart the download process if a problem or failure occurs when an update package is being transferred from the location at which updates are stored to the Management Server. • Remove Updates — Remove the associated update for each highlighted row from the Management Server. After an update has been removed from the Management Server, it will no longer be displayed in the Store Updates table unless you have selected the Show removed updates checkbox in the Update Settings window. • Manual Download — Specify the way in which and the location to which an update is to be downloaded from a location other than the one that was specified in the auto-discovery settings. Use this option to acquire an update and store it on the Management Server when there is no access to the Secure Computing FTP location. For information about how to configure this option, see Manually downloading software updates on page 711. • Refresh Grid — Refresh the contents of this page. 68 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 69. Navigating the Control Center user interface Software Updates Tool: Tools menu Use the menu options on the Tools menu of any tool to launch another tool using the same user name, password, and Management Server that you are currently using. You cannot log into the same tool more than once from a single client. This menu has the following options: • Administration Tool — Displays the Administration Tool, in which you can manage Control Center users and roles, configuration domains, audit trail, licensing, and backup and restore operations. For more information, see Administration Tool on page 79. • Configuration Tool — Displays the Configuration Tool, in which you can configure the firewall, manage multiple firewalls, and implement and enforce security policies across those firewalls. For more information, see Configuration Tool on page 153. • Reporting and Monitoring Tool — Displays the Reporting and Monitoring Tool, in which you can centrally monitor the status of supported firewalls and generate a wide range of firewall-specific reports. For more information, see Reporting and Monitoring Tool on page 671. Software Updates Tool: Window menu Use the menu options on the Window menu to control the layout of objects and components in the Control Center user interface. This menu has the following options: • Refresh — Refresh the window. • Restore Docking State — Restore the default docking state of the toolbar and the Objects Details page (if applicable for the specific tool). The layout of any open rules tab groups is unaffected by this command. • Cascade — Cascade multiple document windows when MDI Tabbed is cleared. • Tile Horizontal — Horizontally tile multiple document windows when MDI Tabbed is selected. • Tile Vertical — Vertically tile multiple document windows when MDI Tabbed is selected. • MDI Tabbed — Determines whether pages are displayed as windows or tabs that are docked in the rules pane. The default value is selected. When you clear this checkbox, rules pages appear as undocked document windows; they can be cascaded or tiled by using the Cascade, Tile Horizontal, and Tile Vertical menu options, respectively. You can also select the page that is displayed in the work area. Software Updates Tool: Help menu Use the menu options on the Help menu to obtain context-sensitive help for using the features and buttons that are associated with each window. You can also obtain additional information about the services and features options that are associated with each tool, and background information for specific concepts that are associated with using or operating the Control Center. This menu has the following options: • Contents — Displays a complete list of the main topics of the Control Center help system. Click a main help topic to display the complete subtopic list. • Index — Displays the full index for the Control Center help system. Specify a keyword to find a particular entry in the index. • Search — Searches the Control Center help system for a topic or matching words that you provide. • About — Displays the licensing text, versions, and timestamp of the date and time at which the Client Suite, Management Server, and database were built. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 69
  • 70. Navigating the Control Center user interface Customizing a toolbar Use the Customize window to customize toolbars. To access the Customize window, right-click anywhere on the toolbar or on the Menu bar. You can add and remove buttons, create your own custom toolbars, hide or display toolbars, and move toolbars. Create a custom toolbar 1 Right-click anywhere on a toolbar or on the Menu bar. A submenu is displayed. The content of the submenu varies according to the page that is displayed in the work area and the options that are associated with that page. 2 Select Customize. The Customize window is displayed. 3 Click New. 4 In the New Toolbar Name field, specify a name for the toolbar and click OK. 5 Click the Commands tab. 6 Do one of the following: To add a button to the toolbar: a Click a category in the Categories tree. b Drag the command that you want from the Commands list to the displayed toolbar. or To add a custom menu to the toolbar a In the Categories tree, click Custom Menus. b Drag the menu that you want from the Commands list to the displayed toolbar. 7 When you have added all of the buttons and menus that you want to the new toolbar, click Close. Administration Tool toolbars The Administration Tool does not have a context-sensitive toolbar. Configuration Tool toolbars The Configuration Tool has several different toolbars, depending on the page that is displayed in the work area. However, the default toolbar is the Actions toolbar. These toolbars provide options to access the pages, controls, and windows used to manage features associated with the Configuration Tool. The following toolbars area available in the Configuration Tool: • Actions toolbar • Rule Options toolbar on page 72 • Alert Processing Rules Options toolbar on page 72 • System/Attack Responses toolbar on page 72 • URL Rules Options toolbar on page 73 70 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 71. Navigating the Control Center user interface Actions toolbar The Actions Toolbar has the basic set of tools for all of the pages that are displayed in the Configuration Tool. The following tools are displayed: • (Apply Configurations…) — Displays the Apply Configurations window, in which you can apply or schedule an apply to one or more firewalls. For more information, see Applying firewall configurations on page 589. • (Validate Configurations…) — Displays the Validate Configuration window, in which you can assure that proposed configuration changes can be successfully applied to one or more firewalls. For more information, see Validating firewall configurations on page 586. • (Configuration Status) — Displays the Configuration Status Report page, in which you can view information about the propagation of configuration data from the Control Center database to each selected firewall. For more information, see Firewall configuration management on page 574. • (Validation Status) — Displays the Validation Status Report page, in which you can view the status of the validation process for each of the firewall configurations in the Control Center database and view the differences between the current configuration and the proposed configuration of a firewall. For more information, see Firewall configuration management on page 574. • (Rules) — Displays the Rules page, in which you can view a complete list of the rules that have been defined on your system. For more information, see Creating, viewing, or modifying rules on page 528. • (IPS Attack Responses) — Displays the IPS Attack Responses page, in which you can view a complete list of the IPS attack responses that have been defined on your system. For more information, see Viewing IPS attack responses on page 608. • (System Responses) — Displays the System Responses page, in which you can view a complete list of the system responses that have been defined on your system. For more information, see Viewing system responses on page 612. • (Audit Trail…) — Displays the Audit Trail page, in which you can view and analyze the McAfee Firewall Enterprise Control Center user activity that is stored in the audit trail tables in the Management Server Database. For more information, see Viewing audit trail information on page 615. • (Firewall Status) — Displays the Firewall Status page, in which you can view a status summary of the firewalls that are configured for your operation. You can also use this page to quickly determine the status information about the operation of each firewall in your configuration. For more information, see Viewing the overall status of your firewalls on page 574. • (Firewall Configuration Backup…) — Displays the Firewall Configuration Backup page, in which you can create or restore backup configuration files for one or more firewalls. For more information, see Backing up and restoring firewall configurations on page 704. • (Device Control…) — Displays the Device Control window, in which you can manage firewalls. You can initiate various shutdown or suspend states for selected firewalls. For more information, see Managing firewall shutdown and suspension states and other maintenance settings on page 656. • (Locking Manager…) — Displays the Locking Manager window, in which you can lock or unlock objects of a particular type to prevent multiple users from accessing or changing the same objects. For more information, see Locking configuration objects on page 649. • (Start Ticket) or (Stop Ticket) — The tool that you see depends on whether a ticket has been started. If no ticket has been started, the Start Ticket tool is displayed. If a ticket has already been started, the Stop Ticket tool is displayed. When you select , the Ticket window is displayed, in which you can specify the name of the ticket. A ticket is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. When you select , no window is displayed. However, the change ticket is closed. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 71
  • 72. Navigating the Control Center user interface Rule Options toolbar The Rule Options toolbar is displayed when the Rules page is displayed in the work area of the Configuration Tool. In addition to the tools in the Actions toolbar, this toolbar has the following tools: • (Add New Rule) — Displays the Rule Editor window, in which you can create a new rule. For more information, see Creating, viewing, or modifying rules on page 528. • (Edit Rule) — Displays the Rule Editor window, in which you can edit an existing rule. For more information, see Configuring rules on page 533. • (Delete Rule) — Delete the highlighted rule. • (Delete Rules…) — Displays the Rules Removal window, in which you can specify multiple rules and sets of rules to be deleted. Specify a range as the beginning and ending rule, separated by a hyphen (-). Separate each range of rules or individual rules with a comma (,). • (Cut Rule) — Cut (or move) the highlighted rule. • (Paste Rule) — Paste a rule in the location of the insertion point. • (Copy Rule) — Create a copy of the highlighted rule. • (Move To Top) — Move the highlighted rule to the top of the page. • (Move Up) — Move the highlighted rule up one position on the page. • (Move Down) — Move the highlighted rule down one position on the page. • (Move To Bottom) — Move the highlighted rule to the bottom of the page. • (Manage Filters) — Displays the Manage Filters window, in which you can load and manage previously named filters that are used to display only those rules that meet the filter requirements. For more information, see Loading and managing previously saved rule filters on page 549. • (Create Group) — Displays the Rules Group window, in which you can create groups of rules. For more information, see Configuring groups of rules on page 551. • (Configure Columns) — Displays the Rules Display Columns window, in which you can specify the columns to display on the Rules page. For more information, see Configuring columns to display on the Rules page on page 532. Alert Processing Rules Options toolbar The Alert Processing Rules Options toolbar is displayed when the Alert Processing Rules page is displayed in the work area of the Configuration Tool. This toolbar has the following tools: • (Activate New Alert Policy) — Send the alert rule set to the Control Center Management Server, which will momentarily reload the new rule set. • (Edit Rule) — Displays the Alert Processing Rule window, in which you can edit an existing rule. For more information, see Modifying pre-defined alert processing rules on page 565. System/Attack Responses toolbar The System/Attack Responses Toolbar is displayed when either the System Responses page or the IPS Attack Responses page is displayed in the work area. This toolbar has the following tools: • (Save Pending Changes) — Save changes that were made to the highlighted response during an editing session. • (Clear Pending Changes) — Undo changes that were made to the highlighted response during an editing session. • (Add New) — Displays the System Response window or the IPS Attack Response window, depending on the response page that is open in the work area. Select this option to create a new response. For more information, see Configuring system responses on page 613 or Configuring IPS attack responses on page 609. 72 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 73. Navigating the Control Center user interface • (Edit) — Displays the System Response window or the IPS Attack Response window, depending on the response page that is open in the work area. Select this option to edit the highlighted response. For more information, see Configuring system responses on page 613 or Configuring IPS attack responses on page 609. • (Delete Rule) — Delete the highlighted response (rule). • (Delete Rules…) — Displays the Rules Removal window, in which you can specify multiple responses (rules) and sets of rules to be deleted. Specify a range as the beginning and ending rule, separated by a hyphen (-). Separate each range of rules or individual rules with a comma (,). URL Rules Options toolbar The URL Rules Options toolbar is displayed when the URL Translation Rules page is displayed in the work area. This toolbar has the following tools: • (Add New Rule) — Displays the URL Translation Rules Editor window, in which you can create a new URL translation rule. For more information, see Configuring URL translation rules on page 560. • (Edit Rule) — Displays the URL Translation Rules Editor window, in which you can edit an existing URL translation rule. For more information, see Configuring URL translation rules on page 560. • (Delete Rule) — Delete the highlighted rule. • (Delete Rules…) — Displays the Rules Removal window, in which you can specify multiple rules and sets of rules to be deleted. Specify a range as the beginning and ending rule, separated by a hyphen (-). Separate each range of rules or individual rules with a comma (,). • (Copy Rule) — Create a copy of the highlighted rule. • (Move Up) — Move the highlighted rule up one position on the page. • (Move Down) — Move the highlighted rule down one position on the page. Object Configuration area trees of the Configuration Tool The Object Configuration area is displayed on the left side of the main GUI interface of the Configuration Tool. Select any of the following group bars to display the configurable objects in a tree that are associated with the specific group bar. • Firewalls — Displays a tree that includes firewall, cluster, and device group objects. • Firewall Settings — Displays a tree that includes all of the objects that are related to a firewall configuration. • Policy —Displays a tree that includes all of the objects that help you define policy for your network configuration. Objects include: rules, network objects, and application defenses. • Monitor — Displays a tree that includes objects that assist you with monitoring your firewalls. Objects include: audit filters, responses, IPS attack responses, system responses, and the audit report. • Maintenance — Displays a tree that includes objects that assist you maintaining your firewalls and the McAfee Firewall Enterprise Control Center Management Server Reporting and Monitoring Tool toolbars The Reporting and Monitoring Tool has the Firewalls and Reports toolbar and an Alert Browser toolbar that provide options to access the tab pages and windows that you use to manage alerts and generate firewall-specific and audit log reports. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 73
  • 74. Navigating the Control Center user interface Firewalls and Reports tools The Firewalls and Reports toolbar has the following tools: • (Alert Browser) — Displays the Alert Browser page, in which you can view a summary of the alerts that have been generated by the configured firewalls. For more information, see Alerts on page 677. Use the Alert Browser is to quickly identify the alerts that are being generated by the configured firewalls, to acknowledge the alert, to annotate the corrective actions that are taken, to resolve the problem, and to clear the alert. • (Secure Alerts Servers) — Displays the Secure Alerts Server page, in which you can view current and historical Secure Alerts Server status information. For more information, see Secure Alerts Server on page 686. This page is divided into two panes: • Secure Alerts Server Status table on page 688 The upper pane displays the current status of the Secure Alerts Servers. • Secure Alerts Service History table on page 689 The lower pane displays the historical status of when the server was started and stopped. • (Start Page) — Displays the Start Page (the McAfee Firewall Enterprise Control Center home page) if it has been previously closed. • (Firewall Status) — Displays the Firewall Status page, in which you can view a status summary of the firewalls that are configured for your operation. You can also use this page to quickly determine the status information about the operation of each firewall in your configuration. For more information, see Viewing the overall status of your firewalls on page 574. Alert Browser When the Alert Browser page is displayed in the work area, the following tools are available on the Alert Browser toolbar in addition to those tools from the Firewalls and Reports toolbar: • (Columns) — Displays the Column Selector window, in which you can specify the columns of alert data to be displayed on the Alert Browser page. For more information, see Configuring columns for the Alert Browser page on page 685. • (Filters) — Displays the Alert Filter window, in which you can specify the alerts to be displayed on the Alert Browser. For more information, see Filtering the alerts to be displayed in the Alert Browser on page 686. • (Export Data) — Displays the Export Alerts File window, in which you specify the destination for the exported data and the file name that is used for the exported data. The selected data is exported, in plain text format, to a local platform. • (Print) — Displays the Print window, in which you can specify the printer name, the print range, and the number of copies of the selected alert data. • (Display Ack) — Displays the alerts that have been acknowledged. By selecting this tool, the Acknowledged checkbox is automatically selected in the Alert Filter window. • (Display Cleared) — Displays the alerts that have been cleared. By selecting this tool, the Cleared checkbox is automatically selected in the Alert Filter window. • (Display Open) — Displays the alerts that have not been acknowledged. By selecting this tool, the Open checkbox is automatically selected in the Alert Filter window. • (Annotate) — Displays the Annotate window, in which you can record any comments about the associated alert. 74 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 75. Navigating the Control Center user interface • (Ack) — Displays the Annotate window, in which you can record any comments about the associated alert. By selecting this menu option, the acknowledgement checkbox for each selected alert is also selected. This is a one-time activity for each alert. If you select this option, you cannot clear the option. To view alerts that have been acknowledged, click (Display Ack) on the toolbar or select Display Ack from the Options menu. If an alert is acknowledged and more alerts of the same type on the same firewall occur, the alert count is incremented and (Acknowledge Alert) is displayed in the Alert Browser page. • (Clear) — Clear the selected alerts. To view alerts that have been cleared, click (Display Cleared) on the toolbar or select Display Cleared from the Options menu. Cleared alerts will remain visible until they are removed from the system. A script is automatically run each night to remove the cleared alerts. You can configure the time at which this script runs. • (Jump) — Displays the Jump To window, in which you can display the selected row number. • (Events) — Displays the events that are associated with the selected alerts when one or more alerts is highlighted. To view the events that are associated with one alert, click the Row Number column (far-left column) to highlight the alert or to highlight more than one alert, press Ctrl +click or Shift +click. Then, display the Event Browser window by clicking (Events) or selecting Events from the Options menu. • (Preview Pane) — Horizontally split the view display in half. The top half displays the detailed description of the selected alert and the bottom half displays the list of alerts. Devices and Reports area trees of the Reporting and Monitoring Tool The Devices and Reports area is displayed on the left side of the main GUI interface of the Reporting and Monitoring Tool. Select any of the following group bars to display the configurable objects in a tree that are associated with the specific group bar. • Firewalls — This node displays all of the firewalls that have been configured for your system. The firewalls are organized by firewall type and then by groups of devices. Right-click a firewall object to display a firewall-specific menu to perform specific actions, depending on the selected firewall. Firewall objects have the following options that can be accessed by right-clicking a firewall object: • Alert Browser — Display the audit events for the selected object. • Audit Report — Generate an audit report for the selected object. • Policy Report — Generate a policy report for the selected object. • License Report — Generate a license report for the selected object. • Properties — Display the selected firewall's properties. • Additional Firewall Reports — Identify a firewall-specific report to generate for the selected firewall. For more information about generating firewall-specific reports, see Firewall report results on page 619. • Reports — [Available only if a firewall-specific report has been successfully generated] For more information about generating firewall-specific reports, see Firewall report results on page 619. These reports are available only until the current session is stopped. Right-click a firewall report object to select options to arrange and sort the generated reports. The following options are available: • Sort by Report Type — Groups all of the generated reports by the type of report that was generated. • Sort by Firewall — Groups all of the reports that were generated for a specific firewall by the firewall name. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 75
  • 76. Navigating the Control Center user interface Software Updates Tool toolbars The Software Updates Tool has an Action toolbar that is used to access the main page options that are available in the work area and options toolbars that are associated with the Store Updates and Install Updates pages. Action Toolbar tools The Action toolbar has the following tools: • (Install Updates) — Displays the Install Updates page, in which you can manage and install software updates on each supported firewall that is installed in your configuration. For more information, see Installing software and firmware updates on page 697. • (Firewall Configuration Backup) — Displays the Firewall Configuration Backup page, in which you can create and restore configuration backups for selected firewalls that are installed in your configuration. For more information, see Backing up and restoring firewall configurations on page 704. • (Store Updates) — Displays the Store Updates page, in which you can identify, store, and manage firewall software and firmware updates on the Management Server. For more information, see Storing software and firmware updates on page 709. • (Start Ticket) or (Stop Ticket) — The tool that you see depends on whether a ticket has been started. If no ticket has been started, the Start Ticket tool is displayed. If a ticket has already been started, the Stop Ticket tool is displayed. When you select , the Ticket window is displayed, in which you can specify the name of the ticket. A ticket is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. When you select , no window is displayed. However, the change ticket is closed. Install Updates page tools When the Install Updates page is displayed in the work area, the following tools are available: • Update Firewalls — Perform the actions that you have specified on the firewalls that you have selected. You must have already selected an update action for all of the selected firewalls before you can select this tool or menu option. If you try to update a firewall with an update that has not been downloaded to the Management Server, the update will first be downloaded and saved on the Management Server. Then it will automatically be installed on the applicable selected firewalls. Note: You cannot initiate a new update on a firewall while it has an update in the “In Progress” state. • Schedule Firewalls — Displays the Schedule Firewall Actions window, in which you can set a date and time to perform actions that are related to one or more firewalls. You can also remove a schedule. For more information, see Scheduling device software updates on page 703. • Clear Last Update — Clear the values of the Last Update and Update Status fields from the table. However, this information is not cleared from the Update History data. Use this tool or menu option to clear field values when an update is stuck in the “In Progress” state. • Update Firewall Status — Send a firewall status request to the selected firewalls. The resulting firewall status is displayed in a column on the left as an icon. • Refresh Grid — Refresh the contents of the table on this page. 76 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 77. Navigating the Control Center user interface Store Updates page tools When the Store Updates page is displayed in the work area, the following tools are available: • Check for Updates — Check for new updates from the defined, auto-discovery location. For more information about configuring the auto-discovery settings, see Configuring update download settings on page 692. • Download Updates — Download the associated update for each highlighted row from the location that is specified in the auto-discovery settings. For more information about configuring the auto-discovery settings, see Configuring update download settings on page 692. • Restart Download — Restart the download process if a problem or failure occurs when an update package is being transferred from the location at which updates are stored to the Management Server. • Remove Updates — Remove the associated update for each highlighted row from the Management Server. After an update has been removed from the Management Server, it will no longer be displayed in the Store Updates table unless you have selected the Show removed updates checkbox in the Update Settings window. • Manual Download — Specify the way in which and the location to which an update is to be downloaded from a location other than the one that was specified in the auto-discovery settings. Use this option to acquire an update and store it on the Management Server when there is no access to the Secure Computing FTP location. For information about how to configure this option, see Manually downloading software updates on page 711. • Refresh Grid — Refresh the contents of this page. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 77
  • 78. Navigating the Control Center user interface 78 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 79. 3 Administration Tool Contents Administration Tool Control Center users Control Center roles Configuration domains Configuration domain version management Audit data management Control Center Management Server licensing System settings ePolicy Orchestrator settings High Availability (HA) Authentication Administration Tool The Administration Tool aggregates the McAfee Firewall Enterprise Control Center (CommandCenter) administrative functions into a single tool. You can accomplish the following tasks by using the features and functions of the Administration Tool: • Control Center users — You can create and manage the unique Control Center user names and passwords that are used to authenticate user access to the Control Center Management Server. For more information, see Control Center users on page 81. • Control Center roles — After a user is specified, he or she is assigned a role that determines the tasks that he or she is allowed to perform. Although a default set of roles has been pre-defined, you can create additional user-defined roles that can be assigned to Control Center users. For more information, see Control Center roles on page 89. • Configuration domains — Activate the configuration domains option to segregate configuration data views and management into multiple domains. The operation and configuration data associated with a configuration domain is accessible only when the specific domain is selected during the login process. All other configuration data is obscured and cannot be acted upon or seen. If configuration domains are activated, configuration domain versions and version management can be accessed from the Administration Tool, as well as from the Configuration tool. For more information about configuring and managing configuration domains, see Configuration domains on page 92. For more information about versions and version management for configuration domains, see Configuration domain version management on page 97. • Audit management — The Control Center can track when firewalls, endpoints, services, rules, alert processing rules, and many other objects are updated, added, or removed by Control Center users. You can specify the actions that are to be tracked, the objects that are to be tracked, the archiving (or not) of the tracked data, and a way to view and filter the tracked data. For more information, see Audit data management on page 100. Note: Do not confuse the Control Center Audit Trail that provides a record of actions performed by Control Center users with security firewall-specific audit reports. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 79
  • 80. Administration Tool • Control Center license — You can manage the Control Center license by selecting License from the System menu. For more information, see Control Center Management Server licensing on page 104. • Network Settings — You can view and edit Control Center settings, such as host name, servers (NTP, DNS, and mail), network interfaces (IP address, net mask, broadcast, and gateway) and static routes. For more information, see Configuring Control Center network settings on page 115. • System settings — You can manage specific Control Center system settings in the Administration Tool. These settings include: specifying the default login disclaimer information that is posted in the login window for each tool in the Client Suite, the failed login lockout settings, and the default application time-out period. For more information, see Configuring system settings on page 121. • ePolicy Orchestrator settings — You can configure the Control Center Management Server to communicate with the ePolicy Orchestrator server to share information about host objects, firewalls, and the Control Center Management Server. To use this communication, you must also configure an ePO user in this window. For more information, see Configuring access to the ePolicy Orchestrator server on page 132. • Management Server property management — You can display and edit Control Center Management Server properties and add new properties. For more information, see Configuring Management Server properties on page 664. • Ticket management — You can use the Start Ticket and Stop Ticket menu options to manage a ticket, which is used to identify specific changes that have been made to the firewall. For more information, see Configuring change tickets on page 103. • Management Server log file management — You can manage the Control Center Management Server log files by using the Server Logs window. For more information, see Viewing Management Server logs on page 663. • Alternate authentication — You can configure the way that Control Center users authenticate with the Management Server. The Control Center supports an internal authentication mechanism, as well as LDAP and RADIUS for off-box authentication. For more information, see Authentication on page 145. • View the backup Management Server status — If the High Availability (HA) Management Server Configuration option is used, you can view the status condition of the backup Management Servers in the Backup Server Status page. For more information, see Viewing the status of your backup Management Servers on page 122. • Restore or backup the Management Server — Use the Administration Tool (and the Configuration Tool under certain circumstances) to manage the backup and restoration of the Control Center configuration and the operational data. A full system backup can be requested and an off-box location can be specified. For more information, see Managing configuration data for the Management Server on page 23. • Set the Management Server date and time — You can set the Management Server date and time in the Set Server Date and Time window. For more information, see Setting the date and time on the Management Server on page 131. • Change user passwords — [Available only if internal authentication is being used, which is configured on the Control Center Authentication Configuration window] You can change a user’s password in the Change User Password window. For more information, see Changing user passwords on page 88. • Restart the Management Server — You can restart the Management Server. For more information, see Restarting the Management Server on page 131. Caution: If you select Yes, the server will be restarted immediately. There is no second confirmation request. • Stop the Management Server — Stop the Management Server and exit the application. Then click Yes to confirm or No to cancel the action. 80 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 81. Control Center users • High Availability (HA) configuration on the Management Server — You can use these wizards to establish or remove the High Availability (HA) Management Server configuration. For more information about these wizards, see Configuring the High Availability (HA) feature on page 140 and Removing the High Availability (HA) configuration feature on page 143. Control Center users Each user who can log into the Control Center must be identified and authenticated. This is accomplished by specifying a unique user name and password for each user. The tasks that can be performed by users are determined by the assigned role and the specific firewalls over which a user can have authority. Use the Control Center User Manager window on the Administration Tool to specify Control Center users. This window is used to perform the following tasks: • Create and manage the Control Center users. • Assign previously defined roles to a user. • Specify the firewalls that can be accessed by the named user. • Restrict the time of day and days of the week that users can log into the Control Center. • Specify when a user's access to the Control Center expires. • Specify if and when a user is required to re-authenticate after a specified amount of inactivity (lack of mouse movement). Use the Role Manager window to specify the roles that are assigned to Control Center users. If configuration domains are activated, the Domain Access tab is displayed, in which you can specify the domains that the user can log into and the privileges that he or she has for configuring and managing the domain. For more information about configuration domains, see Configuration domains on page 92. If external, off-box authentication is selected, you can select a failover internal authentication method for a user. If you select the Allow authentication fallback checkbox, credentials that have been submitted to log into the Management Server from any of the tools in the Client Suite are presented to the internal authentication system if there is a communication failure between the Management Server and the off-box authentication server (LDAP or RADIUS). Configure the type of authentication to be used by selecting Authentication from the System menu of the Administration Tool. For more information, see Authentication on page 145. Note: The Control Center User Manager window is not used to configure users who are authorized to directly manage security devices, such as firewalls, or to pass data through a firewall. For more information, see Configuring Control Center users on page 82. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 81
  • 82. Control Center users Configuring Control Center users Use the Control Center User Manager window to manage Control Center users. For more information about users, see Control Center users on page 81. When you add users in this window, they are able to log into the Control Center Client Suite tools to manage objects from a central location. You cannot use this window to configure or manage users that have access to specific firewalls. For more information about configuring firewall-specific users, see Firewall users on page 461. Figure 5 Control Center User Manager window Accessing this window In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. Fields and buttons This window has the following fields and buttons: • User Name — [Required] Specify a login name that is recognized by the Control Center. • Password — [Required] Specify the password that is used to authenticate the user to the Control Center. Passwords must be a minimum of eight characters in length. If a new user is being added or the password value for an existing user changes, you will be prompted to confirm the password when you save the user information. You must re-specify the password exactly as it was specified in the Password field to save the changes. You can also change a user password by using the Change User Password window if internal authentication was set in the Control Center Authentication Configuration window. For more information, see Changing user passwords on page 88. • Full Name — [Optional] Specify the first and last name of the user. • Email Address — [Optional] Specify the e-mail address of the user. 82 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 83. Control Center users • Account Locked — [Available only if this user account is locked] Determines whether this user account remains locked. The account could be locked because of reaching the number of failed login attempts. To unlock this account, clear this checkbox. The default lockout time period is 30 minutes. • Allow authentication failback — Determines whether the user can authenticate into the Management Server by presenting the external authentication credentials to the internal authentication system so that he or she can log into the Control Center Management Server if all identified external authentication servers are unreachable. • OK — Save the changes that were made on all of the tabs. • Cancel — Close this window without saving any changes. Tabs This window has the following tabs: • Domain Access — [Available only if configuration domains have been activated] Identify the configuration domains that a user can log into and the privileges that he or she can exercise. For more information, see Control Center User Manager window: Domain Access tab. • Roles — Assign one or more roles to a user. This assignment controls the level of access that a user has to Control Center objects and the actions that they can perform. This tab is available only if configuration domains have not been activated. For more information, see Control Center User Manager window: Roles tab. • Firewall Access List — Specify the firewalls that the user can configure. For more information, see Control Center User Manager window: Firewall Access List tab. • Time Restrictions — Control the time frame in which the user can log into the Control Center, and specify a date when the account will expire. For more information, see Control Center User Manager window: Time Restrictions tab. • Application Timeout — [Not available for the ePO user] Specify whether or when a user is required to re-authenticate after a specified amount of inactivity (lack of mouse movement). For more information, see Control Center User Manager window: Application Timeout tab. Control Center User Manager window: Domain Access tab Use the Domain Access tab of the Control Center User Manager window to specify access to configuration domains and the privileges that can be exercised for the specified user. This tab has a current list of the configuration domains and roles that have been previously defined. Note: You can access this tab only if you have activated configuration domains. For more information, see Configuration domains on page 92. Figure 6 Control Center User Manager window: Domain Access tab McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 83
  • 84. Control Center users Accessing this tab 1 In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. The Control Center User Manager window is displayed. 2 Select the Domain Access tab. The Domain Access tab of the Control Center User Manager window is displayed. Fields and buttons Select the checkbox that is associated with each previously defined configuration domain that the user can log into and each role that specifies the privileges that he or she can exercise. There are two special configuration domains that are displayed in the list of configuration domains: • Administrator domain • Shared domain Administrator domain Select the Administrator domain checkbox to grant configuration domain administrator privileges to the user. The user can then access the Administration Tool and can create and delete configuration domains, along with other super-user privileges. For more information, see Configuration domains on page 92. Shared domain Select the Shared domain checkbox to grant those privileges for common objects that are shared across all of the configuration domains to the user. For more information, see Configuration domains on page 92. Control Center User Manager window: Roles tab Use the Roles tab of the Control Center User Manager window to specify the level of access that a user has to Control Center objects and the actions that he or she can perform. This tab contains a complete list of Control Center roles that have been previously defined. For more information about users and roles, see Control Center users on page 81 and Control Center roles on page 89. Note: This tab is available only if configuration domains have not been activated. For more information, see Configuration domains on page 92. Figure 7 Control Center User Manager window: Roles tab Accessing this tab 1 In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. The Control Center User Manager window is displayed. 2 Select the Roles tab. The Roles tab of the Control Center User Manager window is displayed. 84 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 85. Control Center users Fields and buttons This tab has the following fields and buttons: • Role — Select the checkbox to indicate the role or roles that are assigned to a Control Center user. By default, a user has no roles assigned to him or her. Any number of defined roles can be assigned to a single user. • Description — [Read-only] Displays descriptive information about the role when the role was defined. Note: Any changes that are made to users who are currently logged into the Control Center Client application do not take effect until those users log out and log back in. Control Center User Manager window: Firewall Access List tab Use the Firewall Access List tab of the Control Center User Manager window to specify the firewalls to which a user can apply configuration information. This tab contains the current list of the firewalls that have been defined. For more information, see Control Center users on page 81. Figure 8 Control Center User Manager window: Firewall Access List tab Accessing this tab 1 In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. The Control Center User Manager window is displayed. 2 Click the Firewall Access List tab. The Firewall Access List tab of the Control Center User Manager window is displayed. Fields and buttons This tab has the following fields and buttons: • Firewalls — Specify the firewall or firewalls to which the user will be allowed to apply configuration information. By default, no firewalls are selected. If the user is given access to all firewalls (ALL FIREWALLS), he or she is automatically, without any further action, given access to all future firewalls that are configured for the system. Otherwise, the user is able to apply configuration information only for the firewalls that are specified on this tab. • Description — [Read-only] Displays the descriptive information that was specified when the firewall was defined during its configuration. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 85
  • 86. Control Center users Control Center User Manager window: Time Restrictions tab Use the Time Restrictions tab of the Control Center User Manager window to specify when a user has the ability to log into the Control Center, and to identify the date when the user account will expire. For more information, see Control Center users on page 81. Figure 9 Control Center User Manager window: Time Restrictions tab Accessing this tab 1 In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. The Control Center User Manager window is displayed. 2 Select the Time Restrictions tab. The Time Restrictions tab of the Control Center User Manager window is displayed. Fields and buttons This tab has the following fields and buttons: • Login Restriction — Use the fields in this area to determine any time constraints on user logins. • Restrict User Login by Time — Determines whether there is a time constraint on the time that a user can log in. This checkbox is cleared by default. If you select this checkbox, the following field is available: • Time Period — Specify the time period from the list of previously defined time periods. Or you can click to display the Time Period Manager window box in which you can specify a new time object. These time period objects are managed by using the Configuration Tool. For more information about time period objects, see Managing time periods on page 470. • Expiration Settings — Use the fields in this area to determine whether the user account will expire on a specific date. The following fields are available: • Expire Account — Determines whether the user account will expire on a specific date. This date is the date on which the user will no longer be able to log into the Control Center Client application. This checkbox is cleared by default. You can edit the value in the list directly or you can click the down arrow to access a calendar, in which you can select the month, date, and year. 86 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  • 87. Control Center users Control Center User Manager window: Application Timeout tab Use the Application Timeout tab on the Control Center User Manager window to specify the number of minutes of inactivity that must elapse before the user is required to re-authenticate. Inactivity is defined as the absence of mouse movement. As opposed to the System Settings window, in which you can set a default application time-out period, use this tab to specify the user-specific time-out value. For more information, see Control Center users on page 81. Note: This tab is not available for the ePO user. Figure 10 Control Center User Manager window: Application Timeout tab Accessing this tab 1 In the Administration Tool, from the Users menu, select Add User, Modify User, or Copy User. The Control Center User Manager window is displayed. 2 Click the Application Timeout tab. The Application Timeout tab of the Control Center User Manager window is displayed. Fields and buttons This tab has the following fields and buttons: • Use Default Application Timeout — Select this option to specify that the setting for this user will use the default application time-out period that was set by using the System Settings window. • No Application Timeout — Select this option to specify that this user will never require re-authentication. • Select Application Timeout — Select this option to specify the number of minutes of inactivity for this user. Use this field, along with the Timeout (min) field, to specify a custom configuration to apply to each user. • Timeout (min) — [Available only if you have selected the Select Application Timeout option] Specify the number of minutes of inactivity for this user. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 87
  • 88. Control Center users Changing user passwords Use this window as an alternate way to change your user password. This window is available only if your user profile has been configured to use internal authentication to access the Control Center (as opposed to external authentication). For more information about authentication, see Authentication on page 145. If you have administrator privileges and you want to change the password of a different user, use the Control Center User Manager window in the Administration Tool. For more information, see Configuring Control Center users on page 82. Figure 11 Change User Password window Accessing this window From the System menu of any of the tools, select Change Password…. The Change User Password window is displayed. If you receive a Policy Violation message, indicating that your password has expired and you decide to change your password, click Yes. The Chan