test upload

2,345 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,345
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

test upload

  1. 1. McAfee Firewall Enterprise Control ® Center (CommandCenter™) Administration Guide version 4.0.0.04
  2. 2. COPYRIGHT Copyright © 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions This product includes software developed by Inferno Nettverk A/S, Norway. Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002 Inferno Nettverk A/S, Norway. All rights reserved. This product includes software developed by Todd C. Miller. Copyright (c) 1996 Todd C. Miller <Todd.Miller@courtesan.com> All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. Copyright (c) 1983, 1988, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved. This product includes software developed by Red Hat, Inc. Copyright Red Hat, Inc., 1998, 1999, 2001, 2002. This product includes software developed by Julianne F. Haugh. Copyright 1988 - 1997, Julianne F. Haugh. All rights reserved. This product includes software developed by Info-ZIP. Copyright (c) 1990-2004 Info-ZIP. All rights reserved. This product includes software developed by the Apache Software Foundation http://www.apache.org. Copyright (c) 1999, 2000 The Apache Software Foundation. All rights reserved. This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). Copyright (c) 2000 Carnegie Mellon University. All rights reserved. This product includes software developed by Ian F. Darwin and others. Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. This product includes software developed by Silicon Graphics, Inc. Copyright (c) 1991-1997. Portions by Sam Leffler. Copyright (c) 1988-1997. This product includes software developed by Purdue Research Foundation, West Lafayette, Indiana 47907. Copyright 2002. All rights reserved. Portions by Victor A. Abell This product includes software developed by Thomas E. Dickey <dickey@invisible-island.net>. Copyright 1997-2002, 2003. All Rights Reserved. This product includes software developed by David L. Mills. Copyright (c) David L. Mills 1992-2001. This product includes software developed by University of Cambridge. Copyright (c) 1997-2001 University of Cambridge; ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ This product contains db4 software - Portions distributed by Sleepycat Software. Copyright (c) 1990-2001 Sleepycat Software, and by The President and Fellows of Harvard University, copyright (c) 1995, 1996. All rights reserved. This product includes software developed by Keith Packard. Copyright © 2001,2003. This product includes krb5 software developed by the Massachusetts Institute of Technology, Copyright (c) 1985-2001. This product includes libjpeg software developed by Thomas G. Lane, Copyright (C) 1991-1998. All Rights Reserved. This software is based in part on the work of the Independent JPEG Group. This product includes libradius software developed by Juniper Networks, Inc., Copyright 1998. All rights reserved. This product includes LInux LOader (LILO) software developed in part by Werner Almesberger, Copyright 1992-1998. Portions by John Coffman, Copyright 1999-2005. All rights reserved. This product includes software developed by The OpenSSL Project for use in the OpenSSL Toolkit. (http:// www.openssl.org) Copyright © 1998-2006. The toolkit includes cryptographic software written by Eric Young (eay@cryptsoft.com). Copyright (c) 1995-1998. This product includes software written by Tim Hudson (tjh@cryptsoft.com) Copyright (c) 1993-2001 Spread Concepts LLC. All rights reserved. This product includes software developed by The XFree86 Project, Inc. (http://www.xfree86.org/) and its contributors. Copyright (C) 1994-2004 The XFree86 Project, Inc. All rights reserved. Part of the software embedded in this product is gSOAP software. Portions created by gSOAP are Copyright (C) 2001-2004 Robert A. van Engelen, Genivia Inc. All Rights Reserved. This product includes software developed by Internet Systems Consortium, Inc. Copyright © 2004-2006 Internet Systems Consortium, Inc. ("ISC"). Copyright © 1996-2003 Internet Software Consortium. This product includes software developed by Jython Developers. Copyright © 2000-2007 Jython Developers. All rights reserved. This product contains certain other third party software which include the following additional terms: Redistribution and use in source and binary forms of the above listed software, with or without modification, are permitted provided that the following conditions are met: 1 Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2 Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3 Neither the name of the author may be used to endorse or promote products derived from this software without specific prior written permission. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  3. 3. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LICENSORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes or may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format that the source code also be made available to those users. For any such software, the source code is made available in a designated directory created by installation of the Software or designated internet page. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in the McAfee End User License Agreement, then such rights shall take precedence over the rights and restrictions herein. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  4. 4. Issued April 2009 / McAfee Firewall Enterprise Control Center (CommandCenter ) software version 4.0.0.04 ® ™
  5. 5. Contents About this Document 11 1 Introduction 13 About the McAfee Firewall Enterprise Control Center (CommandCenter) . . . . . . . . . . . . . . . . . . . . . . . . . 13 Features of the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 About the Client Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Reporting and Monitoring Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Software Updates Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2 Administrator Basics 19 Managing the McAfee Firewall Enterprise Control Center (CommandCenter) Management Server . . . . . . . 19 Configuring the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Logging into the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Managing configuration data for the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Backing up configuration data for the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Restoring configuration data to the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Disaster recovery restoration for Management Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Restoring a standalone Management Server that has failed completely . . . . . . . . . . . . . . . . . . . . . . . 34 Restoring a primary Management Server that has failed completely and that is part of a high availability (HA) pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Restoring a backup Management Server that has failed completely and that is part of a high availability (HA) pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Restoring both Management Servers in a high availability (HA) pair that have failed completely . . . . . . 37 Adding firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Adding firewalls by using rapid deployment registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Adding firewalls by using manual registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Managing firewall interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Routed mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Transparent (bridged) mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Navigating the Control Center user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Administration Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Configuration Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Reporting and Monitoring Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Software Updates Tool main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Administration Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Configuration Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Reporting and Monitoring Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Software Updates Tool menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Customizing a toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Administration Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Configuration Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Reporting and Monitoring Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Software Updates Tool toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3 Administration Tool 79 Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Configuring Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Changing user passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Control Center roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Managing roles for Control Center users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Activating configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 5
  6. 6. Configuring configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Moving a firewall or cluster from one configuration domain to another . . . . . . . . . . . . . . . . . . . . . . . 96 Changing from one configuration domain to another . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Configuration domain version management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuration domain version management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Managing versions of configuration domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Audit data management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Managing audit trail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Configuring change tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Control Center Management Server licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Managing Control Center licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Configuring common license information for the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Configuring Control Center network settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 System settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Configuring system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Viewing the status of your backup Management Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Creating backup files of your Management Server data by using the GUI . . . . . . . . . . . . . . . . . . . . 123 Restoring the Management Server configuration files from a backup file . . . . . . . . . . . . . . . . . . . . . 126 Uploading a backup configuration file from the Client to the Management Server . . . . . . . . . . . . . . . 128 Changing login information for remote system backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Setting the date and time on the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Restarting the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 ePolicy Orchestrator settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Configuring access to the ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Viewing ePolicy Orchestrator host data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 How High Availability (HA) works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 HA configuration and status support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring the High Availability (HA) feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Removing the High Availability (HA) configuration feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Configuring Control Center user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Control Center Authentication Configuration window: Authentication Servers tab . . . . . . . . . . . . . . . 150 Configuring external authentication servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 4 Configuration Tool Overview 153 Configuration Tool . . . . . . . . . . . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Configuration Tool operations . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Configurable objects . . . . . . . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Viewing details about objects . . . . . . . . . .. .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 5 Configuration Tool - Firewalls 163 Firewall objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 163 McAfee Firewall Enterprise (Sidewinder) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 164 Registering your firewalls by using the rapid deployment option . . . . . . . . . . . . . . . . .. .. ... . . . . 164 Registering a firewall manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 166 Retrieving firewall components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 168 Configuring settings for a standalone firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 169 Configuring the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 170 Firewall window-related tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 204 Converting network objects in rules for the IPv6 protocol . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 204 Deleting firewall objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 213 McAfee Firewall Enterprise (Sidewinder) clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 215 Managing clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 215 Configuring, promoting and demoting cluster objects and cluster nodes . . . . . . . . . . .. .. ... . . . . 216 Overview of configuring a cluster on the McAfee Firewall Enterprise Admin Console . . .. .. ... . . . . 225 Adding a cluster that was created on the McAfee Firewall Enterprise Admin Console . . .. .. ... . . . . 226 Configuring configuration information for a cluster . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 228 Modifying cluster interface properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 253 Configuring configuration data for a cluster member . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 255 Device groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 261 Configuring groups of related device objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. ... . . . . 261 6 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  7. 7. 6 Configuration Tool - Firewall Settings 263 Firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Common (global) settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Configuring common (global) settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Audit export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Configuring audit archive settings for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 McAfee Firewall Profiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Configuring McAfee Firewall Profiler settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Firewall Reporter / Syslog settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Configuring the exportation of audit data to a McAfee Firewall Reporter or to designated syslog servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 274 Network defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 278 Configuring network defense audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 279 Managing servers and service configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 291 Viewing and managing IPS signatures by using the IPS Signature Browser . . . . . . . . . . . .. .. .. . . . . . 302 TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 304 Configuring TrustedSource settings for rules and mail filtering . . . . . . . . . . . . . . . . . .. .. .. . . . . . 305 Virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 308 Configuring virus scanning properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 308 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 310 Creating Quality of Service profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 311 DNS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 312 Configuring DNS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 315 Scheduled jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 322 Scheduling jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 322 Third-party updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 326 Configuring third-party update schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 326 Software update package status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 331 Establishing a schedule to check for software updates . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . 331 7 Configuration Tool - Policy 333 Policy objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Network objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 Configuring endpoints (network objects) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 Creating adaptive endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Creating Geo-Location objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Configuring burbs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Configuring groups of burb objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Configuring groups of endpoint objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Importing network objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Configuring proxy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Configuring filter services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Configuring service groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Configuring HTTP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Configuring HTTPS application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Configuring Mail (Sendmail) application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Configuring Mail (SMTP proxy) application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 Configuring Citrix application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 Configuring FTP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Configuring IIOP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Configuring T120 application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Configuring H.323 application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Configuring Oracle application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Configuring MS SQL application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Configuring SOCKS application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Configuring SNMP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Configuring SIP application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 Configuring SSH application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Configuring Packet Filter application defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Configuring application defense groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 7
  8. 8. IPS inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 419 Configuring IPS response mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 420 Configuring IPS signature groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 421 Authentication services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 424 Configuring password authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 426 Configuring passport authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 428 Configuring RADIUS authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 431 Configuring Safeword authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 435 Configuring Windows Domain authenticators . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 438 Configuring iPlanet authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 440 Configuring Active Directory authenticators . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 445 Configuring OpenLDAP authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 450 Configuring custom LDAP authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 455 Configuring CAC authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 459 Firewall users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 461 Firewall administrators, users, user groups, and external groups . . . . . . . . . . .. ... .. .. . . . . . . . 461 Configuring firewall users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 462 Configuring firewall administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 464 Configuring firewall user groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 468 Configuring external firewall groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 469 Time periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 470 Managing time periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 470 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 471 Configuration features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 472 Components and considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 474 Client configurations and XAUTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 475 Creating VPN channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 475 Managing firewall certificates for VPN gateways . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 481 Configuring VPN gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 482 Configuring VPN peer objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 484 Building Star, Mesh, and remote access VPN communities . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 491 Creating a network configuration for a VPN client . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 507 Defining fixed addresses for VPN clients . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 510 Adding a VPN client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 511 CA certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 512 Managing certificate names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 514 Creating certificates or importing them into the certificate database . . . . . . . . .. ... .. .. . . . . . . . 515 Importing certificates into the known certificates database . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 518 Exporting certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 519 Loading certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 522 Managing remote certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 523 Bypassing IPsec policy evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 525 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 527 How rules work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 527 Rule management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 528 Creating, viewing, or modifying rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 528 Configuring columns to display on the Rules page . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 532 Configuring rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 533 Configuring default settings for creating rules . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 540 Replacing objects in rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 541 Verifying the objects to be replaced in your rules . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 543 Filtering rules to display on the Rules page . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 545 Loading and managing previously saved rule filters . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 549 Displaying filtered rules on the Rules page . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 550 Configuring groups of rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 551 Merging rules with common elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 552 Deleting duplicate rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 556 Viewing configuration information for duplicate rules . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 558 URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 559 Viewing your URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 559 Configuring URL translation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 560 Alert processing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 563 Viewing alert processing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. . . . . . . . 564 8 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  9. 9. Modifying pre-defined alert processing rules ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 565 Assigning priority levels to alerts . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 567 SSH known hosts . . . . . . . . . . . . . . . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 568 Configuring strong known host associations . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 569 Creating strong SSH known host keys . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 570 Configuring host associations . . . . . . . . . . . ....... .. ... .. ... .. . . . . . . . . . . . . . . . . . . . . . 571 8 Configuration Tool - Monitor 573 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Firewall configuration management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Viewing the overall status of your firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Viewing the status of a specific firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Configuring settings for the Firewall Status page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 Viewing configuration information about each firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 Validating firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 Troubleshooting validation configuration warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587 Applying firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Troubleshooting apply configuration warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 Viewing the status of Apply Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 Reviewing your configured firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594 Comparing impacts of proposed configuration changes for a firewall . . . . . . . . . . . . . . . . . . . . . . . . 595 Configuring compliance report settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596 Viewing the compliance status of the current firewall configuration . . . . . . . . . . . . . . . . . . . . . . . . . 597 Viewing your firewall enrollment (deployment) status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Configuring the firewall for usage inside the Control Center Client . . . . . . . . . . . . . . . . . . . . . . . . . 599 Viewing real-time Web data for your network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600 Viewing services and managing service agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 Viewing details about a firewall service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Configuring alert notification for e-mail accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Configuring blackholes for suspected hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Viewing IPS attack responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608 Configuring IPS attack responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 Viewing system responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 Configuring system responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 Audit trail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 Viewing audit trail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 Configuring a custom audit trail filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 Audit archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Firewall reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Viewing firewall report data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620 Generating firewall reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Firewall audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624 Configuring and generating audit reports for one or more firewalls . . . . . . . . . . . . . . . . . . . . . . . . . 625 Configuring filters for audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632 Viewing event-specific audit information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 Configuring on-screen color schemes for the audit records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Displaying system information for the Control Center Management Server . . . . . . . . . . . . . . . . . . . 638 Selecting the criteria for the firewall policy report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 Viewing information about the security policy for firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Firewall license reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Selecting the firewall for the license report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Viewing the status of all of the licenses for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645 9 Configuration Tool - Maintenance 647 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 647 Firewall maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 648 Viewing object usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 648 Locking configuration objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 649 Managing unused objects on the Control Center Management Server .. .. .. . . . . . . . . . . . . . . . . . 651 Merging objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 652 Setting the date and time on a firewall . . . . . . . . . . . . . . . . . . . . . .. .. .. . . . . . . . . . . . . . . . . . 655 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 9
  10. 10. Managing firewall shutdown and suspension states and other maintenance settings . . . . . . . . . . . . . 656 Viewing and managing firewall licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658 Control Center maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662 Viewing Management Server logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663 Configuring Management Server properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 Exporting firewall audit files that are stored on the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . 667 Customizing the Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669 10 Reporting and Monitoring Tool 671 Reporting and Monitoring Tool . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 671 Viewing the properties of a firewall . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 672 Investigating alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 673 Column data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 674 Mapping sound files to alarms . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 676 Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 677 Managing alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 678 Viewing events for a specific alert . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 682 Configuring the columns on the Event Browser window . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 683 Viewing additional event information . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 684 Configuring columns for the Alert Browser page . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 685 Filtering the alerts to be displayed in the Alert Browser . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 686 Secure Alerts Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 686 Functionality of the Secure Alerts Server . . . . . . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 687 Viewing Secure Alerts Server status information . . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 687 Firewall reports in the Reporting and Monitoring Tool . . . . . . . . . .. ... .. .. ... .. ... . . . . . . . . . . . 689 11 Software Updates Tool 691 Software Updates Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 691 Automatically identify updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 691 Configuring update download settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 692 Downloading and applying Management Server updates . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 693 Installing software and firmware updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 697 Managing updates for a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 699 Scheduling device software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 703 Backing up and restoring firewall configurations . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 704 Confirming a configuration backup of one or more firewalls . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 708 Storing software and firmware updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 709 Manually downloading software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... .. .. .. . . . . . 711 Index 715 10 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  11. 11. About this Document This Administration Guide leads you through planning and configuration of your initial Firewall Enterprise Control Center (CommandCenter) Management Server. It also covers basic post-installation tasks for integrating a new firewall into your network. While problems are not anticipated, this guide also includes troubleshooting tips. This guide is for anyone assigned to initially set up a McAfee Firewall Enterprise Control Center Management Server. It assumes that you are familiar with McAfee Firewall Enterprise (Sidewinder) devices. It also assumes you are familiar with networks and network terminology. You can find additional information at the following locations: • Online help — Online help is built into the Control Center. Click F1. • Manuals — View product manuals at mysupport.mcafee.com. • Knowledge Base — Visit the Knowledge Base at mysupport.mcafee.com. You’ll find helpful articles, troubleshooting tips and commands, and the latest documentation. The following table lists the various documentation resources for Control Center administrators: Table 1 Summary of Control Center documentation Document Description Firewall Enterprise Control Leads you through your initial firewall configuration. Includes instructions for configuring Center (CommandCenter) and installing the High Availability (HA) Management Server and registering firewalls. Setup Guide Firewall Enterprise Control Provides an introduction to Control Center and includes reference information and Center (CommandCenter) procedures for using the Control Center Client Suite to centrally define and manage the Administration Guide enterprise security policies for the firewall. McAfee Firewall Enterprise Complete administration information on all of the firewall functions and features. You (Sidewinder) should read this guide if your Control Center enterprise includes firewalls. Administration Guide Online help Online help is built into Control Center Client Suite programs and the Control Center Initialization tool. Knowledge Base Supplemental information for all other Control Center documentation. Articles include helpful troubleshooting tips and commands. All manuals and application notes are also posted here. The Knowledge Base is located at mysupport.mcafee.com. Any time that there is a reference to a “firewall”, this is always the McAfee Firewall Enterprise. Additionally, refer to Table 2 for a list of the text conventions that are used in this document. Table 2 Conventions Convention Description Courier bold Indicates commands and key words that you specify at a system prompt. Note: A backslash () indicates a command that does not fit on the same line. Specify the command as shown, ignoring the backslash. Courier italic Indicates a placeholder for text that you specify. <Courier italic> When enclosed in angle brackets (< >), this indicates optional text. nnn.nnn.nnn.nnn Indicates a placeholder for an IP address that you specify. Courier plain Indicates text that is displayed on a computer screen. Plain text italics Indicates the names of files and directories. Also used for emphasis (for example, when introducing a new term). McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 11
  12. 12. Table 2 Conventions (continued) Convention Description Plain text bold Identifies buttons, field names, and tabs that require user interaction. [ ] Indicates conditional or optional text and instructions (for example, instructions that pertain only to a specific configuration). Caution Indicates that you must be careful. In this situation, you might do something that could result in the loss of data or in an unpredictable outcome. Note Indicates a helpful suggestion or a reference to material that is not covered elsewhere in this documentation. Security Alert Indicates information that is critical for maintaining product integrity or security. Tip Indicates time-saving actions. It also might help you solve a problem. Note: The IP addresses, screen captures, and graphics that are used within this document are for illustration purposes only. They are not intended to represent a complete or appropriate configuration for your specific needs. Features might be configured in screen captures because of contingency displays. However, not all features are appropriate or desirable for your setup. Additionally, many of the windows and pages in the Client tools have tables that can be edited. The first column of a table that can be edited can display different symbols, depending on the action being taken. In the help files, this is listed as the Edit column. The following example shows the symbols, along with their descriptions. For the remainder of the help files, only a verbal description of the symbol will be used. • Edit — This column identifies the edit status of the row in the table. The following icons can be displayed: • [blank] — Indicates an existing line with associated values that is not the currently selected line. • — (Pencil) Indicates that this row is the one that is being edited. • — Indicates that you are creating a new row or entry. • — Indicates that this row is currently selected and it contains previously specified values. 12 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  13. 13. 1 Introduction Contents About the McAfee Firewall Enterprise Control Center (CommandCenter) About the Client Suite About the McAfee Firewall Enterprise Control Center (CommandCenter) The Control Center is an enterprise-class management tool for creating and applying security policies across multiple firewalls. Network administrators can remotely manage, maintain, and monitor firewalls for one or more domains. The Control Center consists of the following entities: • Control Center Client Suite — a set of tools that resides on a desktop computer that is running a Windows operating system. The tools provide the graphical user interfaces (GUIs) to configure, manage, ® and monitor supported firewalls and to perform Control Center administrative tasks. For more information, see About the Client Suite on page 15. • Control Center Management Server — a hardened Linux platform that provides the firewall ® management and monitoring capabilities that are required to centrally implement security policy. It manages the framework for secure communication between the server, Client Suite, and supported firewalls. The Control Center Management Server requires at least one installation of the Control Center Client Suite. • At least one firewall in a heterogeneous network of security devices that exist in a single domain. • One or more domains that represent a complete, inclusive network security policy. Figure 1 Basic Control Center Management Server environment Control Center Client Suite Managed firewall (Windows) Control Center Management Server R Managed firewall Managed firewall Client application: Control Center Managed firewalls: Client Suite tools connect Management Server: The configuration and to the Control Center All firewall management is initialization is similar to Management Server to accomplished through a standalone firewalls. Then push create, edit, and deploy connection to the Control policy from the Control Center policy to the managed Center. Management Server to each firewalls. firewall. The Client Suite and tiers of firewalls securely communicate with the Management Server by using SOAP over HTTPS. SSL, using Client Certificates generated by the built-in Certificate Authority, is used to encrypt and authenticate the client/server communication. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 13
  14. 14. About the McAfee Firewall Enterprise Control Center (CommandCenter) You can also implement Control Center Management Servers in a High Availability (HA) configuration, in which one Management Server actively manages the registered firewalls, while another Management Server acts as a standby or backup. If the active Management Server fails, the management responsibilities can be switched to the standby or backup Management Server. For more information about this, see High Availability (HA) on page 136. Features of the Control Center The Control Center is the central security appliance management solution from McAfee. It provides the foundation for a suite of products that is used to: • Define and distribute rules to hundreds of firewalls. • Share configuration data among firewalls. • Configure Virtual Private Network (VPN) connectivity. • Implement and selectively activate multiple security policies. • Manage software releases on all of your firewalls. • Simplify routine administrative tasks. • Manage ongoing changes to your security policies. The Control Center supports the following features and functionality: • Object-based design — Using an object-based configuration technique, objects can be defined once and can be reused anywhere that the object is needed. Network objects represent one example of this implementation. Network objects include firewalls and device groups, hosts, networks, address ranges, interfaces, and endpoint groups. These objects are used when you define rules. Over time, hundreds of rules can be defined by using these objects. If the properties of a network object must be changed, you have to update the object once. The resulting changes will propagate wherever that object is used. • Auditing of object management events and archiving of audit tracking data — The Control Center has an audit tracking and archive management feature that can be configured to monitor object changes and purge or archive audit tracking data. The auditing data contains information about the requested operation performed, time, date and user name. This information can be displayed or printed using the Audit Trail report. Because the audit tracking table grows without bounds and consumes disk space, you also have the option to periodically remove the data from the database or archive it to another location. This is true for both Control Center audit data and audit data that is currently stored on the Management Server that was retrieved from one or more firewalls. • Configuration domains — Use configuration domains to partition your managed firewalls into separate collections of objects and configuration data. Each collection is independent of any other collection, and changes to one collection do not affect the others. For more information, see Configuration domains on page 92. • Rule set queries — Because firewall configurations often require numerous rules, the Control Center can produce views of these rules as a subset of the rules. This added convenience helps to manage and validate the many rules that are stored in the Control Center database. • Firewall configuration retrieval — After a firewall has been added to the list of managed firewalls, you can use the Firewall Retrieval Options window to choose the configuration components to be retrieved and stored as Control Center objects. You can select all components or limit your selection to specific components. This feature saves time and effort when you are performing the initial setup to manage a firewall. • Policy validation and reports — After making configuration changes and before applying them, you can determine whether firewall configurations in the Control Center database are valid. You can view a report that shows the status of the validation process and a report that details the differences between the current and proposed firewall configurations. 14 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide
  15. 15. About the Client Suite • Configuration status report — After the configuration has been propagated to one or more firewalls, a status report is produced to list warnings or errors that may have occurred. • Certificate Authority (CA) framework — A built-in CA framework lets you quickly issue certificates for the various architectural components. A built-in CA saves time when using SSL with client certificates. • Simultaneous, multiple users — The Control Center provides a locking mechanism that accommodates simultaneous use of the Control Center Client Tools by multiple users. Administrators have the option of locking entire object trees or allowing the system to lock individual objects on a first-come, first-served basis. This approach allows single-user environments to function without explicit locking. • High Availability (HA) feature — You can configure redundant Management Servers by using the High Availability Server Configuration (HA) feature. The HA feature uses a multi-server configuration to continue Control Center Management Server functions if the active Management Server fails. For more information, see High Availability (HA) on page 136. • Apply Configuration enhancements — The Apply Configuration window includes a checkbox that determines whether the network is automatically re-initialized when configuration changes are applied to a firewall. If the network is not re-initialized automatically, the Client displays all of the firewalls that need to be re-initialized in the Configuration Status report. In addition, the apply mechanism on the firewall supports the running of a script after the apply operation has been completed. The apply process also supports the listing files that are to be excluded from management. About the Client Suite The McAfee Firewall Enterprise Control Center Client Suite is the suite of tools that provides the user interfaces for task-grouped operations of the Control Center. Each tool encapsulates related operations to deliver the functionality required by Control Center users. Administration Tool The Administration Tool aggregates the McAfee Firewall Enterprise Control Center administrative functions into a single tool. You can accomplish the following tasks by using the features and functions of the Administration Tool: • Control Center users — You can create and manage the unique Control Center user names and passwords that are used to authenticate user access to the Control Center Management Server. For more information, see Control Center users on page 81. • Control Center roles — After a user is defined, he or she is assigned a role that determines the tasks that he or she is allowed to perform. Although a default set of roles has been pre-defined, you can create additional user-defined roles that can be assigned to Control Center users. For more information, see Control Center roles on page 89. • Configuration domains — Activate the configuration domains option to segregate configuration data views and management into multiple domains. The operation and configuration data associated with a configuration domain is accessible only when the specific domain is selected during the login process. All other configuration data is obscured and cannot be acted upon or seen. If configuration domains are activated, configuration domain versions and version management can be accessed from the Administration Tool, as well as from the Configuration tool. For more information about configuring and managing configuration domains, see Configuration domains on page 92. For more information about versions and version management for configuration domains, see Configuration domain version management on page 97. McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide 15
  16. 16. About the Client Suite • Audit Trail — The Control Center can track when firewalls, endpoints, services, rules, alert processing rules, and many other objects are updated, added, or removed by Control Center users. You can define the actions that are to be tracked, the objects that are to be tracked, the archiving (or not) of the tracked data, and a way to view and filter the tracked data. For more information, see Audit data management on page 100. Note: Do not confuse the Control Center Audit Trail that provides a record of actions performed by Control Center users with security firewall-specific audit reports. • Control Center license — You can manage the Control Center license by selecting License from the System menu. For more information, see Control Center Management Server licensing on page 104. • System settings — You can manage specific Control Center system settings in the Administration Tool. These settings include: defining the default login disclaimer information that is posted in the login window for each tool in the Client Suite, the failed login lockout settings, and the default application time-out period. For more information, see Configuring system settings on page 121. • Alternate authentication — Use the Administration Tool to configure the way that Control Center users authenticate with the Management Server. The Control Center supports an internal authentication mechanism, as well as LDAP and RADIUS for off-box authentication. For more information, see Authentication on page 145. • Management Server backup and restore operations — Use the Administration Tool (and the Configuration Tool under certain circumstances) to manage the backup and restoration of the Control Center configuration and the operational data. A full system backup can be requested and an FTP off-box location can be specified. For more information, see Managing configuration data for the Management Server on page 23. • Backup server status — If the High Availability (HA) Management Server Configuration option is used, you can view the status condition of the backup Management Servers in the Backup Server Status page. For more information, see Viewing the status of your backup Management Servers on page 122. Configuration Tool Use the Configuration Tool to define, configure, and maintain multiple firewalls and security policies for a distributed homogeneous or heterogeneous configuration of firewalls. You can accomplish the following tasks by using the features and functions of the Configuration Tool: • Create configurable objects — The components that comprise a security policy include a set of configurable objects that defines the characteristics of the building blocks that are used to implement the security policy. Use this object model of defined objects to share characteristics, options, and functionality, instead of having to provide raw configuration information for each aspect of an implemented security policy. Use the Configuration Tool to retrieve, create, and manage configurable object characteristics. For more information, see Configurable objects on page 154. • Manage configurable objects — After configurable objects have been defined or retrieved, you can edit, validate, and apply changes to the configured object. You can manage the implemented security policy across all of the supported firewalls in your configuration. For more information, see Firewall configuration management on page 574. • Create and manage rules — Rules provide the network security mechanism that controls the flow of data into and out of the internal network. They specify the network communications protocols that can be used to transfer packets, the hosts and networks to and from which packets can travel, and the time periods during which the rules can be applied. Rules are created by the system administrator and should reflect the internal network site's security policy. You can retrieve, create, and manage rules in the Configuration Tool. For more information, see Creating, viewing, or modifying rules on page 528. 16 McAfee Firewall Enterprise Control Center 4.0.0.04 Administration Guide

×