Professional Documents
Culture Documents
Installation overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Installation checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Security considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
MTA requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Pre-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Default IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Run the Setup Wizard and register the appliance with McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Edit the McAfee Email Gateway policy to work with McAfee DLP Prevent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Change the boot order in VMware before upgrading from virtual CD drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Troubleshoot installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Installation overview
McAfee DLP implementation
McAfee® Data Loss Prevention (McAfee DLP) is a suite of products deployable and manageable through McAfee® ePolicy
Orchestrator® (McAfee® ePO™) , which enables sharing of common policies and provides incident and case management for
network and endpoint data loss prevention products.
The McAfee DLP extension is installed on the McAfee ePO server. It manages the policies and data analysis for all McAfee DLP
applications. It is the starting point for all deployments.
Optional components
You can perform a first-time installation of the McAfee DLP Prevent appliance software on a physical
hardware appliance or on a virtual machine, depending on your business needs. For subsequent installations,
upgrade the appliance software. The decision tree helps you decide specific platforms where you are installing
the McAfee DLP Prevent appliance software. Each installation method includes a workflow and procedure.
• Virtual appliances can run on your own VMware vSphere (deployed on VMware vCenter Server) or Windows Hyper-V
server.
• You can install McAfee DLP Prevent on McAfee DLP 6600 or McAfee DLP 5500 appliance models.
• You can install VMware vSphere (deployed on VMware vCenter Server) or Windows Hyper-V server on McAfee DLP 6600
or McAfee DLP 5500 appliance models.
You can make use of the McAfee DLP Prevent appliance functionalities by leveraging your existing network infrastructure.
1. If you are using a hardware appliance, connect the appliance to your local network.
2. Download and extract the McAfee DLP Prevent appliance software and the required extensions from the McAfee download
site using a grant number.
3. Install the extensions in McAfee ePO.
4. Install and configure McAfee DLP Prevent appliance software.
5. For the appliance to be managed, register the appliance with McAfee ePO from the Setup Wizard.
6. Integrate McAfee DLP Prevent with the Smart Host (MTA server) that supports header inspection and configure the policy to
work with McAfee DLP Prevent.
7. Integrate McAfee DLP Prevent with the web proxy server and configure the policy to work with McAfee DLP Prevent.
Tip
8. Confirm that the appliance is connected to the network from the McAfee ePO interface. In McAfee ePO, navigate to Menu
→ Appliance Management, which shows the appliance underneath My Organization within the Lost and Found tree.
Tip
To use McAfee DLP Monitor and McAfee DLP Prevent on the same network, install McAfee DLP Monitor first to analyze
how traffic flows through your network.
Note
McAfee DLP 9.3.0 doesn't support an upgrade. You must reinstall the appliance software from a CD or USB drive.
1. Download and extract the appliance software and extensions from the McAfee download site. The upgrade files are
distributed as .iso files. You can write the .iso file to a CD or USB drive, or copy the image over the appliance's internal
installation image.
2. Notify the downtime to the McAfee ePO administrators.
3. Prepare the McAfee DLP Prevent appliance environment to upgrade the software.
4. Install the extensions in McAfee ePO if the extensions are updated.
5. Copy the .iso file to the appliance, then boot from the internal installation image. You don't have to reconfigure the IP
addresses as the existing configured IP addresses are considered for configuration if you select the full upgrade mode. You
have to reconfigure the IP addresses if you choose other upgrade modes.
You can plan to configure all scenarios or a combination of these scenarios based on your business needs when you install or
upgrade the appliance software.
Note
You can choose to use the DLP Capture feature, if needed. DLP Capture requires additional storage disk space to hold
the captured data.
For a 6600 appliance, set up the McAfee DLP Capture Storage Array and connect it to the appliance. The 5500 appliance
model contains disks that can hold the captured data. For a virtual appliance, an additional hard disk gets created during
deployment to store the captured data. Enable the DLP Capture feature from McAfee ePO and set how long you want to
retain the captured data for.
• Integrate the appliance with McAfee DLP Discover server, which is configured as McAfee DLP Server to protect sensitive
data.
Note
While upgrading the appliance software, McAfee ePO pushes all existing policies if you choose to upgrade using the full
upgrade mode. We recommend that you upgrade the appliance using the full upgrade mode for all deployments.
Deploy a McAfee DLP Prevent cluster to load balance the incoming email and web traffic, and accomplish high availability if a
cluster node fails.
Tip
Caution
You can't share cluster scanner nodes between a McAfee DLP Prevent cluster and a McAfee DLP Monitor cluster. So, the
cluster ID and virtual IP address must be unique and different from that of the McAfee DLP Monitor cluster ID and virtual IP
address.
1. Complete the installation of all appliances, which you plan to include in a cluster in your network.
Note
For performance optimization, make sure that all appliances in a cluster configuration are of the same model, and all
virtual appliances have the same specifications.
2. For the appliance to be managed, register the appliance with McAfee ePO from the Setup Wizard.
3. Integrate McAfee DLP Prevent with the Smart Host (MTA server) that supports header inspection and configure the policy to
work with McAfee DLP Prevent.
4. Integrate McAfee DLP Prevent with the web proxy server (MWG server) and configure the policy to work with McAfee DLP
Prevent.
5. Enable load balancing from McAfee ePO.
You can deploy a McAfee DLP Monitor cluster or a McAfee DLP Prevent cluster or both clusters based on your environment.
Deploy a McAfee DLP Monitor cluster when the network traffic monitoring and scanning capacity you want exceeds that of a
standalone McAfee DLP Monitor appliance. In this scenario, a single deployment of McAfee DLP Monitor cluster monitors and
scans a busy network.
Caution
The cluster ID and the virtual IP address must be different from that of a McAfee DLP Prevent cluster ID and virtual IP
address. You must not share the cluster scanners between two clusters.
• A McAfee DLP Prevent primary node (the master). The master is responsible for distributing email and web traffic for
analysis between itself and the cluster scanners. If the master fails, any of the cluster scanners take over the primary
role.
• One or more McAfee DLP Prevent scanners.
MTA is the mail server for the R1 network, while McAfee Web Gateway is used as the web proxy. Other systems are also
connected to this network and R1 is the route out.
P1 and P2 are two McAfee DLP Prevent servers in a cluster. Their LAN 1 interfaces are connected to R1. They receive email traffic
from MTA and web traffic from the web gateway (MWG). The responses go back to MTA and MWG, while the events are sent to
the McAfee ePO server.
A network tap mirrors all network traffic going through R1 to the capture interface on the packet acquisition device, MON PAD.
The appliances, MON SCAN 1 and MON SCAN 2 are dedicated load balancing scanners and receive scanning requests from MON
PAD. The scan results are sent to McAfee ePO for monitoring and tracking the incidents.
McAfee DLP Prevent appliance can act on email and web protection rules, which apply to specific users and groups when
integrated with registered AD or LDAP servers.
McAfee DLP Prevent appliance integrates with registered documents server to protect it from being distributed in unauthorized
ways.
The DLP Capture feature enables you to store and filter email and web data analyzed by your McAfee DLP Prevent appliances.
DLP Capture is an optional feature that you enable from McAfee ePO. On 6600 and virtual appliances, there must be sufficient
storage disk space available at the time of software installation. If you try to increase the capture disk size later, it is needed to
reinstall the appliance software to detect the capture storage disk.
You can enable the DLP Capture feature for your McAfee DLP appliance from the McAfee DLP Appliance Management extension
in McAfee ePO.
Note
The option to enable DLP Capture in McAfee ePO does not appear on the interface until you add a McAfee DLP Prevent
license.
The captured data is stored on a disk on a physical or virtual appliance, or on an external storage device.
DLP 6600 appliance The captured data is stored in McAfee DLP Capture
Storage Array, which is an external storage device
and can hold up to 24 TB of data.
DLP 5500 appliance DLP 5500 appliance contains disks, which can hold
10 TB of captured data.
Virtual appliance You can use the DLP Capture feature on virtual
appliances when deployed using a capture enabled
virtual machine.
Note
If DLP Capture is enabled on an appliance, you might experience some impact on the performance when the appliance
copies data during data scanning.
1. For a DLP 6600 appliance, set up the storage disk to save the captured data.
2. Complete the installation of the McAfee DLP Prevent appliance software.
3. For the appliance to be managed, register the appliance with McAfee ePO from the Setup Wizard.
4. Integrate McAfee DLP Prevent with the Smart Host (MTA server) that supports header inspection and configure the policy to
work with McAfee DLP Prevent.
5. Integrate McAfee DLP Prevent with the web proxy server (MWG server) and configure the policy to work with McAfee DLP
Prevent.
6. Enable the DLP Capture feature and set how long you want to retain the captured data for.
Considering the unique needs of your network in advance can reduce the time it takes to get started.
For information about the number of appliances that you need for high availability and load balancing your email and web
traffic, contact Technical Support.
Caution
You can't share the cluster scanners between a McAfee DLP Prevent cluster and a McAfee DLP Monitor cluster. So consider
the exact number of appliances you need to create a cluster. Once the cluster role is applied to an appliance, the system
reboots automatically. Later, to change the cluster role, you must reset the appliance to factory defaults and apply the cluster
role you want.
Installation checklist
Verify that you have all information needed for a successful installation.
Determine Consideration
Security
• Use out-of-band management on a network that
McAfee ePO can access to isolate management and
network traffic.
• LAN 1 traffic must not be accessible from outside
your organization.
Determine Consideration
Network information
• Network interfaces must be assigned with static
IP addresses, rather than dynamically assigned IP
addresses.
• Evidence server must be on the same LAN as the
appliance.
• In a cluster environment, the virtual IP address
must be in the same subnet as the appliance IP
address.
• The cluster ID and the virtual IP address must
be different from that of a McAfee DLP Monitor
cluster ID and virtual IP address.
Remote Management Module (RMM) (Hardware appliances only) If you intend to use the
RMM for appliance management, use a secure or
closed network to connect to the RMM.
Security considerations
Plan your software security requirements before you deploy the appliance.
The Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help you increase the
functionality and security fixes to your appliances. To receive SNS email notices, go to the SNS Subscription Center at https://
sns.secure.mcafee.com/signup_login, and register and select your product information options.
• McAfee ePO — Make sure you have the McAfee ePO server installed for managing your appliance. For information about
installing McAfee ePO, see the McAfee ePolicy Orchestrator documentation.
• Virtualization software setup — To install the virtual McAfee DLP Prevent appliance, prepare the virtual platform.
If you don't have your virtual software set up, go to the product website:
Product Description
McAfee ePO All McAfee DLP products integrate with McAfee ePO
for configuration, management, monitoring, and
reporting.
McAfee® Email Gateway Integrates with McAfee DLP Prevent to provide email
protection.
McAfee® Logon Collector Integrates with McAfee DLP Monitor and McAfee DLP
Prevent for user authentication information.
Product Description
McAfee® Web Gateway Integrates with McAfee DLP Prevent to provide web
protection.
System requirements
Hardware and software requirements
To ensure that your deployment is successful, your environment must meet the minimum requirements. Also, make sure that
you have administrator rights.
Hardware requirements
McAfee ePO server For information about the McAfee ePO hardware
requirements, see the McAfee ePO documentation.
Hyper-V
• Windows Server 2012
• Windows Server 2016
For McAfee Network DLP and McAfee DLP appliances, see KB87112.
Software Version
McAfee ePO
• 5.3.3 HF1230649
• 5.9.x
• 5.10.x
When running McAfee ePO in Microsoft Internet
Explorer, use version 10.0 or later.
Updates to the McAfee ePO extensions for McAfee DLP Prevent appliances are delivered through update releases.
Note
McAfee DLP Prevent appliances contain a version of the McAfee Agent, which is built into the appliance software and cannot
be updated through McAfee ePO.
McAfee DLP appliances in this release have been tested for compatibility with the following McAfee managed product versions:
• For VMware virtual environment, see the VMware Knowledge Base article 1003661 available at https://www.vmware.com
to get the minimum system requirements for VMware vSphere and VMware vCenter Server.
• For Windows Hyper-V virtual environment, see https://docs.microsoft.com.
You need an x86 64-bit virtualization host with a Westmere processor or newer.
Ensure that the virtual appliance that you run meets the system requirements based on your business needs and decide
whether you need to use DLP Capture. You can choose to deploy a virtual appliance using one of these predefined deployment
options.
Predefined
deployment Capture disk RW HDD (GB)
options Processors RAM (GB) capacity (TB) OS HDD (GB) **
Standard VM 4 12 4 10 300
- Capture
Large VM - 16 16 8 10 300
Capture
Note
* Use the Small VM and Small VM - Capture options only for evaluation purpose.
** The disk size displayed in the Size on Disk field while deploying a VMware virtual appliance is the total disk size of all
different virtual machine variants that can be deployed and isn't the actual disk size that will be used for the predefined
deployment VM variant you have chosen to install. For the actual disk size of the deployed virtual appliance, see RW HDD
details in this table.
The required capture hard disks get created when deploying an appliance, if you choose the predefined deployment option that
supports creating a capture disk. Adding a capture disk to an existing virtual appliance is not supported. Deploy a replacement
virtual appliance using a predefined deployment option that deploys a capture storage disk.
Model specifications
* The 6600 appliances have no in-built storage system. To create the needed capture disk space for enabling DLP Capture, set
up and connect McAfee DLP Capture Storage Array to your 6600 appliance. McAfee DLP Capture Storage Array is shipped in a
separate package with all items needed to install it with an appliance. Check the contents list to verify that you received all items.
** McAfee does not support adding more memory to McAfee DLP Prevent appliances.
For information about these hardware appliances, see the McAfee Data Loss Prevention Prevent Hardware Guide.
Web requirements
McAfee DLP Prevent works with ICAP-compliant web proxies to protect web traffic.
To fully integrate an ICAP client with a McAfee DLP Prevent appliance, the ICAP client must be able to:
• Split requests from responses (REQMOD vs. RESPMOD). For example, in some environments it might be preferable for
McAfee DLP Prevent to process only web requests going to public sites, rather than processing every bit of HTTP traffic
on the network.
• Add an X-Authenticated-User ICAP request header to provide the McAfee DLP Prevent appliance with the end user
making the request for policy evaluation purposes.
• Add X-Client-IP and X-Server-IP request header to provide the McAfee DLP Prevent appliance with source and destination
IP addresses for reporting purposes.
MTA requirements
McAfee DLP Prevent works with Mail Transfer Agent (MTA) server to protect email traffic.
An MTA server must meet these requirements to integrate with McAfee DLP Prevent.
• The MTA must send all or a portion of email traffic to McAfee DLP Prevent. Example: In some environments, it might
be preferable for McAfee DLP Prevent to process only mail going to or from public sites, such as Gmail, rather than
processing every email sent and received on the network.
• The MTA must be able to inspect email headers so that it can distinguish emails arriving from McAfee DLP Prevent and
act on the header strings that McAfee DLP Prevent adds to the email messages. If certain actions are not supported on
the MTA server, do not configure rules on McAfee DLP Prevent to use these actions.
• Your MTA must ensure that email messages received from McAfee DLP Prevent are routed to the intended destination,
and not back to McAfee DLP Prevent. Example: Routing might be defined using a port number or source IP address, or by
checking if X-RCIS-Action headers are present.
Pre-installation tasks
Download product extensions and installation files
Before you can manually install the software, you must download the files for your installation. Alternately, you can use Software
Catalog to download and install.
All McAfee DLP products use the McAfee DLP extension for McAfee ePO. Install DLP_Mgmt_version_Package.zip as your starting
point.
You can also use the McAfee ePO Software Catalog on McAfee ePO 5.10 (Menu → Software → Software Catalog) to view,
download, and install the software.
In McAfee ePO 5.9 or earlier, select Software Manager (Menu → Software → Software Manager) to view, download, and install
the software.
Task
1. In a web browser, go to https://www.mcafee.com/us/downloads/downloads.aspx.
2. Click Download. Enter your grant number, then select the product and version.
3. On the Software Downloads tab, select and save the appropriate file.
Caution
Note
The download package does not contain VMware vSphere or Hyper-V product installation files.
If you don't have your virtual software set up, go to the respective product website.
Note
To know how the hard disks were allocated in earlier releases, contact Technical Support.
Task
1. In McAfee ePO 5.10, select Menu → Software → Software Catalog.
In McAfee ePO 5.9 or earlier, select Menu → Software → Software Manager.
2. In the left pane, expand Software (by Label) and select Data Loss Prevention.
3. Select your McAfee DLP product.
Select the entry for McAfee DLP Appliance Management, which installs all of the necessary extensions:
• McAfee DLP
• Common UI
• Appliance Management Extension
• McAfee DLP Appliance Management
Results
The extension is installed. Extensions that are checked in appear in the Checked In Software list. As new versions of the software
are released, you can use the Update option to update the extensions.
• Common UI package
• Appliance Management Extension
• McAfee DLP Appliance Management
You must enter at least one license key — more if you have multiple McAfee DLP products. The licenses you enter determine
which configuration options in McAfee ePO are available to you. You can enter keys for these products:
Task
1. Install licenses and components in DLP Settings to customize the installation.
The DLP Settings module has seven tabbed pages. Information about the General tab is required. You can use the default
values or fields for the remaining settings if you don't have special requirements.
a. Select Menu → Data Protection → DLP Settings.
b. For each license that you want to add: in the License Keys → Key field, enter the license, then click Add.
Installing the license activates the related McAfee ePO components and McAfee ePO Policy Catalog policies.
c. In the Default Evidence Storage field, enter the path.
The evidence storage path must be a network path, that is \\[server]\[share]. This step is required to save the settings
and activate the software.
Installing the license activates the related McAfee ePO components and McAfee ePO Policy Catalog policies.
d. Set the shared password.
2. Click Save.
3. To back up the configuration, select the Back Up & Restore tab, then click Backup to file.
Results
McAfee DLP modules appear in Menu → Data Protection according to the license.
To connect to the network, configure the DNS server, NTP server, and a Smart Host for your appliances from McAfee ePO.
Task
1. In McAfee ePO, select Menu → Policy → Policy Catalog.
2. From the Product drop-down list, select Common Appliance Management.
3. Select the My Default policy.
4. Add the DNS server and the NTP server, then click Save.
5. From the Product drop-down list, select DLP Appliance Management.
6. Select the My Default policy for McAfee DLP Prevent Email Settings.
7. Enter the IP address of the Smart Host, then click Save.
• Non-strict mode — Compatibility errors in the policy display a warning. An administrator with policy administration
permissions can apply the policy.
• Strict mode — Policies with errors can't be applied to the McAfee ePO database.
When a policy with backward compatibility errors is applied to the database, the errors are displayed on the DLP Policy → Policy
Validation page.
McAfee DLP Prevent can use policies with warnings created in non-strict mode. When backward compatibility is applied in strict
mode, policies with errors can't be applied to the McAfee ePO database, and therefore aren't detected by McAfee DLP Prevent.
You can enable your McAfee DLP Prevent appliance to perform cryptographic operations in a way that is compliant with FIPS
140-2. To do so, go to the General category in the DLP Appliance Management product in the Policy Catalog.
You can install and deploy appliances in virtual environments with different server configurations.
Single-server deployment
In this example, one virtual machine host is responsible for the virtual appliance and other virtual machines, of which, all run on
the same hardware. The resource pool must also have the minimum levels of CPU and memory allocated to it.
Set up your virtual environment and deploy the McAfee DLP Prevent virtual appliance. Deploy the appliance software from
the .ova file you have downloaded.
Tip
For performance optimization, make sure that all virtual appliances in a cluster have the same specifications.
These steps are applicable to VMware vSphere version 6.5. For VMware vSphere version 6.7, the UI terms in these steps vary.
Task
1. Start the VMware vSphere client and log on to the VMware vCenter Server.
2. Select File → Deploy OVF Template.
The Deploy OVF Template dialog box appears.
a. In the Source page, click Browse to search the OVA file you downloaded from the McAfee download site and click
Open to select the file. Click Next.
b. In the OVF Template Details page, validate the package details and click Next.
c. In the Name and Location page, enter a name for your appliance. Select the data center and folder to deploy your
appliance to and click Next.
d. In the Deployment Configuration page, choose a predefined deployment option based on your business need.
The predefined deployment option allocates the CPUs, memory, and capture disk space and the options are Standard
VM, Standard VM - Capture, Small VM, Small VM - Capture, Large VM, and Large VM - Capture.
e. In the Storage page, select a datastore to store the virtual machine files.
f. In the Disk Format page, select the format in which you want to store the virtual disk.
Tip
Select the Thick Provision Lazy Zeroed option for the virtual disk format. Initial performance might be degraded
with other options. The Thick Provision Eager Zeroed option can take some time to complete.
g. For Network Mapping, map the networks used in the OVF template (source networks — LAN 1 and OOB) with the
virtual networks (destination networks). Configure the default IP addresses and click Next.
h. Review the summary in the Ready to Complete page and click Finish.
To turn on the virtual machine, select the Power on after deployment checkbox.
Note
The disk size displayed in the Size on Disk field is the total disk size of all different virtual machine variants that
can be deployed and isn't the actual disk size that will be used for the predefined deployment VM variant you have
chosen to install. For the actual disk size of the deployed virtual appliance, see System requirements for setting up a
virtual appliance.
3. The deployment task starts and displays a message after the deployment is successful, click Close.
Use the information in Recent Tasks to verify if the virtual machine is created.
The hard disks required to deploy the appliance are created. If you have chosen a deployment option that supports DLP
Capture, an additional hard disk is created to store the captured data.
Set up your virtual environment and deploy the McAfee DLP Prevent virtual appliance software. Deploy the appliance software
from the .zip file you downloaded.
Tip
For performance optimization, make sure that all virtual appliances in a cluster have the same specifications.
Run the PowerShell script to create a virtual appliance with one of these predefined deployment specifications. The predefined
deployment option allocates the CPUs, memory, and capture disk space.
Task
1. Browse to the folder where you downloaded the appliance installation package and unzip the folder.
2. From the File menu, browse and open Open Windows PowerShell as administrator.
Use the Get-help command to know about Hyper-V commands.
3. At the Windows PowerShell prompt, go to the folder where you unzipped the installation file:
cd .\<download package folder.HyperV_ps>
4. Run the PowerShell script in the guided deployment mode or the automated deployment mode:
Hyper-V prompts you to continue with the installation. Type y and press Enter to continue.
• Automated deployment — Run the HyperV_ps.ps1 script with these arguments: .\HyperV_ps.ps1 -noprompt
-name "<VM_name>" -path "<installation_path>" -vmsize "<predefined_deployment_option>" -lan1
"<ip_address>" -lan2 "<ip_address>" -lan3 "<ip_address>" The predefined deployment options are "Small
VM", "Small VM Cap", "Standard VM", "Standard VM Cap", "Large VM", and "Large VM Cap".
For example, specifying the argument for -vmsize as "Small VM Cap", creates a virtual appliance with one CPU 4
GB RAM and 2 TB of capture data disk.
Note
If you don't specify -vmsize, a virtual appliance is created with the Standard VM specifications.
The required hard disks are created and the deployment is complete. If you specify the option that supports creating a
capture data disk, hard disk 3 gets created to store the captured data.
5. In Hyper-V Manager, verify the newly created virtual appliance. Right-click the virtual appliance and click Settings to edit the
configuration settings.
6. Browse to various fields, such as Processor, IDE Controller and change the settings if needed. Connect to the network
switches using the Network Adapter fields. Click OK.
7. In the virtual appliance window, click Start from the Actions menu.
The disk drives and the appliance software are deployed. The installation starts from hard disk 1.
You can deploy and install DLP 6600 or DLP 5500 physical appliance models in your existing network infrastructure based on
your business needs.
When you connect your appliance to the network device, you can configure the appliance IP address and other parameters for
integration in your network.
Configure each appliance with the required static IP addresses. If no IP addresses are specified, the appliance is configured with
the default static IP addresses. The default gateway for the appliance uses the LAN 1 network. Configure any routing required on
the OOB interface using static routes.
The hardware appliance has a Remote Management Module (RMM), which provides Lights Out Management functionality, such
as remote KVM access and access to the appliance BIOS.
Task
1. (Optional) Connect the McAfee DLP Capture Storage Array to the DLP 6600 appliance if you are using the DLP Capture
feature.
2. Connect a monitor, keyboard, and mouse to the appliance.
3. Connect the LAN 1 interface of the appliance to your network.
4. (Optional) Connect the OOB interface to a different network.
5. (Optional) Connect the RMM interface to a management network.
Tip
You can use the serial console to install the McAfee DLP appliance software only.
You must use another method, such as the RMM, to configure network settings and register with McAfee ePO. You can enable
the RMM through the serial console.
Note
Installation progress does not appear when using the serial console.
Data bits 8
Stop bits 1
Parity None
You can deploy and install McAfee DLP Prevent on DLP 6600 or DLP 5500 appliance models based on your usage of the product.
Tip
For performance optimization, make sure that all appliances in a cluster are of the same model.
• USB drive
Note
Use image writing software, such as Launchpad Image Writer, to write the image to the USB drive. Use the "raw",
"DD", or "ISOHybrid" image mode when writing to a USB drive, else the installation might fail. For more information,
see KB87321.
• USB CD drive
Complete the installation of the appliance software by choosing the type or mode of installation you want from the installation
menu.
Once the appliance software is deployed in the hardware appliance or the virtual machine, the appliance restarts and the
End-User License Agreement is displayed.
Task
1. Read the End-User License Agreement, then press y to accept it.
2. At the installation menu, enter a to install the appliance with the highlighted options, then press Enter to continue
installation.
The default options enable you to perform full installation and reboot the appliance at the end of installation. Selecting the
default options causes the removal of all software and information from the appliance; data previously captured by a 11.x
or later installation will be preserved.
A confirmation message about the selected installation options is displayed.
Caution
If you are upgrading from version 9.x.x to the latest version, a warning message is displayed and any previously
captured data will be removed.
Results
Caution
The appliance restarts.
If the installation fails, call Technical Support. Do not perform the installation tasks again.
What to do next
Configure the network settings with the default IP addresses and register the appliance with McAfee ePO using the Setup Wizard.
Use the default IP addresses rather than assigning dynamic IP addresses to configure each appliance.
• LAN 1 — 10.1.1.108/24 Use the LAN 1 network for McAfee DLP Prevent SMTP or ICAP traffic. You can also use it for
management traffic.
• OOB — 10.1.3.108/24 (Optional) Use the Out-of-band (OOB) network for management traffic including McAfee ePO
communication.
Note
If your network uses DHCP, the first IP address that the DHCP server assigns to the appliance is used instead. You
can manually configure the IP address with the Setup Wizard. The appliance doesn't support using a continuous DHCP
configuration.
The default gateway for the appliance uses the LAN 1 network. Configure any routing required on the OOB interface using static
routes.
Run the Setup Wizard and register the appliance with McAfee ePO
After the installation is complete, the appliance restarts and the Setup Wizard starts automatically. Use the Setup Wizard to
configure network settings and register the appliance with McAfee ePO.
If you installed the software using the serial console on a hardware appliance, use another method, such as the RMM, to
complete the Setup Wizard.
Task
1. Choose the language for the Setup Wizard, then configure the basic network settings.
The wizard contains information to help you configure the settings.
a. On the Welcome page, select Basic Network Setup and click Next.
b. Complete the options on the Basic Settings page.
Change the default password the first time you run the Setup Wizard and click Next.
Note
The new password must have at least eight characters. The default password is password.
c. Complete the options on the Network Services page, then click Next.
d. Review the information about the Summary page and make any corrections.
e. Click Finish.
The initial network settings are applied. The first time you complete the Setup Wizard, or if you need to register with a
new McAfee ePO, the wizard restarts after the network settings are applied.
Results
The product appears in the System Tree. If needed, move the entry to the correct location in the hierarchy.
Post-installation tasks
High level post-installation tasks
Completing the installation includes enabling and configuring the settings, and policies for your products.
Task
1. Configure an evidence server to store the files that trigger a rule.
2. Configure one or more syslog servers, if necessary.
3. Configure server settings.
4. (Optional) Specify a McAfee DLP Discover server configured as McAfee DLP Server in the Policy Catalog to use registered
documents in McAfee DLP appliance policies.
5. (Optional) Enable DLP Capture to store email, web, and network data analyzed by your McAfee DLP appliances.
6. (Optional) Enable a cluster of McAfee DLP Prevent appliances to load the balance incoming traffic and ensure high
availability.
7. Enable relevant predefined policies and rules.
8. Create additional classifications, policies, and rules to detect potential data loss incidents.
9. Assign the configurations and policies in the System Tree.
10. Integrate with an MTA server or web proxy.
For McAfee DLP Prevent appliances that analyze email traffic:
• Verify connectivity and mail flow between the mail transfer agent (MTA) server and the McAfee DLP Prevent
appliance.
• Confirm that the X-RCIS-Action: Allow header is added to received email.
For McAfee DLP Prevent appliances that analyze web traffic, verify connectivity between the web proxy server and the
appliance.
11. Confirm that incidents are recorded in the DLP Incident Manager.
The Maximum evidence transmission bandwidth (KBps) option does not apply to McAfee DLP appliances.
To load balance incoming traffic and ensure high availability, you can create clusters of appliances.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the General category, and open the policy that you want to edit.
3. In Load Balancing, select Enable.
4. In Cluster ID, use the arrows to select a number to identify the cluster.
5. In Virtual IP, enter a virtual IP address so that packets for the virtual IP address are sent to the cluster master.
The appliances in the cluster use the netmask assigned to the physical IP address. The virtual IP address must be in the
same subnet or network as the other McAfee DLP Prevent appliances, and cannot be the same IP address as any other
appliance in the cluster.
Results
McAfee ePO pushes the configuration to all the appliances in the cluster when you apply the changes. It takes about five
minutes for the cluster to stabilize and identify the cluster master and cluster scanners. The appliance descriptions then change
Configure the McAfee DLP appliance to perform cryptographic operations in a way that is compliant with FIPS 140-2.
Due to the nature of FIPS 140-2, enabling this feature will decrease your appliance's throughput.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the General category, and open the policy that you want to edit.
3. In Security mode, select Enable FIPS 140-2 mode and click Save.
If your McAfee DLP appliance is in a demilitarized zone (DMZ), you can securely copy the evidence files, despite no network
access to the evidence file share. McAfee DLP allows you to copy the evidence files to the evidence file share via the McAfee DLP
server.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the General category, and open the policy that you want to edit.
3. In McAfee DLP Server for Evidence Copy, click + to add the host name or IP address of the McAfee DLP servers you want
the McAfee DLP appliance to connect to.
4. Click Update, then save the changes.
McAfee DLP appliances can get user and group information from LDAP servers that are registered with McAfee ePO. You need to
select the registered LDAP servers that you want McAfee DLP appliances to get information from.
Make sure that the LDAP servers are registered with McAfee ePO.
User and groups details are used when evaluating the Sender information. The McAfee DLP appliance can:
proxyAddresses
mail
If a McAfee DLP appliance needs to use NTLM or WINNT authentication for analyzing web protection rules, these LDAP
attributes must also be replicated:
configurationNamingContext
netbiosname
msDS-PrincipalName
Messages are temporarily rejected with a 451 status code when both of these conditions are met:
• McAfee DLP Prevent uses rules that specify the sender is a member of a particular LDAP user group.
• McAfee DLP Prevent is not configured to receive information from the LDAP server that contains the specified user
group.
Events are sent to the Client Events log if synchronization with the LDAP server or an LDAP query fails.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the Users and groups category, and open the policy that you want
to edit.
3. In LDAP Servers, select at least one valid LDAP server to enable synchronization configuration.
4. In the Initiate daily synchronization at field, set the daily synchronization time. The default synchronization start time is set
to 3 a.m.
The synchronization of the appliance with LDAP servers happens daily at the configured time.
5. (Optional) Select and update the Delay synchronization start by up to (hours) field to configure the delay between the
synchronization start of appliances. The default synchronization delay between appliances is set to two hours. You can
configure the random delay synchronization start interval between 1–10 hours.
6. Click Save.
Specify a McAfee DLP Discover server in the Policy Catalog to use registered documents in McAfee DLP appliance policies.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the General category, and open the policy that you want to edit.
3. In McAfee DLP Server for Registered Documents, click the add button (+) to enter IP addresses or host names of the
McAfee DLP Discover servers with the registered documents databases you want to use.
Registered documents database servers are McAfee DLP Discover servers with the McAfee DLP Server role. The server port
is predefined as 6379.
4. (Optional) Select the Use TLS checkbox to specify a secure connection.
5. Click Save.
The Common Appliance Management policy category is installed as part of the Appliance Management extension. It applies
common settings to new or reimaged appliances.
Edit the McAfee Email Gateway policy to work with McAfee DLP Prevent
To redirect email from the McAfee Email Gateway appliance to McAfee DLP Prevent for analysis, and take action on potential data
loss incidents, edit the Email Gateway configuration policy.
To configure McAfee DLP Prevent to send email messages back to the email gateway for processing, edit the McAfee DLP
Prevent Email Settings policy.
Configure your email configuration policy to take action on potential data loss incidents.
This example assumes that McAfee DLP Prevent detected a potential data loss incident sent in an email message from an Email
Gateway appliance. You want to block the email from leaving your organization, and notify the sender of the action taken.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select McAfee Email Gateway from the Products list, and select your email configuration policy.
3. Select Add Policy and click Add Rule.
a. In Rule Type, select Email Header.
b. In Header name, select X-RCIS-Action.
c. In the Value field, select ^BLOCK$.
d. Click OK, and OK again.
4. In Policy Options, select Policy-based Action.
5. Select Accept and then drop the data, then select Send one or more notification emails.
6. Click Deliver a notification email to the sender and click OK.
7. Save the policy.
Redirect email from Email Gateway to McAfee DLP Prevent for analysis.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select McAfee Email Gateway from the Products list, and select the email configuration category.
3. Click Add Policy and click Add Rule.
a. In Rule Type, select Email Header.
b. In Header name, select X-MFE-Encrypt and set the Match to "is not present".
c. Click OK, and OK again
4. In Policy Options, select Policy-based Action.
5. Select Route to an alternate relay.
6. Select the relay for your McAfee DLP Prevent server, and click OK.
Refer to the McAfee ePO online Help to get information about relays.
7. Save the policy.
McAfee DLP Prevent works with your web proxy to protect web traffic.
McAfee DLP Prevent uses ICAP or ICAPS (ICAP over TLS) to process web traffic, which uses these ports:
• ICAP — 1344
• ICAPS — 11344
Use this workflow to configure your environment for web protection.
After McAfee DLP Prevent analyzes the traffic, it performs one of these actions:
You can configure Web Gateway to forward HTTP traffic using ICAP to McAfee DLP Prevent for analysis. McAfee DLP Prevent
returns a response to Web Gateway, allowing or denying the page.
Note
All versions of Web Gateway are supported, but these steps are applicable only for version 7.8.1. The steps can differ slightly
for older or newer versions. For the detailed steps in the version of Web Gateway that you have installed, see the Web
Gateway documentation.
Task
1. In Web Gateway, select Policy.
2. Add the rule set:
a. Click the Rule Sets tab.
b. Select Add → Rule Set from Library.
c. From the ICAP Client rule set library, select ICAP Client, then click OK.
d. Click Unlock View, then click Yes.
e. Deselect Responses.
3. (Optional) If you want the generated incidents to contain the destination IP address, edit the REQMOD settings.
a. On the Rule Sets tab, expand the ICAP Client rule set and select ReqMod.
b. Select Add X-Server-IP header.
4. Follow these steps to set the appliance as an ICAP client:
a. Click the Lists tab, expand ICAP Server and select ReqMod Server.
The syntax for specifying this information is displayed above the field. For example, you can use one of these formats:
icap://xx.xxx.xxx.xx/reqmod
icap://xx.xxx.xxx.xx:1346/reqmod
icap://test-icap.micmwg.com/reqmod
icap://test-icap.micmwg.com:1346/reqmod
d. Click OK.
5. Enable the rule.
a. On the Rule Sets tab, select the ICAP Client rule.
b. Select Enable.
6. Click Save Changes.
Appliance port 11344 is the only port that receives SSL traffic for ICAP. For communication to happen in the SSL mode, you can
enable the secure ICAP port. To use this mode, you also have to import the appliance certificate.
Task
1. Import the appliance certificate for ICAP connections by uploading the certificate to /home/admin/upload/cert.
The appliance uses this certificate for ICAP and SMTP traffic. If you have already imported a certificate for SMTP traffic over
TLS, you can skip this step.
The certificate is automatically picked up from this location and imported by the appliance. When negotiating TLS for ICAPS,
the appliance presents this certificate. Make sure that you have a valid Common Name (CN) and Subject Alternative Name
or both.
2. Enable secure ICAP:
a. In McAfee ePO, open Policy Catalog.
b. Select the DLP Appliance Management <version> product, select the McAfee DLP Prevent Web Settings category,
and open the policy you want to edit.
c. Select the Secure ICAP (port 11344) and Unencrypted ICAP (port 1344) checkboxes.
d. Click Save.
To use only secure ICAP, deselect the Unencrypted ICAP (port 1344) checkbox and configure the web proxy to send traffic
to only port 11344.
Use the options in McAfee DLP Capture Settings to enable the capture feature and set how long you want to retain capture data
for.
Note
The McAfee DLP Capture Settings menu option doesn't appear in McAfee ePO until you add a license for one of the McAfee
DLP Prevent appliances.
Task
1. Go to Menu → Policy Catalog.
2. From the Product drop-down list, select DLP Appliance Management <version> → McAfee DLP Capture Settings.
3. Select My Default.
4. Select Enable Capture to enable capture settings.
5. To avoid running out of disk space, select Delete captured items older than (days) and enter the number of days to retain
the captured data for.
By default, the captured data is retained for 28 days.
6. Click Save.
The RMM must be configured with its own IP address and cabled separately. Log on with the administrator account with the user
name as admin and administrator password. Use the appliance console to enable and configure basic settings for the RMM. After
configuring the RMM network settings, you can also access the appliance console using the integrated web server. From the web
interface, you can check the hardware status, perform additional configuration, and remotely manage the appliance. Go to:
https://<RMM IP address>
Use the appliance administrator credentials to access the user interface. You can configure the RMM to use LDAP for
authentication instead of the admin account.
• HTTP/HTTPS
• SSH
• IPMI over LAN
• Remote KVM
You can use the RMM via BIOS to manage a hardware appliance. The RMM enables you to configure the network settings and
protocols.
You can enable or configure RMM from the text menu system, appliance console, serial console, or SSH session.
Note
In an uninstalled appliance, you can configure the RMM settings from BIOS using the root account. In an installed appliance,
you can configure the RMM settings from the appliance console without entering the BIOS.
Task
1. Log on to the appliance as administrator.
2. From the appliance console menu, select Reboot to restart the system.
3. Before the operating system boots, press F2 to enter the BIOS.
4. To configure the BMC LAN configuration for your appliance model, navigate to Server Management → BMC LAN
Configuration and press Enter.
5. Scroll down to Intel® RMM4 IPv4 LAN Configuration and configure IP source, IP address, Subnet mask as needed.
6. Scroll down to User Configuration, then configure these settings:
7. Confirm the network and user information, and press F10 to save and exit the BIOS.
The appliance boots with the new settings.
8. On the computer that connects to the RMM, open a web browser and enter:
https://RMM IP address
Use the credentials root/password you entered in the earlier step.
Results
You can use the RMM via the appliance console to manage a hardware appliance. The RMM enables you to configure the
network settings and protocols.
Use the administrator account and password to log on to the appliance using RMM.
Task
1. Log on to the appliance as administrator.
2. From the appliance console menu, select Configure the BMC.
3. Configure the network information:
a. Select Configure the address.
b. Type the IP address, the network mask, and the optional gateway. Use the up and down arrows to navigate between
options.
c. Press Enter or select OK to save the changes.
4. Configure the allowed protocols:
a. Select Configure remote protocols.
b. Press spacebar to enable or disable an option.
c. Press Enter or select OK to save the changes.
If you do not have local access to the keyboard, monitor, and mouse to run the Setup Wizard, you can do so using the RMM web
interface.
Task
1. Using a web browser, log on to https://<RMM IP address>.
2. Click the Remote Control tab.
3. Click Launch Console.
4. For some browsers, you might need to download the remote console application. In this case, download and open the
jviewer.jnlp file.
5. From admin shell, select Graphical configuration wizard.
Secure your RMM environment to prevent unauthorized users from accessing the appliance.
Caution
McAfee publishes BIOS images for the appliance that contain the BMC firmware. You must use these images to
update the firmware. Contact Technical Support for the latest version of the firmware. Downloading and using the
system firmware from other sources might impact the appliance performance.
Note
The appliance console and the web-based interface display that the appliance uses RMM4.
From the web-based interface, click the Configuration tab, select Security Settings, then select the Force HTTPS option.
• Grant number
• Primary administrator account credentials
User name
Password
Scheduling your upgrade
During the upgrade, the content cannot be scanned as the appliances will be unavailable. Make sure that you notify your McAfee
ePO administrators about the upcoming downtime.
Updates, hotfixes, and new versions of the software are distributed as .iso files, which you use to install the software. You can
write this to an external CD or USB drive and boot from it, or copy the image over the appliance's internal installation image and
boot from that. If you are installing a version earlier than what is currently installed, a warning is displayed that you can only
perform a reinstallation. Downgrading to an earlier version does not retain any configuration or McAfee ePO registration.
Note
Initial deployment of the appliance as a virtual machine must be made from the .ova file or .zip file you downloaded from the
McAfee download site. Use the .iso file only for upgrading the software.
Copy the .iso file to the appliance, then boot from the internal installation image. This option is available from the appliance
Upgrade Menu when you log on as admin from the console menu or SSH. You can also update the appliance installation image
from a CD, USB drive (Exfat filesystem is not supported), or virtual CD (RMM or VMware).
Upgrade menu
1 — Boots from the internal installation image
Upgrade options
Upgrade options when the McAfee DLP Prevent appliance is not capable of capturing data:
1 — Preserves all configuration, including evidence files and hit highlighting waiting to be copied to the evidence storage share
2 — Preserves all configuration but does not retain evidence files or hit highlighting waiting to be copied
4 — Reinstalls without retaining any configuration; you must use the Setup Wizard to register with McAfee ePO
Upgrade options when the McAfee DLP Prevent appliance can capture data:
1 — Preserves all configuration and captured data, including evidence files and hit highlighting waiting to be copied to the
evidence storage share
2 — Preserves all configuration and captured data, but does not retain evidence files or hit highlighting waiting to be copied
3 — Preserves only network configuration, captured data, and McAfee ePO registration
5 — Reinstalls without retaining any configuration and removes captured data; you must use the Setup Wizard to register with
McAfee ePO
Note
While upgrading the appliance software, McAfee ePO pushes all existing policies if you choose to upgrade using the full
upgrade mode. We recommend that you upgrade the appliance using the internal installation image path using the full
upgrade mode (upgrade option 1) for all deployments.
Task
1. Update the installation image using a utility such as WinSCP or a command-line session to copy the .iso file to /home/
admin/upload/iso/.
2. Using the command-line session, log on to the appliance as administrator.
Upgrading to a new release using a virtual CD drive requires preparation. The virtual appliance boots from the hard drive, by
default. When you want to upgrade or reinstall a virtual appliance using the virtual CD drive instead of the internal image, change
the boot order.
After you bind the .iso image to the virtual machine, perform one of these tasks immediately after the virtual appliance is
powered on so that booting from the CD drive takes precedence:
• Press the Esc key to enter the BIOS boot device menu and select the ISO image.
• Press the F2 key to enter the BIOS setup screen and place the CD-ROM Drive option above the Hard Drive option in the
static boot order list.
By default, the virtual appliance does not wait for you to press the Esc or F2 key before booting from the hard drive. To delay the
boot sequence in the virtual appliance:
Task
1. Open the Edit Settings dialog box for the virtual machine.
2. Click the Options tab and select the Boot Options section.
3. Request a force entry into the BIOS setup screen by selecting Force BIOS setup, or add delay in milliseconds in Power on
Boot Delay, within which you can press Esc or F2.
4. Click OK.
You can also upgrade an appliance in VMware virtual environment by binding the downloaded .iso image as a virtual CD drive.
Note
If you are upgrading a virtual appliance from a McAfee DLP version lesser than 11.0.0, we recommend that you deploy a new
virtual appliance. This is due to the changes in the virtual hardware to support DLP Capture and newer versions of VMware.
Task
1. From the inventory, right-click the virtual appliance that you want to upgrade and select Edit Settings to open Virtual
Machine Properties.
2. From the Hardware tab, select CD/DVD drive 1 → Datastore ISO.
3. Browse to the .iso file.
4. (Optional) Select Connect At Power On to connect the device when the virtual machine turns on.
5. Click OK.
6. From the appliance console menu, select Reboot to restart the system.
7. Select the full installation mode, which is the default and the recommended option.
8. Follow the on-screen instructions to reimage the appliance and configure the appliance from the Setup Wizard.
You can also upgrade an appliance in Hyper-V environment by binding the downloaded .iso image as a virtual CD drive.
Note
If you are upgrading a virtual appliance from a McAfee DLP version lesser than 11.0.0, we recommend that you deploy a new
virtual appliance. This is due to the changes in the virtual hardware to support DLP Capture.
Task
1. Open the Hyper-V Manager console installed on the Windows Server.
Press the Windows key and type "Hyper-V Manager" to search applications for Hyper-V Manager or open Hyper-V manager
from the Windows Start menu.
2. Select the server where you installed the virtual appliance.
3. Right-click the virtual appliance and select Settings.
4. From Settings, select IDE Controller 1 → DVD Drive, and select Media → Image file.
5. Browse to the .iso file and click OK.
6. In the virtual appliance window, click Start from the Actions menu.
7. From the appliance console menu, select Reboot to restart the system.
8. Select the full installation mode, which is the default and the recommended option.
9. Follow the on-screen instructions to reimage the appliance and configure the appliance from the Setup Wizard.
You can use a system that connects to a Remote Management Module (RMM) virtual media to reimage an appliance to the latest
version.
Caution
If you don't disable the Redirect ISO setting, the appliance is reimaged after the next reboot, removing your current
installation and returning the appliance to factory default.
6. From the appliance console menu, select Reboot to restart the system.
7. Select the full installation mode, which is the default and the recommended option.
8. Follow the on-screen instructions to reimage the appliance and configure the appliance from the Setup Wizard.
You can use an external CD drive, which connects through USB to reimage an appliance to the latest version.
Use an image writing software to write the ISO image (bootable image) to the external CD drive.
Task
1. Connect the CD drive with the bootable image to one of the USB ports on the appliance.
2. Log on to the appliance as administrator.
3. From the appliance console menu, select Reboot to restart the system.
4. Press F6 to enter the boot menu.
5. From the boot menu options, select the CD drive where the appliance upgrades from.
The installation image starts loading. Wait until the install image gets unpacked and displays the Installation menu.
6. From the appliance console menu, select Reboot to restart the system.
7. Select the full installation mode, which is the default and the recommended option.
8. Follow the on-screen instructions to reimage the appliance.
9. When the reimaging is complete, remove the CD drive.
Caution
If you don't remove the CD drive, the appliance is reimaged from the CD drive after the next reboot, removing your
current installation and returning the appliance to factory default settings.
Make sure that you allow all USB mass storage devices as bootable devices.
Task
1. Log on to the appliance as administrator.
2. From the appliance console menu, select Reboot to restart the system.
3. Press F2 to enter the Setup menu.
4. Navigate to the Advanced settings page and select USB Configuration.
5. Select the option to allow all USB mass storage devices as bootable devices.
6. Press F10 to save and exit the USB configuration page.
You can also copy the installation image onto a USB drive and reimage an appliance to the latest version.
Task
1. Create a USB drive with the installation image.
Note
Use image writing software, such as Launchpad Image Writer, to write the image to the USB drive. Use the "raw", "DD",
or "ISOHybrid" image mode when writing to a USB drive, else the installation might fail. For more information, see
KB87321.
4. From the appliance console menu, select Reboot to restart the system.
5. Press F6 to enter the boot menu.
6. From the boot menu options, select the USB drive where the appliance reimages from.
The installation image starts loading. Wait until the image gets unpacked and displays the Installation menu.
7. From the appliance console menu, select Reboot to restart the system.
8. Select the full installation mode, which is the default and the recommended option.
9. Follow the on-screen instructions to reimage the appliance.
10. When the reimaging is complete, remove the USB drive.
Caution
If you don't remove the USB drive, the appliance is reimaged from the USB drive after the next reboot, removing your
current installation and returning the appliance to factory default settings.
Note
Secure Shell (SSH) is primarily controlled from McAfee ePO. When a policy is pushed, the McAfee ePO settings take priority,
overriding any SSH setting enabled through the local appliance console.
To perform the appliance maintenance and troubleshooting tasks, you can use these appliance console menu options:
Option Definition
MER and Diagnostic tests Create a Minimum Escalation Report (MER) to send
to Technical Support to diagnose problems with the
appliance or run diagnostic tests:
Option Definition
Reset to factory defaults Reset the appliance to its factory default settings.
You can add your own text to appear on the top of the appliance console or SSH logon screen using the Custom Logon Banner
option in McAfee ePO (Menu → Policy Catalog → DLP Appliance Management → General).
SSH X X
vSphere client X
Hyper-V console X
RMM X
Serial port X
Task
1. Log on to the appliance with administrator credentials.
Note
If you log on using SSH, the graphical configuration wizard option is not available.
Task
1. Using a command-line session, log on to the appliance.
2. From the options menu, select the Shell option.
3. View the help on forming the command.
$ /opt/NETAwss/mgmt/nic_options -?
• Use lan1 for the client interface and mgmt for the management interface.
• --(no)autoneg turns auto-negotiation on or off. The default is on.
• --duplex specifies the duplex — half or full. The default is full.
• --speed specifies the network speed in Mb/s — 0, 100, or 1000. The default is 1000.
• --mtu specifies the Maximum Transmission Unit (MTU) size in bytes — a value between 576–1500. The default is
1500.
• To disable auto-negotiation and set a network speed of 100 Mb/s on the client interface: $ sudo /opt/NETAwss/
mgmt/nic_options --noautoneg --speed 100 lan1
• To restore the default behavior to the management port: $ sudo /opt/NETAwss/mgmt/nic_options mgmt
Troubleshoot installation
Contact Technical Support if the installation fails.
Task
1. Verify the network connection is working and any configured static routes are correct.
2. Ping the default gateway and McAfee ePO from the appliance console.
3. If the problem persists, contact Technical Support for assistance. Do not perform the installation again.
When you contact Technical Support, make sure you know the primary serial number of the appliance. You can find the
serial number on the product name sticker on the delivery packaging, the sticker on the bottom-left of the top panel. You
can also find it on the sticker on the pull-out tray on the front panel.
Task
1. Log on to the appliance as administrator.
2. From the appliance console menu, select Reboot to restart the system.
Task
1. Log on to the appliance with administrator credentials.
The general console menu opens.
2. From the general console menu, press the Reset to factory defaults option.
Task
1. Log on to the appliance with administrator credentials.
The general console menu opens.
2. From the general console menu, press the Logout option.
Either the SSH session closes, or the console returns to the logon prompt.
Caution
Before you install the RAID controller, make sure that you shut down the appliance. Turn off the appliance and unplug
the power cords from the power supply. Make sure that you fasten the electrostatic discharge (ESD) wrist strap to ground
yourself to the chassis.
For a non-capture compliant appliance, after installing the storage hardware, upgrade the appliance software using the latest
version to enable the DLP Capture feature.
For more information about the McAfee DLP Capture Storage Array setup and installation, see the McAfee Data Loss Prevention
Prevent Hardware Guide.
Trellix, FireEye and Skyhigh Security are the trademarks or registered trademarks of Musarubra US LLC, FireEye Security Holdings US LLC and
their affiliates in the US and /or other countries. McAfee is the trademark or registered trademark of McAfee LLC or its subsidiaries in the US
and /or other countries. Other names and brands are the property of these companies or may be claimed as the property of others.