Mcafee Data Loss Prevention Prevent 11.1.x Installation Guide 11-1-2022

McAfee Data Loss Prevention Prevent
11.1.x Installation Guide

Contents
Installation overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
McAfee DLP implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Which type of installation do you need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
First-time installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Upgrade installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Optional deployment scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Cluster installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
McAfee DLP Prevent cluster installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Deploying McAfee DLP appliances in clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installation workflow for applying rules to specific users and groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Protecting sensitive documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
DLP Capture setup workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Planning your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Planning your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Considerations for scalability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installation checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Security considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Things to do before installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Interaction with other McAfee products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Hardware and software requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
MTA requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Pre-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Download product extensions and installation files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Virtual appliance installation download package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Install software for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Install the extension using Software Catalog (Software Manager). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Install the extensions manually in McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
License McAfee DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configure network information in McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Applying backward compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Install your McAfee DLP Prevent appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Deploying and installing a virtual appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Deploy the appliance software in a VMware environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Deploy the appliance software in Hyper-V virtual environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Deploying and installing a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Connect your appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Serial console settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Deploy the appliance software on a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Install the appliance software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring the appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Default IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Run the Setup Wizard and register the appliance with McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
High level post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Scenario based post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Set up a cluster of McAfee DLP Prevent appliances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Enable FIPS 140-2 mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Connect to an evidence server outside your firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Retrieve and synchronize information from registered LDAP servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Specify the server for registered documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Common Appliance Management policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Edit the McAfee Email Gateway policy to work with McAfee DLP Prevent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Use case: Configure Email Gateway to process analysis results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Redirect email to McAfee DLP Prevent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Integrating McAfee DLP Prevent in your web environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Integrate with Web Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Enable secure ICAP connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Enable DLP Capture settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Managing hardware appliances with the RMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configure the RMM from BIOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configure the RMM from appliance console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Run the Setup Wizard using the remote KVM service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Best practice: Securing the RMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Upgrade to a new appliance software version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Prerequisites for upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Upgrading the appliance software version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Upgrade using the internal installation image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Alternate upgrade option for a virtual appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Change the boot order in VMware before upgrading from virtual CD drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Upgrade an appliance in a VMware environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Upgrade an appliance in a Hyper-V environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Alternate upgrade options for a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reimage an appliance using RMM virtual media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reimage an appliance using an external CD drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Make the USB storage devices bootable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Reimage an appliance using a USB drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Maintenance and troubleshooting installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Managing with the McAfee DLP appliance console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Accessing the appliance console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Change original network settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Modify speed and duplex settings for hardware appliances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Troubleshoot installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Restart the appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Reset the appliance to its factory defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Log off the appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
McAfee DLP Capture Storage Array. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

1| Installation overview
Installation overview
McAfee DLP implementation
McAfee® Data Loss Prevention (McAfee DLP) is a suite of products deployable and manageable through McAfee® ePolicy
Orchestrator® (McAfee® ePO™) , which enables sharing of common policies and provides incident and case management for
network and endpoint data loss prevention products.
The McAfee DLP extension is installed on the McAfee ePO server. It manages the policies and data analysis for all McAfee DLP
applications. It is the starting point for all deployments.
McAfee DLP extension
1 McAfee ePO server — Hosts the embedded McAfee

DLP software and the DLP Classification, DLP
Incident Manager, DLP Operations, and DLP Case
Management.
1a Administrator workstation — Accesses McAfee ePO

and the McAfee DLP module consoles in a browser.
1b McAfee ePO database.
Note: For recommendations on using

a separate server for the McAfee ePO
database in more complex installations, see the
McAfee ePolicy Orchestrator Hardware Sizing and
Bandwidth Usage Guide.
1c Evidence storage — Stores an encrypted copy of the

content that was blocked or monitored.
Optional components
2 Managed endpoints — Apply the security policies

using the McAfee® Data Loss Prevention Endpoint
(McAfee DLP Endpoint) client software.
6 McAfee Data Loss Prevention Prevent 11.1.x Installation Guide

3 McAfee® Data Loss Prevention Discover (McAfee

DLP Discover) servers (physical or virtual) — Scan
network repositories and databases, classify data,
and apply security policies (remediation).
3a McAfee DLP Discover local or cloud repositories.
4 McAfee® Data Loss Prevention Prevent (McAfee DLP

Prevent) appliance (physical or virtual) — Analyzes
email and web traffic and applies security policies.
4a Email gateway and web gateway.
5 McAfee® Data Loss Prevention Monitor (McAfee DLP

Monitor) appliance (physical or virtual) — Acquires
network packets through a network tap, monitors
network traffic, and applies security policies.
6 McAfee® Data Loss Prevention Prevent for Mobile

Email (McAfee DLP Prevent for Mobile Email) server
— Receives email from a MobileIron Sentry server
(6a). It analyzes the email and attachments and
creates incidents, or saves evidence, based on
mobile protection rules.
6a MobileIron Sentry server.
Basic McAfee DLP deployment with options
McAfee Data Loss Prevention Prevent 11.1.x Installation Guide 7

Which type of installation do you need?

McAfee DLP Prevent appliance protects corporate emails by integrating with Mail Transfer Agent (MTA) gateways or the Smart
Host. It blocks content violations by integrating with Internet Content Adaptation Protocol (ICAP)-compliant web proxies.
You can perform a first-time installation of the McAfee DLP Prevent appliance software on a physical
hardware appliance or on a virtual machine, depending on your business needs. For subsequent installations,
upgrade the appliance software. The decision tree helps you decide specific platforms where you are installing
the McAfee DLP Prevent appliance software. Each installation method includes a workflow and procedure.

First-time installation workflow

To install McAfee DLP Prevent appliance software in your network for the first time, you must prepare the McAfee ePO server
for managing your appliance. You can choose to install the appliance software on a physical hardware appliance or on virtual
machine.
• Virtual appliances can run on your own VMware vSphere (deployed on VMware vCenter Server) or Windows Hyper-V
server.
• You can install McAfee DLP Prevent on McAfee DLP 6600 or McAfee DLP 5500 appliance models.
• You can install VMware vSphere (deployed on VMware vCenter Server) or Windows Hyper-V server on McAfee DLP 6600
or McAfee DLP 5500 appliance models.
You can make use of the McAfee DLP Prevent appliance functionalities by leveraging your existing network infrastructure.
1. If you are using a hardware appliance, connect the appliance to your local network.
2. Download and extract the McAfee DLP Prevent appliance software and the required extensions from the McAfee download
site using a grant number.
3. Install the extensions in McAfee ePO.
4. Install and configure McAfee DLP Prevent appliance software.
5. For the appliance to be managed, register the appliance with McAfee ePO from the Setup Wizard.
6. Integrate McAfee DLP Prevent with the Smart Host (MTA server) that supports header inspection and configure the policy to
work with McAfee DLP Prevent.
7. Integrate McAfee DLP Prevent with the web proxy server and configure the policy to work with McAfee DLP Prevent.
Tip
Use McAfee® Web Gateway (MWG) as your web proxy server.
8. Confirm that the appliance is connected to the network from the McAfee ePO interface. In McAfee ePO, navigate to Menu
→ Appliance Management, which shows the appliance underneath My Organization within the Lost and Found tree.
Tip
To use McAfee DLP Monitor and McAfee DLP Prevent on the same network, install McAfee DLP Monitor first to analyze
how traffic flows through your network.

Upgrade installation workflow

Upgrading your existing McAfee DLP Prevent appliance software to a new version provides the latest functionalities supported by
the McAfee DLP Prevent appliance.
Note
McAfee DLP 9.3.0 doesn't support an upgrade. You must reinstall the appliance software from a CD or USB drive.
1. Download and extract the appliance software and extensions from the McAfee download site. The upgrade files are
distributed as .iso files. You can write the .iso file to a CD or USB drive, or copy the image over the appliance's internal
installation image.
2. Notify the downtime to the McAfee ePO administrators.
3. Prepare the McAfee DLP Prevent appliance environment to upgrade the software.
4. Install the extensions in McAfee ePO if the extensions are updated.
5. Copy the .iso file to the appliance, then boot from the internal installation image. You don't have to reconfigure the IP
addresses as the existing configured IP addresses are considered for configuration if you select the full upgrade mode. You
have to reconfigure the IP addresses if you choose other upgrade modes.
Optional deployment scenarios

Depending on your business needs, you can configure and customize your deployment to suit specific scenarios.
You can plan to configure all scenarios or a combination of these scenarios based on your business needs when you install or
upgrade the appliance software.

• Set up the appliance as a standalone device or as a member of a cluster.

• Integrate the appliance with the registered LDAP or AD servers for applying policies to specific users and groups.
• Set up the storage disk to save the captured data. The DLP Capture feature enables you to use the captured data to
search and filter potential data loss incidents.
Note
You can choose to use the DLP Capture feature, if needed. DLP Capture requires additional storage disk space to hold
the captured data.
For a 6600 appliance, set up the McAfee DLP Capture Storage Array and connect it to the appliance. The 5500 appliance
model contains disks that can hold the captured data. For a virtual appliance, an additional hard disk gets created during
deployment to store the captured data. Enable the DLP Capture feature from McAfee ePO and set how long you want to
retain the captured data for.
• Integrate the appliance with McAfee DLP Discover server, which is configured as McAfee DLP Server to protect sensitive
data.
Note
While upgrading the appliance software, McAfee ePO pushes all existing policies if you choose to upgrade using the full
upgrade mode. We recommend that you upgrade the appliance using the full upgrade mode for all deployments.

Cluster installation workflow
McAfee DLP Prevent cluster installation workflow
Deploy a McAfee DLP Prevent cluster to load balance the incoming email and web traffic, and accomplish high availability if a
cluster node fails.
Tip
Run McAfee DLP Prevent appliances as part of a cluster.
A cluster of McAfee DLP Prevent appliances contains:
• A McAfee DLP Prevent primary node (the master)

• One or more of McAfee DLP Prevent secondary nodes (cluster scanners)
The nodes listen on the same virtual IP address (VIP) and must be in the same network segment. The master is responsible
for distributing email and web traffic for analysis between itself and the cluster scanners. If the master fails, any of the cluster
scanners can take over the primary role. When the original master recovers, it rejoins the cluster as a cluster scanner.
Caution
You can't share cluster scanner nodes between a McAfee DLP Prevent cluster and a McAfee DLP Monitor cluster. So, the
cluster ID and virtual IP address must be unique and different from that of the McAfee DLP Monitor cluster ID and virtual IP
address.
1. Complete the installation of all appliances, which you plan to include in a cluster in your network.
Note
For performance optimization, make sure that all appliances in a cluster configuration are of the same model, and all
virtual appliances have the same specifications.
4. Integrate McAfee DLP Prevent with the web proxy server (MWG server) and configure the policy to work with McAfee DLP
Prevent.
5. Enable load balancing from McAfee ePO.

appliances cluster setup
Deploying McAfee DLP appliances in clusters
You can deploy a McAfee DLP Monitor cluster or a McAfee DLP Prevent cluster or both clusters based on your environment.
Deploy a McAfee DLP Monitor cluster when the network traffic monitoring and scanning capacity you want exceeds that of a
standalone McAfee DLP Monitor appliance. In this scenario, a single deployment of McAfee DLP Monitor cluster monitors and
scans a busy network.
Caution
The cluster ID and the virtual IP address must be different from that of a McAfee DLP Prevent cluster ID and virtual IP
address. You must not share the cluster scanners between two clusters.
A McAfee DLP Monitor cluster has the following requirements:
• A dedicated McAfee DLP Monitor packet acquisition device (PAD).

• Two or more dedicated McAfee DLP Monitor scanners.
A McAfee DLP Prevent cluster has the following requirements:
• A McAfee DLP Prevent primary node (the master). The master is responsible for distributing email and web traffic for
analysis between itself and the cluster scanners. If the master fails, any of the cluster scanners take over the primary
role.
• One or more McAfee DLP Prevent scanners.

McAfee DLP appliance cluster setup
Deployment of McAfee DLP appliances as clusters
Three networks are connected to three routers:
• R1 is connected to general network traffic.

• R2 is connected to a management network with the McAfee ePO server connected to it. All McAfee DLP Monitor and
McAfee DLP Prevent systems have their management interfaces connected to R2.
• R3 is connected to a private scanning network of the McAfee DLP Monitor cluster. All McAfee DLP Monitor systems have
their LAN 1 interfaces connected to R3.
MTA is the mail server for the R1 network, while McAfee Web Gateway is used as the web proxy. Other systems are also
connected to this network and R1 is the route out.
P1 and P2 are two McAfee DLP Prevent servers in a cluster. Their LAN 1 interfaces are connected to R1. They receive email traffic
from MTA and web traffic from the web gateway (MWG). The responses go back to MTA and MWG, while the events are sent to
the McAfee ePO server.
A network tap mirrors all network traffic going through R1 to the capture interface on the packet acquisition device, MON PAD.
The appliances, MON SCAN 1 and MON SCAN 2 are dedicated load balancing scanners and receive scanning requests from MON
PAD. The scan results are sent to McAfee ePO for monitoring and tracking the incidents.
Installation workflow for applying rules to specific users and groups
McAfee DLP Prevent appliance can act on email and web protection rules, which apply to specific users and groups when
integrated with registered AD or LDAP servers.

1. Complete the installation of the McAfee DLP Prevent appliance software.

Prevent.
5. Retrieve the information about users and groups from the registered AD or LDAP servers using the McAfee ePO interface.
6. Configure the synchronization schedule of the appliance and AD or LDAP servers.
Protecting sensitive documents
McAfee DLP Prevent appliance integrates with registered documents server to protect it from being distributed in unauthorized
ways.

Prevent.
5. Specify the McAfee DLP Discover server configured as McAfee DLP Server, which defines sensitive information.

DLP Capture setup workflow
The DLP Capture feature enables you to store and filter email and web data analyzed by your McAfee DLP Prevent appliances.
DLP Capture is an optional feature that you enable from McAfee ePO. On 6600 and virtual appliances, there must be sufficient
storage disk space available at the time of software installation. If you try to increase the capture disk size later, it is needed to
reinstall the appliance software to detect the capture storage disk.
You can enable the DLP Capture feature for your McAfee DLP appliance from the McAfee DLP Appliance Management extension
in McAfee ePO.
Note
The option to enable DLP Capture in McAfee ePO does not appear on the interface until you add a McAfee DLP Prevent
license.
The captured data is stored on a disk on a physical or virtual appliance, or on an external storage device.
Appliance type Capture storage description
DLP 6600 appliance The captured data is stored in McAfee DLP Capture
Storage Array, which is an external storage device
and can hold up to 24 TB of data.

Appliance type Capture storage description
Note: Each DLP 6600 appliance on which

you want to enable DLP Capture must have a
dedicated McAfee DLP Capture Storage Array
connected to it to store the captured data.
DLP 5500 appliance DLP 5500 appliance contains disks, which can hold
10 TB of captured data.
Virtual appliance You can use the DLP Capture feature on virtual
appliances when deployed using a capture enabled
virtual machine.
Note
If DLP Capture is enabled on an appliance, you might experience some impact on the performance when the appliance
copies data during data scanning.
1. For a DLP 6600 appliance, set up the storage disk to save the captured data.
Prevent.
6. Enable the DLP Capture feature and set how long you want to retain the captured data for.


2| Planning your installation
Planning your installation

Planning your installation
Plan your installation for specific scenarios identified to suit your needs. Planning helps in identifying the hardware, software,
and network requirements before you deploy the appliance.
Considering the unique needs of your network in advance can reduce the time it takes to get started.
Where does McAfee DLP Prevent fit?

McAfee DLP Prevent appliance integrates with MTA gateways and web proxies in your network. McAfee DLP Prevent is designed
to seamlessly integrate with a broad range of email and web gateway products by using simple mail transfer protocol (SMTP) and
ICAP.
Considerations for scalability

Your ability to manage the growth of incoming email and web traffic on your network depends on whether you install a single
appliance or multiple appliances as a cluster.
For information about the number of appliances that you need for high availability and load balancing your email and web
traffic, contact Technical Support.
Caution
You can't share the cluster scanners between a McAfee DLP Prevent cluster and a McAfee DLP Monitor cluster. So consider
the exact number of appliances you need to create a cluster. Once the cluster role is applied to an appliance, the system
reboots automatically. Later, to change the cluster role, you must reset the appliance to factory defaults and apply the cluster
role you want.
Installation checklist
Verify that you have all information needed for a successful installation.
McAfee DLP Prevent considerations for installation
Determine Consideration
Security
• Use out-of-band management on a network that
McAfee ePO can access to isolate management and
network traffic.
• LAN 1 traffic must not be accessible from outside
your organization.

Determine Consideration
• Connect any baseboard management controller

(BMC) interface to a dedicated secure management
network.
• Logon account — The appliance has a
local administrator account for logging on to
the appliance console. Change the default
administrator password to make the account
secure.
• Control who can access the physical or virtual
appliance console.
Tip: Use the encrypted channel for your ICAP

traffic. Disable all unused services.
Network information
• Network interfaces must be assigned with static
IP addresses, rather than dynamically assigned IP
addresses.
• Evidence server must be on the same LAN as the
appliance.
• In a cluster environment, the virtual IP address
must be in the same subnet as the appliance IP
address.
• The cluster ID and the virtual IP address must
be different from that of a McAfee DLP Monitor
cluster ID and virtual IP address.
Remote Management Module (RMM) (Hardware appliances only) If you intend to use the
RMM for appliance management, use a secure or
closed network to connect to the RMM.
Capture storage disk

• (6600 hardware appliances only) A separate
McAfee DLP Capture Storage Array, which holds up
to 24 TB of captured data.
• (Virtual appliances only) Storage disk space of at
least 2 TB when you are installing the software.

Security considerations
Plan your software security requirements before you deploy the appliance.
• Disable all unused services, such as ICAP on a mail.

• Restrict the IP addresses that can use appliance services, such as IP addresses that might relay email or access SSH.
• Control who can access the physical or virtual appliance console.
• Use out-of-band management on a network that McAfee ePO can access to isolate management and network traffic.
• LAN 1 traffic must not be accessible from outside your organization.
• Connect any baseboard management controller (BMC) interface to a dedicated secure management network.
The Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help you increase the
functionality and security fixes to your appliances. To receive SNS email notices, go to the SNS Subscription Center at https://
sns.secure.mcafee.com/signup_login, and register and select your product information options.
Things to do before installation

Before you start the McAfee DLP Prevent appliance installation, make sure that you have the information you need to install the
appliance.
• McAfee ePO — Make sure you have the McAfee ePO server installed for managing your appliance. For information about
installing McAfee ePO, see the McAfee ePolicy Orchestrator documentation.
• Virtualization software setup — To install the virtual McAfee DLP Prevent appliance, prepare the virtual platform.
If you don't have your virtual software set up, go to the product website:
To purchase VMware vSphere and VMware vCenter Server, go to https://www.vmware.com.

To purchase Windows Hyper-V, go to https://www.microsoft.com.
Interaction with other McAfee products

McAfee DLP integrates with other McAfee products, increasing the functionality of the product suite.
Product Description
McAfee ePO All McAfee DLP products integrate with McAfee ePO
for configuration, management, monitoring, and
reporting.
McAfee® Email Gateway Integrates with McAfee DLP Prevent to provide email
protection.
McAfee® Logon Collector Integrates with McAfee DLP Monitor and McAfee DLP
Prevent for user authentication information.

Product Description
McAfee® Web Gateway Integrates with McAfee DLP Prevent to provide web
protection.

3| System requirements
System requirements
Hardware and software requirements
To ensure that your deployment is successful, your environment must meet the minimum requirements. Also, make sure that
you have administrator rights.
Hardware requirements
Hardware type Specifications
McAfee ePO server For information about the McAfee ePO hardware
requirements, see the McAfee ePO documentation.
McAfee DLP Prevent server Hardware appliances:
• DLP 6600 appliance model

• DLP 5500 appliance model
Network Minimum 100 megabit LAN serving all workstations

and the McAfee ePO server
Virtual operating systems supported
System type Software
Hypervisor VMware vSphere using VMware vCenter Server

versions 6.0, 6.5, or 6.7
Hyper-V
• Windows Server 2012
• Windows Server 2016
Caution: Do not install the Hyper-V download

package in Azure environment.

Tested platforms, environments, and operating systems

After the initial release of the product, you can get the latest information about supported platforms, environments, and
operating systems from the McAfee Knowledge Base.
For McAfee Network DLP and McAfee DLP appliances, see KB87112.
Tested McAfee ePO versions
Software Version
McAfee ePO
• 5.3.3 HF1230649
• 5.9.x
• 5.10.x
When running McAfee ePO in Microsoft Internet
Explorer, use version 10.0 or later.
Updates to the McAfee ePO extensions for McAfee DLP Prevent appliances are delivered through update releases.
McAfee® Agent version 5.5.1 is built into the appliance software.
Note
McAfee DLP Prevent appliances contain a version of the McAfee Agent, which is built into the appliance software and cannot
be updated through McAfee ePO.
Compatible McAfee products
McAfee DLP appliances in this release have been tested for compatibility with the following McAfee managed product versions:
McAfee® Logon Collector 3.0.2.
System requirements for setting up a virtual appliance

Your host computer must adhere to the system requirements for whichever virtual environment you choose.
• For VMware virtual environment, see the VMware Knowledge Base article 1003661 available at https://www.vmware.com
to get the minimum system requirements for VMware vSphere and VMware vCenter Server.
• For Windows Hyper-V virtual environment, see https://docs.microsoft.com.
You need an x86 64-bit virtualization host with a Westmere processor or newer.
Ensure that the virtual appliance that you run meets the system requirements based on your business needs and decide
whether you need to use DLP Capture. You can choose to deploy a virtual appliance using one of these predefined deployment
options.

Predefined
deployment Capture disk RW HDD (GB)
options Processors RAM (GB) capacity (TB) OS HDD (GB) **
Standard VM 4 12 N/A 10 300
Standard VM 4 12 4 10 300
- Capture
Small VM* 1 4 N/A 10 150
Small VM - 1 4 0.5 10 150

Capture*
Large VM 16 16 N/A 10 300
Large VM - 16 16 8 10 300
Capture
Note
* Use the Small VM and Small VM - Capture options only for evaluation purpose.
** The disk size displayed in the Size on Disk field while deploying a VMware virtual appliance is the total disk size of all
different virtual machine variants that can be deployed and isn't the actual disk size that will be used for the predefined
deployment VM variant you have chosen to install. For the actual disk size of the deployed virtual appliance, see RW HDD
details in this table.
The required capture hard disks get created when deploying an appliance, if you choose the predefined deployment option that
supports creating a capture disk. Adding a capture disk to an existing virtual appliance is not supported. Deploy a replacement
virtual appliance using a predefined deployment option that deploys a capture storage disk.
System requirements for setting up a hardware appliance

You can install your appliance on DLP 5500 or DLP 6600 models, which are Intel® Server systems.

Model specifications
Total Capture Remote

number disk OS+RW Number Management
of CPU RAM capacity HDD of hard Module Rack
Model Cores (GB)** (TB) (TB) drives (RMM) height
DLP 5500 12 32 10 2 8 Yes 2U

applianc
e model
DLP 6600 16 32 N/A 0.6 2 Yes 1U

applianc
e model
McAfee N/A N/A 24 N/A 6 N/A 2U

DLP
Capture
Storage
Array*
* The 6600 appliances have no in-built storage system. To create the needed capture disk space for enabling DLP Capture, set
up and connect McAfee DLP Capture Storage Array to your 6600 appliance. McAfee DLP Capture Storage Array is shipped in a
separate package with all items needed to install it with an appliance. Check the contents list to verify that you received all items.
** McAfee does not support adding more memory to McAfee DLP Prevent appliances.
For information about these hardware appliances, see the McAfee Data Loss Prevention Prevent Hardware Guide.
Web requirements
McAfee DLP Prevent works with ICAP-compliant web proxies to protect web traffic.
To fully integrate an ICAP client with a McAfee DLP Prevent appliance, the ICAP client must be able to:
• Split requests from responses (REQMOD vs. RESPMOD). For example, in some environments it might be preferable for
McAfee DLP Prevent to process only web requests going to public sites, rather than processing every bit of HTTP traffic
on the network.
• Add an X-Authenticated-User ICAP request header to provide the McAfee DLP Prevent appliance with the end user
making the request for policy evaluation purposes.
• Add X-Client-IP and X-Server-IP request header to provide the McAfee DLP Prevent appliance with source and destination
IP addresses for reporting purposes.

MTA requirements
McAfee DLP Prevent works with Mail Transfer Agent (MTA) server to protect email traffic.
An MTA server must meet these requirements to integrate with McAfee DLP Prevent.
• The MTA must send all or a portion of email traffic to McAfee DLP Prevent. Example: In some environments, it might
be preferable for McAfee DLP Prevent to process only mail going to or from public sites, such as Gmail, rather than
processing every email sent and received on the network.
• The MTA must be able to inspect email headers so that it can distinguish emails arriving from McAfee DLP Prevent and
act on the header strings that McAfee DLP Prevent adds to the email messages. If certain actions are not supported on
the MTA server, do not configure rules on McAfee DLP Prevent to use these actions.
• Your MTA must ensure that email messages received from McAfee DLP Prevent are routed to the intended destination,
and not back to McAfee DLP Prevent. Example: Routing might be defined using a port number or source IP address, or by
checking if X-RCIS-Action headers are present.

4| Pre-installation tasks
Pre-installation tasks
Download product extensions and installation files
Before you can manually install the software, you must download the files for your installation. Alternately, you can use Software
Catalog to download and install.
Before you begin

• Make sure that you have the grant number you received after purchasing the product.
• McAfee publishes BIOS images for the hardware appliances that contain the BMC firmware. Make sure that the server
board is updated with the latest firmware published by McAfee. Contact Technical Support for the latest version of the
firmware.
All McAfee DLP products use the McAfee DLP extension for McAfee ePO. Install DLP_Mgmt_version_Package.zip as your starting
point.
You can also use the McAfee ePO Software Catalog on McAfee ePO 5.10 (Menu → Software → Software Catalog) to view,
download, and install the software.
In McAfee ePO 5.9 or earlier, select Software Manager (Menu → Software → Software Manager) to view, download, and install
the software.
Task
1. In a web browser, go to https://www.mcafee.com/us/downloads/downloads.aspx.
2. Click Download. Enter your grant number, then select the product and version.
3. On the Software Downloads tab, select and save the appropriate file.
File description File name
Data Loss Prevention extension DLP_Mgmt_version_Package.zip
DLP Appliance Management extension dlp-appliance-management-package-version-

extensions.zip
Appliance Management extension appliance-management-package-version-

extensions.zip
Common UI extension commonui-core-package-version-extensions.zip
McAfee DLP Prevent appliance installation image

• For VMware vSphere virtual
appliance — McAfee-PS-<version>-
<build_number>.ps.hw10.hdd.ova

File description File name
• For Windows Hyper-V virtual

appliance — McAfee-PS-<version>-
<build_number>.HyperV_ps.zip
• Hardware appliance — McAfee-PS-<version>-
<build_number>.iso
Caution
Do not install the Hyper-V download package in Azure environment.
Virtual appliance installation download package

The McAfee DLP Prevent virtual appliance is supplied as an .ova file or a .zip file based on the virtual environment platform.
Note
The download package does not contain VMware vSphere or Hyper-V product installation files.
If you don't have your virtual software set up, go to the respective product website.
• To purchase VMware vSphere and VMware vCenter Server, go to https://www.vmware.com.

• To purchase Windows Hyper-V, go to https://www.microsoft.com.
Installation download package for VMware vSphere
The McAfee DLP Prevent virtual appliance for installation on VMware vSphere is supplied as an .ova file that contains the
software installation files.
Installation download package for Hyper-V

The McAfee DLP Prevent virtual appliance for installation in Windows Hyper-V is supplied as a .zip file.
File name Description
HyperV_ps.ps1 PowerShell script — Enables you to automate the

installation process.
HyperV_ps.1.vhd Hard disk 1 — Holds the installed software after

installation, and holds the installation media before
installation.

File name Description
HyperV_ps.2.vhd Hard disk 2 — Holds the operating system swap

space and operational data after installation, and
remains empty before installation.
HyperV_ps.3.vhd Hard disk 3 — Holds the captured data after

installation if the required capture disk space is
allocated during deployment. The hard disk 3
remains empty before installation.
Note
To know how the hard disks were allocated in earlier releases, contact Technical Support.

5| Install software for the first time
Install software for the first time

Install the extension using Software Catalog (Software Manager)
Using the Software Catalog (McAfee ePO version 5.1.0; Software Manager in McAfee ePO versions 5.9 or earlier) is the most
convenient method of installation. As an added benefit, you can also use it to upgrade and remove extensions.
Before you begin

Verify that the McAfee ePO server name is listed under Trusted Sites in the Internet Explorer security settings.
Task
1. In McAfee ePO 5.10, select Menu → Software → Software Catalog.
In McAfee ePO 5.9 or earlier, select Menu → Software → Software Manager.
2. In the left pane, expand Software (by Label) and select Data Loss Prevention.
3. Select your McAfee DLP product.
Select the entry for McAfee DLP Appliance Management, which installs all of the necessary extensions:
• McAfee DLP
• Common UI
• Appliance Management Extension
• McAfee DLP Appliance Management
4. For all available software, click Check In.

5. Select the checkbox to accept the agreement, then click OK.
Results
The extension is installed. Extensions that are checked in appear in the Checked In Software list. As new versions of the software
are released, you can use the Update option to update the extensions.
Install the extensions manually in McAfee ePO

If you have manually installed the McAfee DLP extension in McAfee ePO, you must also install the other extensions needed for
McAfee DLP Prevent manually.
Before you begin

• Download the extensions.
• Install the McAfee DLP extension.
Task
1. In McAfee ePO, select Menu → Software → Extensions, then click Install Extension.
2. Follow these steps for each of the extensions. Install the extensions in this order:
• Common UI package
• Appliance Management Extension
• McAfee DLP Appliance Management

a. Browse to the extension .zip file.

The installation dialog box displays the file parameters to verify that you are installing the correct extension.
b. Click OK twice.
License McAfee DLP

Provide the license to access the McAfee DLP consoles.
You must enter at least one license key — more if you have multiple McAfee DLP products. The licenses you enter determine
which configuration options in McAfee ePO are available to you. You can enter keys for these products:
• McAfee DLP Endpoint or Device Control

• McAfee DLP Discover
• McAfee Legacy Network DLP (9.3.x)
• McAfee DLP Prevent (10.x or later)
• McAfee DLP Monitor (11.x or later)
Task
1. Install licenses and components in DLP Settings to customize the installation.
The DLP Settings module has seven tabbed pages. Information about the General tab is required. You can use the default
values or fields for the remaining settings if you don't have special requirements.
a. Select Menu → Data Protection → DLP Settings.
b. For each license that you want to add: in the License Keys → Key field, enter the license, then click Add.
Installing the license activates the related McAfee ePO components and McAfee ePO Policy Catalog policies.
c. In the Default Evidence Storage field, enter the path.
The evidence storage path must be a network path, that is \\[server]\[share]. This step is required to save the settings
and activate the software.
Installing the license activates the related McAfee ePO components and McAfee ePO Policy Catalog policies.
d. Set the shared password.
2. Click Save.
3. To back up the configuration, select the Back Up & Restore tab, then click Backup to file.
Results
McAfee DLP modules appear in Menu → Data Protection according to the license.
Configure network information in McAfee ePO

Connect the appliance to the network.
To connect to the network, configure the DNS server, NTP server, and a Smart Host for your appliances from McAfee ePO.
Task
1. In McAfee ePO, select Menu → Policy → Policy Catalog.
2. From the Product drop-down list, select Common Appliance Management.
3. Select the My Default policy.

4. Add the DNS server and the NTP server, then click Save.
5. From the Product drop-down list, select DLP Appliance Management.
6. Select the My Default policy for McAfee DLP Prevent Email Settings.
7. Enter the IP address of the Smart Host, then click Save.
Applying backward compatibility

Backward-compatible policies allow you to use the new McAfee DLP extension format with older McAfee DLP Endpoint client and
McAfee DLP Discover server versions, providing large enterprises with an orderly upgrade path.
Backward compatibility can be applied in two modes:
• Non-strict mode — Compatibility errors in the policy display a warning. An administrator with policy administration
permissions can apply the policy.
• Strict mode — Policies with errors can't be applied to the McAfee ePO database.
When a policy with backward compatibility errors is applied to the database, the errors are displayed on the DLP Policy → Policy
Validation page.
McAfee DLP Prevent can use policies with warnings created in non-strict mode. When backward compatibility is applied in strict
mode, policies with errors can't be applied to the McAfee ePO database, and therefore aren't detected by McAfee DLP Prevent.
Install your McAfee DLP Prevent appliance

You can install the McAfee DLP Prevent appliance software on both physical and virtual appliances.
You can enable your McAfee DLP Prevent appliance to perform cryptographic operations in a way that is compliant with FIPS
140-2. To do so, go to the General category in the DLP Appliance Management product in the Policy Catalog.
Deploying and installing a virtual appliance
You can install and deploy appliances in virtual environments with different server configurations.
Running a single virtual machine as a host

This is a possible single-server deployment of the virtual appliance on your chosen virtual environment. VMware vSphere
deployed on VMware vCenter Server, or Windows Hyper-V are dedicated servers to the virtual appliance. Their hardware
specification must exceed the minimum hardware requirements.
1. Local network with users and client computers.

2. Virtual machine configured as an appliance.
3. Appliance integrated with McAfee ePO for the appliance to be managed and for incident management.
4. Sends or blocks the message using MTA to the appropriate destination.

Single-server deployment
Running the virtual appliance with other virtual machines

This is a possible deployment of the virtual appliance on your chosen virtual environment alongside other virtual machines.
In this example, one virtual machine host is responsible for the virtual appliance and other virtual machines, of which, all run on
the same hardware. The resource pool must also have the minimum levels of CPU and memory allocated to it.

2. Virtual appliance deployed in your virtual environment alongside other virtual machines.
Multiple server deployment

Deploy the appliance software in a VMware environment
Set up your virtual environment and deploy the McAfee DLP Prevent virtual appliance. Deploy the appliance software from
the .ova file you have downloaded.
Tip
For performance optimization, make sure that all virtual appliances in a cluster have the same specifications.
These steps are applicable to VMware vSphere version 6.5. For VMware vSphere version 6.7, the UI terms in these steps vary.
Task
1. Start the VMware vSphere client and log on to the VMware vCenter Server.
2. Select File → Deploy OVF Template.
The Deploy OVF Template dialog box appears.
a. In the Source page, click Browse to search the OVA file you downloaded from the McAfee download site and click
Open to select the file. Click Next.
b. In the OVF Template Details page, validate the package details and click Next.
c. In the Name and Location page, enter a name for your appliance. Select the data center and folder to deploy your
appliance to and click Next.
d. In the Deployment Configuration page, choose a predefined deployment option based on your business need.
The predefined deployment option allocates the CPUs, memory, and capture disk space and the options are Standard
VM, Standard VM - Capture, Small VM, Small VM - Capture, Large VM, and Large VM - Capture.
e. In the Storage page, select a datastore to store the virtual machine files.
f. In the Disk Format page, select the format in which you want to store the virtual disk.
Tip
Select the Thick Provision Lazy Zeroed option for the virtual disk format. Initial performance might be degraded
with other options. The Thick Provision Eager Zeroed option can take some time to complete.
g. For Network Mapping, map the networks used in the OVF template (source networks — LAN 1 and OOB) with the
virtual networks (destination networks). Configure the default IP addresses and click Next.
h. Review the summary in the Ready to Complete page and click Finish.
To turn on the virtual machine, select the Power on after deployment checkbox.
Note
The disk size displayed in the Size on Disk field is the total disk size of all different virtual machine variants that
can be deployed and isn't the actual disk size that will be used for the predefined deployment VM variant you have
chosen to install. For the actual disk size of the deployed virtual appliance, see System requirements for setting up a
virtual appliance.

3. The deployment task starts and displays a message after the deployment is successful, click Close.
Use the information in Recent Tasks to verify if the virtual machine is created.
The hard disks required to deploy the appliance are created. If you have chosen a deployment option that supports DLP
Capture, an additional hard disk is created to store the captured data.
The appliance software is deployed.
4. Right-click the deployed virtual machine and click Open Console.

The virtual appliance console opens and you can continue with the installation of the appliance.
Deploy the appliance software in Hyper-V virtual environment
Set up your virtual environment and deploy the McAfee DLP Prevent virtual appliance software. Deploy the appliance software
from the .zip file you downloaded.
Before you begin

Open Hyper-V Manager installed on a Windows Server. To open Hyper-V Manager, either press the Windows key and type
Hyper-V Manager to search applications for Hyper-V Manager or open it from the Windows Start menu.
Tip
For performance optimization, make sure that all virtual appliances in a cluster have the same specifications.
Run the PowerShell script to create a virtual appliance with one of these predefined deployment specifications. The predefined
deployment option allocates the CPUs, memory, and capture disk space.
Task
1. Browse to the folder where you downloaded the appliance installation package and unzip the folder.
2. From the File menu, browse and open Open Windows PowerShell as administrator.
Use the Get-help command to know about Hyper-V commands.
3. At the Windows PowerShell prompt, go to the folder where you unzipped the installation file:
cd .\<download package folder.HyperV_ps>
4. Run the PowerShell script in the guided deployment mode or the automated deployment mode:
• Guided deployment — Run the HyperV_ps.ps1 script with no arguments: .\HyperV_ps.ps1

A dialog box appears with fields to choose the specifications for a virtual appliance:
Browse to specify the installation path.

Choose one of the predefined deployment options to specify the virtual appliance size. To use DLP Capture,
choose a deployment option that provides additional disk space to store captured data. The predefined
deployment option allocates the CPUs, memory, and capture disk space. The options are Standard VM,
Standard VM - Capture, Small VM, Small VM - Capture, Large VM, and Large VM - Capture.
Provide the network interface details or update them later using the Settings option in the virtual
appliance.
Click OK.

Hyper-V prompts you to continue with the installation. Type y and press Enter to continue.
• Automated deployment — Run the HyperV_ps.ps1 script with these arguments: .\HyperV_ps.ps1 -noprompt
-name "<VM_name>" -path "<installation_path>" -vmsize "<predefined_deployment_option>" -lan1
"<ip_address>" -lan2 "<ip_address>" -lan3 "<ip_address>" The predefined deployment options are "Small
VM", "Small VM Cap", "Standard VM", "Standard VM Cap", "Large VM", and "Large VM Cap".
For example, specifying the argument for -vmsize as "Small VM Cap", creates a virtual appliance with one CPU 4
GB RAM and 2 TB of capture data disk.
Note
If you don't specify -vmsize, a virtual appliance is created with the Standard VM specifications.
The required hard disks are created and the deployment is complete. If you specify the option that supports creating a
capture data disk, hard disk 3 gets created to store the captured data.
5. In Hyper-V Manager, verify the newly created virtual appliance. Right-click the virtual appliance and click Settings to edit the
configuration settings.
6. Browse to various fields, such as Processor, IDE Controller and change the settings if needed. Connect to the network
switches using the Network Adapter fields. Click OK.
7. In the virtual appliance window, click Start from the Actions menu.
The disk drives and the appliance software are deployed. The installation starts from hard disk 1.
Deploying and installing a hardware appliance
You can deploy and install DLP 6600 or DLP 5500 physical appliance models in your existing network infrastructure based on
your business needs.
Running the physical appliance in your network

You can deploy a hardware appliance in your existing network. The appliance software is installed on each DLP 6600 or DLP 5500
appliance models.

2. Physical appliance deployed in your LAN.

Single server physical appliance deployment
Connect your appliance
When you connect your appliance to the network device, you can configure the appliance IP address and other parameters for
integration in your network.
Configure each appliance with the required static IP addresses. If no IP addresses are specified, the appliance is configured with
the default static IP addresses. The default gateway for the appliance uses the LAN 1 network. Configure any routing required on
the OOB interface using static routes.
The hardware appliance has a Remote Management Module (RMM), which provides Lights Out Management functionality, such
as remote KVM access and access to the appliance BIOS.
Task
1. (Optional) Connect the McAfee DLP Capture Storage Array to the DLP 6600 appliance if you are using the DLP Capture
feature.
2. Connect a monitor, keyboard, and mouse to the appliance.
3. Connect the LAN 1 interface of the appliance to your network.
4. (Optional) Connect the OOB interface to a different network.
5. (Optional) Connect the RMM interface to a management network.
Tip
Use a closed or secure network for the RMM.
Serial console settings
You can use the serial console to install the McAfee DLP appliance software only.

You must use another method, such as the RMM, to configure network settings and register with McAfee ePO. You can enable
the RMM through the serial console.
Note
Installation progress does not appear when using the serial console.
Serial connection parameters
Port setting Value
Baud rate 115200
Data bits 8
Stop bits 1
Parity None
Flow control None
Deploy the appliance software on a hardware appliance
You can deploy and install McAfee DLP Prevent on DLP 6600 or DLP 5500 appliance models based on your usage of the product.
Tip
For performance optimization, make sure that all appliances in a cluster are of the same model.
You can perform the initial deployment using these methods:
• USB drive
Note
Use image writing software, such as Launchpad Image Writer, to write the image to the USB drive. Use the "raw",
"DD", or "ISOHybrid" image mode when writing to a USB drive, else the installation might fail. For more information,
see KB87321.
• USB CD drive

• Virtual CD drive using the RMM

Task
1. Using the installation ISO file, create or set up the external imaging media.
2. Insert or connect the media to the appliance.
3. Turn on or restart the appliance.
4. Before the operating system starts, press F6 for the boot menu and select the external media.
5. Follow the on-screen prompts.
The appliance software is deployed.
Install the appliance software
Complete the installation of the appliance software by choosing the type or mode of installation you want from the installation
menu.
Once the appliance software is deployed in the hardware appliance or the virtual machine, the appliance restarts and the
End-User License Agreement is displayed.
Task
1. Read the End-User License Agreement, then press y to accept it.
2. At the installation menu, enter a to install the appliance with the highlighted options, then press Enter to continue
installation.
The default options enable you to perform full installation and reboot the appliance at the end of installation. Selecting the
default options causes the removal of all software and information from the appliance; data previously captured by a 11.x
or later installation will be preserved.
A confirmation message about the selected installation options is displayed.
Caution
If you are upgrading from version 9.x.x to the latest version, a warning message is displayed and any previously
captured data will be removed.
3. Enter y and press Enter to continue.

Wait until the installation process is complete.
4. Review the installation information and the installed version of the product, and press Enter to continue.
Results
Caution
The appliance restarts.
If the installation fails, call Technical Support. Do not perform the installation tasks again.
What to do next
Configure the network settings with the default IP addresses and register the appliance with McAfee ePO using the Setup Wizard.

Configuring the appliance

Default IP addresses
Use the default IP addresses rather than assigning dynamic IP addresses to configure each appliance.
• LAN 1 — 10.1.1.108/24 Use the LAN 1 network for McAfee DLP Prevent SMTP or ICAP traffic. You can also use it for
management traffic.
• OOB — 10.1.3.108/24 (Optional) Use the Out-of-band (OOB) network for management traffic including McAfee ePO
communication.
Note
If your network uses DHCP, the first IP address that the DHCP server assigns to the appliance is used instead. You
can manually configure the IP address with the Setup Wizard. The appliance doesn't support using a continuous DHCP
configuration.
The default gateway for the appliance uses the LAN 1 network. Configure any routing required on the OOB interface using static
routes.
Run the Setup Wizard and register the appliance with McAfee ePO
After the installation is complete, the appliance restarts and the Setup Wizard starts automatically. Use the Setup Wizard to
configure network settings and register the appliance with McAfee ePO.
If you installed the software using the serial console on a hardware appliance, use another method, such as the RMM, to
complete the Setup Wizard.
Task
1. Choose the language for the Setup Wizard, then configure the basic network settings.
The wizard contains information to help you configure the settings.
a. On the Welcome page, select Basic Network Setup and click Next.
b. Complete the options on the Basic Settings page.
Change the default password the first time you run the Setup Wizard and click Next.
Note
The new password must have at least eight characters. The default password is password.
c. Complete the options on the Network Services page, then click Next.
d. Review the information about the Summary page and make any corrections.
e. Click Finish.
The initial network settings are applied. The first time you complete the Setup Wizard, or if you need to register with a
new McAfee ePO, the wizard restarts after the network settings are applied.

2. Register with McAfee ePO.

a. Select ePO Registration and click Next.
b. Complete the options on the ePO Registration page using valid McAfee ePO user credentials.
You can choose any McAfee ePO user to do the registration. McAfee ePO administrator privileges are not required.
The user name and password are not stored on the appliance after the registration is complete.
c. Click Finish.
3. Log on to McAfee ePO.
Results
The product appears in the System Tree. If needed, move the entry to the correct location in the hierarchy.

6| Post-installation tasks
Post-installation tasks
High level post-installation tasks
Completing the installation includes enabling and configuring the settings, and policies for your products.
Task
1. Configure an evidence server to store the files that trigger a rule.
2. Configure one or more syslog servers, if necessary.
3. Configure server settings.
4. (Optional) Specify a McAfee DLP Discover server configured as McAfee DLP Server in the Policy Catalog to use registered
documents in McAfee DLP appliance policies.
5. (Optional) Enable DLP Capture to store email, web, and network data analyzed by your McAfee DLP appliances.
6. (Optional) Enable a cluster of McAfee DLP Prevent appliances to load the balance incoming traffic and ensure high
availability.
7. Enable relevant predefined policies and rules.
8. Create additional classifications, policies, and rules to detect potential data loss incidents.
9. Assign the configurations and policies in the System Tree.
10. Integrate with an MTA server or web proxy.
For McAfee DLP Prevent appliances that analyze email traffic:
• Verify connectivity and mail flow between the mail transfer agent (MTA) server and the McAfee DLP Prevent
appliance.
• Confirm that the X-RCIS-Action: Allow header is added to received email.
For McAfee DLP Prevent appliances that analyze web traffic, verify connectivity between the web proxy server and the
appliance.
11. Confirm that incidents are recorded in the DLP Incident Manager.
Scenario based post-installation tasks

Define McAfee DLP settings in the DLP Appliance Management, Data Loss Prevention, and Common Appliance Management
products in the Policy Catalog.
DLP Appliance Management

Use the DLP Appliance Management categories with McAfee DLP appliances. You can perform activities such as specifying a
Smart Host or ICAP channels for McAfee DLP Prevent, or enabling the McAfee DLP Capture feature. You can also set up load
balancing and timeout settings, and the LDAP servers that you want to get user information from.
Data Loss Prevention

Use the Server Configuration policy category to edit the Evidence Copy Service settings to work with McAfee DLP appliances.
The Maximum evidence transmission bandwidth (KBps) option does not apply to McAfee DLP appliances.

Common Appliance Management

Specify DNS settings, static route settings, and remote logging servers. You can also edit the appliance date and time and enable
SNMP alerts and monitoring.
Set up a cluster of McAfee DLP Prevent appliances
To load balance incoming traffic and ensure high availability, you can create clusters of appliances.
Before you begin

Configure two or more McAfee DLP Prevent appliances with LAN 1 connected to the same network segment.
All the appliances in a cluster must be in the same subnet or network.
Task
1. In McAfee ePO, open the Policy Catalog.
2. Select the DLP Appliance Management product, choose the General category, and open the policy that you want to edit.
3. In Load Balancing, select Enable.
4. In Cluster ID, use the arrows to select a number to identify the cluster.
5. In Virtual IP, enter a virtual IP address so that packets for the virtual IP address are sent to the cluster master.
The appliances in the cluster use the netmask assigned to the physical IP address. The virtual IP address must be in the
same subnet or network as the other McAfee DLP Prevent appliances, and cannot be the same IP address as any other
appliance in the cluster.
Results
McAfee ePO pushes the configuration to all the appliances in the cluster when you apply the changes. It takes about five
minutes for the cluster to stabilize and identify the cluster master and cluster scanners. The appliance descriptions then change
accordingly in Appliance Management.
Enable FIPS 140-2 mode
Configure the McAfee DLP appliance to perform cryptographic operations in a way that is compliant with FIPS 140-2.
Due to the nature of FIPS 140-2, enabling this feature will decrease your appliance's throughput.
Task
3. In Security mode, select Enable FIPS 140-2 mode and click Save.
Connect to an evidence server outside your firewall
If your McAfee DLP appliance is in a demilitarized zone (DMZ), you can securely copy the evidence files, despite no network
access to the evidence file share. McAfee DLP allows you to copy the evidence files to the evidence file share via the McAfee DLP
server.

Task
3. In McAfee DLP Server for Evidence Copy, click + to add the host name or IP address of the McAfee DLP servers you want
the McAfee DLP appliance to connect to.
4. Click Update, then save the changes.
Retrieve and synchronize information from registered LDAP servers
McAfee DLP appliances can get user and group information from LDAP servers that are registered with McAfee ePO. You need to
select the registered LDAP servers that you want McAfee DLP appliances to get information from.
Before you begin
Make sure that the LDAP servers are registered with McAfee ePO.
User and groups details are used when evaluating the Sender information. The McAfee DLP appliance can:
• Connect to OpenLDAP and Active Directory servers.

• Communicate with a registered LDAP server over SSL.
• Configure or set the daily synchronization time of appliances with LDAP servers as synchronizing multiple appliances
with LDAP servers at the same time can overload the LDAP servers.
• Connect to Global Catalog ports instead of standard LDAP ports to retrieve user and group information when querying
Active Directory.
If you configured Active Directory to use Global Catalog ports, make sure that at least one of these attributes are
replicated to the Global Catalog server from the domains in the forest:
proxyAddresses
mail
If a McAfee DLP appliance needs to use NTLM or WINNT authentication for analyzing web protection rules, these LDAP
attributes must also be replicated:
configurationNamingContext
netbiosname
msDS-PrincipalName
Messages are temporarily rejected with a 451 status code when both of these conditions are met:
• McAfee DLP Prevent uses rules that specify the sender is a member of a particular LDAP user group.
• McAfee DLP Prevent is not configured to receive information from the LDAP server that contains the specified user
group.
Events are sent to the Client Events log if synchronization with the LDAP server or an LDAP query fails.
Task

2. Select the DLP Appliance Management product, choose the Users and groups category, and open the policy that you want
to edit.
3. In LDAP Servers, select at least one valid LDAP server to enable synchronization configuration.
4. In the Initiate daily synchronization at field, set the daily synchronization time. The default synchronization start time is set
to 3 a.m.
The synchronization of the appliance with LDAP servers happens daily at the configured time.
5. (Optional) Select and update the Delay synchronization start by up to (hours) field to configure the delay between the
synchronization start of appliances. The default synchronization delay between appliances is set to two hours. You can
configure the random delay synchronization start interval between 1–10 hours.
6. Click Save.
Specify the server for registered documents
Specify a McAfee DLP Discover server in the Policy Catalog to use registered documents in McAfee DLP appliance policies.
Task
3. In McAfee DLP Server for Registered Documents, click the add button (+) to enter IP addresses or host names of the
McAfee DLP Discover servers with the registered documents databases you want to use.
Registered documents database servers are McAfee DLP Discover servers with the McAfee DLP Server role. The server port
is predefined as 6379.
4. (Optional) Select the Use TLS checkbox to specify a secure connection.
5. Click Save.
Common Appliance Management policy
The Common Appliance Management policy category is installed as part of the Appliance Management extension. It applies
common settings to new or reimaged appliances.
• Date and time, and time zone information

• Lists of DNS servers
• Static routing information
• Secure Shell (SSH) remote logon settings
• Remote logging settings
• SNMP alerts and monitoring
Edit the McAfee Email Gateway policy to work with McAfee DLP Prevent
To redirect email from the McAfee Email Gateway appliance to McAfee DLP Prevent for analysis, and take action on potential data
loss incidents, edit the Email Gateway configuration policy.
To configure McAfee DLP Prevent to send email messages back to the email gateway for processing, edit the McAfee DLP
Prevent Email Settings policy.

Use case: Configure Email Gateway to process analysis results
Configure your email configuration policy to take action on potential data loss incidents.
Before you begin

Make sure that you have an Email Gateway appliance managed by McAfee ePO set up and running.
This example assumes that McAfee DLP Prevent detected a potential data loss incident sent in an email message from an Email
Gateway appliance. You want to block the email from leaving your organization, and notify the sender of the action taken.
Task
2. Select McAfee Email Gateway from the Products list, and select your email configuration policy.
3. Select Add Policy and click Add Rule.
a. In Rule Type, select Email Header.
b. In Header name, select X-RCIS-Action.
c. In the Value field, select ^BLOCK$.
d. Click OK, and OK again.
4. In Policy Options, select Policy-based Action.
5. Select Accept and then drop the data, then select Send one or more notification emails.
6. Click Deliver a notification email to the sender and click OK.
7. Save the policy.
Redirect email to McAfee DLP Prevent
Redirect email from Email Gateway to McAfee DLP Prevent for analysis.
Before you begin

Make sure that you have an Email Gateway appliance or virtual appliance managed by McAfee ePO.
Task
2. Select McAfee Email Gateway from the Products list, and select the email configuration category.
3. Click Add Policy and click Add Rule.
a. In Rule Type, select Email Header.
b. In Header name, select X-MFE-Encrypt and set the Match to "is not present".
c. Click OK, and OK again
4. In Policy Options, select Policy-based Action.
5. Select Route to an alternate relay.
6. Select the relay for your McAfee DLP Prevent server, and click OK.
Refer to the McAfee ePO online Help to get information about relays.
7. Save the policy.

Integrating McAfee DLP Prevent in your web environment
McAfee DLP Prevent works with your web proxy to protect web traffic.
McAfee DLP Prevent uses ICAP or ICAPS (ICAP over TLS) to process web traffic, which uses these ports:
• ICAP — 1344
• ICAPS — 11344
Use this workflow to configure your environment for web protection.
1. Configure endpoint clients to send web traffic to the web proxy.

2. Configure the web proxy to forward HTTP traffic to McAfee DLP Prevent via ICAP.
3. Configure policy on McAfee DLP Prevent to specify the action to take based on the content of the traffic. Example: Configure
a rule to allow or block traffic from particular users that contains credit card numbers.
After McAfee DLP Prevent analyzes the traffic, it performs one of these actions:
• Allows the traffic and informs the web proxy.

• Denies the traffic and supplies a block page which is presented to the user.
Integrate with Web Gateway
You can configure Web Gateway to forward HTTP traffic using ICAP to McAfee DLP Prevent for analysis. McAfee DLP Prevent
returns a response to Web Gateway, allowing or denying the page.
Note
All versions of Web Gateway are supported, but these steps are applicable only for version 7.8.1. The steps can differ slightly
for older or newer versions. For the detailed steps in the version of Web Gateway that you have installed, see the Web
Gateway documentation.
Task
1. In Web Gateway, select Policy.
2. Add the rule set:
a. Click the Rule Sets tab.
b. Select Add → Rule Set from Library.
c. From the ICAP Client rule set library, select ICAP Client, then click OK.
d. Click Unlock View, then click Yes.
e. Deselect Responses.
3. (Optional) If you want the generated incidents to contain the destination IP address, edit the REQMOD settings.
a. On the Rule Sets tab, expand the ICAP Client rule set and select ReqMod.
b. Select Add X-Server-IP header.
4. Follow these steps to set the appliance as an ICAP client:
a. Click the Lists tab, expand ICAP Server and select ReqMod Server.

b. Select 1 and click Edit.

c. Type the IP address or the fully qualified domain name of the McAfee DLP Prevent appliance, followed by the ICAP
mode in the URI field. Optionally, you can add a port. If you add no port, the default port 1344 is configured.
The syntax for specifying this information is displayed above the field. For example, you can use one of these formats:
icap://xx.xxx.xxx.xx/reqmod
icap://xx.xxx.xxx.xx:1346/reqmod
icap://test-icap.micmwg.com/reqmod
icap://test-icap.micmwg.com:1346/reqmod
d. Click OK.
5. Enable the rule.
a. On the Rule Sets tab, select the ICAP Client rule.
b. Select Enable.
6. Click Save Changes.
Enable secure ICAP connections
Appliance port 11344 is the only port that receives SSL traffic for ICAP. For communication to happen in the SSL mode, you can
enable the secure ICAP port. To use this mode, you also have to import the appliance certificate.
Task
1. Import the appliance certificate for ICAP connections by uploading the certificate to /home/admin/upload/cert.
The appliance uses this certificate for ICAP and SMTP traffic. If you have already imported a certificate for SMTP traffic over
TLS, you can skip this step.
The certificate is automatically picked up from this location and imported by the appliance. When negotiating TLS for ICAPS,
the appliance presents this certificate. Make sure that you have a valid Common Name (CN) and Subject Alternative Name
or both.
2. Enable secure ICAP:
a. In McAfee ePO, open Policy Catalog.
b. Select the DLP Appliance Management <version> product, select the McAfee DLP Prevent Web Settings category,
and open the policy you want to edit.
c. Select the Secure ICAP (port 11344) and Unencrypted ICAP (port 1344) checkboxes.
d. Click Save.
To use only secure ICAP, deselect the Unencrypted ICAP (port 1344) checkbox and configure the web proxy to send traffic
to only port 11344.
Enable DLP Capture settings
Use the options in McAfee DLP Capture Settings to enable the capture feature and set how long you want to retain capture data
for.

Note
The McAfee DLP Capture Settings menu option doesn't appear in McAfee ePO until you add a license for one of the McAfee
DLP Prevent appliances.
Task
1. Go to Menu → Policy Catalog.
2. From the Product drop-down list, select DLP Appliance Management <version> → McAfee DLP Capture Settings.
3. Select My Default.
4. Select Enable Capture to enable capture settings.
5. To avoid running out of disk space, select Delete captured items older than (days) and enter the number of days to retain
the captured data for.
By default, the captured data is retained for 28 days.
6. Click Save.
Managing hardware appliances with the RMM

Use the RMM — also called the Baseboard Management Controller (BMC) — to manage a hardware appliance remotely. The
RMM is not available on virtual appliances.
The RMM must be configured with its own IP address and cabled separately. Log on with the administrator account with the user
name as admin and administrator password. Use the appliance console to enable and configure basic settings for the RMM. After
configuring the RMM network settings, you can also access the appliance console using the integrated web server. From the web
interface, you can check the hardware status, perform additional configuration, and remotely manage the appliance. Go to:
https://<RMM IP address>
Use the appliance administrator credentials to access the user interface. You can configure the RMM to use LDAP for
authentication instead of the admin account.
By default, all protocols used to access the RMM are enabled:
• HTTP/HTTPS
• SSH
• IPMI over LAN
• Remote KVM
Configure the RMM from BIOS
You can use the RMM via BIOS to manage a hardware appliance. The RMM enables you to configure the network settings and
protocols.
Before you begin

Make sure that the server board has the latest BIOS firmware. McAfee publishes BIOS images for the appliance that contain the
BMC firmware. Contact Technical Support for the latest version of the firmware. Downloading and using the system firmware
from other sources might impact the appliance performance.

You can enable or configure RMM from the text menu system, appliance console, serial console, or SSH session.
Note
In an uninstalled appliance, you can configure the RMM settings from BIOS using the root account. In an installed appliance,
you can configure the RMM settings from the appliance console without entering the BIOS.
Task
1. Log on to the appliance as administrator.
2. From the appliance console menu, select Reboot to restart the system.
3. Before the operating system boots, press F2 to enter the BIOS.
4. To configure the BMC LAN configuration for your appliance model, navigate to Server Management → BMC LAN
Configuration and press Enter.
5. Scroll down to Intel® RMM4 IPv4 LAN Configuration and configure IP source, IP address, Subnet mask as needed.
6. Scroll down to User Configuration, then configure these settings:
• User ID — Select root

• User status — Select Enabled
• User name — Enter root
• User password — Enter the password twice.
7. Confirm the network and user information, and press F10 to save and exit the BIOS.
The appliance boots with the new settings.
8. On the computer that connects to the RMM, open a web browser and enter:
https://RMM IP address
Use the credentials root/password you entered in the earlier step.
Results
The appliance boots with the new settings.
For more information about Intel® RMM4, go to https://www.intel.in/content/www/in/en/support/articles/000006023/server-

products.html.
Configure the RMM from appliance console
You can use the RMM via the appliance console to manage a hardware appliance. The RMM enables you to configure the
network settings and protocols.
Use the administrator account and password to log on to the appliance using RMM.
Task
2. From the appliance console menu, select Configure the BMC.
3. Configure the network information:
a. Select Configure the address.

b. Type the IP address, the network mask, and the optional gateway. Use the up and down arrows to navigate between
options.
c. Press Enter or select OK to save the changes.
4. Configure the allowed protocols:
a. Select Configure remote protocols.
b. Press spacebar to enable or disable an option.
c. Press Enter or select OK to save the changes.
Run the Setup Wizard using the remote KVM service
If you do not have local access to the keyboard, monitor, and mouse to run the Setup Wizard, you can do so using the RMM web
interface.
Task
1. Using a web browser, log on to https://<RMM IP address>.
2. Click the Remote Control tab.
3. Click Launch Console.
4. For some browsers, you might need to download the remote console application. In this case, download and open the
jviewer.jnlp file.
5. From admin shell, select Graphical configuration wizard.
Best practice: Securing the RMM
Secure your RMM environment to prevent unauthorized users from accessing the appliance.
• Make sure the RMM firmware is up to date.
Caution
McAfee publishes BIOS images for the appliance that contain the BMC firmware. You must use these images to
update the firmware. Contact Technical Support for the latest version of the firmware. Downloading and using the
system firmware from other sources might impact the appliance performance.
• Connect the RMM port to a secure, dedicated physical network or VLAN.

• Disable unused protocols. Only HTTP/HTTPS and the remote KVM service are required to remotely configure the
appliance.
• HTTPS is the recommended means for accessing the RMM4 web-based interface. Make sure that the appliance is
configured to use HTTPS.
Note
The appliance console and the web-based interface display that the appliance uses RMM4.
From the web-based interface, click the Configuration tab, select Security Settings, then select the Force HTTPS option.

• Periodically change the administrator password.

7| Upgrade to a new appliance software version
Upgrade to a new appliance software version

Prerequisites for upgrading
Upgrading your existing McAfee DLP Prevent appliance involves planning and preparation to ensure a smooth and successful
process.
Gathering required information

Before you begin the upgrade process, make sure that you have this information.
• Grant number
• Primary administrator account credentials
User name
Password
Scheduling your upgrade
During the upgrade, the content cannot be scanned as the appliances will be unavailable. Make sure that you notify your McAfee
ePO administrators about the upcoming downtime.
Upgrading the appliance software version

An upgrade installs a new version of the McAfee DLP appliance software.
Updates, hotfixes, and new versions of the software are distributed as .iso files, which you use to install the software. You can
write this to an external CD or USB drive and boot from it, or copy the image over the appliance's internal installation image and
boot from that. If you are installing a version earlier than what is currently installed, a warning is displayed that you can only
perform a reinstallation. Downgrading to an earlier version does not retain any configuration or McAfee ePO registration.
Note
Initial deployment of the appliance as a virtual machine must be made from the .ova file or .zip file you downloaded from the
McAfee download site. Use the .iso file only for upgrading the software.
Copy the .iso file to the appliance, then boot from the internal installation image. This option is available from the appliance
Upgrade Menu when you log on as admin from the console menu or SSH. You can also update the appliance installation image
from a CD, USB drive (Exfat filesystem is not supported), or virtual CD (RMM or VMware).
Upgrade menu
1 — Boots from the internal installation image
2 — Upgrades the internal installation image from an external device

3 — Copies the internal installation image to a USB devic
4 — Shows the internal installation image details
5 — Returns to the previous menu
Upgrade options
Upgrade options when the McAfee DLP Prevent appliance is not capable of capturing data:
1 — Preserves all configuration, including evidence files and hit highlighting waiting to be copied to the evidence storage share
2 — Preserves all configuration but does not retain evidence files or hit highlighting waiting to be copied
3 — Preserves only network configuration and McAfee ePO registration
4 — Reinstalls without retaining any configuration; you must use the Setup Wizard to register with McAfee ePO
Upgrade options when the McAfee DLP Prevent appliance can capture data:
1 — Preserves all configuration and captured data, including evidence files and hit highlighting waiting to be copied to the
evidence storage share
2 — Preserves all configuration and captured data, but does not retain evidence files or hit highlighting waiting to be copied
3 — Preserves only network configuration, captured data, and McAfee ePO registration
4 — Preserves only captured data
5 — Reinstalls without retaining any configuration and removes captured data; you must use the Setup Wizard to register with
McAfee ePO
Note
While upgrading the appliance software, McAfee ePO pushes all existing policies if you choose to upgrade using the full
upgrade mode. We recommend that you upgrade the appliance using the internal installation image path using the full
upgrade mode (upgrade option 1) for all deployments.
Upgrade using the internal installation image

McAfee DLP Prevent appliance contains a partition with an internal installation image, which you can use to upgrade or reinstall
the appliance update, hotfix, or new version.
Task
1. Update the installation image using a utility such as WinSCP or a command-line session to copy the .iso file to /home/
admin/upload/iso/.
2. Using the command-line session, log on to the appliance as administrator.

3. From the appliance console menu, select Upgrade.

4. Select Show the internal install image details to confirm the version.
The current installation image version must be the one you copied earlier.
5. Select option 1 Boot from the internal install image from Upgrade Menu and select OK.
6. Select option 1 from Upgrade Options, then select OK.
If McAfee DLP is capable of capturing data, options 1 to 4 enable you to preserve captured data and other network and
configuration data accordingly. Select option 5 to remove all captured data.
If McAfee DLP is not capable of capturing data, options 1 to 3 enable you to preserve network and configuration data
accordingly. Select option 4 to remove all data.
After the installation is complete, the appliance restarts preserving all data by selecting the default option 1.
A warning message about the kind of installation is displayed.
7. Select Yes to continue.

8. Return to the upgrade menu, and click Show the internal install image details to confirm the new version has been
installed.
Alternate upgrade option for a virtual appliance

Change the boot order in VMware before upgrading from virtual CD drive
Upgrading to a new release using a virtual CD drive requires preparation. The virtual appliance boots from the hard drive, by
default. When you want to upgrade or reinstall a virtual appliance using the virtual CD drive instead of the internal image, change
the boot order.
After you bind the .iso image to the virtual machine, perform one of these tasks immediately after the virtual appliance is
powered on so that booting from the CD drive takes precedence:
• Press the Esc key to enter the BIOS boot device menu and select the ISO image.
• Press the F2 key to enter the BIOS setup screen and place the CD-ROM Drive option above the Hard Drive option in the
static boot order list.
By default, the virtual appliance does not wait for you to press the Esc or F2 key before booting from the hard drive. To delay the
boot sequence in the virtual appliance:
Task
1. Open the Edit Settings dialog box for the virtual machine.
2. Click the Options tab and select the Boot Options section.
3. Request a force entry into the BIOS setup screen by selecting Force BIOS setup, or add delay in milliseconds in Power on
Boot Delay, within which you can press Esc or F2.
4. Click OK.
Upgrade an appliance in a VMware environment
You can also upgrade an appliance in VMware virtual environment by binding the downloaded .iso image as a virtual CD drive.

Note
If you are upgrading a virtual appliance from a McAfee DLP version lesser than 11.0.0, we recommend that you deploy a new
virtual appliance. This is due to the changes in the virtual hardware to support DLP Capture and newer versions of VMware.
Task
1. From the inventory, right-click the virtual appliance that you want to upgrade and select Edit Settings to open Virtual
Machine Properties.
2. From the Hardware tab, select CD/DVD drive 1 → Datastore ISO.
3. Browse to the .iso file.
4. (Optional) Select Connect At Power On to connect the device when the virtual machine turns on.
5. Click OK.
7. Select the full installation mode, which is the default and the recommended option.
8. Follow the on-screen instructions to reimage the appliance and configure the appliance from the Setup Wizard.
Upgrade an appliance in a Hyper-V environment
You can also upgrade an appliance in Hyper-V environment by binding the downloaded .iso image as a virtual CD drive.
Note
If you are upgrading a virtual appliance from a McAfee DLP version lesser than 11.0.0, we recommend that you deploy a new
virtual appliance. This is due to the changes in the virtual hardware to support DLP Capture.
Task
1. Open the Hyper-V Manager console installed on the Windows Server.
Press the Windows key and type "Hyper-V Manager" to search applications for Hyper-V Manager or open Hyper-V manager
from the Windows Start menu.
2. Select the server where you installed the virtual appliance.
3. Right-click the virtual appliance and select Settings.
4. From Settings, select IDE Controller 1 → DVD Drive, and select Media → Image file.
5. Browse to the .iso file and click OK.
6. In the virtual appliance window, click Start from the Actions menu.
Alternate upgrade options for a hardware appliance

Reimage an appliance using RMM virtual media
You can use a system that connects to a Remote Management Module (RMM) virtual media to reimage an appliance to the latest
version.

Before you begin

• Make sure that the RMM virtual media is connected to your network.
• Decide the IP address, subnet mask, and gateway IP address to use when configuring the RMM port.
• Make sure Java is installed on the computer that connects to the RMM virtual media.
• Locate the grant number you received after purchasing the product.
Task
1. Download the McAfee DLP Prevent .iso image file to the computer that connects to the RMM virtual media.
a. In a web browser, go to https://www.mcafee.com/us/downloads/downloads.aspx.
b. Enter your grant number, then select the appropriate product and version.
c. In the Software Downloads tab, select and save the appropriate *.iso file.
4. On the computer that connects to the RMM virtual media, open a web browser and enter:
https://<RMM IP address>
Use the administrator account credentials.
5. Select the .iso file and follow these instructions to reimage.
a. On the Remote Control tab, click Launch Console.
b. On the Device tab, select Redirect ISO and browse to the .iso file.
c. On the Remote Control tab, select Server Power Control → Power Cycle Server.
The appliance is reimaged using the .iso file. Wait for the installation to complete.
d. On the Device tab, disable Redirect ISO.
Caution
If you don't disable the Redirect ISO setting, the appliance is reimaged after the next reboot, removing your current
installation and returning the appliance to factory default.
Reimage an appliance using an external CD drive
You can use an external CD drive, which connects through USB to reimage an appliance to the latest version.
Before you begin

Make sure that the CD drive is made bootable.
Use an image writing software to write the ISO image (bootable image) to the external CD drive.
Task
1. Connect the CD drive with the bootable image to one of the USB ports on the appliance.

4. Press F6 to enter the boot menu.
5. From the boot menu options, select the CD drive where the appliance upgrades from.
The installation image starts loading. Wait until the install image gets unpacked and displays the Installation menu.
8. Follow the on-screen instructions to reimage the appliance.
9. When the reimaging is complete, remove the CD drive.
Caution
If you don't remove the CD drive, the appliance is reimaged from the CD drive after the next reboot, removing your
current installation and returning the appliance to factory default settings.
Make the USB storage devices bootable
Make sure that you allow all USB mass storage devices as bootable devices.
Task
3. Press F2 to enter the Setup menu.
4. Navigate to the Advanced settings page and select USB Configuration.
5. Select the option to allow all USB mass storage devices as bootable devices.
6. Press F10 to save and exit the USB configuration page.
Reimage an appliance using a USB drive
You can also copy the installation image onto a USB drive and reimage an appliance to the latest version.
Before you begin

Make sure that the USB drive is made bootable.
Task
1. Create a USB drive with the installation image.
Note
Use image writing software, such as Launchpad Image Writer, to write the image to the USB drive. Use the "raw", "DD",
or "ISOHybrid" image mode when writing to a USB drive, else the installation might fail. For more information, see
KB87321.
2. Insert the USB drive into the appliance.


5. Press F6 to enter the boot menu.
6. From the boot menu options, select the USB drive where the appliance reimages from.
The installation image starts loading. Wait until the image gets unpacked and displays the Installation menu.
9. Follow the on-screen instructions to reimage the appliance.
10. When the reimaging is complete, remove the USB drive.
Caution
If you don't remove the USB drive, the appliance is reimaged from the USB drive after the next reboot, removing your
current installation and returning the appliance to factory default settings.

8| Maintenance and troubleshooting installation
Maintenance and troubleshooting installation

Managing with the McAfee DLP appliance console
Use administrator credentials to open the appliance console to edit the network settings that you entered in the Setup Wizard,
and to perform other maintenance and troubleshooting tasks.
Note
Secure Shell (SSH) is primarily controlled from McAfee ePO. When a policy is pushed, the McAfee ePO settings take priority,
overriding any SSH setting enabled through the local appliance console.
To perform the appliance maintenance and troubleshooting tasks, you can use these appliance console menu options:
Appliance console menu options
Option Definition
Graphical configuration wizard Open the graphical configuration wizard.
Note: If you log on using SSH, the graphical

configuration wizard option is not available.
Shell Open the appliance shell.
Enable/Disable SSH Enable or disable SSH as a method of connecting to

the appliance.
MER and Diagnostic tests Create a Minimum Escalation Report (MER) to send
to Technical Support to diagnose problems with the
appliance or run diagnostic tests:
• Basic LDAP Tests

• LDAP NetBIOS Tests
• Evidence Share Tests
Power down Shut down the appliance.
Reboot Restart the appliance.

Option Definition
Upgrade You can perform one of these actions:
• Upgrade to the latest version of the appliance

using the internal install image.
• Update the internal install image from external
devices like a CD or USB.
• Copy the internal install image to a USB flash
device.
• Check the current version of the internal install
image.
Reset to factory defaults Reset the appliance to its factory default settings.
Change password Change the administrator account password.
Logout Log off from the appliance.
You can add your own text to appear on the top of the appliance console or SSH logon screen using the Custom Logon Banner
option in McAfee ePO (Menu → Policy Catalog → DLP Appliance Management → General).
Accessing the appliance console

The appliance console allows you to perform various maintenance tasks. There are different ways to access the console
depending on the type of appliance you have.
Methods for accessing the console
Method Virtual appliance Hardware appliance
SSH X X
vSphere client X
Hyper-V console X
Local KVM (keyboard, monitor, X

mouse)
RMM X

Method Virtual appliance Hardware appliance
Serial port X
Change original network settings

You can use the graphical configuration wizard to change network settings that you entered during the installation process.
Task
1. Log on to the appliance with administrator credentials.
Note
If you log on using SSH, the graphical configuration wizard option is not available.
2. Open the graphical configuration wizard.

3. Edit the Basic Network Setup settings that you want to change.
4. Click Finish.
Modify speed and duplex settings for hardware appliances

By default, the network interfaces are configured for auto-negotiation. Use the command line to change the speed and duplex
settings.
Task
1. Using a command-line session, log on to the appliance.
2. From the options menu, select the Shell option.
3. View the help on forming the command.
$ /opt/NETAwss/mgmt/nic_options -?
• Use lan1 for the client interface and mgmt for the management interface.
• --(no)autoneg turns auto-negotiation on or off. The default is on.
• --duplex specifies the duplex — half or full. The default is full.
• --speed specifies the network speed in Mb/s — 0, 100, or 1000. The default is 1000.
• --mtu specifies the Maximum Transmission Unit (MTU) size in bytes — a value between 576–1500. The default is
1500.
4. Enter the command to change the setting. Examples:
• To disable auto-negotiation and set a network speed of 100 Mb/s on the client interface: $ sudo /opt/NETAwss/
mgmt/nic_options --noautoneg --speed 100 lan1
• To restore the default behavior to the management port: $ sudo /opt/NETAwss/mgmt/nic_options mgmt

Troubleshoot installation
Contact Technical Support if the installation fails.
Task
1. Verify the network connection is working and any configured static routes are correct.
2. Ping the default gateway and McAfee ePO from the appliance console.
3. If the problem persists, contact Technical Support for assistance. Do not perform the installation again.
When you contact Technical Support, make sure you know the primary serial number of the appliance. You can find the
serial number on the product name sticker on the delivery packaging, the sticker on the bottom-left of the top panel. You
can also find it on the sticker on the pull-out tray on the front panel.
Restart the appliance

Shut down and restart McAfee DLP Prevent.
Task
Reset the appliance to its factory defaults

Return the appliance to its original settings.
You will have to reconfigure network configuration settings.
Task
The general console menu opens.
2. From the general console menu, press the Reset to factory defaults option.
Log off the appliance

Close the logon session and return to a logon prompt.
Task
The general console menu opens.
2. From the general console menu, press the Logout option.
Either the SSH session closes, or the console returns to the logon prompt.

9| McAfee DLP Capture Storage Array
McAfee DLP Capture Storage Array

To run the DLP Capture feature on a DLP 6600 appliance, connect the DLP 6600 appliance to an external storage device, known
as the McAfee DLP Capture Storage Array. McAfee DLP Capture Storage Array is shipped with a RAID controller and its backup
unit (super capacitor). Identify the hardware components of these items before setting up the capture storage system.
Caution
Before you install the RAID controller, make sure that you shut down the appliance. Turn off the appliance and unplug
the power cords from the power supply. Make sure that you fasten the electrostatic discharge (ESD) wrist strap to ground
yourself to the chassis.
For a non-capture compliant appliance, after installing the storage hardware, upgrade the appliance software using the latest
version to enable the DLP Capture feature.
For more information about the McAfee DLP Capture Storage Array setup and installation, see the McAfee Data Loss Prevention
Prevent Hardware Guide.

COPYRIGHT
Copyright © 2022 Musarubra US LLC.
Trellix, FireEye and Skyhigh Security are the trademarks or registered trademarks of Musarubra US LLC, FireEye Security Holdings US LLC and
their affiliates in the US and /or other countries. McAfee is the trademark or registered trademark of McAfee LLC or its subsidiaries in the US
and /or other countries. Other names and brands are the property of these companies or may be claimed as the property of others.

Mcafee Data Loss Prevention Prevent 11.1.x Installation Guide 11-1-2022

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mcafee Data Loss Prevention Prevent 11.1.x Installation Guide 11-1-2022

Uploaded by

Copyright:

Available Formats

McAfee Data Loss Prevention Prevent

11.1.x Installation Guide

McAfee DLP implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Which type of installation do you need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

First-time installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Upgrade installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Optional deployment scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Cluster installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

McAfee DLP Prevent cluster installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Deploying McAfee DLP appliances in clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Installation workflow for applying rules to specific users and groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Protecting sensitive documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

DLP Capture setup workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Planning your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Planning your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Considerations for scalability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Things to do before installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Interaction with other McAfee products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Hardware and software requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Download product extensions and installation files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Virtual appliance installation download package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Install software for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Install the extension using Software Catalog (Software Manager). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Install the extensions manually in McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

License McAfee DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Configure network information in McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Applying backward compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Install your McAfee DLP Prevent appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Deploying and installing a virtual appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Deploy the appliance software in a VMware environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Deploy the appliance software in Hyper-V virtual environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Deploying and installing a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Connect your appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Serial console settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Deploy the appliance software on a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Install the appliance software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Configuring the appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

High level post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Scenario based post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Set up a cluster of McAfee DLP Prevent appliances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Enable FIPS 140-2 mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Connect to an evidence server outside your firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Retrieve and synchronize information from registered LDAP servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Specify the server for registered documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Use case: Configure Email Gateway to process analysis results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Redirect email to McAfee DLP Prevent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Integrating McAfee DLP Prevent in your web environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Integrate with Web Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Enable secure ICAP connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Enable DLP Capture settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Managing hardware appliances with the RMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Configure the RMM from BIOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Configure the RMM from appliance console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Run the Setup Wizard using the remote KVM service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Best practice: Securing the RMM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Upgrade to a new appliance software version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Prerequisites for upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Upgrading the appliance software version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Upgrade using the internal installation image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Alternate upgrade option for a virtual appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Upgrade an appliance in a VMware environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Upgrade an appliance in a Hyper-V environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Alternate upgrade options for a hardware appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57