Beruflich Dokumente
Kultur Dokumente
version 8.1.2
This document provides information about McAfee Firewall Enterprise version 8.1.2, including download and installation instructions.
You can find additional information by using the resources listed in the following table.
Table 1 Product resources Resource Online Help McAfee Technical Support ServicePortal Location Online Help is built into Firewall Enterprise. Click Help on the toolbar or from a specific window. Visit mysupport.mcafee.com to find: Product updates Product installation files Product documentation KnowledgeBase Product announcements Technical support
Visit go.mcafee.com/goto/updates to download the latest Firewall Enterprise patches. 1 In a web browser, navigate to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version.
In this document ... About this release Requirements Enhancements Resolved issues Unsupported features on Crossbeam X-Series Platforms Known issues Upgrade a version 8.1.1 firewall to version 8.1.2
Installation options
The following Firewall Enterprise versions can be directly upgraded to version 8.1.2: 8.1.1 For upgrade instructions, see Upgrade a version 8.1.1 firewall to version 8.1.2 in this document. 7.0.1.02 For upgrade instructions, see the McAfee Firewall Enterprise Migration Guide, version 7.0.1.02 to 8.1.2.
For more information, see the following resources: To find the latest information on the McAfee firewall products and versions that Firewall Enterprise supports, refer to KnowledgeBase article KB67462. To learn about these products and how they interoperate with Firewall Enterprise, refer to the Using McAfee Firewall Enterprise with Other McAfee Products Application Note.
Requirements
Requirements
Before you install version 8.1.2, make sure the Admin Console and Firewall Enterprise requirements are met.
Note: If you plan to use features such as virus scanning or sendmail, increase the allocated memory to 1024 MB. Internet connectivity The firewall requires a persistent Internet connection to maintain an active license and full functionality.
Enhancements
Table 3 Minimum requirements by Firewall Enterprise type (continued) Firewall type Firewall Enterprise on Riverbed Services Platform Platform requirements Riverbed Steelhead appliance that meets the following requirements: Firewall Enterprise on Crossbeam X-Series Platforms RiOS version 6.0 or later RSP version 6.0 or later installed and licensed Available RSP slot 512 MB of free memory 28 GB of free disk space Chassis X60 or X80-S XOS version 9.5.3 or later Control Processor Module CPM-9600 Application Processor Module APM-9600 At least one local disk (RAID 0 and RAID 1 disk configurations are supported; two-disk, non-RAID configurations are not supported) 12 GB of memory
Enhancements
This release includes the following enhancements.
Admin Console
Enhances the access control rule Interactions tab on the Rules: Rule Properties window: Allows access control rule interactions to be viewed before the rule is saved Displays the IP protocol in the Ports column for protocols that are not TCP or UDP Displays interactions in a manner consistent with McAfee Firewall Enterprise Control Center
Displays ToolTips for application categories Displays a more informative error message when handling deprecated applications
Policy
Improves performance when saving a new access control rule in complex rule sets
Resolved issues
Resolved issues
This release resolves the following issues.
Firewall-hosted DNS
Resolves BIND vulnerability CVE-2011-1910
High Availability
Improves policy synchronization reliability between cluster firewalls
Interfaces
Resolves several issues for VLAN interfaces associated with NIC groups Resolves an ARP response issue for VLAN interfaces
Policy
Corrects an endpoint intersection problem between the <Any V4> endpoint and host or domain endpoints when IPv6 is enabled Relaxes overly strict NAT validation Resolves validation for upstream HTTP proxies that are configured but not enabled
sendmail
Enhances sendmail stability
SNMP proxy
Enhances SNMP proxy stability
System
Allows Passive Passport to send a larger number of user groups to McAfee SmartFilter
Improves handling of sessions that are closed during initiation Resolves a problem that could prevent the operating system from saving a kernel memory image to disk for diagnostic purposes Resolves a problem that could prevent NAT from working when Preserve source port was enabled
Hybrid mode (configuring standard and transparent mode on the same firewall) Transparent (bridged) mode for these configurations: Dual-Box High Availability Multi-application serialization
Known issues
For information about known issues for Firewall Enterprise version 8.1.2:
1 Visit mysupport.mcafee.com. 2 Log on with your user ID and password. The ServicePortal homepage appears with a welcome
message at the top. If you do not have an account but have received a grant number: In the User Login section, click New User. Complete the information and follow the prompts to set up your account. If you do not have an account or grant number, contact Customer Service.
3 In the Self Service section, click Search the KnowledgeBase. The KnowledgeBase welcome page
appears.
4 In the Ask a Question section, type KB71897, then click Ask. The KnowledgeBase article appears
Note: To upgrade a High Availability cluster, upgrade the secondary/standby firewall first, then upgrade the primary firewall.
A successfully loaded message appears, and the package status changes to Loaded.
Manually load the package If your firewall is not connected to the Internet, use a web browser to download the package, then manually load the package on the firewall.
1 Use a web browser to download the 8.1.2 package. a Go to go.mcafee.com/goto/updates. b Scroll down to the McAfee Firewall Enterprise Upgrades and Patches entry for version 8.1.2, then
click Download.
c
d Click Download Patch for version 8.1.2. 2 Place the 8.1.2 file where the firewall can access it. Choose one of these options:
Local FTP site Place the package on an FTP site that the firewall has access to. HTTPS website Place the package on an HTTPS website that the firewall has access to. CD Place the package in a /packages directory on a CD, then insert the CD into the firewall CD-ROM drive. Directory on the firewall Use SCP to copy the package to the /home directory of your firewall administrator account.
Note: To transfer files to the firewall using SCP, SSH access must be enabled on the firewall.
3 In the Admin Console, select Maintenance | Software Management, then click the Download
FTP Select if you placed the package on a local FTP site HTTPS Select if you placed the package on an HTTPS website CDROM Select if you created a CD that contains the package File Select if you copied the package to your home directory on the firewall
b In the Packages field, type 8.1.2. c
d Click OK. A confirmation message appears. 6 Click Yes. The firewall loads the package from the specified location. When the operation is complete,
a message appears.
7 Click OK. 8 Verify that 8.1.2 is loaded on your firewall. a Click the Manage Packages tab. b Verify that the Status of the 8.1.2 package is Loaded on <date>.
A warning appears stating that the firewall will restart after the patch is installed.
5 Click Yes.
The package is installed, then an Error message appears stating that the connection to the server has been lost.
6 Click OK.
The Admin Console update downloads, then a message appears asking if you want to install the package now.
3 Click Yes.
The Admin Console closes and the InstallShield Wizard window appears.
4 Click Next.
A progress bar appears while the Admin Console update installs. When the installation completes, the Update Complete window appears.
5 Click Finish. The Admin Console opens.
If the patch status is still Loaded, call technical support. You can also click View Package Details or View Log to see information about the installation. The patch is now installed.
Patch rollback
If the installed patch does not work to your satisfaction, you can use the Rollback feature to restore the firewall to a previous state.
Caution: If you use the Rollback feature, any configuration changes made after the patch was installed are lost. Therefore, rolling back is a recommended recovery option for only a short time after a patch installation. Note: A rollback always requires a restart.
10
For instructions, see the McAfee Firewall Enterprise Control Center Product Guide.
11
For support information, visit mysupport.mcafee.com. Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. 700-3271A00
12