cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
palex
Level 11
Report Inappropriate Content
Message 1 of 5

Network DLP didn't see traffic

Jump to solution

Good day.
Please help me in solving the problem.
 
We have installed server Network DLP (Manager, Monitor, Prevent, Discover) on a VM (esxi) in accordance with the instructions (user manuals). Virtual switch VM mode of operation and the traffic is completely duplicated on all their interfaces. Duplication of traffic we tested on a VM (esxi) with windows. As a result, Network DLP only sees traffic from servers DLP. The rest of the traffic is not visible.
What do we do?

Kind regards.

1 Solution

Accepted Solutions
palex
Level 11
Report Inappropriate Content
Message 5 of 5

Re: Network DLP didn't see traffic

Jump to solution

Hi, all!

Anyone who is just beginning to install and configure NDLP, I recommend to view the following video:

https://www.youtube.com/watch?v=XOjTwlyo4Yw

Installing NDLP (any device) on a virtual machine will be extremely difficult without the installation instructions on the VM from McAfee. This instruction is not in free access, technical support (Gold) will not assist in the installation NDLP on a VM. Therefore, the solution of the puzzle called "instructions, which is not in freely accessible" everyone decides for themselves.


Regards.

View solution in original post

4 Replies
tonyw
Level 12
Report Inappropriate Content
Message 2 of 5

Re: Network DLP didn't see traffic

Jump to solution

How is the data being provided to the NDLP instances?

Prevent will require a web proxy (MWG) or email proxy (MEG) to send the data over to be inspected.

Discover requires a scan to be configured via the Manager to target a location with data (file share, http, database) to pull data from.

Monitor needs eth2 or eth3 set to span or tap traffic from the switch in order to see it.

palex
Level 11
Report Inappropriate Content
Message 3 of 5

Re: Network DLP didn't see traffic

Jump to solution

Thanks, tonyw!

I don't know how I can run Prevent and Monitor.

I have virtual switch which is switched to the operation mode of the hub and the traffic is completely duplicated.

I install all network applianses to VM esxi. I set eth2 to Monitor.

What do I need else?

tonyw
Level 12
Report Inappropriate Content
Message 4 of 5

Re: Network DLP didn't see traffic

Jump to solution

For Monitor I assume all of your traffic flows are on an internal address space. In the Manager web GUI, go to "SYSTEM - System Administration - Capture Filters".  Under the Monitor's name, there's a Network Filters section.  The first one should be "Ignore-RFC1918".  Click the "X" at the far right to remove it. 

By default the internal network traffic is ignored to minimize chatter.  Note: you won't be able to see any encrypted traffic unless you're terminating ssl over a proxy before it's passed to the Monitor.

palex
Level 11
Report Inappropriate Content
Message 5 of 5

Re: Network DLP didn't see traffic

Jump to solution

Hi, all!

Anyone who is just beginning to install and configure NDLP, I recommend to view the following video:

https://www.youtube.com/watch?v=XOjTwlyo4Yw

Installing NDLP (any device) on a virtual machine will be extremely difficult without the installation instructions on the VM from McAfee. This instruction is not in free access, technical support (Gold) will not assist in the installation NDLP on a VM. Therefore, the solution of the puzzle called "instructions, which is not in freely accessible" everyone decides for themselves.


Regards.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community