cancel
Showing results for 
Search instead for 
Did you mean: 
amitbd
Level 7
Report Inappropriate Content
Message 1 of 4

General Questions

Hi,

I get a few questions about NSP:

 

1. do you configure DATABASE TUNING automated tuning?

2. is there any IPS policy recommendation for DMZ? I know that there is an ATTACK POLICY SET for DMZ. I want to know if is there anything else?

3. is there an option to upgrade an unmanaged Sensor without TFTP?

4. can I configure the NSP in "Detect Mode" ?I want to configure the NSP in a detect mode for two weeks and then change it to Prevent Mode

 

Thank you very much !

3 Replies
Highlighted

Re: General Questions

Hi amitbd,

1. While there is an option to implement automated tuning, it is up to you if you want to use it.
I prefer to run tuning manually by switching to our secondary manager while tuning our primary manager, then tuning the secondary once the primary is back up.

3. We have found tftp to be too slow, following advice from mcafee, we used scp server to upload the image and ran the upgrade from the sensor command line via ssh.
Follow the steps in this article, replacing tftp with scp, CLI Guide contains details on this also.
https://kc.mcafee.com/agent/index?page=content&id=KB59403

I'll have a look at our setup for DMZ policy & 'detect mode' settings tomorrow.

--CR

amitbd
Level 7
Report Inappropriate Content
Message 3 of 4

Re: General Questions

Hi,

1 and 3 - thank you, I got it.

2 and 4 - i'm waiting for your update.

 

Amit

Reliable Contributor mjesmer
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: General Questions

#4: You can apply a non-blocking Policy to the sensor and it will do detection only. When ready to move to a prevention stance apply the Blocking Policy.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator