cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
amardeep
Level 9
Report Inappropriate Content
Message 1 of 6

Need to Add a scan engine.

Jump to solution

Hello Team,

I am new to Mcafee VM. We have existing Foundstone 7.0.5 infrastructure with one scan engine. I have to add a additional scan engine to share the scanning load. Could someone provide me with a document with step by step process to add a scan engine to existing infrastructure.

-- We have all software based VM's with no appliance.

-- Also our current scan engine is running on Windows 2003 server. Can we add another scan engine on windows 2008 server base and still have both scan engine work properly in existing infrastructure ?

Thanks in Advance.

Amar Deep Singh

Mckinsey&Company

1 Solution

Accepted Solutions
dmease729
Level 11
Report Inappropriate Content
Message 2 of 6

Re: Need to Add a scan engine.

Jump to solution

Hi Amardeep,

With regards to adding a scan engine, as long as the minimum system requirements are met

(browse to https://secure.nai.com/apps/downloads/my_products/login.asp?region=us&segment=enterprise and enter your grant number to access documentation), then all you need to do is run the Vulnerability Management executable file on the machine you want to be a scan engine, select advanced install, and only select the scan engine and scan controller components - during the remainder of the install you will be prompted to specify the IP/port details for the configuration manager and the database (DB credentials for faultline DB will also be needed).  When the install completes, you should be able to see the host listed in Foundstone Configuration Manager on your management server (whether is is automatically trusted or not will depend upon your FCM preferences, also configured from the FCM console on the management server).

Hope this helps, let me know!

View solution in original post

5 Replies
dmease729
Level 11
Report Inappropriate Content
Message 2 of 6

Re: Need to Add a scan engine.

Jump to solution

Hi Amardeep,

With regards to adding a scan engine, as long as the minimum system requirements are met

(browse to https://secure.nai.com/apps/downloads/my_products/login.asp?region=us&segment=enterprise and enter your grant number to access documentation), then all you need to do is run the Vulnerability Management executable file on the machine you want to be a scan engine, select advanced install, and only select the scan engine and scan controller components - during the remainder of the install you will be prompted to specify the IP/port details for the configuration manager and the database (DB credentials for faultline DB will also be needed).  When the install completes, you should be able to see the host listed in Foundstone Configuration Manager on your management server (whether is is automatically trusted or not will depend upon your FCM preferences, also configured from the FCM console on the management server).

Hope this helps, let me know!

View solution in original post

amardeep
Level 9
Report Inappropriate Content
Message 3 of 6

Re: Need to Add a scan engine.

Jump to solution

Perfect Reply. Thanks a ton.

-Amardeep

mjmurra
Level 12
Report Inappropriate Content
Message 4 of 6

Re: Need to Add a scan engine.

Jump to solution

I'm quite confused about this, and the documentation isn't really helping as it says multiple different things.

I am planning to put a new scan engine in a [public facing] DMZ, so need to ensure I only install what is required.

Can someone confirm the following:

Scan Engine only can be installed (Is the Scan controller absolutely essential?)

I need to open up 1433 <one way> from the scan engine to the SQL database (is this required if there is no scan controller?)

I need to open up ports 8301, 8302, 8303 <one way> from the scan engine to the FCM server.

As I said, all of the documentation I am reading says different things - very, very confusing.

dmease729
Level 11
Report Inappropriate Content
Message 5 of 6

Re: Need to Add a scan engine.

Jump to solution

Hi,

Check out my post https://community.mcafee.com/message/201796 - the documentation isnt easy to follow sometimes.  Note that the 2100 appliance is a scan engine appliance, and by default has both the scan engine and scan controller, but you can just install the scan engine component itself (it can be configured to communicate with the scan controller on your current management server).  The scan controller is a relatively new component that was introduced in 6.8 - to understand the interactions, I think Jeff Haynes answered my query perfectly in the above query.

Hope this helps,

mjmurra
Level 12
Report Inappropriate Content
Message 6 of 6

Re: Need to Add a scan engine.

Jump to solution

Great advice, and thanks for the link (and background). I think the change in behaviour between pre-6.8 and 7 is causing the confusion in some documentation.

Message was edited by: mjmurra on 1/04/12 2:08:37 AM
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community