7 Replies Latest reply on Aug 6, 2017 11:53 AM by d_aloy

    NSP version 9.1

    peter.mason

      Has anyone moved to NSP v9.1 yet?

       

      If so how did you find the upgrade? Any issues or recommendations?

       

      Thanks

       

      Peter

        • 1. Re: NSP version 9.1
          lubomir.cerny

          Still reading docs :-)

          • if you are upgrading from versions 8.2 (EOL) or 8.3, you must activate ports 8501, 8502, and 8503 for Sensor-Manager communication. For more information, refer to the section Migration from SHA1 to SHA256 signing algorithm  in the McAfee Network Security Platform 9.1 Installation Guide.

           

          I would start with DB purge + DB optimalize records below 1M before upgrade between major releases.

           

          Update: Based on McAfee Corporate KB - Network Security Platform 9.1.x Known Issues KB88813 I will pospone migration as we have some sensors with critical issues.

          1 of 1 people found this helpful
          • 2. Re: NSP version 9.1
            mjesmer

            We moved over in our lab, there is a known database tuning issue in 8.3 where the App_viz table doesn't always get tuned correctly. They have a hotfix for 8.3 but no fix in 9.1 and the issue is present in 9.1. There are 3 other tables I just can't remember their names.

             

            Regards,

            Matthew

            3 of 3 people found this helpful
            • 3. Re: NSP version 9.1
              d_aloy

              Hi Peter

               

              My understanding is that the main reason for 9.1 to be released was the need for McAfee to have a supported IPS solution for AWS.  I would need to double check the release notes but I don't believe there are many new features on the NSM or sensors (I remember something about compressed http response traffic I think), and I was told maybe some of the NTBA dashboards/data accessibility were back, but a quick look at the lab install didn't show anything 'new'.

               

              Based on my experience, unless you really, really, really MUST have one of the new features - or maybe a HF - only available on the 9.1 base release, I would not upgrade any production installation to that release. I would say it's always better to wait for MR1 to be out, as the main/obvious bugs/issues expected on any major release will have been addressed at that point.

               

              Current known issues:

              McAfee Corporate KB - Network Security Platform 9.1.x Known Issues KB88813

               

              So back to your question Peter,  and as I said above: I would suggest any prod kit to be kept in the current release unless an upgrade is mandatory because of a critical issue where the fix is only available on 9.1 or if you need NSP sensors in AWS.

               

              Just my two cents.

               

              HTH and have a good weekend

               

              Cheers

              David

              1 of 1 people found this helpful
              • 4. Re: NSP version 9.1
                peter.mason

                Hi Lubomir,

                 

                I normally purge the whole DB if the upgrade is going to require any data migration scripts to be run.

                 

                I try to regularly tune and backup the DB and will do both before an upgrade.

                 

                Have you experienced any of the critical issues or are you just going by the release notes?

                 

                Thanks

                 

                Peter

                • 5. Re: NSP version 9.1
                  peter.mason

                  Hey Matt,

                   

                   

                  What's the impact of the App_viz table not getting tuned?

                   

                   

                  I normally only worry about the iv_alert and iv_data due to their size.

                   

                   

                  Thanks

                   

                   

                  Peter

                  • 6. Re: NSP version 9.1
                    peter.mason

                    Hey David,

                     

                    Like yourself I'm not on McAfee's early adopter list, 'll try to get it in to my test environment soon, but don't plan a production deployment until at least after MR1 has been out for long enough to be considered stable.

                     

                    I thought the 8.4 release was for AWS but it looks like it's incorporated into 9.1 so maybe that's a dead end too.

                     

                    I'm still waiting on an update on the future of 8.3, I haven't seen any EOL notices, so don't know when we'll have to move to 9.1. Have you heard anything on this yet?

                     

                    As for new features and releases this is what I was given;

                     

                    New Features

                     

                    See the release notes and product documentation for further details on new features listed below:

                     

                    • Controller High Availability (HA)
                    • Manager Disaster Recovery (MDR) in an AWS environment
                    • Migration from SHA1 to SHA256 signing algorithm
                    • IDS Load Balancer
                    • Support for the 4-port RJ-45 10 Gbps/1 Gbps/100 Mbps interface module
                    • HTTP Response Decompression
                    • Datapath statistics for interface port
                    • Memory usage monitor
                    • Product integration enhancements

                     

                    Enhancements

                     

                    See the release notes and product documentation for further details on enhancements listed below:

                     

                    • On premises Manager managing Virtual IPS Sensors on AWS
                    • Central Manager UI redesign to migrate away from Java
                    • Grouping alerts in the Attack Log page
                    • Configuration option changes for custom attack signatures
                    • Option to remediate an endpoint which are manually quarantined
                    • Layer 7 data capture enhancements
                    • Increase in memory size for handling signature sets
                    • Multiple attachments extraction in SMTP
                    • Jumbo frame parsing
                    • VM (agent) Status Dashboard for AWS
                    • Shared secret key enhancement
                    • Licensing and Telemetry

                     

                    Keep us all in the loop if you hear anything.

                     

                    Thanks

                     

                    Peter

                    • 7. Re: NSP version 9.1
                      d_aloy

                      Hi Peter

                       

                      Thanks for sharing the notes.

                       

                      About 8.4, I don't have any information I'm afraid.

                       

                      About the EOL and release logic, McAfee changed their release cycle a while ago, so we are looking at 'main release' and 'feature release' builds.

                       

                      8.1, 9.1 are main releases and they should be supported for at least 2 years more or less.

                       

                      In between, they release the 'feature release' builds (8.2, 8.3, etc),  that contain the new features for the main release, but have a shorter support cycle - maybe 18 months top. Also, it is important to note that the HFs will always be included in the main release build (i.e. 9.1), but you may have to upgrade your feature release from 8.2 to 8.3 let's say to get HFs if you are in the feature release cycle.

                       

                      From the NSM point of view, this is not so important - I think -  as upgrading the manager is generally easier than upgrading the sensors (thinking about change management/risks/and people required to be involved for a sensor upgrade - network team, app team, etc  - to do post upgrade checks in the network).

                       

                      PD25515 and KB78795 have more details on this - even though I've been told this may change soon as they adopt the Agile method.

                       

                      Will let you know if I hear anything else.

                       

                      Regards

                      David

                      2 of 2 people found this helpful