Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
541 Views 1 Reply Latest reply: May 7, 2013 12:22 PM by gene33 RSS
dt1 Newcomer 12 posts since
Apr 17, 2013
Currently Being Moderated

Apr 25, 2013 7:55 AM

7.1 vs 7.5 - Thoughts for New Deployment

At the time of this post, the current releases are: 7.1.3.5 (NSM) and 7.1.5.7 (NSP); and 7.5.3.11 (NSM) and 7.5.3.16 (NSP).

 

I am planning a new large deployment for a customer.  I have experience with 7.1.x but considering 7.5.x.  However I do not have any experience with 7.5 other than the McAfee provided documentation and blog posts.  I believe 7.5.x to be relatively new and released early 2013, however have not officially confirmed the date.

 

From what I can tell, 7.5. has added new botnet and malware scanning capabilities, as well as redesigned much of the NSM interface.  I noted many other changes/enhancements as well.

 

Therefore I am curious how the general feeling is thus far regarding 7.5.  7.1 is mature and I'd be confident that a stable, reliable platform would be deployed.  However a couple of the new features of 7.5 make it an intriguing version.

 

Have folks started upgrading or planning for a 7.5 upgrade?  Have there been any stability/reliability issues encountered thus far?  Any thoughts, opinions, vents would be appreciated!

 

  

  • gene33 Newcomer 35 posts since
    Jun 15, 2012
    Currently Being Moderated
    1. May 7, 2013 12:22 PM (in response to dt1)
    Re: 7.1 vs 7.5 - Thoughts for New Deployment

    I have done a 7.5 migration from 7.1.  It did not go nearly as smooth as I had hoped.

     

    First issue was that McAfee AV (which comes built into all of our servers by default) was interfering with the NSM.  It didn't show up in any logs that it was doing so, but after excluding everything in the NSM installation directory those issues ceased. 

     

    Second issue is that the NSM UI doesn't fully work in IE for me.  Not a huge deal, I switched to using Chrome and that works fine.  The issue is that clicking on an alert in the dashboard brings you to an empty Analysis page.

     

    Third issue is that you can only rename an interface once.  After that I get an error message stating that it doesn't exist anymore.  I have an open ticket with platinum support on that still.  (The interface works and everything, but you can't rename it again if you decide you don't like what you called it the first time.  I rename all my interfaces so I don't just have a bunch of 1A-1B in the logs, I would rather see "Internet DMZ" or something similar)

     

    Fourth issue, when using the RTA applet you can't open packet captures if you are on the latest java version (which you should be).  Workaround is to make sure wireshark is installed in the root of your C: drive.

     

    Other smaller issues found, I am on version 7.5.3.11.6 now, make sure you get this version.

     

    Other than that stuff I like 7.5 more than 7.1 for sure.  The botnet and malware components are nice to have and have identified a couple of issues already.  The High Risk Hosts page is interesting as it identifies internal hosts that are causing issues as well as the usual GTI stuff.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points