1 Reply Latest reply: May 7, 2013 12:22 PM by gene33 RSS

    7.1 vs 7.5 - Thoughts for New Deployment

    dt1

      At the time of this post, the current releases are: 7.1.3.5 (NSM) and 7.1.5.7 (NSP); and 7.5.3.11 (NSM) and 7.5.3.16 (NSP).

       

      I am planning a new large deployment for a customer.  I have experience with 7.1.x but considering 7.5.x.  However I do not have any experience with 7.5 other than the McAfee provided documentation and blog posts.  I believe 7.5.x to be relatively new and released early 2013, however have not officially confirmed the date.

       

      From what I can tell, 7.5. has added new botnet and malware scanning capabilities, as well as redesigned much of the NSM interface.  I noted many other changes/enhancements as well.

       

      Therefore I am curious how the general feeling is thus far regarding 7.5.  7.1 is mature and I'd be confident that a stable, reliable platform would be deployed.  However a couple of the new features of 7.5 make it an intriguing version.

       

      Have folks started upgrading or planning for a 7.5 upgrade?  Have there been any stability/reliability issues encountered thus far?  Any thoughts, opinions, vents would be appreciated!

       

       

        • 1. Re: 7.1 vs 7.5 - Thoughts for New Deployment
          gene33

          I have done a 7.5 migration from 7.1.  It did not go nearly as smooth as I had hoped.

           

          First issue was that McAfee AV (which comes built into all of our servers by default) was interfering with the NSM.  It didn't show up in any logs that it was doing so, but after excluding everything in the NSM installation directory those issues ceased. 

           

          Second issue is that the NSM UI doesn't fully work in IE for me.  Not a huge deal, I switched to using Chrome and that works fine.  The issue is that clicking on an alert in the dashboard brings you to an empty Analysis page.

           

          Third issue is that you can only rename an interface once.  After that I get an error message stating that it doesn't exist anymore.  I have an open ticket with platinum support on that still.  (The interface works and everything, but you can't rename it again if you decide you don't like what you called it the first time.  I rename all my interfaces so I don't just have a bunch of 1A-1B in the logs, I would rather see "Internet DMZ" or something similar)

           

          Fourth issue, when using the RTA applet you can't open packet captures if you are on the latest java version (which you should be).  Workaround is to make sure wireshark is installed in the root of your C: drive.

           

          Other smaller issues found, I am on version 7.5.3.11.6 now, make sure you get this version.

           

          Other than that stuff I like 7.5 more than 7.1 for sure.  The botnet and malware components are nice to have and have identified a couple of issues already.  The High Risk Hosts page is interesting as it identifies internal hosts that are causing issues as well as the usual GTI stuff.