McAfee GTI Proxy 1.0 InstallationGuide

McAfee GTI Proxy 1.0.
0 Installation Guide
COPYRIGHT
Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
For a complete list of third-party license attributions, see the license.txt file. This file is included at the root of the product download zip file and, in default installations, at: C:\Program Files\McAfee\<Product>
McAfee GTI Proxy Installation Guide
Contents
Using this guide ..............................................................................................5 Audience..................................................................................................5 Type conventions ......................................................................................6 Where to find documentation ............................................................................6 Downloading manuals from the McAfee ServicePortal ....................................6 McAfee GTI Proxy ............................................................................................8 GTI Proxy ................................................................................................8 GTI Proxy Appliance ..................................................................................8 System Requirements ......................................................................................9 Pre Installation Tasks..................................................................................... 10 Uninstalling GTI Server for ePO from managed nodes .................................. 10 Uninstalling GTI Server Appliance for ePO from managed nodes ................... 10 Removing GTI Server Appliance for ePO deployment package....................... 11 Removing GTI Server for ePO deployment package ..................................... 11 Removing GTI Server Appliance extension ................................................. 12 Removing GTI Server extension ................................................................ 12 Removing GTI Server Appliance from the System Tree ................................ 12 Installing GTI Proxy Appliance ........................................................................ 14 Deploying VMware Image ........................................................................ 14 Configure Network Settings ...................................................................... 14 Configuring Time zone ............................................................................. 16 Configuring the Date and Time ................................................................. 17 Installing McAfee Agent for Linux on GTI Proxy Appliance ............................ 17 Determining the Agent wake-up communication port................................... 18 Determining the Agent-to-server communication port ................................. 18 Installing GTI Proxy ....................................................................................... 19 Installing GTI Proxy Package .................................................................... 19 Deploying GTI Proxy Appliance plugin ........................................................ 19 Deploying GTI Proxy Agent plugin on managed nodes ................................. 20 Check GTI Proxy Appliance installed packages ............................................ 20 Uninstalling GTI Proxy ................................................................................... 22 Uninstall GTI Proxy Appliance plugin.......................................................... 22 Uninstalling GTI Proxy Agent from managed nodes ..................................... 22 Uninstall GTI Proxy package ..................................................................... 23 Restarting and shutting down GTI Proxy Appliance ............................................ 25 Restarting the GTI Proxy Appliance ........................................................... 25 Shut down the GTI Proxy Appliance ........................................................... 25 Configuring GTI Proxy Appliance ..................................................................... 26 Adding a GTI Proxy Appliance ................................................................... 26 Configuring GTI Cloud Server ................................................................... 27 Configuring tiered GTI Proxy Appliance access ............................................ 28 Configuring Performance Log Purging and Archiving .................................... 29 Configuring Performance Data Collection Interval ........................................ 30 Configuring GTI Proxy Agent........................................................................... 31 Configuring fallback servers for managed nodes ......................................... 31 Configuring fallback servers for sets of managed nodes ............................... 32 GTI Proxy Appliance Diagnostics ..................................................................... 34 Check General DNS Access....................................................................... 34 Check Resolution to GTI Servers in the Cloud ............................................. 34 Check GTI lookups from GTI Proxy Appliance ............................................. 35 Check GTI lookups using GTI Proxy Appliance ............................................ 35 Check appliance status using GTI Proxy Appliance....................................... 35 GTI Proxy Diagnostics .................................................................................... 37 Check GTI Proxy Agent managed nodes ..................................................... 37 Check GTI Proxy Agent configuration on managed nodes ............................. 37 Check GTI Proxy Appliance managed nodes ............................................... 38
Check GTI Proxy Appliance status ............................................................. 38 Check GTI Proxy Appliance configuration ................................................... 38 Reinstall McAfee Agent for Linux on GTI Proxy Appliance ............................. 39 Start GTI Proxy Appliance plugin ............................................................... 40 Start McAfee Agent for Linux .................................................................... 40
Preface
Using this guide
This guide helps network administrators install McAfee GTI Proxy software. It contains an overview of the product technology, concepts and architecture, as well as a detailed description of steps to install the McAfee GTI Proxy components. The guide includes these topics: Introduction and system components Installing McAfee GTI Proxy Configuring McAfee GTI Proxy Diagnostics and Trouble Shooting McAfee GTI Proxy
Audience
The information in this guide is intended primarily for two audiences: Security officers who are responsible for determining sensitive and confidential data and defining the corporate policy for protecting the companys intellectual property. Network administrators who are responsible for implementing and enforcing the corporate policy for protecting the companys intellectual property.
Type conventions
This guide uses these type conventions: Bold Condensed Words from the interface, including options, menus, buttons, and dialog boxes. The path of a folder or program; a code sample; text that the user types exactly, as in a command at the system prompt. Emphasis for a new term; book and chapter titles. Emphasis. Words from the product interface Angle brackets enclose a generic or replaceable term. Supplemental information, like an alternate method of accessing an option. Suggestions and recommendations. Important advice to protect your computer system, enterprise, software installation, or data. Important advice to prevent bodily harm when using a hardware product.
Courier
Italic Bold Blue <TERM> Note Tip Caution/Important
Warning
Where to find documentation

McAfee product documentation is designed for each phase of the products use.
Downloading manuals from the McAfee ServicePortal

To access the documentation for your McAfee products, use the McAfee ServicePortal. 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and, under Support by Reading, click Product Documentation. Select a Product. Select a Version. Select a product document. Product documentation by phase
2 3 4
McAfee documentation provides the information you need during each phase of product implementation, from installing a new product to maintaining existing ones. Depending on the product, additional documents might also be available. After a product is released, information regarding the product is entered into the online KnowledgeBase, available through the McAfee ServicePortal.
Installation
Before, during, and after installing the product Release Notes Installation Guide
Setup
Using the product Product Guide Online Help
Maintenance
Maintaining the software KnowledgeBase http://mysupport.mcafee.com under Self Service
Introducing McAfee GTI Proxy

McAfee GTI Proxy
McAfee GTI Proxy is a system that allows McAfee Virus Scan Enterprise (VSE) nodes to perform GTI system lookups from within the Enterprise Network without requiring direct access to the GTI Servers in the Cloud. The GTI Proxy system acts as a central controller within the enterprise to resolve GTI requests on behalf of the VSE nodes. The VSE nodes make the GTI request to the GTI Proxy system and the GTI Proxy system then makes the lookup to the GTI Servers in the Cloud. The GTI Proxy system uses the response to populate a local cache and then sends back the response to VSE nodes. The GTI Proxy system caches the response for a period as defined by the GTI Servers in the cloud. When the cache period expires, the next request for the information from the GTI Proxy system by VSE nodes causes another request to the GTI Servers in the Cloud and the cache to be updated. This mechanism keeps the GTI Proxy system synchronized with the GTI Server in the cloud. There are two parts to the McAfee GTI Proxy system: GTI Proxy (for setting up fallback servers on the managed VSE client nodes and for managing GTI Proxy Appliance) GTI Proxy Appliance (performs GTI lookups)
GTI Proxy
GTI Proxy is a combination of two ePO products, which is delivered as a single zip file GTI Proxy.zip. One is GTI Proxy, which configures VSE nodes on the enterprise network to communicate with specified GTI Proxy Appliance instances for resolving GTI system lookups. Another is GTI Proxy Appliance, which communicates with and manages the GTI Proxy Appliance machine on the enterprise network. The services it offers are Configuring the GTI Proxy Appliance to setup GTI cloud servers, managing specified Log files (Pull/Purge) on the server, managing the GTI Proxy process for querying its Status and also performing operations like Start, Stop etc. Along with this it provides reporting information on the GTI Proxy Appliance performance in the form of different graphs and charts.
GTI Proxy Appliance

The GTI Proxy Appliance is delivered as a VMware image to the Enterprise. The VMware host image is a CentOS 5.3 64-bit installation. A gtiproxy process is running on the system to service GTI requests. The following functionality is provided: Service GTI requests from VSE nodes on the Enterprise network Perform GTI lookup requests in the Cloud
Caching of GTI lookup Tiered support for multiple GTI Proxy Appliance configuration on the Enterprise network
System Requirements
Prerequisites of GTI Proxy Appliance: Item VMWare Convertor VMware Requirements Disk Memory CPU Prerequisites of GTI Proxy: McAfee ePolicy Orchestrator 4.5 VMware Converter Standalone 4.0.x VMware OVF Tool VMware Workstation 7.x VMware Workstation 6.x VMware Player 3.x VMware Server 1.x VMware Server 2.x VMware ESXi 4.0 VMware vCenter Server 2.5
Minimum of 35GB available Minimum of 2GB available 64-bit CPU
Prerequisites of GTI Proxy Agent managed nodes: McAfee Agent 4.5 McAfee VirusScan Enterprise 8.7 or later with DAT release version 5884 or later and 5400 Engine or later
Prerequisites of GTI Proxy Appliance managed nodes: McAfee Agent 4.5 for Linux
Pre Installation Tasks
This chapter describes the tasks to be performed, in case the RTS Version of the McAfee GTI Proxy (formerly know as McAfee GTI Server) is installed previously. The RTS Version must be uninstalled before installing Version 1.0 on the system.
Pre Installation Tasks

Use this task to uninstall the RTS version of the software. This will completely remove the RTS version of the software from the environment. When this section is complete successfully installation of GTI Proxy can commence.
Uninstalling GTI Server for ePO from managed nodes

Use this task to uninstall previously installed GTI Server for ePO from managed nodes. Note This task should be completed successfully for all nodes before progressing to the next task.
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Windows, Products and components as GTI_ SERVER for ePO 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
Uninstalling GTI Server Appliance for ePO from managed nodes

Use this task to uninstall previously installed GTI Server Appliance for ePO from managed nodes.
10
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI_ SERVER_APPLIANCE for ePO 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
Removing GTI Server Appliance for ePO deployment package

Use this task to remove the previously checked in GTI Server Appliance for ePO deployment package from the ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Master Repository. 3. Click the Delete link of the GTI_ SERVER_APPLIANCE package. 4. Click OK on the Delete Package page.
Removing GTI Server for ePO deployment package

Use this task to remove the previously checked in GTI Server for ePO deployment package from the ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Master Repository. 3. Click the Delete link of the GTI_ SERVER package. 4. Click OK on the Delete Package page.
11
Removing GTI Server Appliance extension

Use this task to remove the previously installed GTI Server Appliance extension from the ePolicy Orchestrator server. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Extensions. 3. Select the GTI Server Appliance for ePO extension file, then click Remove. 4. Select Force removal, bypassing any checks or errors, then click OK. 5. Select Menu | Reporting | Queries. 6. In the Groups, click on the arrow in front of the Shared Groups. 7. From the list that appears, select GTI Server Appliance. 8. Click Group Actions and select Delete Group. 9. Click on OK to confirm deletion of Query Group and All the queries inside this group.
Removing GTI Server extension

Use this task to remove the previously installed GTI Server extension from the ePolicy Orchestrator server. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Extensions. 3. Select the GTI Server for ePO extension file, then click Remove. 4. Select Force removal, bypassing any checks or errors, then click OK.
Removing GTI Server Appliance from the System Tree

Use this task to remove the GTI Server Appliance system from the System Tree within ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree. 3. Click the checkbox for the GTI Server Appliance system (default name of mfegtiserver). 4. Select Actions | Directory Management | Delete, then click OK.
12
13
Installing GTI Proxy Appliance

This chapter describes how to install GTI Proxy Appliance using VMware. To use this chapter effectively you need to be familiar with VMware and basic UNIX shell interaction.
Installing GTI Proxy Appliance

This chapter describes how to install GTI Proxy Appliance using VMware and McAfee ePolicy Orchestrator management software. To use this chapter effectively you need to be familiar with VMware and ePolicy Orchestrator.
Note This document does not provide detailed information about installing or using ePolicy Orchestrator or VMware software. See the VMware and McAfee ePolicy Orchestrator product documentation for more information.
Deploying VMware Image

GTI Proxy Appliance is delivered as a VMware image to the Enterprise. Installation instruction for an existing VMware image as specified by the version of VMware installed in the Enterprise should be followed to install GTI Proxy Appliance. The version must be one of those as specified in the system requirements of this document. The VMware image is delivered as an .ova file. This is a single file bundled image. It must be converted to the VMware flavor of choice as defined by the prerequisites in this document. To convert the ova file use VMWare convertors mentioned in the system requirements section. Using a .ova file allows a single deliverable while satisfying multiple VMware product requirements using the conversion process.
Configure Network Settings

The GTI Proxy Appliance has DHCP network configuration by default. Use this section to configure the GTI Proxy Appliance to use static or DHCP network configuration.
Configuring DHCP Addressing

Use this task to setup DHCP network configuration. Prerequisites Hostname for the GTI Proxy Appliance. Domain name for the GTI Proxy Appliance.
14
Note At any time use the Cancel options to abort the task. Task 1. Log on to the GTI Proxy Appliance as the user gtip.
2. Type in the command sudo /usr/sbin/system-config-network, then press Enter. 3. Select Edit a device params, then press Enter. 4. Select eth0 (eth0), then press Enter. 5. Select Use DHCP. 6. Select OK, then press Enter. 7. Select Save, then press Enter. 8. Select Edit DNS configuration, then press Enter. 9. Select Hostname. 10. Type in the Hostname.Domain from the prerequisites. 11. Select OK, then press Enter. 12. Select Save&Quit, then press Enter. 13. Type in the command sudo /sbin/shutdown r now, then press Enter. The GTI Proxy Appliance will restart with the changes applied.
Configuring Static Addressing

Use this task to setup static network configuration. Prerequisites Hostname for the GTI Proxy Appliance. Domain name for the GTI Proxy Appliance. IP Address for the GTI Proxy Appliance. Subnet mask for IP Address. IP Address for the default gateway used by the GTI Proxy Appliance. IP Addresses of the DNS servers used by the GTI Proxy Appliance.
Note At any time use the Cancel options to abort the task.
15
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/sbin/system-config-network, then press Enter. 3. Select Edit a device params, then press Enter. 4. Select eth0 (eth0), then press Enter. 5. Deselect Use DHCP. 6. Type in the Static IP from the prerequisites, then press Enter. 7. Type in the Netmask from the prerequisites, then press Enter. 8. Type in the Default gateway IP from the prerequisites, then press Enter. 9. Select OK, then press Enter. 10. Select Edit DNS configuration, then press Enter. 11. Select Hostname. 12. Type in the Hostname.Domain from the prerequisites. 13. Type in the DNS Servers from the prerequisites. 14. Select OK, then press Enter. 15. Select Save&Quit, then press Enter. 16. Type in the command sudo /sbin/shutdown r now, then press Enter. The GTI Proxy Appliance will restart with the changes applied.
Configuring Time zone

Use this task to set the time zone you want to use on GTI Proxy Appliance so that it is in sync with the ePO time. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command tzselect, then press Enter. 3. Type in the number corresponding to the required continent, then press Enter. 4. Type in the number corresponding to the required country, then press Enter. 5. Type in the number corresponding to the required time zone, then press Enter. 6. Type in the number 1, then press Enter. 7. Make note of the time zone string required for the .profile file. 8. Type in the command vi .profile, then press Enter. 9. Press the key sequence SHIFT-G. 10. Press the key o in lower case. 11. Type in the time zone string from step 7. 12. Press the ESC key. 13. Type :wq, then press Enter. This saves the file. 14. Type in the command exit, then press Enter. The gtip user is logged out of the system. 15. Log on to the GTI Proxy Appliance as the user gtip. 16. Type in the command date, then press Enter. The time zone is displayed as set in the steps above.
16 McAfee GTI Proxy Installation Guide
Configuring the Date and Time

Use this task to set the date and time for the GTI Proxy Appliance. Note This task should be performed before McAfee Agent for Linux is installed on the GTI Proxy Appliance. If the date or time is changed on the GTI Proxy Appliance the system should be restarted so that the McAfee Agent for Linux adjusts for the change Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /bin/date s Thu Jun 17 13:00:00 EST 2010, then press Enter. 3. This sets the date for the specified string. Choose the locale based on the desired time zone and set other values accordingly.
Installing McAfee Agent for Linux on GTI Proxy Appliance

Use this task to install MA on GTI Proxy Appliance to manage it through ePO. Prerequisites IPv4 address and Agent-to-server communication port of the ePO server. Refer the task Determining Agent-to-server communication port to know the currently configured Agent-to-server communication port. McAfee Agent for Linux 4.5 or above should be present in the ePO Master Repository. Agent wake-up communication port. Refer the task Determining the agent wake-up communication port.
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type the ePO server IP address and the Agent-to-server communication port, separated with a colon (IP:port) on the prompt Provide IP Address and port of ePO server, then press Enter. 4. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is installed on GTI Proxy Appliance. 5. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 6. Next, the default Agent wake-up communication port is shown.
17
7. Type the Agent wake-up communication port on the prompt Enter new port if it is different on ePO if it is different from the default shown above, then press Enter. Otherwise, just press Enter. 8. Wait until the first ASCI happens. 9. The port is configured and the GTI Proxy Appliance is now managed through ePO. 10. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Determining the Agent wake-up communication port

Use this task to know the Agent wake-up communication port configured in ePO. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Configuration | Server Settings. 3. In the Setting Categories, click on the Ports. 4. The Agent wake-up communication port is shown along with all other ports.
Determining the Agent-to-server communication port

Use this task to know the Agent-to-server communication port configured in ePO. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Configuration | Server Settings. 3. In the Setting Categories, click on the Ports. 4. The Agent-to-server communication port is shown along with all other ports.
18
Installing GTI Proxy

This chapter describes how to install GTI Proxy using McAfee ePolicy Orchestrator management software. To use this chapter effectively you need to be familiar with ePolicy Orchestrator and basic UNIX shell interaction.
Installing GTI Proxy

This chapter describes how to install GTI Proxy extensions for ePO. In 1.0 release, now the entire package is provided as a single archive file (GTI Proxy.zip) which contains two ePO extensions (GTI Proxy Agent and GTI Proxy Appliance). Within each extension, the plugin package for managing VSE nodes and GTI Proxy Appliance respectively resides.
Installing GTI Proxy Package

Use this task to install the GTI Proxy Agent and GTI Proxy Appliance ePO extensions. The extension file is in .ZIP format. By installing the single extension package (GTI Proxy.zip) the two extensions for ePO referenced above are installed. In addition, it will check-in two deployable packages (GTI Proxy Agent & GTI Proxy Appliance) automatically into the Master Repository. These packages must be installed on the managed VSE client nodes and GTI Proxy Appliance machine (CentOS 5.3 64-bit) respectively, using ePO client tasks. The steps to install these packages using client task are mentioned later in this chapter. Note This task checks in packages in Master Repository, make sure no other operation (Pull operation) is being performed on the Master Repository, while performing this task. Task For option definitions, click ? in the interface. 1. Copy the GTI Proxy.zip archive to a temporary location of your ePolicyOrchestrator server. 2. Log on to the ePolicy Orchestrator server as an administrator. 3. Select Menu | Software | Extensions | Install Extension. The Install Extension dialog box appears. 4. Click Browse to locate the extension file GTI Proxy.zip, then click OK. The Install Extension page appears with the extension names and version details. 5. Click OK.
Deploying GTI Proxy Appliance plugin

Use this task to install GTI Proxy Appliance MA plugin on managed GTI Proxy Appliance. ePolicy Orchestrator allows you to create tasks to deploy product on a single node, or on groups of the system tree.
19
Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then click Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI Proxy Appliance 1.0.0, Action as Install. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, click Save. The task is added to the list of client tasks for the selected group and any group that inherits the task. 7. Send an agent wake-up call.
Deploying GTI Proxy Agent plugin on managed nodes

Use this task to deploy GTI Proxy Agent MA plugin on the managed nodes. ePolicy Orchestrator allows you to create tasks to deploy product on a single node, or on groups of the system tree. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then click Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Windows, Products and components as GTI PROXY AGENT 1.0.0, Action as Install. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, click Save. The task is added to the list of client tasks for the selected group and any group that inherits the task. 7. Send an agent wake-up call.
Check GTI Proxy Appliance installed packages

This section describes how to check various installed packages on GTI Proxy Appliance.
Check GTI Proxy Appliance Package

Use this task to check whether the GTI Proxy Appliance software is installed on the VMware. Task 1. Log on to the GTI Proxy Appliance as the user gtip.
20
2. Type the command rpm -q mfegtiproxy and then press enter. 3. The installed GTI Proxy Appliance package is shown with the current version. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check MA for Linux Package

Use this task to check whether the MA for Linux is installed on the VMware. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command rpm -q MFEcma and then press enter. 3. The installed MA package is shown with the current version. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check GTI Proxy Appliance plugin Package

Use this task to check whether the GTI Proxy Appliance plugin software is installed on the VMware. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command rpm q gtipa and then press enter. 3. The installed GTI Proxy Appliance plugin package is shown with the current version. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
21
Uninstalling GTI Proxy

This chapter describes how to uninstall GTI Proxy using McAfee ePolicy Orchestrator management software. To use this chapter effectively you need to be familiar with ePolicy Orchestrator and basic UNIX shell interaction.
Uninstalling GTI Proxy

This chapter describes how to uninstall or remove GTI Proxy components from ePO. Also it describes how to uninstall the plugins from managed nodes and GTI Proxy Appliance.
Uninstall GTI Proxy Appliance plugin

Use this task to uninstall GTI Proxy Appliance MA plugin from managed GTI Proxy Appliance. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI Proxy Appliance 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
Uninstalling GTI Proxy Agent from managed nodes

Use this task to uninstall GTI Proxy from managed nodes. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System Tree, then select Actions | New Task. The Client Task Builder wizard appears. 3. In the Description page, type a Name for the task, Notes (optional), select the Type as Product Deployment, then click Next. 4. In the Configuration page, select Target Platforms as Windows, Products and components as GTI Proxy Agent 1.0.0, Action as Remove. Select an appropriate Language, then click Next. 5. Schedule the task to run immediately or as required, then click Next to view a summary of the task.
6. Review the summary of the task, then click Save. 7. Send an agent wake-up call.
Uninstall GTI Proxy package

This task describes how to uninstall the ePO extensions and how to remove the checked in MA packages from the Master Repository.
Removing GTI Proxy Appliance plugin

Use this task to remove the GTI Proxy Appliance plugin from the ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Master Repository. 3. Click the Delete link on the GTI Proxy Appliance. 4. Click OK on the Delete Package page.
Removing GTI Proxy Agent plugin

Use this task to remove the GTI Proxy Agent plugin from the ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Master Repository. 3. Click the Delete link on the GTI Proxy Agent. 4. Click OK on the Delete Package page.
Removing GTI Proxy Appliance extension

Use this task to remove the GTI Proxy Appliance extension from the ePolicy Orchestrator server. Important This task does not remove the GTI Proxy Appliance MA plugin from the Master Repository, use the task Removing GTI Proxy Appliance Plugin to do so. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator.
23
2.
Select Menu | Software | Extensions. Select the GTI Proxy extension group; it will list two extensions namely GTI Proxy Agent and GTI Proxy Appliance.
3.
4. Click Remove link on GTI Proxy Appliance, to remove the extension from ePO. 5. Select Force removal, bypassing any checks or errors, then click OK.
Removing GTI Proxy Agent extension

Use this task to remove the GTI Proxy Agent extension from the ePolicy Orchestrator server. Important This task does not remove the GTI Proxy Agent MA plugin from the Master Repository, use the task Removing GTI Proxy Agent Plugin to do so. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Software | Extensions. 3. Select the GTI Proxy extension group; it will list two extensions namely GTI Proxy Agent and GTI Proxy Appliance.
4. Click Remove link on GTI Proxy Agent, to remove the extension from ePO. 5. Select Force removal, bypassing any checks or errors, then click OK.
24
Restarting and Shutting Down GTI Proxy Appliance

Restarting and shutting down GTI Proxy Appliance
This chapter describes how to restart and shutdown GTI Proxy Appliance.
Restarting the GTI Proxy Appliance

Use this task to restart the GTI Proxy Appliance. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /sbin/shutdown r now, then press Enter. The GTI Proxy Appliance will restart.
Shut down the GTI Proxy Appliance

Use this task to shut down the GTI Proxy Appliance. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /sbin/shutdown h now, then press Enter. The GTI Proxy Appliance will shutdown and power off.
25
Configuring GTI Proxy Appliance

This chapter describes how to configure GTI Proxy Appliance using McAfee ePolicy Orchestrator management software. To use this chapter effectively you need to be familiar with ePolicy Orchestrator and basic UNIX shell interaction.
Configuring GTI Proxy Appliance

This section describes how to configure GTI Proxy Appliance from ePO so that it can support:
Resolving GTI Requests using the GTI Servers in the Cloud Resolving GTI Requests using another GTI Proxy Appliance Following these tasks will change any previous configuration applied to the GTI Proxy Appliance.
Adding a GTI Proxy Appliance

Use this task to setup GTI Proxy Appliance from ePO to administer/monitor a single or multiple GTI Proxy Appliance(s). Make sure the GTI Proxy Appliance is managed through ePO and GTI Proxy Appliance plugin is installed in it, before performing this task. Refer the tasks Install McAfee Agent for Linux on GTI Proxy Appliance and Deploying GTI Proxy Appliance plugin to do so. Important This is also a mandatory task, to be performed for the first use of GTI Proxy Appliance from ePO. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Configuration | GTI Proxy Appliance Setup. 3. Two select boxes appear. The one at the left, Managed System having GTI Proxy Appliance deployed, lists the GTI Proxy Appliance, which are managed and having GTI Proxy Appliance plugin installed in it. 4. The box at the right GTI Proxy Appliances which are to be monitored, lists the GTI Proxy Appliance which needs to be monitored using GTI Proxy Appliance from ePO. If this is the first use, then this box will be empty, otherwise it shows all the GTI Proxy Appliance which are being currently monitored using GTI Proxy Appliance from ePO. 5. To add a GTI Proxy Appliance to be monitored, select the server in the left side select box and click the first arrow button pointing towards right direction (or
26
double click on the server). The server is added to the select box in the right and is removed from the select box in the left. 6. To remove an already monitored GTI Proxy Appliance, in case its no longer required to be monitored using GTI Proxy Appliance from ePO. Select the server in the right side select box and click the second arrow button pointing towards left direction (or double click on the server). The server is removed from the right side select box and is added to the left side select box. 7. Once all the desired GTI Proxy Appliance are added or removed to or from the right side select box respectively, click on the Save button to save the GTI Proxy Appliance setup.
Configuring GTI Cloud Server

Use this task to set the GTI Cloud Servers that the GTI Proxy Appliance uses to resolve GTI requests. Important When configuring the GTI Cloud Servers, the GTI Proxy Appliance (gtiproxy) process has to be restarted for the configuration changes to take effect. Note The last configuration is shown in case the GTI Proxy Appliance is already configured once.
Configuring UDP access

Use this task to set the GTI Cloud Servers with Cloud Access Mode as UDP. Using this option uses UDP as the protocol to access the GTI cloud servers. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI Proxy Appliance, if you are using GTI Proxy Appliance for the first time. 3. Click on the Configuration tab. 4. If multiple GTI Proxy Appliance are added for monitoring, then select the desired server from the drop down combo box, which says Select GTI Proxy Appliance from dropdown list. This combo box does not show up, in case a single GTI Proxy Appliance is being monitored through ePO. 5. The last configuration is shown in case the GTI Proxy Appliance is already configured once. 6. Choose SSL Option as Enabled, which enables a secured SSL layer over the UDP protocol to access the GTI cloud servers. Otherwise leave the default option Disabled as selected, in case SSL is not required. 7. Use one of the options Get from ePO or Get from MA to specify the GTI Cloud Server IPs. 8. The option Get from ePO, looks up the GTI Cloud Server IPs automatically from the machine where ePO server is hosted. Click the button Get from ePO after selecting this option. It populates the Forwarder IP List select box with the IPs after doing a
27
successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen as Enabled. 9. The option Get from MA, looks up the GTI Cloud Server IPs automatically from the GTI Proxy Appliance (VMware). Click the button Get from MA after selecting this option. It populates the Forwarder IP List select box with the IPs after doing a successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen as Enabled. 10. Click on the Configure button, to update the configuration changes to the GTI Proxy Appliance configuration file. 11. A success message in green saying, Configuration file updated successfully appears on the screen. 12. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to take effect. Use the task Check GTI Proxy Appliance Status for getting the current GTI Proxy Appliance status and starting/restarting it. 13. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy Appliance can perform GTI lookups, after successful configuration.
Configuring tiered GTI Proxy Appliance access

Use this task to set the GTI Proxy Appliance to use another GTI Proxy Appliance to resolve GTI requests. Caution When using Tiered GTI Proxy Appliance setup at least one of the GTI Proxy Appliance instances must be configured to use GTI Cloud Servers to resolve GTI requests otherwise ALL GTI requests will fail. The tier must follow a path to the GTI Proxy Appliance configured to use GTI Cloud Servers. Prerequisites The IPv4 address of the other GTI Proxy Appliance this GTI Proxy Appliance instance will use to resolve GTI requests. Important All the IP addresses should only be in decimal format. Additionally avoid the use of following IP addresses. Loopback addresses (e.g. 127.0.0.1) or self address of GTI Proxy Appliance being configured Broadcast addresses (e.g. 255.255.255.255 or 192.168.1.255) Reserved IP addresses (0.0.0.0, 192.168.0.0) Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI Proxy Appliance, if you are using GTI Proxy Appliance for the first time. 3. Click on the Configuration tab. 4. If multiple GTI Proxy Appliance are added for monitoring, then select the desired server from the drop down combo box, which says Select GTI Proxy Appliance from drop-
28
down list. This combo box does not show up, in case a single GTI Proxy Appliance is being monitored through ePO. 5. The last configuration is shown in case the GTI Proxy Appliance is already configured once. 6. Select the option Disabled for SSL Option. 7. Use the option Enter Forwarder IP to specify the GTI Proxy Appliance IPs. 8. Enter IPv4 IP address of the GTI Proxy Appliance, which this GTI Proxy Appliance is going to use to resolve GTI requests, in the text box provided for Forwarder IP List. Entering one IP at a time. 9. Click Add to IP List to add the specified IP to the list below it. 10. After the list is populated by manually entering the GTI Proxy Appliance IPs. The IPs can be ordered as desired by selecting the IP in the list and clicking on the up or down arrow key buttons. 11. Using the cross symbol button deletes selected IP from the list. 12. To edit an already added IP, select it and click on the Edit Selected IP button. Click Add to IP List to add the edited IP back to the list. 13. Click on the Configure button, to update the configuration changes to the GTI Proxy Appliance configuration file. 14. A success message in green saying, Configuration file updated successfully appears on the screen. 15. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to take effect. Use the task Check GTI Proxy Appliance Status for getting the current GTI Proxy Appliance status and starting/restarting it. 16. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy Appliance can perform GTI lookups, after successful configuration.
Configuring Performance Log Purging and Archiving

Use this task to configure GTI Proxy Appliance performance Logs to be purged/archived at regular interval automatically from ePO database. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI Proxy Appliance, if you are using GTI Proxy Appliance for the first time. 3. Click on the Report tab. 4. If multiple GTI Proxy Appliance are added for monitoring, then select the desired server from the drop down combo box, which says Select GTI Proxy Appliance from dropdown list. This combo box does not show up, in case a single GTI Proxy Appliance is being monitored through ePO. 5. In GTI Proxy Appliance Performance Report, click on the Action button on the left hand corner at the bottom of the page. 6. Choose Automate Purge/Archive from the menu. 7. The automate purge/archive window appears on the screen. 8. The Automation Status is Disabled by default. Choose Enabled to enable the automatic purging/archiving of the logs.
29
9. In Automate Type, choose Allow only max Records, if you want only a specified number of log records to be kept at any given time. 10. Specify the number of log records that you want to keep at any given time, in the Specifications, Maximum Records Allowed. 11. Choose Automate Type, as Schedule purge/archive of records, if you want to delete all the log records at a specified time. 12. In Specifications, choose Schedule Action as, Daily or Weekly. To delete all the performance logs Daily or Weekly once respectively. 13. In Actions, choose Purge in case the logs need to be purged completely. Choose Archive and Purge if you want to archive the log records in a flat file before purging. 14. If Archive and Purge is chosen in the Actions, specify the location to store the archive file in the Location to archive records text box. Specify a valid windows directory location here. 15. Click on the OK button to save the configuration for automating the Log Purge/Archiving.
Configuring Performance Data Collection Interval

Use this task to set the GTI Proxy Appliance Performance Data Collection interval. This is used by GTI Proxy Appliance plugin for collecting the performance log records within this interval. However, the actual data is sent to ePO only after the interval MA has set to send events data to ePO. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Policy | Policy Catalog. 3. Select Product GTI Proxy Appliance 1.0.0. 4. Click Edit Settings. 5. In Performance Data collection Interval text box, type the interval in seconds between 60 (1 minute) to 600 (10 minutes). 6. Click on the Save button. 7. Send an agent wake-up call.
30
Configuring GTI Proxy Agent

This chapter describes how to configure GTI Proxy using McAfee ePolicy Orchestrator management software. To use this chapter effectively you need to be familiar with ePolicy Orchestrator and basic UNIX shell interaction.
Configuring GTI Proxy Agent

This section describes how to configure GTI Proxy Agent for the GTI Proxy Appliance list managed nodes use to resolve GTI requests. Important Following this task will change any previous configuration applied to GTI Proxy Agent. If the GTI Proxy Appliance instance(s) change IP address these steps must be performed again. If the GTI Proxy Agent Extension is reinstalled these steps must be performed again.
Configuring fallback servers for managed nodes

This task describes how to set the policy used by GTI Proxy Agent to set the list of GTI Proxy Appliance instances used by managed nodes. Prerequisites For this task, the GTI Proxy Appliance should be managed and GTI Proxy Appliance plugin should be installed in it and the GTI Proxy Appliance IPV4 address or GTI Proxy Appliance Hostname/Alias name should be known. Important All the IP addresses should only be in decimal format. Additionally avoid the use of following IP addresses. Loopback addresses (e.g. 127.0.0.1) Broadcast addresses (e.g. 255.255.255.255 or 192.168.1.255) Reserved IP addresses (0.0.0.0, 192.168.0.0) Note Specify up to five fallback servers here. The VSE nodes use a maximum of five fallback servers to resolve GTI lookups. It ignores fallbacks configured above five. Task For option definitions, click ? in the interface.
31
1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Policy | Policy Catalog. 3. Select Product GTI Proxy Agent 1.0.0. 4. Click Edit Settings of My Default policy. 5. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy Appliance, if the server is managed through ePO and also installed GTI Proxy Appliance plugin. The complete list of IPs starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IPs. Click on the Add to IP/hostname List button. Repeat this step to add multiple IPs. 6. Hostnames can also be added in the Fallback Server text box. Ensure that hostnames used can be resolved by the VSE Nodes onto which the policy is applied. 7. The value is added to the list below the text box. 8. Select a value in the list and click on the red color cross button to delete the value from the list. 9. Select a value in the list and click on the up or down arrow buttons to change the order of the values in the list. 10. Select a value in the list and click on the Edit Selected IP/hostname to edit a value in the list. 11. Click Save, to save the value(s) added into the list. 12. Send an agent wake-up call.
Configuring fallback servers for sets of managed nodes

This task describes how to set the policy used by GTI Proxy Agent to set the list of GTI Proxy Appliance instances used by sets/group of managed nodes. Prerequisites For this task, the GTI Proxy Appliance should be managed and GTI Proxy Appliance plugin should be installed in it or the GTI Proxy Appliance IPV4 address should be known. Important All the IP addresses should only be in decimal format. Additionally avoid the use of following IP addresses. Loopback addresses (e.g. 127.0.0.1) Broadcast addresses (e.g. 255.255.255.255 or 192.168.1.255) Reserved IP addresses (0.0.0.0, 192.168.0.0) Note Specify a minimum of three up to five fallback servers here, repeated value are acceptable. The VSE nodes use a maximum of five fallback servers to resolve GTI lookups. It ignores fallbacks configured above five. Task For option definitions, click ? in the interface. 1. Log on to the ePolicy Orchestrator server as an administrator.
32
2. Select Menu | Systems | System Tree. 3. Select a group from the left for which you want to configure the fallback servers. 4. All the systems in that group is shown under the Systems tab. 5. Click on the Assigned Policies tab. 6. In the Product select GTI Proxy Agent 1.0.0. 7. The policy detail for GTI Proxy Agent is shown. 8. For the Category GTI Enterprise Settings, click on any assigned policy link under the column Policy. 9. The policy page for setting fallback server is shown. 10. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy Appliance, if the server is managed through ePO and also installed GTI Proxy Appliance plugin. The complete list of IPs starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IPs. Click on the Add to IP /Hostname List button. Repeat this step to add multiple values. 11. Hostnames can also be added in the Fallback Server text box. Ensure that hostnames used can be resolved by the VSE Nodes onto which the policy is applied. 12. The value is added to the list below the text box. 13. Select a value in the list and click on the red color cross button to delete a value from the list. 14. Select a value in the list and click on the up or down arrow buttons to change the order of the values in the list. 15. Select a value in the list and click on the Edit Selected IP/Hostname to edit a value in the list. 16. Click Save, to save the value(s) added into the list. 17. Send an agent wake-up call.
33
GTI Proxy Appliance Diagnostics

This chapter describes how to diagnose and trouble shoot the GTI Proxy Appliance system.
GTI Proxy Appliance Diagnostics

This section describes various diagnostic and troubleshooting tasks to be performed on the GTI Proxy Appliance.
Check General DNS Access

Use this task to ensure the GTI Proxy Appliance instances general resolver can resolve general DNS queries. DNS queries are required from GTI Proxy Appliance to resolve GTI requests. Prerequisites For this task an accessible and functioning DNS server will need to be available on the GTI Proxy Appliance instances network and IPv4 address known. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command dig mcafee.com, then press Enter. 3. On successful completion the response from the command will contain status: NOERROR. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check Resolution to GTI Servers in the Cloud

Use this task to ensure the GTI Proxy Appliance can resolve the GTI servers in the Cloud. Resolution for the GTI Servers in the Cloud is required for the GTI Proxy Appliance to operate and resolve lookups for managed nodes. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command dig @ns1.mcafee.com local.cloud.mcafee.com, then press Enter. 3. On successful completion the response from the command will contain status:NOERROR and the a list of name servers will be displayed in the AUTHORITY SECTION.
34
4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check GTI lookups from GTI Proxy Appliance

Use this task to ensure the GTI Proxy Appliance can forward queries to the GTI servers in the Cloud. GTI lookups are required for the GTI Proxy Appliance to operate and resolve lookups for managed nodes. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command dig @ns1.mcafee.com local.cloud.mcafee.com, then press Enter. 3. On successful completion the response from the command will contain status:NOERROR and the a list of name servers will be displayed in the AUTHORITY SECTION. 4. Type in the command dig @[geo server name from ANSWER SECTION previous] local.cloud.mcafee.com, then press Enter. 5. On successful completion the response from the command will contain status:NOERROR and the a list of name server addresses will be displayed in the ANSWER SECTION. 6. Using an address from the AUTHORITY SECTION type in the command dig @[ip address from ANSWER SECTION] 4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com, then press Enter. 7. On successful completion the response from the command will contain status:NOERROR. 8. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check GTI lookups using GTI Proxy Appliance

Use this task to ensure the GTI Proxy Appliance is performing GTI lookups successfully. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command dig @127.0.0.1 4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com, then press Enter. 3. On successful completion the response from the command will contain status:NOERROR. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Check appliance status using GTI Proxy Appliance

Use this task to check the status of the GTI Proxy Appliance from GTI Proxy Appliance console.
35
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command gtiproxy.init status, then press Enter. The status of the server is displayed. 3. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
36
GTI Proxy Diagnostics

This chapter describes how to diagnose and trouble shoot the GTI Proxy system.
GTI Proxy Diagnostics

This document does not provide detailed information about using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator product documentation for more information on diagnostics for ePolicy Orchestrator.
Check GTI Proxy Agent managed nodes

Use this task to check which managed nodes have GTI Proxy Agent installed on them using the ePolicy Orchestrator system. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI Proxy Appliance, if you are using the GTI Proxy Appliance for first time. 3. Click on the Report Tab. 4. The Boolean Pie chart GTI Proxy Agent Coverage Report shows the coverage report for the GTI Proxy Agent. 5. Clicking on the green pie shows the list of GTI Proxy Agent managed nodes. 6. Clicking on the red pie shows the list of systems where GTI Proxy Agent is not installed.
Check GTI Proxy Agent configuration on managed nodes

Use this task to check that the managed node has the correct configuration as specified in the ePolicy Orchestrator system. Note For this version of GTI Proxy Agent only the Microsoft Windows platform is supported. Prerequisites For this task note the list of GTI Proxy Appliance instances specified in the section Configuring GTI Proxy Agent. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. 3. Click on the Report Tab. 4. The Boolean Pie chart GTI Proxy Agent Coverage Report shows the coverage report for the GTI Proxy Agent.
37
5. Clicking on the Green pie shows the list of managed nodes, where GTI Proxy is installed. 6. Click on a row to get the System Details for that particular node. 7. In GTI Proxy Agent section, click on the More link. 8. The value in the Fallback Server shows the IPs (comma separated) of GTI Proxy Appliance configured for that particular node.
Check GTI Proxy Appliance managed nodes

Use this task to check which managed GTI Proxy Appliance has GTI Proxy Appliance plugin installed on them using the ePolicy Orchestrator system. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | System Tree. 3. Choose the appropriate system group from the System Tree. 4. Click Advanced Filter. 5. In Available Properties list click Installed Path (GTI Proxy Appliance). 6. In Comparison list click Value is not blank. 7. Click Update Filter. The list of managed nodes is filtered to those with GTI Proxy Appliance installed.
Check GTI Proxy Appliance status

Use this task to check the status of GTI Proxy Appliance using the ePolicy Orchestrator system. Task 1. Log on to the ePolicy Orchestrator server as an administrator. 2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI Proxy Appliance, if you are using GTI Proxy Appliance for the first time. 3. Click on the Status tab. 4. If multiple GTI Proxy Appliance are added for monitoring, then select the desired server from the drop down combo box, which says Select GTI Proxy Appliance from dropdown list. This combo box does not show up, in case a single GTI Proxy Appliance is being monitored through ePO. 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status with Result value as Command Status : Successful.
Check GTI Proxy Appliance configuration

Use this task to check the GTI Proxy Appliance has the correct GTI Cloud Servers configured as specified in the ePolicy Orchestrator system.
38
Prerequisites For this task note the list of IPv4 addresses specified in the section Configuring GTI Cloud Servers. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Go to the directory /acs/gtip/gtiproxy/current/etc. 3. Open the file gtiproxy.cfg. This contains the GTI Cloud Server configurations. 4. Check whether the same IP and Cloud Access Mode are present as specified in the ePolicy Orchestrator. 5. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Reinstall McAfee Agent for Linux on GTI Proxy Appliance

Use this task to manage an already managed GTI Proxy Appliance through a different ePO. Prerequisites IPv4 address and Agent-to-server communication port of the new ePO server. Refer the task Determining Agent-to-server communication port to know the currently configured Agent-to-server communication port. McAfee Agent for Linux 4.5 or above should be present in the ePO Master Repository. Agent wake-up communication port. Refer the task Determining the agent wake-up communication port.
Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type y on the prompt Do you want to reinstall McAfee Agent[y/n], then press Enter. 4. Type the new ePO server IP address and the Agent-to-server communication port, separated with a colon (IP:port) on the prompt Provide IP Address and port of ePO server, then press Enter. 5. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is installed in GTI Proxy Appliance. 6. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 7. Next, the default Agent wake-up communication port is shown.
39
8. Type the Agent wake-up communication port on the prompt Enter new port if it is different on ePO if it is different from the default shown above, then press Enter. Otherwise, just press Enter. 9. Wait until the first ASCI happens. 10. The port is configured and the GTI Proxy Appliance is now managed through the new ePO. 11. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Start GTI Proxy Appliance plugin

Use this task to start GTI Proxy Appliance plugin in case it has stopped due to some reason. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type n on the prompt Do you want to reinstall McAfee Agent[y/n], then press Enter. 4. Type y on the prompt McAfee GTI Proxy Appliance Plugin is not running. Do you want to start[y/n], then press Enter. 5. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 6. The GTI Proxy Appliance plugin starts. 7. Press Enter on the next prompt Enter new port if it is different on ePO. 8. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
Start McAfee Agent for Linux

Use this task to start McAfee Agent on the GTI Proxy Appliance in case it has stopped due to some reason. Task 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press Enter. 3. Type y on the prompt McAfee Agent is not running. Do you want to start[y/n], then press Enter. 4. The McAfee Agent starts. 5. In case the system firewall is not running, a prompt appears asking for whether the firewall needs to be started or not. Type y on the prompt Firewall is off. Do you want to turn it on, then press Enter. 6. Press Enter on the next prompt Enter new port if it is different on ePO.
7. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance.
41

McAfee GTI Proxy 1.0 InstallationGuide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

McAfee GTI Proxy 1.0 InstallationGuide

Caricato da

Copyright:

Formati disponibili

McAfee GTI Proxy 1.0.

LICENSE INFORMATION License Agreement

McAfee GTI Proxy Installation Guide

McAfee GTI Proxy Installation Guide

McAfee GTI Proxy Installation Guide

McAfee GTI Proxy Installation Guide

Italic Bold Blue <TERM> Note Tip Caution/Important

Where to find documentation

Downloading manuals from the McAfee ServicePortal

McAfee GTI Proxy Installation Guide

Using the product Product Guide Online Help

Maintaining the software KnowledgeBase http://mysupport.mcafee.com under Self Service

McAfee GTI Proxy Installation Guide

Introducing McAfee GTI Proxy

GTI Proxy Appliance

Minimum of 35GB available Minimum of 2GB available 64-bit CPU

McAfee GTI Proxy Installation Guide

Pre Installation Tasks

Pre Installation Tasks

Uninstalling GTI Server for ePO from managed nodes

Uninstalling GTI Server Appliance for ePO from managed nodes

McAfee GTI Proxy Installation Guide

Removing GTI Server Appliance for ePO deployment package

Removing GTI Server for ePO deployment package

McAfee GTI Proxy Installation Guide

Removing GTI Server Appliance extension

Removing GTI Server extension

Removing GTI Server Appliance from the System Tree

McAfee GTI Proxy Installation Guide

McAfee GTI Proxy Installation Guide

Installing GTI Proxy Appliance

Installing GTI Proxy Appliance

Deploying VMware Image

Configure Network Settings

Configuring DHCP Addressing

McAfee GTI Proxy Installation Guide

Configuring Static Addressing

McAfee GTI Proxy Installation Guide

Configuring Time zone

Configuring the Date and Time

Installing McAfee Agent for Linux on GTI Proxy Appliance

McAfee GTI Proxy Installation Guide

Determining the Agent wake-up communication port

Determining the Agent-to-server communication port

McAfee GTI Proxy Installation Guide

Installing GTI Proxy

Installing GTI Proxy

Installing GTI Proxy Package

Deploying GTI Proxy Appliance plugin

McAfee GTI Proxy Installation Guide

Deploying GTI Proxy Agent plugin on managed nodes

Check GTI Proxy Appliance installed packages

Check GTI Proxy Appliance Package

McAfee GTI Proxy Installation Guide

Check MA for Linux Package

Check GTI Proxy Appliance plugin Package

McAfee GTI Proxy Installation Guide

Uninstalling GTI Proxy

Uninstalling GTI Proxy

Uninstall GTI Proxy Appliance plugin

Uninstalling GTI Proxy Agent from managed nodes

Uninstall GTI Proxy package

Removing GTI Proxy Appliance plugin

Removing GTI Proxy Agent plugin