Release Notes

McAfee Firewall Enterprise

version 8.2.0

This document provides information about McAfee Firewall Enterprise version 8.2.0, including download and installation instructions.

You can find additional information by using the resources listed in the following table.
Table 1 Product resources Resource Online Help McAfee Technical Support ServicePortal Location Online Help is built into Firewall Enterprise. Click Help on the toolbar or from a specific window. Visit mysupport.mcafee.com to find: Product updates Product installation files Product documentation KnowledgeBase Product announcements Technical support

Visit go.mcafee.com/goto/updates to download the latest Firewall Enterprise patches. 1 In a web browser, navigate to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version.

In this document ... About this release Requirements New features Enhancements Resolved issues Known issues Upgrade a firewall to version 8.2.0 Perform a new installation

McAfee Firewall Enterprise 8.2.0 Release Notes

About this release

About this release

Firewall Enterprise version 8.2.0 introduces new features for Firewall Enterprise S model appliances. This release also resolves issues present in the previous release. Firewall Enterprise version 8.2.0 will be end of life (EOL) one year after certification is complete for the next Common Criteria and FIPS certified releases.

Supported firewall types

Firewall Enterprise, version 8.2.0 supports: McAfee Firewall Enterprise appliances

McAfee Firewall Enterprise, Virtual Appliance

McAfee Firewall Enterprise on Riverbed Services Platform

Note: This release does not support McAfee Firewall Enterprise on Crossbeam X-Series Platform. However, McAfee intends to support this platform in the future.

Installation options
The following installation options are available for version 8.2.0: Upgrade Upgrade a firewall from version 8.1.2 to version 8.2.0. For upgrade instructions, see Upgrade a firewall to version 8.2.0 in this document. New installation Re-image a firewall using version 8.2.0 installation media.

Compatible McAfee products

Firewall Enterprise version 8.2.0 is compatible with the following McAfee products: McAfee Firewall Enterprise ePolicy Orchestrator Extension

McAfee Firewall Enterprise Control Center

McAfee Firewall Profiler

McAfee Logon Collector

McAfee Firewall Reporter

For more information, see the following resources: To find the latest information on McAfee firewall products and versions that Firewall Enterprise supports, refer to KnowledgeBase article KB67462. To learn about these products and how they interoperate with Firewall Enterprise, refer to the Using McAfee Firewall Enterprise with Other McAfee Products application note.

McAfee Firewall Enterprise 8.2.0 Release Notes

Requirements

Requirements
Before you install version 8.2.0, make sure the Admin Console and Firewall Enterprise requirements are met.

Admin Console requirements

The computer that hosts the Admin Console must meet these requirements.
Table 2 Admin Console minimum requirements Component Operating system Requirements One of the following Microsoft operating systems: Web browser Hardware Windows Server 2008 Windows XP Professional Windows Vista Windows 7 Microsoft Internet Explorer, version 7 or later Mozilla Firefox, version 3.0 or later 2 GHz x86-compatible processor 2 GB of system memory 300 MB of available disk space CD-ROM drive 1024 x 768 display Network card (to connect to your firewall) USB port

One of the following:

McAfee Firewall Enterprise 8.2.0 Release Notes

Requirements

Firewall Enterprise requirements

The firewall must meet these requirements.
Table 3 Minimum requirements by Firewall Enterprise type Firewall type Firewall Enterprise appliance Firewall Enterprise, Virtual Appliance Platform requirements D model appliance or later with a valid support contract Virtualization server that meets the following requirements: Hypervisor operating system VMware ESX/ESXi version 4.0 or later Note: Firewall Enterprise, Virtual Appliance is installed in 64-bit mode by default. Your system must support Intel VT technology (or equivalent) for it to run properly in a virtual environment. Before starting the virtual appliance, verify that VT is enabled in your computer BIOS. Hardware resources: Two virtual processors 512 MB of memory Note: If you plan to use features such as virus scanning or sendmail, increase the allocated memory to 1024 MB. Firewall Enterprise on Riverbed Services Platform 28 GB of free disk space Internet connectivity The firewall requires a persistent Internet connection to maintain an active license and full functionality. RiOS version 6.0 or later RSP version 6.0 or later installed and licensed Available RSP slot 512 MB of free memory 28 GB of free disk space

Riverbed Steelhead appliance that meets the following requirements:

Note: Firewall Enterprise on Riverbed Services Platform is installed in 32-bit mode by default.

McAfee Firewall Enterprise 8.2.0 Release Notes

New features

New features
The following new features are included in this release.

IPv6 support
This release introduces IPv6 support for the following configurations: Failover High Availability (HA) Supports IPv6 in peer-to-peer and primary/standby HA cluster configurations Domain name system (DNS) Supports split DNS with IPv6 configurations Border Gateway Protocol (BGP) Allows exchange of IPv4 and IPv6 routes
Note: IPv6 is enabled by default in 8.2.0.

IPv6 support for failover HA

Failover HA supports IPv6 addresses for all cluster interfaces except heartbeat and backup heartbeat interfaces. These cluster interfaces support IPv4 addresses, IPv6 addresses, or both.
Note: The heartbeat and backup heartbeat must use IPv4 addresses. IPv6 addresses are not supported.

The following restrictions apply: For each shared IPv6 address, cluster firewalls must be assigned an individual IPv6 address in the same scope. Load sharing HA does not support IPv6.

IPv6 support for DNS

Both split server DNS and single server DNS configurations are supported with IPv6 enabled. You can also have IPv4 and IPv6 DNS resolution over IPv4 or IPv6 addresses.

IPv6 support for BGP

BGP peers can exchange IPv4 and IPv6 routes. The following configurations are supported: BGP IPv4 BGP IPv4 route distribution over IPv4 or IPv6 network transport BGP IPv6 BGP IPv6 route distribution over IPv6 or IPv4 network transport

McAfee Firewall Enterprise 8.2.0 Release Notes

Enhancements

Enhancements
The following enhancements are included in this release.

FIPS 140-2 compliance

Firewall Enterprise can be configured to comply with Federal Information Processing Standard (FIPS) 140-2. Use the FIPS window to enable or disable FIPS 140-2 processing on the firewall.

Common Criteria
A McAfee Firewall Enterprise network environment can be configured to comply with Common Criteria evaluation standards.

Usability improvements
This release includes the following usability enhancements. Admin Console From the Access Control Rules window, select the Application Defense groups and McAfee Global Threat Intelligence reputation options while defining access control rules. Documentation The product guide has been streamlined to clarify topics and optimize Admin Console option definitions.

McAfee Firewall Enterprise 8.2.0 Release Notes

Resolved issues

Resolved issues
This release resolves the following issues.

Admin Console
Improves the stability of the graphical user interface BGP editor Improves the performance of dashboard when viewing data from firewall with a significant number of blackholed IP addresses Improves parsing of DNS configuration files during DNS interface modification Enhances Application defense usability Allows choosing of user_name as a column in the graphical user interface Audit Viewer Allows use of 0 as a netmask in VPN security associations Resolves the failed to connect to SSL issue when the audit viewer is launched in a new application window Resolves an issue with managing DNS configurations when non-resolvable NS or MX records are present Supports policies that use deprecated applications on the Rule Interactions tab Makes the Rule Interactions tab consistent with McAfee Firewall Enterprise Control Center Fixes the port display for the Deny All rule on the Rule Interactions tab Fixes an issue on the Rule Interactions tab with unsaved data on the Access Control Rules window Fixes the save issue for the Auto-recover on Reconnect checkbox on the High Availability window Fixes a dashboard timeout issue on the primary firewall Addresses issues with handling of SmartFilter custom sites

Command line interface

Allows implied entry type on cf interface add_addresses operations Corrects display of policy out of cf policy showtables to display redirections and REDIR flag

Crypto
Resolves incorrect UNIX permissions on fetched Certificate Revocation List (CRL) files Fixes NAT-T support for password-based dynamic VPNs Updates Trusted Internet CAs with the new list from Mozilla Removes DigiNotar from the list of Trusted Internet CAs

Firewall Policy Report

Includes AppPrism and IPS signature versions in the Firewall Policy Report Displays ports configured for the rules in the policy

McAfee Firewall Enterprise 8.2.0 Release Notes

Resolved issues

High Availability
Improves failover processing when an interface failure occurs Resolves a startup issue that occurs during simultaneous booting of nodes in a peer-to-peer cluster Resolves an issue with a down interface on a load sharing primary Shares last application cache with secondary nodes

Policy
Allows UDP proxy rules that pass IPv4 and IPv6 with redirection to pass both address families Improves memory use during activation of large complex rule sets Improves validation of IPv4 addresses in configuration Improves validation of upstream proxy validation in the HTTP Application Defense Improves error checking when including generic Application Defense in an Application Defense group Improves usability with changes to policy validation and compilation Improves usability with better defaults for SSL rules Ensures that traffic is proxied if the policy requests it Resolves an issue with netgroups containing too many host objects Resolves a validation issue when using an application with multiple capabilities in a policy Resolves a traceback issue when using time periods with IPv6 enabled Fixes a timing issue in acld that causes Bad file descriptor traceback in audit Fixes an issue with netmaps when handling IPv6 traffic Fixes an error when using Geo-Location objects as endpoints in SSL rules Fixes a validation issue when adding a zone with an index of 63 Cleans up the posting of listens so that proxies listen to interfaces that are specified only in the policy

Proxies
Resolves the broken SmartFilter logo issue in block pages when Remote SmartFilter Administration Console is enabled Resolves an issue with truncation of group names when passing user information from Passport to SmartFilter Resolves an interface issue with DHCP Relay Resolves an issue with authenticated redirections Fixes handling of pings on a secondary node in a load sharing HA cluster to clean up attack audits Fixes a problem with the SmartFilter URL when using a non-default port Fixes Passport authentication handling when using Web login with active session mode Addresses UDP session hang on secondary nodes in a load sharing HA cluster Citrix Improves error handling in the UDP Citrix proxy FTP Adds support for QUOTE command in the FTP proxy

McAfee Firewall Enterprise 8.2.0 Release Notes

Resolved issues

HTTP Resolves an issue with the HTTP proxy to perform IPS scanning in URLs Corrects logging of HTTPS sites in SF.log when using remote SmartFilter console Prevents accidental HTTP protocol enforcement for non-HTTP protocols Provides stability fixes for the HTTP proxy Resolves an issue of denied headers in HTTP and blocked headers in the SMTP proxy Resolves session hang in the HTTP proxy when using SmartFilter Re-enables in-band authentication for non-transparent HTTPS Restores special case handling of in-band Passport authentication handling for non-transparent HTTP Adds attack detection and mitigation for slow header attacks on HTTP protocol Allows non-transparent HTTP to use minimal inspection Allows timeout invalid DNS responses to do subsequent re-querying H.323 Addresses H.323 handling of unregistration request messages without call signal addresses SMTP Improves the SMTP proxy debugging audits Resolves hang in the SMTP proxy during configuration changes under some circumstances Allows use of the BDAT verb in the SMTP proxy SNMP Improves the stability of the SNMP proxy SSH Relaxes validation of the X11 forwarding originator address field in the SSH proxy Sun RPC Improves error handling when passing Sun RPC through a proxy

McAfee Firewall Enterprise 8.2.0 Release Notes

Known issues

System
Improves debugging support on large memory systems Improves handling of DHCP addresses when modifying interfaces Improves error handling when processing audit files with corrupted data Allows passing of multicast traffic through the firewall when using transparent bridged interface and Link aggregation (LAGG) Supports the configuration of more than two interfaces on a bridge Adds AAAA records to BIND's root cache for the D and I root servers Rejoins multicast groups for IP filter rules when interfaces change Resolves a problem that dropped routing tables when zone modes are changed on a transparent firewall Resolves a problem that restarts a device when installing multiple packages before all packages are completely installed Resolves an issue with hostd performance Resolves a Type Enforcement error when exiting from emergency maintenance mode Fixes a Type Enforcement error when reconfigure mail is run when existing mail messages are queued in /var/spool/mqueue.c Fixes the kernel stability issues Corrects data returned by UCD-SNMP-MIB::ssCpuIdle.0 and HOST-RESOURCES-MIB::hrProcessorLoad SNMP OIDs Cleans up the extraneous debug audits from hostd

Security updates
Resolves CVE-2011-1910 and CVE-2011-2464 for BIND Resolves CVE-2010-1674 and CVE-2010-1675 for Quagga BGP

Known issues
For information about known issues for Firewall Enterprise version 8.2.0:
1 Visit mysupport.mcafee.com. 2 Log on with your user ID and password. The ServicePortal homepage appears with a welcome

message at the top. If you do not have an account but have received a grant number: In the User Login section, click New User. Complete the information and follow the prompts to set up your account. If you do not have an account or grant number, contact Customer Service.
3 In the Self Service section, click Search the KnowledgeBase. The KnowledgeBase welcome page

appears.
4 In the Ask a Question section, type KB72785, then click Ask. The KnowledgeBase article appears with

any known issues.

10

McAfee Firewall Enterprise 8.2.0 Release Notes

Upgrade a firewall to version 8.2.0

Upgrade a firewall to version 8.2.0

Select the upgrade method that is appropriate for your firewall type. Upgrade a standalone firewall or HA cluster Upgrade a Control Center-managed firewall or HA cluster
Note: Your firewall must be at version 8.1.2 to upgrade to version 8.2.0 as described in this section. Refer to the Firewall Enterprise Release Notes, version 8.1.2 for details.

Upgrade a standalone firewall or HA cluster

Use the Admin Console to upgrade a standalone firewall or HA cluster to version 8.2.0. Perform these tasks in order:
1 Create a configuration backup 2 Download the 8.2.0 package 3 Install the 8.2.0 package 4 Update the Admin Console 5 Verify that version 8.2.0 is installed

Note: To upgrade a High Availability cluster, upgrade the secondary/standby firewall first, then upgrade the primary firewall.

Create a configuration backup

McAfee recommends that you create a configuration backup before upgrading. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide.

Download the 8.2.0 package

Perform the appropriate procedure to download the 8.2.0 package. If your firewall has Internet connectivity, follow the steps under Download the package using the Admin Console. If your firewall does not have Internet connectivity, follow the steps under Manually load the package. Download the package using the Admin Console Downloading the patch moves it from the McAfee FTP site to the firewall but does not install it. To download the patch from the network:
1 Select Maintenance | Software Management. 2 Click the Manage Packages tab. 3 Display the available packages. a Click Check for Updates. When the operation is complete, a pop-up window appears. b Click OK. Packages appear in the table with a status of Available. These packages are available for

downloading from the McAfee FTP site.

Tip: To configure this action to occur automatically, use the Download Packages tab.
4 Select the 8.2.0 package, then click Download. Click Yes to confirm.

A successfully loaded message appears, and the package status changes to Loaded.

McAfee Firewall Enterprise 8.2.0 Release Notes

11

Upgrade a firewall to version 8.2.0

Manually load the package If your firewall is not connected to the Internet, use a web browser to download the package, then manually load the package on the firewall.
1 Use a web browser to download the 8.2.0 package. a Go to go.mcafee.com/goto/updates. b Scroll down to the McAfee Firewall Enterprise Upgrades and Patches entry for version 8.2.0, then

click Download.
c

Enter a valid Firewall Enterprise serial number, then click Submit.

d Click Download Patch for version 8.2.0. 2 Place the 8.2.0 file where the firewall can access it. Choose one of these options:

Local FTP site Place the package on an FTP site that the firewall has access to. HTTPS website Place the package on an HTTPS website that the firewall has access to. CD Place the package in a /packages directory on a CD, then insert the CD into the firewall CD-ROM drive. Directory on the firewall Use SCP to copy the package to the /home directory of your firewall administrator account.
Note: To transfer files to the firewall using SCP, SSH access must be enabled on the firewall.
3 In the Admin Console, go to Maintenance | Software Management, then click the Download

Packages tab. The Download Packages tab appears.

Tip: For option descriptions, click Help.
4 Click Perform Manual Load Now. The Manual Load window appears. 5 Specify where the 8.2.0 package is stored. a From the Load packages from drop-down list, select the appropriate method to load the package.

FTP Select if you placed the package on a local FTP site HTTPS Select if you placed the package on an HTTPS website CDROM Select if you created a CD that contains the package File Select if you copied the package to your home directory on the firewall
b In the Packages field, type 8.2.0. c

Complete the remaining fields as appropriate.

d Click OK. A confirmation message appears. 6 Click Yes. The firewall loads the package from the specified location. When the operation is complete,

a message appears.
7 Click OK. 8 Verify that 8.2.0 is loaded on your firewall. a Click the Manage Packages tab. b Verify that the Status of the 8.2.0 package is Loaded on <date>.

12

McAfee Firewall Enterprise 8.2.0 Release Notes

Upgrade a firewall to version 8.2.0

Install the 8.2.0 package

Perform this procedure to install the 8.2.0 package on your firewall. This package also includes a separate Admin Console update.
Note: The firewall will restart during the patch installation.

To install this patch on your firewall from the Admin Console:

1 Select Maintenance | Software Management. 2 Click the Manage Packages tab. 3 Select 8.2.0 from the list of packages, then click Install. 4 Select Install now, then click OK.

A warning appears stating that the firewall will restart after the patch is installed.
5 Click Yes.

The package is installed, then an Error message appears stating that the connection to the server has been lost.
6 Click OK.

The Admin Console is disconnected and the firewall restarts.

Update the Admin Console

After the firewalls, update the Admin Console by connecting to the firewall.
1 Reconnect the Admin Console to the firewall.

A message appears prompting you to install an Admin Console update.

2 Click Yes.

The Admin Console update downloads, then a message appears asking if you want to install the package now.
3 Click Yes.

The Admin Console closes and the InstallShield Wizard window appears.
4 Click Next.

A progress bar appears while the Admin Console update installs. When the installation completes, the Update Complete window appears.
5 Click Finish. The Admin Console opens.

Verify that version 8.2.0 is installed

After the Admin Console update completes, verify that version 8.2.0 is installed on your firewall.
1 Reconnect the Admin Console to the firewall. 2 Select Maintenance | Software Management. 3 On the Manage Packages tab, verify that the status for 8.2.0 is Installed.

If the patch status is still Loaded, call technical support. You can also click View Package Details or View Log to see information about the installation. The patch is now installed.

McAfee Firewall Enterprise 8.2.0 Release Notes

13

Upgrade a firewall to version 8.2.0

Patch rollback
If the installed patch does not work to your satisfaction, you can use the Rollback feature to restore the firewall to a previous state.
Caution: If you use the Rollback feature, any configuration changes made after the patch was installed are lost. Therefore, rolling back is a recommended recovery option for only a short time after a patch installation. Note: A rollback always requires a restart.

To restore the firewall to a previous state:

1 Select Maintenance | Software Management. 2 Click the Rollback tab. 3 Click Rollback Now, or select Schedule Rollback for to schedule a time for the rollback.

Upgrade a Control Center-managed firewall or HA cluster

Use Control Center to upgrade firewalls and clusters managed by Control Center.
Caution: Do not use the Firewall Enterprise Admin Console to install a patch directly on a managed firewall.
1 Upgrade your Control Center to version 5.2.0 or later. For instructions, see the McAfee Firewall

Enterprise Control Center Release Notes, version 5.2.0.

2 Use Control Center to upgrade the managed firewall or cluster to version 8.2.0. For instructions, see

the McAfee Firewall Enterprise Control Center Product Guide.

14

McAfee Firewall Enterprise 8.2.0 Release Notes

Perform a new installation

Perform a new installation

To install version 8.2.0, use the appropriate procedure for your Firewall Enterprise platform: Firewall Enterprise appliance Firewall Enterprise, Virtual Appliance Firewall Enterprise on Riverbed Services Platform
Note: This release does not support McAfee Firewall Enterprise on Crossbeam X-Series Platform. However, McAfee intends to support this platform in the future.

Firewall Enterprise appliance

To re-image your firewall to version 8.2.0, perform these tasks in order:
1 Create a configuration backup 2 Download Firewall Enterprise software 3 Download the Product Guide 4 Install the Management Tools 5 Install Firewall Enterprise 6 Complete post-installation instructions

Create a configuration backup

When you perform a new installation on your firewall, all configuration and log information is removed. McAfee recommends that you create a configuration backup and save it off the firewall. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide.

Download Firewall Enterprise software

Perform this procedure to download the version 8.2.0 files.
1 In a web browser, navigate to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version. 3 Download the appropriate files.

Management Tools Download the McAfee Firewall Enterprise Admin Console executable (.exe) file or CD image (.iso) file.
Tip: Select the CD image file if you want to create a CD for use in installing the Management Tools.

Version 8.2.0 image Download the installation CD image (.iso) file or USB image (.zip) file.
Tip: Select the USB image file if your appliance does not have a CD-ROM drive.
4 Create physical installation media using the downloaded installation files.

Write the .iso file(s) to a CD.

Note: If you downloaded multiple .iso files, use a separate CD for each file.

If you downloaded the USB image file, write the image to a USB drive. Refer to KnowledgeBase article KB69115 for instructions.

McAfee Firewall Enterprise 8.2.0 Release Notes

15

Perform a new installation

Download the Product Guide

Download the McAfee Firewall Enterprise Product Guide so you have it available during the planning and setup process.
1 Go to the McAfee Technical Support ServicePortal at mysupport.mcafee.com. 2 Under Self Service, click Product Documentation. 3 Select the appropriate product and version. 4 Download the version 8.2.0 product guide.

Install the Management Tools

Perform this procedure to install the Management Tools on a Windows-based computer. The Management Tools include: Quick Start Wizard Creates the initial configuration for the firewall Admin Console Manages the firewall
Note: Firewall Enterprise management tools are version-specific. You cannot connect to a version 8.x firewall using an older version of the Admin Console. However, you can have multiple management tools that co-exist on the same Windows-based computer.
1 Launch the installation process:

If you downloaded the executable (.exe) file, locate the file on your computer, then double-click it. If you downloaded the CD image (.iso) file and used it to create a CD, insert the CD into the appropriate drive. The welcome window appears.
2 Follow the on-screen instructions to complete the setup program.

Note: McAfee recommends using the default settings. Tip: Consider installing an SSH client on your computer. Use the SSH client to provide secure command line access to the firewall.

Install Firewall Enterprise

Use this procedure to install version 8.2.0 on your appliance.
1 Boot the firewall from the physical installation media that you created.

Installation USB drive: If the firewall is on, insert the USB drive and restart. If the firewall is off, insert the USB drive and turn on the firewall. Installation CD: If the firewall is on, insert the CD and restart. If the firewall is off, turn it on and quickly insert the CD. The firewall starts and displays standard boot-up information.
2 When the firewall starts, configure it to boot from the inserted installation media.

Models without a CD-ROM drive Enter the boot menu, then select the installation USB drive. Models with a CD-ROM drive By default, the boot order is set to check the CD drive first. If the boot order has been altered and does not check the CD drive first, restart and enter the BIOS to adjust the boot order accordingly. The firewall boots from the installation media.

16

McAfee Firewall Enterprise 8.2.0 Release Notes

Perform a new installation

3 At the McAfee Inc. menu, accept the default, which is the Operational System. The welcome menu

appears.
4 At the Welcome to McAfee Firewall Enterprise menu, select a Firewall Enterprise boot option.

If you are using a locally attached terminal, press Enter to accept the default. If you intend to use a serial console, type 4 and press Enter.
5 When the installation complete message appears, remove the installation media from the firewall. 6 Press R to restart the firewall, then press Enter. The firewall restarts and displays standard restart

information. Firewall Enterprise version 8.2.0 is now installed on your appliance.

Complete post-installation instructions

Now that you have installed Firewall Enterprise, you are ready to configure and start up the firewall. For complete setup instructions, refer to the following chapters in the McAfee Firewall Enterprise Product Guide, version 8.2.0: Planning Installation and configuration Startup

McAfee Firewall Enterprise 8.2.0 Release Notes

17

Perform a new installation

Firewall Enterprise, Virtual Appliance

To install Firewall Enterprise, Virtual Appliance, version 8.2.0, perform these tasks in order:
1 Create a configuration backup 2 Download Firewall Enterprise, Virtual Appliance software 3 Download the Installation Guide 4 Install the virtual firewall

Create a configuration backup

If you are replacing an existing Firewall Enterprise, Virtual Appliance, McAfee recommends that you create a configuration backup. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide.

Download Firewall Enterprise, Virtual Appliance software

Perform this procedure to download version 8.2.0 files.
1 In a web browser, navigate to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version. 3 Download the virtual image (.zip) file.

Download the Installation Guide

You will use the McAfee Firewall Enterprise, Virtual Appliance Installation Guide during the planning and setup process.
1 Go to the McAfee Technical Support ServicePortal at mysupport.mcafee.com. 2 Under Self Service, click Product Documentation. 3 Select the appropriate product and version. 4 Download the version 8.x installation guide.

Install the virtual firewall

Refer to the McAfee Firewall Enterprise, Virtual Appliance Installation Guide, version 8.x, to install the virtual firewall. The high-level installation steps include:
1 Install the virtual firewall on a VMware ESXi server. a On your ESXi server, create an isolated port group, and name it unconfigured. b Import the firewall. c

Configure network mappings for the firewall.

d Perform initial firewall configuration. 2 Install the Management Tools on a Windows-based computer.

18

McAfee Firewall Enterprise 8.2.0 Release Notes

Perform a new installation

Firewall Enterprise on Riverbed Services Platform

To install Firewall Enterprise version 8.2.0 on Riverbed Services Platform, perform these tasks in order:
1 Create a configuration backup 2 Download the Firewall Enterprise for Riverbed package 3 Download the Installation Guide 4 Install Firewall Enterprise on your Riverbed Steelhead appliance

Create a configuration backup

If you are replacing an existing Firewall Enterprise on Riverbed Services Platform, McAfee recommends that you create a configuration backup. Backing up the configuration files lets you quickly restore a firewall. For instructions on creating a configuration backup, refer to the McAfee Firewall Enterprise Product Guide.

Download the Firewall Enterprise for Riverbed package

Perform this procedure to download the Firewall Enterprise RSP package and Admin Console.
1 In a web browser, navigate to www.mcafee.com/us/downloads. 2 Provide your grant number, then navigate to the appropriate product and version. 3 Download the Firewall Enterprise package.

Download the Installation Guide

You will use the McAfee Firewall Enterprise on Riverbed Services Platform Installation Guide during the planning and setup process.
1 Go to the McAfee Technical Support ServicePortal at mysupport.mcafee.com. 2 Under Self Service, click Product Documentation. 3 Select the appropriate product and version. 4 Download the version 8.x installation guide.

Install Firewall Enterprise on your Riverbed Steelhead appliance

Refer to the McAfee Firewall Enterprise on Riverbed Services Platform Installation Guide, version 8.x, to install the firewall. The high-level installation steps include:
1 Install the firewall on your Riverbed Steelhead appliance. a Add the Firewall Enterprise package to RSP. b Install the firewall in an available slot. c

Configure the RSP data flow to direct network traffic through the firewall.

d Perform initial firewall configuration. 2 Install the Management Tools on a Windows-based computer.

McAfee Firewall Enterprise 8.2.0 Release Notes

19

Perform a new installation

For support information, visit mysupport.mcafee.com. Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. 700-3493A00

20

McAfee Firewall Enterprise 8.2.0 Release Notes