Trellix NS3 00 Series User manual
This quick start guide explains how to quickly set up and activate your Trellix Intrusion Prevention System NS3100
and NS3200 Sensors in inline mode. These models have a throughput of 750 Mbps.
All product documentation referenced in this quick start guide is found on the Trellix Documentation Portal.
The NS3100/NS3200 Sensor model
Figure 1 Sensor front panel
1Console port (1)
2RJ-45 10/100/1000 Management port (MGMT) (1)
3RJ-45 10/100/1000 Response port (R1) (1)
4USB ports (1)
5RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (8)
Figure 2 Sensor rear panel
1Power supply inlet (1)
2Fan units (3)
Trellix Intrusion Prevention System
(NS3x00 Quick Start Guide)
1
1 Verify the contents in the box
The following accessories are shipped in the NS3x00 Sensor crate:
• Sensor
• Power cords (Trellix provides standard and international power cables)
• Printed Quick Start Guide
2 Verify the hardware and software requirements
Make sure to meet the following hardware requirements. For more information, refer to Trellix Intrusion
Prevention System Installation Guide.
Manager Windows server system requirements
2
The following table lists the 11.1 Windows based Manager/Central Manager application requirements:
Note
Windows Server 2012 Standard/Windows Server 2012 R2 Standard is not supported for the Manager.
Minimum required Recommended
Operating
system
Any of the following:
• Windows Server 2016 Standard Edition English
operating system
• Windows Server 2016 Standard Edition Japanese
operating system
• Windows Server 2016 Datacenter Edition English
operating system
• Windows Server 2016 Datacenter Edition Japanese
operating system
• Windows Server 2019 Standard Edition English
operating system
• Windows Server 2019 Standard Edition Japanese
operating system
• Windows Server 2019 Datacenter Edition English
operating system
• Windows Server 2019 Datacenter Edition Japanese
operating system
• Windows Server 2022 Standard Edition English
operating system
• Windows Server 2022 Standard Edition Japanese
operating system
• Windows Server 2022 Datacenter Edition English
operating system
• Windows Server 2022 Datacenter Edition Japanese
operating system
Note: Only x64 architecture is supported.
Windows Server 2022
Datacenter Edition operating
system
Memory 16 GB
Note: Supports up to 10 million alerts in Solr
>=32 GB
Note: Supports up to
20 million alerts in Solr
CPU Server model processor, such as Intel Xeon Same
Disk space 300 GB 500 GB or more
3
Minimum required Recommended
Network 1 Gbps card 1 Gbps card
Virtual CPUs
(Applicable only
on a VMware
platform)
4 4 or more
Table 1 VMware ESX server requirements for Windows Operating System
Component Supported
Virtualization software • ESXi 7.0 Update 3
• ESXi 8.0
Note: Hyperthreading should be available.
Manager Linux server system requirements
The following table lists the 11.1 Linux based Manager/Central Manager application specications for an OVA
le:
Component Specications
MLOS 3.9.1
Logical CPU cores 8
Memory 32 GB
Disk space 500 GB
NIC 1
Note: You can consider 2 for a dual NIC conguration.
The following are the system requirements for hosting 11.1 Linux based Manager/Central Manager application
on a VMware platform:
Table 2 VMware ESX server requirements for MLOS
Component Supported
Virtualization software • ESXi 7.0 Update 3
• ESXi 8.0
Note: Hyperthreading should be available.
4
Manager client system requirements
The following table lists the 11.1 Manager/Central Manager client requirements when using Windows 10:
Minimum Recommended
Operating
system
Windows 10, English or Japanese
Note: The display language of the Manager
client must be same as that of the Manager
server operating system.
Windows 10, version 1903 English or
Japanese
Memory 8 GB 16 GB
CPU 1.5 GHz processor 2.4 GHz or faster
Monitor 32-bit color, 1440 x 900 display setting 1920 x 1080 (or above)
Browser • Microsoft Edge
• Mozilla Firefox
• Google Chrome
Note: To avoid the certicate mismatch error
and security warning, add the Manager web
certicate to the trusted certicate list.
• Microsoft Edge 111.0 or later
• Mozilla Firefox 111.0 or later
• Google Chrome 111.0 or later
For the Manager/Central Manager client, in addition to Windows 10, you can also use the operating systems
mentioned for the Manager server.
The following are Central Manager and Manager client requirements when using Mac:
Mac operating system Browser
Ventura Safari 16 or later
Install the following software:
• Manager image
• Sensor image
• Signature set
3 Install the Sensor
The mounting ears are pre-attached to the Sensor. Install the Sensor into the rack.
5
4 Connect the Management and Console ports
aOn the front panel of the NS3x00 Sensors, plug a Category 5e Ethernet cable in the Management port
(labeled MGMT).
bPlug the other end of the cable into the network device connected to your Manager server.
cOn the front panel of the NS3x00 Sensors, plug the DB9 Console cables into the Console port (labeled
Console).
dConnect the other end of the Console port cable directly to a COM port of the PC or terminal server you
are using to congure the Sensor (for example, a PC running correctly congured Windows
Hyperterminal software). You must directly connect to the console for initial conguration, you cannot
congure the Sensor remotely.
6
Terminal servers are provided for console access.
The required settings for Hyperterminal are as follows:
• Baud rate: 115200 • Stop Bits: 1
• Number of Bits: 8 • Control Flow: None
• Parity: None
ePlug one end of the power cable into the power inlet and plug the other end into a power source. The
Sensor ships with standard US power and international cables.
Note
The NS-series Sensor does not have a power switch. You can directly plug the power cable into a power
source.
5 Connect the monitoring ports
This procedure describes how to connect cables to a Sensor that runs in inline mode.
aPlug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled
x (for example, 1).
bPlug the cable appropriate for use with your transceiver module into one of the monitoring ports labeled
y (for example, 2).
cConnect the other end of each cable to the network devices that you want to monitor. For example, if you
plan to monitor trac between a switch and a router, connect the cable connected to 1 to the router (3)
and the one connected to 2 to the switch (4).
7
6 Install the Manager software
Following steps briey explain the Manager installation:
Note
You must have administrator privileges on the target Windows or Linux server to install the Manager
software.
Note
MariaDB is included with the Manager and is installed (embedded) automatically on your target Windows or
Linux server during this process.
aPrepare the system according to the requirements outlined in Trellix Intrusion Prevention System
Installation Guide.
bClose all open applications.
cGo to Trellix Download Server (https://www.trellix.com/en-us/downloads/my-products.html).
dLog on using your Grant Number and registered Email Address.
The Find Products page opens.
eIn the Category lter, select Network Security.
fClick on the Manager version required.
The Available Downloads page opens.
gIn the Type lter, select Installation.
The Manager installation les available for download are listed.
hClick on the required Manager installation le and the download starts.
iRefer to Trellix Intrusion Prevention System Installation Guide for detailed procedure to install the Manager
application.
7 Add the Sensor to the Manager
The Manager displays the Logon page.
aLog on to the Manager using the default user name (admin) and password (admin123).
bGo to Devices | <Admin Domain Name> | Global | Device Manager.
The Device Manager page is displayed.
8
cSelect the Sensors tab and then click .
Note
You do not require a license le to enable IPS on NS-series Sensors.
The Add Devices - Step 1 of 2 panel is displayed.
dEnter the following mandatory information in the appropriate elds:
1) Name — The Sensor name must begin with a letter. The maximum length of the name is 25
characters.
2) Shared Secret — The shared secret must be a minimum of 8 characters and maximum of 25
characters in length. The key cannot start with an exclamation mark nor can have any spaces. The
parameters that you can use to dene the key are listed below:
• 26 alphabets: Uppercase and lowercase
(A, B, C,...Z and a,b,c,...z)
• 32 symbols: ~ ` ! @ # $ % ^ & * ( ) _ + ‑ =
[ ] { } \ | ; : " ' , . <? /
• 10 digits: 0 1 2 3 4 5 6 7 8 9
9
Retype the password in Conrm Shared Secret.
Note
The Sensor name and shared secret key that you enter in the Manager must be identical to the
shared secret that you will enter later during physical installation or initialization of the Sensor
(using CLI interface) as stated in the Congure Sensor information section. If not, the Sensor will not
be able to register itself with the Manager.
3) Device Type — Species the type of device to be added. Select IPS Sensor.
4) Deployment Mode — Select Direct or Indirect.
Note
Selecting Direct enables online Sensor update. Direct is the default mode.
5) Contact Information — (Optional) Type the contact information.
6) Location — (Optional) Type the location.
7) Comment — (Optional) Type the comment.
eClick Save.
The added Sensor is displayed on the Sensors tab of Device Manager page.
8Congure Sensor information
Congure the Sensor with the network information, a name, and the shared secret key that the Sensor uses to
establish secure communication with the Manager. Use the name and key values you set in Add the Sensor to
the Manager section.
Tip
You must have physical access to the Sensor when you congure a Sensor for the rst time.
10
This manual suits for next models
2
Table of contents
