[go: up one dir, main page]
Scribd
Upload
416 views30 pages

FireEye EX 5500 HARDWARE ADMINISTRATION GUIDE

Uploaded by

Pierre Boya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
416 views30 pages

FireEye EX 5500 HARDWARE ADMINISTRATION GUIDE

Uploaded by

Pierre Boya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

F I R E E Y E T E C H N I C A L  

D O C U M E N T A T I O N

EX SERIES
HARDWARE ADMINISTRATION GUIDE
EX 5500
FEI-016

EX SERIES / 2019
FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United
States and other countries. All other trademarks are the property of their respective
owners.
FireEye assumes no responsibility for any inaccuracies in this document. FireEye
reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.
Copyright © 2019 FireEye, Inc. All rights reserved.
EX Series Hardware Administration Guide
Revision 2

FireEye Contact Information:


Website: www.fireeye.com
Technical Support: https://csportal.fireeye.com
Phone (US):
1.408.321.6300
1.877.FIREEYE
Contents

Contents

CHAPTER 1: The EX 5500 4


The Front View 5
Buttons 5
LEDs 5
Chassis 6
The Rear View 7
Power Port 7
I/O Ports 7
Management Ports 7
Monitoring Ports 8

CHAPTER 2: Deployment 10
Message Transfer Agent Deployment 10
Bcc: Deployment 12
SPAN/TAP Deployment 13

CHAPTER 3: Installation 16
Before You Begin 16
Installation Site Guidelines 16
Rack Precautions 17
Server Precautions 18
Rack-Mounting Precautions 18
Power Requirements 18
Ventilation Requirements 19
Cabling Requirements 19
Rack Installation 19
Installing the Inner Rails on the Appliance 19

© 2019 FireEye 2
Contents

Installing the Outer Rails on the Rack 20


Mounting the Appliance on the Rack 20
Attaching Cables to the Appliance 20
Turning On the Appliance 20

CHAPTER 4: Replacements 22
Return Process 22
Removing and Replacing a Disk Drive 22
Removing and Replacing a Power Supply Unit 22
Removing and Replacing a Cooling Fan 23

Appendices 24
Appendix 1: System Specifications 24

Technical Support 28
Documentation 28

3 © 2019 FireEye
EX Series Hardware Administration Guide

CHAPTER 1: The EX 5500

The FireEye EX 5500 protects your network from spearphishing attacks that bypass
traditional anti-spam technologies. It analyzes every attachment using a signature-less,
Multi-Vector Virtual Execution engine that can identify zero-day attacks by detonating
attachments in an environment that mimics operating systems, applications, and browsers
in their exhaustive list of versions, configurations, and plug-ins.
The EX 5500 provides layers of dynamic malware analysis to protect your network from
malicious images, PDFs, and ZIP/RAR/TNEF archives.

© 2019 FireEye 4
EX Series Hardware Administration Guide CHAPTER 1: The EX 5500

The Front View

1) USB 2.0 Ports 6) Information LED

2) Bezel Release 7) ether1 LED

3) Power Button 8) IPMI LED

4) HDD LED 9) Reset Button

5) Power LED

Ports and Bezel


l Bezel Release: Slide the release tab to the right to remove the bezel from the
appliance to access the chassis.
l USB 2.0: These ports are USB 2.0 compliant.

Buttons
l Power Button: Use the power button to turn the appliance on or off. Turning off the
power with this button removes the main power, but keeps the standby power
supplied to the appliance. Therefore, unplug the appliance before servicing.
l Reset Button: Use the reset button to reboot the system.

LEDs
The front panel has LEDs that provide critical information about parts of the appliance.
The following table describes each LED.

5 © 2019 FireEye
The Front View

LED Flashing Steady Off Normal State

HDD Flashing and N/A HDD is Flashing and


blue indicates idle. blue when in
HDD activity. use and off
when not in use.

Power N/A Blue and steady No power Blue and steady


indicates power is is being
being supplied to the supplied to
system the system

Information N/A Red and steady System is Off


indicates a platform operating
event filter initiated by normally
the motherboard

ether1 Blue and Blue and steady No activity Blue and steady
flashing indicates normal
indicates data connectivity on ether1
transfer via port
ether1 port

IPMI Blue and Blue and steady No activity Blue and steady
flashing indicates normal
indicates data connectivity on
transfer via IPMI port
IPMI port

Chassis

l Disk Drive Carrier: Each carrier can house a hot-swappable disk drive. A drive slot
map displays the disk slot numbers on top of the appliance.
l Handle Lock: Slide to the left to unlock the handle and slide to the right to lock it.

© 2019 FireEye 6
EX Series Hardware Administration Guide CHAPTER 1: The EX 5500

The Rear View

1) Power Port 6) USB 3.0 Ports

2) Serial Console Port 7) IPMI/Serial over Ethernet Port

3) Video Port 8) pether3 (RJ45) Monitoring 3 Port

4) ether2/pether2 (RJ45) Monitoring 2 Port 9) pether4 (RJ45) Monitoring 4 Port

5) ether1 (RJ45) Management 1 Port

Power Port
l Power: Connect your power source to this port to provide power to the appliance.
The appliance comes with one redundant power supply unit for use if the primary
unit fails.

I/O Ports
l Serial Console: Connect to this port to manage the appliance from your terminal.
l Video: Connect a monitor to this port to view the appliance's command-line
interface.
l USB 3.0: These ports are USB 3.0 compliant.

Management Ports
l ether (RJ45): Connect your LAN to this port to enable remote access to the CLI and
Web UI. The RJ45 connector is a 10/100/1000BASE-T port.
l IPMI: Connect for access to out-of-band management functions, including power
control, console redirection, and appliance health status. The connector is a
100BASE-T port.

7 © 2019 FireEye
The Rear View

IMPORTANT: The IPMI interface port is only enabled in CM Release 8.2.0 or


later and IPMI firmware version 2.07 or earlier.

Monitoring Ports
Each interface pair is physically and logically segregated from other interface pairs,
preventing communication between the different network segments.

l pether (RJ45): Connect the switch port you want to monitor to this port. The RJ45
connectors are 10/100/1000BASE-T ports.

© 2019 FireEye 8
EX Series Hardware Administration Guide CHAPTER 1: The EX 5500

9 © 2019 FireEye
EX Series Hardware Administration Guide Message Transfer Agent Deployment

CHAPTER 2: Deployment
You can deploy the EX 5500 in your network in one of the following ways:

l Message Transfer Agent Deployment below


l Bcc: Deployment on page 12
l SPAN/TAP Deployment on page 13

Message Transfer Agent Deployment


When the EX 5500 is in Message Transfer Agent deployment, it serves as an MTA inline
with the email traffic flow and can be configured to Block Analysis Mode or Monitor
Analysis Mode. In Block Analysis Mode (the default), the EX 5500 will prevent malicious
emails from passing through to the mail server. In Monitor Analysis Mode, all email is
passed through to the mail server and only copies of the email are analyzed.
The diagram below illustrates the MTA deployment of an EX 5500 in a typical network
environment.

For information about configuring the EX 5500 for MTA deployment mode, see the
EX Series System Administration Guide for your release.

© 2019 FireEye 10
EX Series Hardware Administration Guide CHAPTER 2: Deployment

Prerequisites
Before connecting the EX 5500 to your network, ensure that your network devices provide
10/100/1000BASE-T Ethernet output.

Cabling
Connect two cables to the EX 5500appliance’s management ports as follows:

l ether1: Connect one end of an Ethernet cable to the EX 5500 appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
l pether3: Connect one end of an Ethernet cable to the EX 5500 appliance’s pether3
port, and connect the other end to your MTA or anti-spam device. This connection
allows the appliance access to the up- and downstream of traffic.

11 © 2019 FireEye
Bcc: Deployment

l (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet cable
to the EX 5500 appliance’s pether2 port, and connect the other end to your Internet-
facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious


URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.

Bcc: Deployment
When the EX 5500 is in Bcc: mode, it receives a copy of all emails from a Message Transfer
Agent (MTA) or anti-spam device for analysis. If the results of the analysis are positive for
malicious attachments or URLs, a notification will be sent to a determined list of “admin
CC:” or “Bcc:” email alias members.
The diagram below illustrates the Bcc: deployment of an EX 5500 in a typical network
environment.

For information about configuring the EX 5500 for Bcc: mode, see the EX Series
System Administration Guide for your release.

© 2019 FireEye 12
EX Series Hardware Administration Guide CHAPTER 2: Deployment

Prerequisites
Before connecting the EX 5500 to your network, ensure that your network devices provide
10/100/1000BASE-T Ethernet output.

Cabling
l ether1: Connect one end of an Ethernet cable to the EX 5500 appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
l pether3: Connect one end of an Ethernet cable to the EX 5500 appliance’s pether3
port, and connect the other end to your MTA or anti-spam device. This connection
allows the appliance access to the up- and downstream of traffic.
l (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet cable
to the EX 5500 appliance’s pether2 port, and connect the other end to your Internet-
facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious


URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.

SPAN/TAP Deployment
When the EX 5500 is in SPAN/TAP deployment, it is connected to a network switch
capable of mirroring traffic. The EX 5500 extracts email from the traffic for analysis.
The diagram below illustrates the SPAN/TAP deployment of an EX 5500 in a typical
network environment.

For information about configuring the EX 5500 for SPAN/TAP mode, see the EX
Series System Administration Guide for your release.

13 © 2019 FireEye
SPAN/TAP Deployment

Prerequisites
Before connecting the EX 5500 to your network, ensure that your network devices provide
10/100/1000BASE-T Ethernet output.
Connect two cables to the EX 5500appliance’s management ports as follows:

l ether1: Connect one end of an Ethernet cable to the EX 5500 appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
l pether3: Connect one end of an Ethernet cable to the EX 5500 appliance’s pether3
port, and connect the other end to your switch. This connection allows the appliance
access to the up- and downstream of traffic.
l (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet cable
to the EX 5500 appliance’s pether2 port, and connect the other end to your Internet-
facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious


URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.

© 2019 FireEye 14
EX Series Hardware Administration Guide CHAPTER 2: Deployment

Cabling
l ether1: Connect one end of an Ethernet cable to the EX 5500 appliance’s ether1 port,
and connect the other end to your LAN-facing switch. This port is the management
interface.
l pether3: Connect one end of an Ethernet cable to the EX 5500 appliance’s pether3
port, and connect the other end to your switch. This connection allows the appliance
access to the up- and downstream of traffic.
l (For optional URL Dynamic Analysis) pether2: Connect one end of an Ethernet cable
to the EX 5500 appliance’s pether2 port, and connect the other end to your Internet-
facing firewall device.

This connection allows the appliance to retrieve objects referred to by suspicious


URLs for further analysis. FireEye recommends connecting to an isolated Internet
connection to prevent the exposure of the IP address and other information about
your main network.

15 © 2019 FireEye
EX Series Hardware Administration Guide Before You Begin

CHAPTER 3: Installation
This chapter provides information about the site requirements of your installation location.

Before You Begin


Follow the steps in this section before you install the appliance.
Before Opening the Box

l Review the Packing Slip contained in the plastic slip attached to the top of the box.
Ensure the shipment contains the correct appliance.
l Ensure the serial number listed on the Packing Slip matches the one specified on the
sticker located on one side of the box.
l If there appears to be damage to the box, file a damage claim with the carrier who
delivered it.

Unpacking the Appliance


Carefully remove the appliance from the box in an area away from heat, electrical noise,
and electromagnetic fields.
Ensure your box contains:

l The correct appliance model


l An accessory kit
l Online Documents Portal Referral
l A rail kit

Installation Site Guidelines


Follow these guidelines when you select an installation site:

© 2019 FireEye 16
EX Series Hardware Administration Guide CHAPTER 3: Installation

l Leave enough clearance in front of the rack for its door to open completely without
obstruction.
l Avoid environments that produce heat, electrical noise, and electromagnetic fields.
l Only install the appliance in a restricted access location such as a service closet or
dedicated equipment room.
l Make sure the location is properly ventilated.
l Make sure there is sufficient space for air flow.

Rack Precautions
FireEye recommends that you mount the appliance in a standard 19-inch rack. The vertical
hole spacing on the rack rails must meet standard ANSI/EIA-310-C requirements.
Consider the following before installing your appliance in the rack:

l Ensure the leveling jacks on the bottom of the rack are fully extended to the floor
with the full weight of the rack resting on them.
l In a single-rack installation, stabilizers should be attached to the rack.
l In a multiple-rack installation, the racks should be coupled together to increase their
stability.
l Always make sure the rack is stable before extending a component from the rack.
l Only extend one component from the rack at a time—extending two or more
simultaneously may cause the rack to become unstable.
l Ensure your rack meets the safety requirements of UL 60950-1.

STABILITY HAZARD: The rack may tip over causing serious personal


injury. To prevent injury:

l Before extending the rack to the installation position, read the


installation instructions.
l Do not put any load on the slide-rail mounted equipment when the
rails are extended in the installation position.
l Do not leave the slide-rail mounted equipment with the rails
extended in the installation position.

17 © 2019 FireEye
Server Precautions

Server Precautions
FireEye recommends reviewing the electrical and general safety precautions that came with
each component you intend to install in the rack.
Review the following before installing the appliance in the rack:

l Determine the placement of each component in the rack.

l Ensure there is a minimum clearance of six inches behind the chassis to allow for
easy cable management.
l Install the heaviest component at the bottom of the rack first, then move up.
l Allow hot-swappable power supply units, disk drives, and transceivers to cool
before handling them.
l Use a regulating uninterruptible power supply to protect your components from
voltage spikes, power surges, and failure during a power outage.
l Keep all of the rack's doors and panels closed when you are not servicing the
components.

Rack-Mounting Precautions
Consider the following safety precautions when you install the appliance in the rack:

l Make sure the appliance is grounded at all times to prevent damage from
electrostatic discharge.
l Use an electrostatic wrist guard when handling the appliance.
l At least two technicians should be involved to install the appliance safely.
l FireEye recommends only individuals with rack-mounting experience should install
the appliance.
l Install the appliance in an environment compatible with the manufacturer's
maximum recommended ambient temperature (TMRA) for each component in your
rack.

Power Requirements
The EX uses a 800 W power supply unit with an input rating of 100-240 VAC (±10%), 10-5
A at 50-60 Hz.

© 2019 FireEye 18
EX Series Hardware Administration Guide CHAPTER 3: Installation

Ensure your power source has sufficient electrical overload protection. In North America,
connect the rack to a power source with over-current protection that complies with UL 489.
In Europe, the over-current protection must comply with IEC standards.

Ventilation Requirements
Ventilation and optimal location are essential to the proper operation of the EX Series
appliance. Give the unit at least six inches of space around ventilation openings so that
adequate ventilation is possible.
The EX Series appliance draws air through the front and expels it out the back. Note the
direction of the air intake and exhaust of the other components in the rack to ensure safe
ventilation of all components involved.

Cabling Requirements
The EX Series appliance ships with the following cables:

l (2) 6 ft AC power cord, SVT, 60oC, 3x18AWG (0.824mm2 )

l (1) 6 ft null modem DB9 female serial cable

You must provide any additional cables required to connect your system to the network
and other devices. Do not exceed the maximum run length of the additional cables you
provide.

Rack Installation
This section explains how to install your appliance in a standard 19-inch wide rack with
the equipment provided. Because various rack units are available, the assembly procedure
may differ slightly from the following instructions. Refer to the installation instructions
that came with your rack.

Installing the Inner Rails on the Appliance


1. Starting with either rail (each works for both sides of the appliance), pull the inner
rail from the outer rail until it is fully extended.
2. Push the arrow-shaped rail-release lever on the inner rail in the direction of the
arrow and slide the inner rail out until it is detached from the outer rail.
3. Align the notches of the inner rail with the tabs on the side of the appliance.

19 © 2019 FireEye
Attaching Cables to the Appliance

4. While firmly pressing the inner rail against the appliance, slide it in the direction of
the tabs until you hear a click.
5. Repeat steps 1—4 with the other inner rail on the other side of the appliance.

Installing the Outer Rails on the Rack


1. Insert the front end of an outer rail (“Front Bracket” is engraved on the front end)
into the front rack column at the desired height. A metal tab will slide and lock onto
the column automatically.
2. Extend the rail until it reaches the rear rack column.
3. Insert the back end into the rack column at the same height chosen in step 1.
4. Repeat steps 1—3 with the other outer rail on the other side of the rack.

Mounting the Appliance on the Rack


1. Align the rear of the inner rails installed on the appliance with the front channels of
the outer rails installed on the rack.
2. Fully slide the appliance into the rack. The inner and outer rails will lock together
automatically.
3. (Optional) Further secure the appliance to the rack by using the captive screws
installed on the ears of the appliance.

Attaching Cables to the Appliance


1. Connect the EX Series appliance to one or more network devices using the cables
appropriate to the deployment of your choice.
2. Connect the power cable or cables to the power port or ports on the back of the
appliance.

Turning On the Appliance


Power on the appliance by pressing the power button on the ear to the right of the bezel.

© 2019 FireEye 20
EX Series Hardware Administration Guide CHAPTER 3: Installation

21 © 2019 FireEye
EX Series Hardware Administration Guide Return Process

CHAPTER 4: Replacements

Return Process
If you believe you have a defective part or system, you must first contact FireEye Technical
Support, who will validate the claim. If the part or system is defective, Technical Support
will initiate a Return Materials Authorization (RMA) and guide you through the process.
For more information, visit www.fireeye.com/legal.

Removing and Replacing a Disk Drive


Perform the following steps to remove and replace a disk drive:

1. Remove the bezel at the front of the appliance by sliding the release tab to the right
and pulling the bezel away from the chassis.
2. Locate the disk drive carrier that contains the failed disk drive. The carrier should
have a blinking amber LED.
3. Unlock the disk drive handle by sliding the blue tab to the left.
4. Push the maroon button on the right to release the latch handle.
5. Pull the handle to slide the disk drive from its slot.
6. Insert the new disk drive carrier into the available slot and push in until it clicks.

Removing and Replacing a Power Supply


Unit
Perform the following steps to remove and replace a power supply unit (PSU):

© 2019 FireEye 22
EX Series Hardware Administration Guide CHAPTER 4: Replacements

1. At the rear of the appliance, remove the power cable from the failed PSU.
2. While gripping the handle to the left of the power port and pressing the release lever
to the right of it, pull out the failed PSU.
3. Insert the replacement PSU in the open slot and slide it in until it clicks into place.
4. Attach the power cable to the new power supply.

Removing and Replacing a Cooling Fan


Perform the following steps to remove and replace a failed fan:

1. Turn off the appliance.


2. Using a Phillips screwdriver, remove the four screws securing the middle section of
the appliance’s top cover.
3. Remove the middle section of the top cover.
4. Remove the fan from the appliance by squeezing the plastic release tab and pulling.
5. Insert the new fan into the empty fan bracket, ensuring it is oriented the same way
as the others. You will hear a click when it is secured.
6. Replace the top cover and secure it with screws.

23 © 2019 FireEye
EX Series Hardware Administration Guide Appendix 1: System Specifications

Appendices

Appendix 1: System Specifications


The table below provides the technical specifications for the FireEye EX 5500.

Component EX 5500 Specifications

Form Factor 2U Rack-Mount

Weight of Appliance 44.1 lbs (20.0 kg)

Weight of Packaged Appliance 65.3 lbs (29.6 kg)

Dimensions 17.2 x 24.4 x 3.4 inches


(W x D x H) (437 x 620 x 88.4 mm)

Enclosure 2 RU, fits 19-inch Rack

Management Interfaces (2) 10/100/1000BASE-T Ports

Monitoring Interfaces (2) 10/100/1000BASE-T Ports

Memory 128 GB (8 x 16 GB)

Drive Capacity (4) 2 TB HDD,


RAID 10,
3.5 inch,
FRU

AC Power Supply Redundant (1+1),


FRU,
800 W @ 100-240 VAC (±10%)
10-5 A, 50-60 Hz
IEC60320-C14 inlet

Maximum Power Consumption 456 W

© 2019 FireEye 24
EX Series Hardware Administration Guide Appendices

Component EX 5500 Specifications

Operating Temperature 0° to 35° C

Maximum Thermal Dissipation 1,556 BTU/hour

25 © 2019 FireEye
Appendix 1: System Specifications

© 2019 FireEye 26
EX Series Hardware Administration Guide Appendices

27 © 2019 FireEye
Technical Support
For technical support, contact FireEye through the Support portal:
https://csportal.fireeye.com

Documentation
Documentation for all FireEye products is available on the FireEye Documentation Portal
(login required):
https://docs.fireeye.com/

© 2019 FireEye 28
FireEye, Inc. | 601 McCarthy Blvd. | Milpitas, CA | 1.408.321.6300 | 1.877.FIREEYE | www.fireeye.com

© 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands,
products, or service names are or may be trademarks or service marks of their respective owners.

You might also like