Knowledge Base
The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
|
Using Sourcefire FireAMP Virtual with VMware vShield Manager 5 (2042015)
Purpose
Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see the FireAMP Virtual page on the Sourcefire web site.
Resolution
Sourcefire FireAMP Virtual
Sourcefire Advanced Malware Protection for Virtual Environments - FireAMP Virtual - provides a centralized, agent-less security solution for VMware deployments. It utilizes a hardened Security Virtual Machine (SVM) that integrates with the existing network to provide transparent real-time protection for guest virtual machines.
FireAMP Virtual includes a dedicated antivirus engine and specialized software Connector that communicate with VMware vShield Manager to handle file and other events from guest virtual machines.
This specialized Connector forwards files to be scanned to the antivirus engines, making use of two advanced antivirus solutions:
ClamAV is used as a local antivirus engine and is the first layer of protection. It uses both signatures and heuristics to protect against Trojan horses, viruses, email malware, phishing, and other threats. It also allows for the use of custom signatures.
ETHOS is the Sourcefire file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
Supported software
- VMware vCenter Server 5 Patch 1 or vCenter Server 4.1 Patch 3
- ESXi 5.0 Patch 1 build 474610+
- ESXi 4.3 Patch 3 build 433742+
- VMware vShield Manager 5, minimum build 47379+
- vShield Endpoint Loadable Kernel Module (LKM) 5.0.0-447150+
- vShield Endpoint Loadable Kernel Module (LKM) 5.0.0-447150+
- VMware Tools 8.6.0 build 515842+
- Installed on guest virtual machines via ESXi 5.0 Patch 1
Deployment via the vSphere Client
To deploy the FireAMP virtual machine using the vSphere Client:
- Download the OVA file from Management > Virtual Deployment in your FireAMP Console.
- Start the vSphere Client and connect to your vCenter Server.
- Go to File > Deploy OVF template, select the OVA file that you have downloaded, then click Next.
- You are presented with the OVF Template Details. Click Next.
- Choose a name and location for the FireAMP virtual machine and click Next.
- Choose the ESX host where you will deploy the FireAMP virtual machine and click Next.
- Choose a disk format of Thin Provisioned or Thick Provisioned Lazy Zeroed depending on your disk space availability, and click Next.
- Map the networks defined in the FireAMP virtual machine to the virtual network in your vSphere environment. The FireAMP virtual machine requires two networks:
- vmservice-vshield-pg: A host-only network that has a VMKernel port.
- VM network: An Internet-facing network with a DHCP-assigned IP address.
- Click Finish. A dialog appears that shows the deployment progress.
- When finished, close the dialog and power on the new virtual machine if it was not powered on automatically.
- Go to the virtual machine summary page and locate its DHCP-assigned IP address (click View All). Alternatively, you can view the IP address in the virtual machine console.
Deployment via the OVF Tool
If you are using Apple OS X or a Linux operating system, you can deploy the FireAMP virtual machine using the OVF Tool. If you are using other operating systems, VMware does not provide a solution to deploy the FireAMP virtual machine at this time, so you will have to connect to a Linux server or a Windows virtual machine.
To deploy the FireAMP virtual machine using the OVF Tool:
- Download the OVF Tool from:
http://www.vmware.com/support/developer/ovf/ - Run the OVF Tool with the command:
$ /opt/vmware/ovftool/ovftool --powerOn Sourcefire_FireAMP_Virtual.ova vi://username@vcenter_server/datacenter_name/host/ESXiHost
Where:usernameis your vCenter Server usernamevcenter_serveris the hostname or IP address of your vCenter Serverdatacenter_nameis the name of your datacenter in vCenter Serverhostis a static stringESXiHostis the IP address of your ESXi/ESX host
- After running the command, you are prompted for your password and then the FireAMP virtual machine is deployed and powered on. If you receive any error messages, consult the OVF Tool documentation on how to pass additional parameters.
Support information
Responsive Technical Support for Uninterrupted Security
Sourcefire is dedicated to providing the highest quality network security systems and advanced malware protection coupled with leading technical support to ensure that your organization operates without disruption. Our comprehensive support packages include 24x7 service, hardware and software support, and the backing of the world-renowned Sourcefire VRT® (Vulnerability Research Team) to ensure your business is protected against today's ever-evolving threats.
Support Online and Over the Phone
Sourcefire offers web-based access to an easy-to-use support website. The website includes information on software and rule updates, installation details, product documentation, and configuration and troubleshooting tips. Customers can make a service request by requesting a web ticket online, by telephone, or by email at support@sourcefire.com.
For high-priority support requests that require immediate assistance, please call Sourcefire Support at one of these toll-free numbers:
- United States: 800-917-4134
- United Kingdom: 0808-234-7102
- Australia: 1-800-096-126
- New Zealand: 0800-441-952
- Japan: 00531-121920
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.
Actions
KB:
- Updated:
- Categories:
- Languages:
- Product Family:
- Product(s):
- Product Version(s):