Import Snort configuration files globally for all Secure SD-WAN Engines

Import Snort configuration files globally to configure default settings for Snort inspection for all Secure SD-WAN Engines.

Note: Secure SD-WAN Engines do not receive automatic updates for Snort rule sets. When new Snort rule sets are available, you must import new Snort configuration files and refresh the policy on the Secure SD-WAN Engine to start using the new Snort rule sets.

For more details about the product and how to configure features, click Help or press F1.

Steps

Select Menu > System Tools > Global System Properties.
Click the Global Options tab.
Click Browse next to the Snort Configuration field, then select the Snort configuration file.
Click OK.

Next steps

Enable Snort inspection for each Secure SD-WAN Engine where you want to use Snort inspection.

Global System Properties dialog box — Global Options tab

Use this tab to configure general settings for the SMC and Secure SD-WAN Engines.

You can also use this tab to:

Authorize McAfee® Global Threat Intelligence™ (McAfee GTI). Only administrators with unrestricted permissions (superusers) can enable McAfee GTI.
Set the expiration time for one-time passwords that are generated when you save the initial configuration for an Secure SD-WAN Engine.
Import Snort configuration files globally to configure default settings for Snort inspection for all Secure SD-WAN Engines.

All settings are optional.

Option	Definition
Enable McAfee Global Threat Intelligence (GTI) and McAfee Threat Intelligence Exchange (TIE) usage	When selected, enables McAfee GTI usage. Note: McAfee Threat Intelligence Exchange (TIE) is no longer supported in Secure SD-WAN 6.10 and higher.
One-Time Passwords Expire After	Defines the expiration time for one-time passwords that are generated when you save the initial configuration for an Secure SD-WAN Engine. If the one-time password is not used, it automatically expires after the expiration time has elapsed. By default, one-time passwords expire after 30 days.
Snort Configuration	The externally created Snort configuration .zip file that contains the Snort configuration files and rules for Snort inspection. Click Browse to select a file. Click None to remove a previously imported file. Click Export to export the Snort configuration file. All Secure SD-WAN Engines for which Snort inspection is enabled use the global Snort configuration by default. Settings in the Snort configuration .zip file for an individual Secure SD-WAN Engine are combined with the settings in the global Snort configuration .zip file. If any configuration files in a Snort configuration .zip file for an individual Secure SD-WAN Engine have the same files name and paths as configuration files in the global Snort configuration .zip file, the overlapping files in the global Snort configuration .zip file are ignored.

Option

Definition

Enable McAfee Global Threat Intelligence (GTI) and McAfee Threat Intelligence Exchange (TIE) usage

When selected, enables McAfee GTI usage.

Note: McAfee Threat Intelligence Exchange (TIE) is no longer supported in Secure SD-WAN 6.10 and higher.

One-Time Passwords Expire After

Defines the expiration time for one-time passwords that are generated when you save the initial configuration for an Secure SD-WAN Engine. If the one-time password is not used, it automatically expires after the expiration time has elapsed.

By default, one-time passwords expire after 30 days.

Snort Configuration

The externally created Snort configuration .zip file that contains the Snort configuration files and rules for Snort inspection.

Click Browse to select a file.
Click None to remove a previously imported file.
Click Export to export the Snort configuration file.

All Secure SD-WAN Engines for which Snort inspection is enabled use the global Snort configuration by default.

Settings in the Snort configuration .zip file for an individual Secure SD-WAN Engine are combined with the settings in the global Snort configuration .zip file. If any configuration files in a Snort configuration .zip file for an individual Secure SD-WAN Engine have the same files name and paths as configuration files in the global Snort configuration .zip file, the overlapping files in the global Snort configuration .zip file are ignored.