Views:

1. How do I contact TippingPoint Support?

TippingPoint Support is available 24/7/365 by telephone. For a complete list of phone numbers, click HERE.

 

2. How do I create an online support request?

Online support requests are managed via the Trend Micro TippingPoint Business Support Portal (BSP). The BSP facilitates case management for the Trend Micro TippingPoint customer community. You can use this site to:

  • Create new cases
  • Review open cases
  • View closed cases

In addition, you can also search for solutions to a problem or general information about your Trend Micro TippingPoint product. You can access the Business Support Portal at the following URL

 

3. Where can I find my Customer ID Number?

Your Customer ID Number can be found on the billing invoice that arrived with the order. Sometimes, the Customer ID Number is not included in the invoice document. If you cannot locate the Customer ID Number, contact TippingPoint Support. They can provide your Customer ID Number if given the Certificate Serial Number of the TippingPoint product. For information on the device certificate number, click HERE.

 

4. What information should I provide when opening a support case?

When contacting support, please have the following information ready:

  • Customer ID
  • Device Certificate Serial Number
  • OS Version
  • Device Model
  • Full System Log (via the LSM)
  • Full Audit Log (via the LSM)
  • Technical Support Report (via the LSM)
  • SMS Diagnostics (SMS GUI)

Please also provide the output from the following CLI commands:

  • TPS
    • show version
    • show mfg-info
    • show health
  • SMS
    • version
    • get sys
    • get health
 

5. How do I create Tech Support Report?

The TSR collects diagnostic information into a report that TippingPoint Technical Support can use to debug and troubleshoot system issues. It includes diagnostic commands, log files, and a full system snapshot optionally.

To generate a TSR, perform the following steps;

  • From the TPS Local Security Manager (LSM): Tools → Tech Support Report
  • From the Security Management System (SMS): Right-click "Device" → Export TSR
  • Attach the resulting ZIP file to your case.
 

6. How do I run the SMS Diagnostic Tool?

To run the SMS Diagnostics, perform the following steps;

  1. Log in to the SMS from a client.
  2. On the SMS Menu bar, navigate to Tools Diagnostics. The SMS Diagnostic Toolkit (Log Utils) window opens.
  3. In the Diagnostic Toolkit (Log Utils) dialog box, select the Log Utils tab.
  4. In the Log Utils tab, select the Create Logs Zip File… button.
  5. In the resulting Save window, navigate to where you wish to save the diagnostic file.
  6. Attach the resulting ZIP file to your case.

TPS

7. How do I find the Certificate Serial Number of my device?

The Certificate Serial Number can be found by connecting via SSH or serial console to the device and running the following Command Line Interface (CLI) command:

show version

If the device is not accessible via the CLI, the Certificate Serial Number can also be found on a white sticker on the underside of the device.

For information on the device certificate number, click HERE.

 

8. How do I perform a Factory Reset on the TPS device?

To perform a factory reset, connect to the device via SSH and log in using a SuperUser account. From the CLI, issue the following command:

debug factory-reset

Once issued, you will get the following response:

WARNING!!!

This command WILL reset this device to factory default configuration.

This will remove all network and security configuration, user accounts, log files, snapshots and applied software upgrades.

You will NOT be able to recover any of this data from the device after this command has been confirmed.

After the factory reset completes, the device will automatically reboot and display the OBE.

Warning: Type the word 'COMMIT' to continue:

Type the word "COMMIT" in uppercase and press Enter.
 

9. What happens if I exceed the maximum rated bandwidth of my TPS device?

The TPS can handle short traffic spikes above the maximum rated bandwidth with minimal packet loss. However, exceeding the maximum rated bandwidth of the device for periods can lead to system performance degradation, congestion, adaptive filter configuration, and Layer 2 Fallback.

 

10. If I upgrade the TOS on my device, will it cause a loss of network connectivity?

Trend Micro TippingPoint devices can perform a TOS software upgrade without interrupting traffic through the device segments. During the reboot, each segment continues to handle traffic based on the Intrinsic Network (HA) Layer-2 Fallback settings configured for the segment (Permit All or Block All). No traffic is inspected during the reboot phase, but traffic inspection will resume once the system completes the reboot process.

 

11. Why do my rate-limiting action sets sometimes appear inaccurate?

Rate-limiting action sets define a maximum bandwidth that can be used by traffic that matches filters assigned to that action set. Incoming traffic over the defined rate limit for the filter that the traffic matches is dropped. If two or more filters use the same rate-limiting action set, then all packets matching these filters share the bandwidth. For example, if filters 164 (ICMP Echo Request) and 161 (ICMP Redirect Undefined Code) use the same 10 Mbps action set, then both "Echo Requests" and "Redirect Undefined Codes" filters share the 10 Mbps "pipe" as opposed to each filter getting a dedicated 10Mbps pipe.

 

12. How can I recover the password to my TPS device?

You cannot recover the SuperUser password of a TPS device, but you can reset it to a new value or create a new login with SuperUser privileges.

Caution: This procedure requires a reboot operation which will disrupt traffic!

  1. Connect to the TPS device via the console serial port using a null-modem cable. The terminal emulator software must be set to 115200 bps, 8 Data Bits, No Parity, and 1 Stop Bit. (115200, 8, N, 1)
  2. Reboot the TPS device.
  3. As the device is rebooting, watch for the word "Loading". You should see something similar to the following:
Starting keystore....................................[ OK ]                   
Starting health monitoring...........................[ OK ]
Starting fast path...................................[ OK ]
Starting TippingPoint OS.............................[ OK ]
Starting segments....................................[ OK ]
Starting XMS.........................................[ OK ]
Starting certificate status monitoring...............[ OK ]
Loading configuration................................[ OK ]
Starting process monitoring..........................[ OK ]
Updating boot counts.................................[ OK ]
Loading ...
  1. Type the word mkey within 3 seconds of seeing the word "Loading" and press <Enter>. Note: if you do not type mkey before the dots "….." appear after the word Loading, you must reboot the device and try again.
  2. If successful, you will see the following prompts;
Welcome to Super User Password Recovery

Please enter the Super User account username and password. Password recovery will create a new super user account, or will reset the password on an existing super user account.

Spaces are not permitted in username or password.

Minimum password requirements currently configured on the system are:

Maximum: The password must contain 8 characters or more, at least 2 alpha characters, at least 1 digit, and at least 1 non-alphanumeric character.
  1. Enter Super User username: Type the account name you would like to reset or type a new account name and press <Enter>.
  2. Enter SuperUser password: Enter your new password and press<Enter>.
  3. Verify SuperUser password: Re-type the password to verify and press <Enter> again.
  4. You will see the following information.
Saving information ...Done

TippingPoint Threat Protection System ready

TippingPoint Operating System

Model Number : 440T (IPS)
Serial Number : 440T-XXXX-XXXX
Build : 4.1.0.4472 Fri May 20 19:07:48 UTC 2016                               
Digital Vaccine: 3.2.0.8846
Hardware Rev : B309
IPM Version : 1.d (working)
 

13. What is License Manager?

License Manager is an application available via the Threat Management Center that allows for the license configuration for the Threat Protection System (TPS) family of products (vTPS, 440T, 2200T, 1100TX, 5500TX,  8200TX, 8400TX). To properly license your TPS device, go to the TippingPoint License Manager (TLM) application on the Threat Management Center website under My Account → License Manager.

Note: TPS devices are delivered with a transitional license (including RMA). When the device is first turned on, it runs with minimal capabilities enabled.

For example, if you purchased a 440T TPS device with a 500Mbps throughput license, Digital Vaccine, and ThreatDV, the device will show (at first boot) a 100Mbps throughput speed with no other capability enabled. The device system log will indicate that the device works with a transitional license (TOSPORT-INFO: LIC: License: Using the transitional license).

Once the license for the purchased capabilities is "attached" to the device via the TLM application, the licensing system will generate a new license package. This newly created license package will be downloaded from the TMC by the SMS and distributed to the device automatically. This license package can also be manually uploaded to the device via the LSM. Uploading the new license package will enable the purchased capabilities.

Note: Be aware that licensing throughput and SSL requires a reboot of the TPS device in order for the capability license to take effect

Available Capabilities for TPS Devices
vTPS
(STD)		vTPS
(PERF)		440
T		2200
T		1100
TX		5500
TX		8200
TX		8400
TX		8600
TXE		9200
TXE
Licensed Inspection Throughput
250Mbps
500Mbps
1 Gbps		250Mbps
500Mbps
1 Gbps
2 Gbps		250Mbps
500Mbps
1 Gbps		1 Gbps
2 Gbps		250Mbps
500Mbps
1 Gbps		250Mbps
500Mbps
1/2/3/5
Gbps		3/5/10/15/
20/30/40
Gbps		3/5/10/15/
20/30/40
Gbps		5/10/40
Gbps		60/80/100
Gbps
Unlicensed Inspection Throughput
100Mbps100Mbps100Mbps200Mbps100Mbps100Mbps1 Gbps1 Gbps1 Gbps1 Gbps
N/ASSLN/ASSLN/ASSLSSLSSLSSLSSL
 

14. How do I capture packets with the TPS?

The Traffic Capture feature enables you to capture a selection of traffic received by the device, including traffic that triggers filters and traffic that does not trigger any filters.

  1. From the LSM menu, click Tools > Traffic Capture.
  2. Click New.
  3. In the New Traffic Capture dialog, specify the capture settings.
  4. Click Start.
 

15. How do I perform traffic captures from the Command Line Interface (CLI)?

For TPS: tcpdump

The CLI command uses TCPDUMP expressions to define the traffic captures. TCPDUMP is free distributed software under the BSD license. You can find a complete listing of command expressions in the Trend Micro TippingPoint Command Line Interface (CLI) reference documentation.

tcpdump INTERFACE [record FILENAME [maxsizebytes 1-10000000]] [packetcount 1-10000000] [verbose 0-990000] [proto (icmp|igmp|tcp|udp|esp|ah|pim|snp|vrrp|stp|isis|sctp)] [without (icmp|igmp|tcp|udp|esp|ah|pim|snp|vrrp|stp|isis|sctp)] [pcap FILTER] [cponly][pager] [background]

SMS

16. How can I recover the password to my SMS?

The password for the SMS cannot be recovered. However, the SMS does provide two options to reset the password. Both of these methods reset the password to the SMS's serial number (CERT). The serial number can be found on the bottom of the SMS unit on the white sticker or by pressing Alt-F12 from the login screen (press Alt-F12 to return to the main login screen).

Method 1:

Note: Connection to the SMS server with a local keyboard and monitor is required to complete the reset; a serial connection will not work.

  1. Attach a console and cable to the SMS and reboot the system.
  2. Watch for the prompt "Press any key to enter the menu." This prompt only appears for 2 seconds during the boot process. Press any key before the countdown timer reaches 0.

User-added image

  1. If successful, the system will display the following:
  2. Select the Password Recovery option using the Up/Down arrow keys and press Enter. The SMS will complete its boot sequence.
  3. After the SMS completes the boot sequence, the factory SuperUser account is reactivated, and the password is the serial number (CERT) of your SMS.

 

Method 2:

  1. Attach a console and cable to the SMS and reboot the system.
  2. Watch the system boot sequence; when the "Starting mgmt:" prompt is displayed, press the letter P (capital or lowercase). IMPORTANT! The P must be entered within three seconds to trigger password recovery. If this method of password recovery is successfully initiated, the "Password recovery enabled" message is displayed.
Initializing...

Calling the system activity collector (sadc): [OK]
Ip6tables: Applying firewall rules:           [OK]
Iptables: Applying firewall rules:            [OK]
Bringing up loopback interface:               [OK]
Bringing up interface eth0:                   [OK]
Starting system logger:                       [OK]
Starting kernel logger:                       [OK]
Starting rpcbind:                             [OK]
Starting RPC idmapd:                          [OK]
Starting system message bus:                  [OK]
Starting acpi daemon:                         [OK]
Starting HAL daemon:                          [OK]
Starting ipmi drivers:                        [OK]
Starting sshd:                                [OK]
ntpd: Synchronizing with time server:         [OK]
Starting ntpd:                                [OK]
Starting crond:                               [OK]
Starting mgmt: P

Password recovery enabled
  1. When the SMS completes the boot sequence, the factory SuperUser account is reactivated, and the password is the serial number (CERT) of your SMS.
 
IMPORTANT: TippingPoint highly recommends changing the password immediately following the reset. Once logged in, the password can be changed with the "getpasswd" command.
 

17. How do I find the certificate serial number of my SMS?

The Certificate Serial Number can be viewed by connecting via SSH to the device and running the following command:

get sys

In addition, the SMS Certificate Serial Number can also be found on a white sticker on the device.

 

18. How do I perform a Factory Reset on the SMS?

To perform a factory reset of the SMS, SSH into the SMS and log in using a SuperUser account. From the CLI issue the following command:

factoryreset

 
NOTE: Issuing this command will cause all information and settings on the SMS to be completely lost. If you require any data from the SMS, it must be backed up before issuing the command to be recovered. It is strongly recommended that you perform a complete SMS backup and export the file to a safe location before running this command. When the SMS finishes the factory reset process, it must be reconfigured using the Initial Setup Configuration Procedure by connecting a monitor and keyboard or via the Serial Console.
 

19. Where can I find the system log of my SMS?

The system log of an SMS can be viewed using the SMS client by clicking the Admin button at the top and expanding General in the tree menu on the left. Select System Log from the menu, choose the date range you wish to view and click the Refresh button.

 

20. Can I roll back an SMS upgrade if I find issues with the new version?

No, once an SMS has been upgraded to a new TOS version, there is no way to roll back the upgrade. The only roll-back that can be performed is on TOS patches.

 

21. If the SMS loses contact with the device, will I lose the alerts from the device during that time?

No, alerts are stored on the device in the Block and Alert logs. Once communication between the device and SMS is re-established, the alerts that occurred during the outage time will be retrieved from the device by the SMS.

 

22. Why is SMS memory utilization high?

The SMS uses all available memory by design, so high memory usage is normal. This happens as the SMS pre-allocates (caches) memory for often-used data and binaries (TOS and SMS database), so it is common to see memory utilization above 90%. As long as the CPU utilization is not high, the device functions as designed.

 

23. I purchased a vSMS/vTPS; where do I get the certificate file?

The Certificate file utilized to deploy a new vSMS/vTPS appliance is downloaded from the TippingPoint License Manager (TLM) application on the Threat Management Center (TMC) website.

To download the certificate package

  1. Go to the TMC
  2. Navigate to My Account License Manager.
  3. On the License Manager page, click Download Cert (upper right).

User-added image

  1. Select the file from the drop-down menu options.
  2. Click Download.
  3. Accept the EULA Agreement.
  4. Save the certificate zip file to a local folder that is accessible from your virtual environment.
  5. During the deployment process, the installation will ask for the certificate file.

Digital Vaccine (DV) \ ThreatDV

24. Why are there different versions of the DV?

There are different DV versions due to the difference in product architecture. The DV version number is the last four digits of the Digital Vaccine package. In addition to the different DV version numbers, the DV name consists of a number that designates the base TOS on which the DV should be installed. The base TOS release numbers are the first three digits separated by periods. The current base TOS release numbers are 3.2.0 and 4.0.0.

DV VersionDescription
3.2.0The 3.2.0 DV is supported on devices running TOS 5.x and earlier.
4.0.0The 4.0.0 DV is supported on devices running TOS 6.x or higher, as well as vTPS.
Note: The vTPS does not currently support pre-disclosed ZDI filters.

We recommend downloading the same DVs for all your managed devices. For example, if the weekly DV is #DV9892, and the Security Management System (SMS) manages a vTPS and a 1100TX, after downloading the DVs, the DV Inventory should include the following versions:

  • 3.2.0.9892 for the 440T device
  • 4.0.0.9892 for the vTPS

If the DV version does not match, click Download from TMC and review the list of available DVs.

 

25. Are filter-specific settings preserved for filters that are modified in a DV?

Filters that are overridden retain their filter-specific settings even though they have been modified in a DV. The only time filter-specific settings are not preserved is when a DV actually removes a filter. If a filter is configured to use Recommended Settings and the DV modifies the default action for that filter, the filter's action will change.

 

26. What is ThreatDV?

ThreatDV is a premium subscription service that includes the Reputation Feed and the Malware Filter Package.

Reputation Feed: The ThreatDV Reputation Feed identifies and delivers suspect IPv4, IPv6, and Domain Name System (DNS) security intelligence feeds from a multi-vendor, global reputation database so that customers can actively enforce and manage reputation security policies using the Trend Micro TippingPoint Next-Generation Intrusion Prevention System (NGIPS) Platform. The addresses are tagged with reputation and geographic identifiers for ready and easy security policy creation and management. The Reputation Feed provides the addresses and tags multiple times a day (two hours on average) in the same manner as standard Digital Vaccines.

Malware Filter Package: The ThreatDV Malware Filter Package is an advanced collection of threat protection filters available to subscribers of the Threat Digital Vaccine (ThreatDV) service now available from DVLabs. The Malware Filter Package uses a different technology than the Digital Vaccine filters to provide more targeted malware protection. The Malware Filters alert on a wide range of currently active malware families. These filters are designed to detect post-infection traffic such as bot activity, phone-home, command-and-control, data exfiltration, and anonymous proxy. The Malware Filter Package includes a large set of filters that are refreshed on a scheduled basis but independently of the regular Digital Vaccines.

Miscellaneous

27. What data should I backup for disaster recovery?

We suggest regularly creating and saving device snapshots, SMS backups, and Security Profiles for the most comprehensive backup protection. Export each of these to a secure location external to the devices each time a change is made to one of your TippingPoint products.

 

28. How do I get an account for the Threat Management Center (TMC)

Before you can get an account in the TMC, you will need to have the following;

  1. Access the TMC website. (https://tmc.tippingpoint.com/TMC)
  2. From the main menu, click on "Create".
  3. Fill out the required information.
    1. Username - 4-25 characters, no email addresses, no periods, and no special characters besides underscores.
    2. Password - Minimum 8 characters, at least one upper and one lower case, with numbers.
    3. Customer ID – If you do not know this information, contact TippingPoint Support.
    4. Device Certificate Number (CERT) or Activation Code (AC)
    5. First Name
    6. Last Name
    7. Email Address
    8. Company
    9. Country Code
    10. State
    11. City
    12. Contact Number
  4. Click Submit
  5. Accept the EULA
  6. You will now be taken to the Trend Micro TippingPoint authentication website.
  7. PLEASE ENSURE THAT YOU LOG IN WITH THE CREDENTIALS PREVIOUSLY ENTERED.
 

29. What is ThreatLinQ, and how do I get an account?

ThreatLinQ (https://threatlinq.tippingpoint.com) is a website created by Trend Micro TippingPoint to collect and analyze information about the security posture of the Internet. ThreatLinQ presents this information to TippingPoint customers and acts as a portal for the DVLabs team to provide additional information about TippingPoint filters and Reputation. This information helps customers decide how, why, and when to enable different filters. ThreatLinQ is also designed to provide Trend Micro TippingPoint customers with extra security information about Filter IDs and attack activity by country, TCP ports, and IP addresses. Because this data is concentrated in one easy-to-use dashboard, customers can access security information quickly and easily. Access to ThreatLinQ is available if you have an active Threat Management Center (TMC) account.

 

30. Where can I get the latest product documentation?

The most current product documentation can be found on the Trend Micro document center. https://docs.trendmicro.com/en-us/documentation/productgroup/?groupname=tippingpoint

 

31. Where can I get the Visio Stencil files?

Visio Stencils are available for download from HERE.

 

32. Where can I get product datasheets?

 

33. Where can I get management MIB files?

The MIB files can be found on the Trend Micro document center. https://docs.trendmicro.com/en-us/documentation/productgroup/?groupname=tippingpoint

Keywords: TippingPoint Frequently Asked Questions (FAQ)