Nokia IP390 - Security Appliance Installation Manual
Part No. N450000381 Rev 001
Published October 2008
Title Page
IP390 Security Platform
Installation Guide
2 IP390 Security Platform Installation Guide
COPYRIGHT
©2008 Nokia. All rights reserved.
Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not
limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or
registered trademarks of their respective holders.
080101
IP390 Security Platform Installation Guide 3
Contact Information Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Nokia Global Technical Assistance Center
Non-Technical Support
Web Site http://www.nokia.com
Telephone 1 914 368 0400
Mail Address Nokia Inc.
102 Corporate Park Drive
White Plains, NY 10604
USA
Americas Nokia Inc.
102 Corporate Park Drive
White Plains, NY 10604
USA
Tel: 1 877 997 9199
E-mail: usa@nokiaforbusiness.com
Europe, Middle East, and
Africa
Nokia House, Summit Avenue
Southwood, Farnborough
Hampshire GU14 ONG
UK
Tel: (UK) 44 161 601 8908
Tel: (France) 33 170 708 166
Tel: (Middle East, Africa, Dubai) 971 4 3697600
E-mail: europe@nokiaforbusiness.com
E-mail: mea@nokiaforbusiness.com
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark
Singapore 119968
Tel: 603 9145 1032
E-mail: asia@nokiaforbusiness.com
Web Site https://support.nokia.com
Voi ce Americas
Europe, Middle East,
Africa
Asia-Pacific
International
1 888 361 5030
44 1252 868900
65 6723 2999
1 613 271 6721
For non-technical support issues, including your Nokia Support Agreement, licensing, and Web
site access, use the following contact information:
E-mail: es.service@nokia.com
080919
4 IP390 Security Platform Installation Guide
IP390 Security Platform Installation Guide 5
Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Conventions this Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About the Nokia IP390 Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Built-In Gigabit Ethernet Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
PMC Expansion Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Managing the IP390 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Site Requirements, Warnings, and Cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2 Installing the Nokia IP390 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Connecting Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Connecting to the Console or Auxiliary Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Auxiliary Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Connecting to Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Using a Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Using Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Viewing Nokia IPSO Documentation by Using Nokia Network Voyager . . . . . . . . 34
Using the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Using Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6 IP390 Security Platform Installation Guide
4 About IP390 Appliance Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . 37
Four-Port 10/100 Mbps Ethernet Network Interface Card. . . . . . . . . . . . . . . . . . . . 37
Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Ethernet NIC Connectors and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Two-Port Copper Gigabit Ethernet Network Interface Card . . . . . . . . . . . . . . . . . . 40
Copper Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Copper Gigabit Ethernet Connectors and Cables . . . . . . . . . . . . . . . . . . . . . . . . 41
Two-Port Fiber-Optic Gigabit Ethernet Network Interface Card . . . . . . . . . . . . . . . 42
Fiber-Optic Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Fiber-Optic Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . 44
Fiber-Optic Gigabit Ethernet NIC SFP Modules. . . . . . . . . . . . . . . . . . . . . . . . . . 44
Four-Port T1 Network Interface Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
T1 NIC Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
T1 Connectors and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5 Installing and Replacing Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . 49
Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Removing, Installing, and Replacing NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Monitoring Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6 Installing and Replacing Components Other than Network Interface Cards . . 57
Replacing the Compact Flash Memory Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Installing a Flash-Memory PC Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Transferring Files with the Flash-Memory PC Card . . . . . . . . . . . . . . . . . . . . . . . 61
Installing or Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring a Hard-Disk Drive for Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Replacing the Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
General Troubleshooting Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Troubleshooting Routing Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Space Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Operating Temperature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
NIC Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
IP390 Security Platform Installation Guide 7
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
FCC Requirements (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
8 IP390 Security Platform Installation Guide
IP390 Security Platform Installation Guide 9
Tables
Table 1 Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Table 2 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Table 3 Specifications for the IP390 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Table 4 PMC Network Interface Card Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 5 System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Table 6 Pin Assignments Console Connector and Cable . . . . . . . . . . . . . . . . . . . 28
Table 7 Pin Assignments for AUX Connector and Modem Cable . . . . . . . . . . . . . 28
10 IP390 Security Platform Installation Guide
IP390 Security Platform Installation Guide 11
Figures
Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 3 Built-In Gigabit Ethernet Ports Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 4 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Figure 5 Mounting Screws Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 6 Adjustable Mounting Brackets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 7 Back Panel Power Switch and Socket . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Figure 8 Nokia Network Voyager Reference Access Points . . . . . . . . . . . . . . . . . 35
Figure 9 Four-Port Ethernet NIC Front Panel Details . . . . . . . . . . . . . . . . . . . . . . 38
Figure 10 Ethernet Cable Connector Pin Assignments . . . . . . . . . . . . . . . . . . . . . 39
Figure 11 Ethernet Crossover-Cable Pin Connections . . . . . . . . . . . . . . . . . . . . . 39
Figure 12 Gigabit Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . . 40
Figure 13 Two-Port Copper Gigabit Ethernet NIC . . . . . . . . . . . . . . . . . . . . . . . . . 41
Figure 14 Copper Gigabit Ethernet Cable Connector Pin Assignments . . . . . . . . 42
Figure 15 Gigabit Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . . 42
Figure 16 PMC Two-Port Short-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 43
Figure 17 PMC Two-Port Long-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 44
Figure 18 Four-port T1 NIC front-panel details . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Figure 19 T1 Network Interface Card Receptacle and Pin Assignments . . . . . . . 46
Figure 20 T1 Crossover Cable Pin Connections . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 21 Compact Flash Memory Card Slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Figure 22 Hard-Disk Drive Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Figure 23 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
12 IP390 Security Platform Installation Guide
IP390 Security Platform Installation Guide 13
About This Guide
This guide describes how to install and use Nokia IP390 security appliances. Installation and
maintenance should be performed by experienced technicians or Nokia-approved service
providers only.
This preface provides the following information:
In this Guide
Conventions this Guide Uses
Related Documentation
In this Guide
This guide is organized into the following chapters and appendixes:
Chapter 1, “Overview” presents a general overview of the IP390 appliance.
Chapter 2, “Installing the Nokia IP390 Appliance” describes how to rack-mount the
appliance and how to physically connect it to a network and power.
Chapter 3, “Performing the Initial Configuration” describes how to make the appliance
available on the network.
Chapter 4, “About IP390 Appliance Network Interface Cards” describes how to connect to
and use each of the supported NICs.
Chapter 5, “Installing and Replacing Network Interface Cards” describes how to install,
monitor, and replace network interface cards (NICs).
Chapter 6, “Installing and Replacing Components Other than Network Interface Cards”
describes how to install or replace compact flash memory cards, flash-memory PC cards,
RAM memory, and a hard-disk drive.
Chapter 7, “Troubleshooting” describes problems you might encounter and proposes
solutions to these problems.
Appendix A, “Technical Specifications” provides technical specifications such as interface
characteristics.
Appendix B, “Compliance Information” provides compliance and regulatory information.
14 IP390 Security Platform Installation Guide
Conventions this Guide Uses
The following sections describe the conventions this guide uses, including notices, text
conventions, and command-line conventions.
Notices
Warning
Warnings advise the user that bodily injury might occur because of a physical hazard.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of
performance, loss of data, or interruption of service.
Note
Notes provide information of special interest or recommendations.
Command-Line Conventions
You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other short word that
invokes the product or calls the compiler or preprocessor script for a compiled
Nokia product. It might appear alone or precede one or more options. You must
spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For example:
delete interface if_name
Supply an interface name in place of the variable. For example:
delete interface nic1
angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Conventions this Guide Uses
IP390 Security Platform Installation Guide 15
Text Conventions
Table 2 describes the text conventions this guide uses.
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a
compiler or preprocessor argument. You must enter a flag exactly as shown,
including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that represents a
filename. Type this extension exactly as shown, immediately after the name of
the file. The extension might be optional in certain products.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter
exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as shown.
Table 1 Command-Line Conventions
Convention Description
Table 2 Text Conventions
Convention Description
monospace font
Indicates command syntax, or represents computer or screen output, for
example:
Log error 12453
bold monospace font Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):
Choose File > Open.
1
16 IP390 Security Platform Installation Guide
Related Documentation
You can find this guide in PDF on the Nokia support Web site (https:// support.nokia.com/) and
on the Nokia IPSO operating system CD issued with your Nokia IP390 security platform.
In addition to this guide and other documents shipped with your appliance, documentation for
this product includes the following:
Nokia Network Voyager Reference Guide for the version of Nokia IPSO you are using
CLI Reference Guide for the version of Nokia IPSO you are using
Getting Started Guide and Release Notes for the version of Nokia IPSO you are using
Nokia IPSO Boot Manager Reference Guide, which describes how to use the Nokia IPSO
boot manager
Clustering Configuration Guide for the version of Nokia IPSO you are using
Nokia Network Voyager inline help
You can find the most up-to date version of the Nokia IP390 Security Platform Installation
Guide in PDF on the Nokia support site (https://support.nokia.com). You can access inline help,
the Nokia Network Voyager Reference Guide, and the CLI Reference Guide from Nokia Network
Voyager.
Check Point documentation is available from the Check Point Web site at: http://
www.checkpoint.com/
060306
The words enter and type Enter indicates you type something and then press the Return or Enter
key.
Do not press the Return or Enter key when an instruction says type.
Italics
• Emphasizes a point or denotes new terms at the place where they are
defined in the text.
• Indicates an external book title reference.
• Indicates a variable in a command:
delete interface
if_name
Table 2 Text Conventions
Convention Description
IP390 Security Platform Installation Guide 17
1 Overview
The Nokia IP390 appliance combines the power of Nokia IPSO software with your choice of
firewall and VPN applications. These appliances are ideally suited for growing companies and
satellite offices that want high-performance IP routing combined with the industry-leading
Check Point VPN-1 enterprise applications. The small size of the IP390 appliance makes it ideal
for installations that need to conserve space.
As network devices, these appliances support a comprehensive suite of IP-routing functions and
protocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicast traffic, and DVMRP for
multicast traffic.
This chapter provides an overview of the IP390 appliance and the requirements for using it. The
following topics are covered:
About the Nokia IP390 Appliance
Managing the IP390 Appliance
Site Requirements, Warnings, and Cautions
Software Requirements
Product Disposal
About the Nokia IP390 Appliance
The IP390 is a one rack-unit disk-based or flash-based appliance that incorporates a serviceable
slide-out tray into the chassis design and support for various network interface cards (NICs).
The Nokia IPSO system is stored in solid-state IDE compact flash memory.
Table 3 shows the specifications for the IP390 appliance
The following figures show component locations for the Nokia IP390 appliance.
Table 3 Specifications for the IP390 Platform
Feature Nokia IP390
Maximum memory size 2 GB
Network interface cards
(NICs) support
• Two or fewer four-port 10/100 Ethernet NICs
• Two or fewer two-port copper Gigabit Ethernet NICs
• Two or fewer two-port fiber-optic Gigabit Ethernet NICs
1 Overview
18 IP390 Security Platform Installation Guide
Figure 1 Component Locations Front View
Figure 2 Component Locations Rear View
Built-In Gigabit Ethernet Ports
The four built-in Gigabit Ethernet ports are located on the front of the appliance. Figure 3 shows
the layout of the built-in Gigabit Ethernet ports and status LEDs.
Figure 3 Built-In Gigabit Ethernet Ports Details
Caution
Cables that connect to the Gigabit Ethernet ports must be IEEE 802.3 compliant to
prevent potential data loss.
00525
IP390
System status LEDs
AUX port
Console port
Four-port Gigabit Ethernet
Flash-memory PC card slots
PMC NIC slots (slots 1 and 2)
unpopulated in base bundle
Reset button
00527
Power socket
Power switch
00547
Activity LED (blinking yellow)
Link LED (solid yellow for 10/100 Mbps, solid green for 1000 Mbps)
RJ-45 connectors
About the Nokia IP390 Appliance
IP390 Security Platform Installation Guide 19
Note
Nokia recommends the use of shielded twisted-pair cables and connectors for best
Electromagnetic Interference and Immunity performance.
PMC Expansion Slots
The IP390 appliance provides two additional PMC network interface card (NIC) slots, as
described in Table 4.
Note
Nokia products only support NICs purchased from Nokia or Nokia-approved resellers. The
Nokia Global Support Services group can provide support only for Nokia products that use
Nokia-approved accessories. For sales or reseller information, contact a Nokia service
provider listed in the “Nokia Contact Information” on page 3.
System Status LEDs
You can monitor the basic operation of the IP390 appliance and NICs by checking their status
LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 4
shows.
Table 4 PMC Network Interface Card Slots
Interface For details, see...
Four-port copper 10/100
Ethernet
“Four-Port 10/100 Mbps Ethernet Network Interface Card” on page 37
Two-port copper Gigabit
Ethernet (10/100/1000 Mbps)
“Two-Port Copper Gigabit Ethernet Network Interface Card” on
page 40
Two-port fiber-optic Gigabit
Ethernet
“Two-Port Fiber-Optic Gigabit Ethernet Network Interface Card” on
page 42
Four-port T1 “Four-Port T1 Network Interface Card” on page 45
1 Overview
20 IP390 Security Platform Installation Guide
Figure 4 Appliance Status LEDs
Table 5 shows the system status LEDs and describes their meaning.
The location and meaning of the status LEDs for NICs are described in Chapter 4, “About IP390
Appliance Network Interface Cards.”
For information on the built-in Gigabit Ethernet interface LEDs, see “Built-In Gigabit
Ethernet Ports” on page 18.
For information on the four-port Ethernet NIC LEDs, see “Four-Port 10/100 Mbps Ethernet
Network Interface Card” on page 37.
Managing the IP390 Appliance
You can manage the IP390 appliance by using one of the following interfaces:
Nokia Network Voyager—an SSL-secured, Web-based element management interface to
Nokia IP appliances. Network Voyager is preinstalled on the IP390 appliance and enabled
through the Nokia IPSO operating system. With Network Voyager, you can manage,
monitor, and configure the IP390 appliance from any authorized location within the network
by using a standard Web browser.
Table 5 System Status LEDs
Status Indicator Meaning Symbol
Solid blue Power on
Solid yellow Appliance is experiencing an internal voltage problem.
Blinking yellow Appliance is experiencing a temperature problem.
Solid red One or more fans are not operating properly.
Power supply over temperature fault.
Blinking green System activity indicator
00526
!
Power indicator (blue)
Fault (red)
Warning (yellow)
System OK (green)
!
!
Site Requirements, Warnings, and Cautions
IP390 Security Platform Installation Guide 21
For information about how to access Network Voyager and the related reference materials,
see “Using Nokia Network Voyager” on page 33.
The Nokia IPSO command-line interface (CLI)—an SSHv2-secured interface that
enables you to easily configure Nokia IP appliances from the command line. Everything that
you can accomplish with Network Voyager—manage, monitor, and configure the IP390
appliance—you can also accomplish with the CLI.
For information about how to access the CLI, see the CLI Reference Guide for the version of
Nokia IPSO you are using.
Nokia Horizon Manager—a secure GUI-based software image management application.
With Horizon Manager, you can securely install and upgrade the Nokia IPSO operating
system, plus hardware and third-party applications such as Check Point VPN-1. Horizon
Manager can perform installations and upgrades on up to 2,500 Nokia IP appliances,
offering administrators the most rapid and dependable method to perform Check Point
application upgrades.
Site Requirements, Warnings, and Cautions
Before you install a Nokia IP390 appliance, ensure that your computer room or wiring closet
conforms to the environmental specifications listed in Chapter A, “Technical Specifications.”
Warning
Excessive electromagnetic interference (EMI) can occur if you use controls, make
performance adjustments, or follow procedures that are not described in this document.
Warning
To reduce the risk of fire, electric shock, and injury when you use telephone equipment,
follow basic safety precautions. Do not use the product near water.
Caution
Replace the battery only with the same or equivalent type battery recommended by the
manufacturer. Dispose of used batteries according to the manufacturer's instructions.
Caution
Do not block any of the ventilation holes on the appliance. The components might
overheat and become damaged.
Warning
Hazardous radiation exposure can occur if you use controls, make performance
adjustments, or follow procedures that are not described in this document.
1 Overview
22 IP390 Security Platform Installation Guide
Caution
For IP390 appliances intended for shipment outside of the United States, the cord might
be optional. If a cord is not provided, use a power cord rated at 6A, 250V, maximum 15
feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Software Requirements
The Nokia IP390 appliance supports the following operating system and applications:
Nokia operating system software requirements—Nokia IPSO v4.1 or later
Check Point VPN-1 versions compatible with the version of Nokia IPSO you are using
For information about updates to the software requirements or additional applications that have
become available since this guide was published, contact your Nokia service provider, as listed
in “Nokia Contact Information” on page 3.
Product Disposal
At the end of its useful life, your appliance and all peripherals included with it, including power
cords and cables, must be disposed of in accordance with all applicable national, state, and local
laws and regulations. These devices contain materials and components that must be disposed of
properly. Therefore, to help prevent damage to the environment, Nokia encourages you to
dispose of these devices in an environmentally-friendly manner.
The following resources are available to you to help with equipment-disposal decisions:
Many Nokia products are labeled with information about the materials used in their
manufacture that can help those who will process equipment after you have disposed of it.
The Nokia web site (http://www.nokia.com) provides information about our environmental
programs and practices, which includes details about materials used in manufacturing and
end-of-life practices. You can also find your product’s Eco Declaration, which provides
basic information on the environmental attributes of the product covering material use,
packaging, disassembly, and recycling.
Contact your local waste management agencies for guidelines specific to your area.
050930
The crossed-out wheeled bin means that within the European Union the product must be taken to
separate collection at the product end-of-life. This applies to your device but also to any enhancements
marked with this symbol. Do not dispose of these products as unsorted municipal waste.
IP390 Security Platform Installation Guide 23
2 Installing the Nokia IP390 Appliance
This chapter describes how to install the Nokia IP390 appliance. The following topics are
covered:
Before You Begin
Rack Mounting the Appliance
Connecting Power
Connecting to the Console or Auxiliary Port
Connecting to Network Interfaces
Before You Begin
To rack-mount the appliance, you need:
Phillips-head screwdriver
Grounding wrist strap
Suitable, grounded work surface on which to place the chassis tray assembly
Caution
To help guard against electrostatic discharge damage, make sure you are properly
grounded by using a grounding wrist strap and following the instructions provided with
the wrist strap before you handle the components or open the appliance.
Rack Mounting the Appliance
The IP390 appliance mounts in a standard 19-inch rack with four mounting screws as Figure 5
shows.
Note
To avoid damaging your equipment, Nokia recommends that you use all four rack-mounting
screws when you install your appliance on the rack.
2 Installing the Nokia IP390 Appliance
24 IP390 Security Platform Installation Guide
Figure 5 Mounting Screws Location
Two mounting positions are available allowing you to mount the unit either flush with the rack,
or two inches forward of the rack.
Figure 6 Adjustable Mounting Brackets
Caution
Blocking ventilation openings during installation may result in damage to the appliance.
Connecting Power
The power plug and power switch for the IP390 appliance is located on the back of the
appliance, as Figure 7 shows.
Note
The IP390 appliance power supply automatically detects the input voltage (115VAC/60Hz
[90 to 132] or 220VAC/50Hz [180 to 264]) and configures itself appropriately.
00525
IP390
Mounting screw slots
00539
IP390
IP390
Brackets located for
flush with rack
installation
Brackets located for
forward of rack
installation
Connecting to the Console or Auxiliary Port
IP390 Security Platform Installation Guide 25
Figure 7 Back Panel Power Switch and Socket
To connect to the power supply
1. Connect the power cord securely into the power socket on the back of the appliance.
2. Plug the other end of the cord into a three-wire grounded power strip or wall outlet.
Connecting to the Console or Auxiliary Port
If you do not use DHCP to perform the initial configuration of your Nokia IP390 appliance, you
must use a serial console connection (RJ-45 null-modem cable included). For information about
using DHCP for initial configurations, see Chapter 3, “Performing the Initial Configuration.”
After you perform the initial configuration, you no longer need the console connection.
You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment
(DTE) interface or terminal-emulation program
If you connect the console port to a data communications equipment (DCE) device, use a
straight-through cable.
Use the following configuration settings for the console:
9600 bps
8 data bits
No parity
1 stop bit
To connect to the console with a null-modem cable
1. Connect the supplied null-modem console cable to the console port on the front panel of the
IP390.
Note
The supplied console cable is Cisco compatible.
Use only the RJ-45 port labeled Console on the front panel; the serial (AUX) port is an
auxiliary modem port.
00527
Power socket
2 Installing the Nokia IP390 Appliance
26 IP390 Security Platform Installation Guide
One RJ-45 termination has a retractable shroud that releases or secures the RJ-45 tab. Use
this end of the cable when connecting to the console port of the IP390.
For cable pin assignments for the console connection, see “Console Port” on page 27.
2. Connect the other end of the cable to the VT100 console or to a system running a terminal-
emulation program.
The cable that Nokia provides with IP390 appliances includes a latching mechanism used to
secure the cable to the console port or auxiliary port of your appliance.
Note
To use the cable for modem connections from the auxiliary port, you need to order a modem
cable kit. For information about contacting Nokia to order the kit, see “Nokia Contact
Information” on page 3.
Note
The cable described in this section is a rollover cable, which is required for IP390 console
and auxiliary port connections. You cannot use standard Ethernet cables for IP390 console
and auxiliary connections.
00525
IP390
Console port
Connecting to the Console or Auxiliary Port
IP390 Security Platform Installation Guide 27
To connect the cable, push the connector into the receptacle, as you would with other similar
cables. To disconnect the cable, push the cable toward the appliance, pull back on the boot to
release the latch, and pull the connector out of the receptacle.
You can connect the other end of the cable to a DB-9 console connection (using the appliance
console port and the DB-9 female adaptor) or to a DB-25 modem connection (using the
appliance auxiliary port and the DB-25 male adaptor). The DB-9 adapter is provided with the
cable. The DB-25 adaptor is provided with Nokia modem cable kits for the IP390.
Console Port
Use the built-in console port, shown in Figure 6, to supply information that makes the appliance
available on the network at speeds up to 9600 bps. The default configuration of the serial ports
are: 9600 baud, 8 bits, no parity, and 1 stop. Table 6 provides pin assignment information for
console connections. If you need to access the devices locally, you must use the console port.
1 + 2 =
2
1
00548a
Push cable
Pull boot
To connect the cable
To disconnect the cable
00552
DB-9 female adapter
DB-25 male adapter
2 Installing the Nokia IP390 Appliance
28 IP390 Security Platform Installation Guide
Table 6 Pin Assignments Console Connector and Cable
The console cable provided with the IP390 is comprised of two parts:
6-foot rollover cable with RJ-45 terminations
RJ-45 to DB-9 adapter
On the opposite end of the console cable, connect the RJ-45 to the DB-9 adapter, which you can
then connect to the host terminal.
Auxiliary Port
Use the built-in serial (AUX) port, shown in Figure 1, to establish a modem connection for
managing the appliance remotely or out-of-band. The default configuration of the serial ports
are: 9600 baud, 8 bits, no parity, and 1 stop. bit. Table 7 provides pin assignment information for
modem connections.
Table 7 Pin Assignments for AUX Connector and Modem Cable
Console Port
(DTE)
RJ-45 to RJ-45 Rollover
Cable
RJ-45 to DB-9
Terminal Adapter Remote Device
Signal RJ-45 Pin RJ-45 Pin DB-9 Pin Signal
RTS 1 8 8 CTS
DTR 2 7 6 DSR
TxD 3 6 2 RxD
GND 4 5 5 GND
GND 5 4 5 GND
RxD 6 3 3 TxD
DSR 7 2 4 DTR
CTS 8 1 7 RTS
Auxiliary
Port (DTE)
RJ-45 to RJ-45 Rollover
Cable
RJ-45 to DB-25
Modem Adapter
Modem
Signal RJ-45 Pin RJ-45 Pin DB-25 Pin Signal
RTS 1 8 4 RTS
DTR 2 7 20 DTR
TxD 3 6 3 TxD
GND 4 5 7 GND
Connecting to Network Interfaces
IP390 Security Platform Installation Guide 29
Connecting to Network Interfaces
Connect at least one network interface to use as the Nokia Network Voyager system
management interface. This interface is configured during the system startup procedure, as
described in Chapter 3, “Performing the Initial Configuration.”
You can also connect the remaining LAN interface cables at this point, although you are not
required to do so.
To connect Ethernet devices
Use a straight-through RJ-45 cable to connect to a 10-Mbps or 100-Mbps hub.
Use a crossover RJ-45 cable to connect directly to a host.
For details, see “Ethernet NIC Connectors and Cables” on page 38.
To connect copper Gigabit Ethernet devices
Use a straight-through or crossover RJ-45 cable to connect to a 10-Mbps, 100-Mbps, or
1000-Mbps hub or directly to a host.
Note
All Nokia copper Gigabit Ethernet NICs support cable auto-sensing. You can use a
straight-through or crossover cable to connect the NIC to a Gigabit Ethernet hub or
switch, or to connect directly to a host.
For details, see “Copper Gigabit Ethernet Connectors and Cables” on page 41.
To connect fiber-optic Gigabit Ethernet devices
Use a multi-mode, fiber-optic cable with an LC connector to connect to a 10-Mbps, 100-
Mbps, or 1000-Mbps hub or directly to a host. The destination end of the cable can be either
LC or SC, depending on the type of connector required for the destination Gigabit Ethernet
device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an
interface to the receiver port.
For details, see “Fiber-Optic Gigabit Ethernet NIC Connectors and Cables” on page 44.
GND 5 4 7 GND
RxD 6 3 2 RxD
DSR 7 2 8 DCD
CTS 8 1 5 CTS
Auxiliary
Port (DTE)
RJ-45 to RJ-45 Rollover
Cable
RJ-45 to DB-25
Modem Adapter Modem
2 Installing the Nokia IP390 Appliance
30 IP390 Security Platform Installation Guide
After you connect the network interfaces, continue with Chapter 3, “Performing the Initial
Configuration.”
Loading...