How it Works
Nokia
Loading...
IP40
Quick Start Manual
4 pgs1.49 Mb0
User Manual
244 pgs6.1 Mb0
User Manual
194 pgs3.07 Mb0
User Manual
120 pgs2.86 Mb0

Nokia IP40 User Manual

N450916002 Rev A
June 2004
IP40 Security Platform
User’s Guide
Version 1.1
2 Nokia IP40 Security Platform User’s Guide v1.1
©2004 Nokia. All rights reserved. Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.
Nokia IP40 Security Platform User’s Guide v1.1 3
Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Nokia Customer Support
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or
1-650-625-2000
Fax 1-650-691-2170
Mail Address
Nokia Inc. 313 Fairchild Drive Mountain View, California 94043-2215 USA
Americas Nokia Inc.
313 Fairchild Drive Mountain View, CA 94043-2215 USA
Tel: 1-877-997-9199 Outside USA and Canada: +1 512-437-7089 email: ipsecurity.na@nokia.com
Europe, Middle East, and Africa
Nokia House, Summit Avenue Southwood, Farnborough Hampshire GU14 ONG UK
Tel: UK: +44 161 601 8908 Tel: France: +33 170 708 166 email: ipsecurity.emea@nokia.com
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark Singapore 119968
Tel: +65 6588 3364 email: ipsecurity.apac@nokia.com
Web Site: https://support.nokia.com/
Email: tac.support@nokia.com
Americas Europe
Voi ce: 1-888-361-5030 or
1-613-271-6721
Voi ce: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voi ce: +65-67232999
Fax: +65-67232897
040113
4 Nokia IP40 Security Platform User’s Guide v1.1
Nokia IP40 Security Platform User’s Guide v1.1 5
Contents
In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Nokia IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Nokia IP40 Satellite 16, Satellite 32, Satellite Unlimited . . . . . . . . . . . . . . . . . . . . 20
Nokia IP40 Security Platform Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Diagnostics and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Nokia IP40 Security Platform Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . 28
Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Appliance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Nokia IP40 Security Platform Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Nokia IP40 Security Platform Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2 Installing Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Before You Install Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Setting Up Nokia IP40 Security Platform with
Microsoft Windows 98 or Millennium Operating Systems . . . . . . . . . . . . . . . . . 33
Setting Up Nokia IP40 Security Platform With
Microsoft Windows XP and 2000 Operating Systems . . . . . . . . . . . . . . . . . . . . 37
Setting Up Nokia IP40 Security Platform with an Apple Computer . . . . . . . . . . . . 41
Connecting Nokia IP40 Security Platform to the Network. . . . . . . . . . . . . . . . . . . 42
Installing Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6 Nokia IP40 Security Platform User’s Guide v1.1
3 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
First-Time Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuring Nokia IP40 Security Platform for Internet Connection . . . . . . . . . . . . . 44
Making Initial Nokia IP40 Security Platform Settings . . . . . . . . . . . . . . . . . . . . . . . 45
Setting Nokia IP40 Security Platform Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Registering with the Nokia Support Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Connecting to a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Logging On to Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Accessing Nokia IP40 Securely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Logging Off from Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Understanding the Nokia IP40 Web GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Using the Nokia IP40 Security Platform Web-based User Interface . . . . . . . . . . 53
Graphical User Interface Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
4 Accessing Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Connection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Connecting Nokia IP40 Security Platform to a Computer
by Using the Console Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Using Telnet to Connect to Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . 60
Enabling and Disabling Telnet Access to Nokia IP40 . . . . . . . . . . . . . . . . . . . . 61
Using Secure Shell to Connect to Nokia IP40 Security Platform . . . . . . . . . . . . . 62
Accessing Nokia IP40 with HTTP and HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Managing Large Scale Deployments of Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . 62
Deploying Nokia IP40 Security Platform with Nokia Horizon Manager . . . . . . . . 62
Deploying Nokia IP40 Security Platform with
Check Point SmartCenter Large Scale Manager . . . . . . . . . . . . . . . . . . . . . . . 63
Deploying Nokia IP40 with Sofaware Management Portal. . . . . . . . . . . . . . . . . . 63
5 Connecting to the Internet with Nokia IP40 Security Platform . . . . . . . . . . . . . 65
Configuring Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Cable Modem Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
MAC Cloning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Cloning a MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
DSL Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Manually Configuring the Internet Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Direct Dial-Up PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Configuring Dial-Up with the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Dial-Up with the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
CLI Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Nokia IP40 Security Platform User’s Guide v1.1 7
Multiple Dial-up Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Enabling or Disabling the Internet Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Using Quick Internet Connect or Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring a Backup Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Viewing Internet Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
6 Managing Your Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Enabling and Disabling the DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Changing IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Enabling or Disabling Hide NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring a DMZ Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Using Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Adding and Editing Static NAT Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Viewing and Deleting Static NAT Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Using Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
7 Setting Up the Nokia IP40 Security Platform Security Policy . . . . . . . . . . . . . . 95
Setting the Firewall Security Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Customizing Nokia IP40 Security Platform
Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Creating Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Allow and Block Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Deleting Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Defining an Exposed Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
8 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Changing Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Adding Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Viewing and Editing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Deleting Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Setting Up Remote VPN Access for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Using RADIUS Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configuring SSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Enabling or Disabling SSH Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
SSH Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Using SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configuring Advanced Secure Shell Server Options. . . . . . . . . . . . . . . . . . . . . . 114
Configuring Server Authentication of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
8 Nokia IP40 Security Platform User’s Guide v1.1
Configuring and Managing SSH Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Managing Authorized Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Secure Socket Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Enabling HTTPS Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Generating a Self-Signed Certificate and Private Key . . . . . . . . . . . . . . . . . . . . 117
Installing a Certificate and Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
9 Configuring and Monitoring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
SNMP Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
SNMP Configuration from Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . 119
Setting Up SNMP Access to Nokia IP40 Security Platform . . . . . . . . . . . . . . . . 119
Configuring the SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring SNMP Parameters from the Command-Line Interface . . . . . . . . . . 121
Setting SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Viewing SNMP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
10 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Virtual Router Redundancy Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring VRRP with CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Dual Homing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuring Nokia IP40 Security Platform for Dual Homing
ISP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Configuring ISP Dial-Up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Route Based VPN and BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Enabling BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring the Local AS and Router-ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring Nokia IP40 Security Platform for BGP Route Advertisement. . . . 129
Monitoring BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Viewing Debugging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Adding a BGP Peer to Nokia IP40n Security Platform . . . . . . . . . . . . . . . . . . 130
Clearing BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Creating Prefix Lists on Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . 130
Creating Access- Lists on Nokia IP40 Security Platform. . . . . . . . . . . . . . . . . 131
Creating Route Maps on Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . 131
Configuring Routing Policies on Nokia IP40 Security Platform . . . . . . . . . . . . 131
Configuring a Remote BGP Peer with MD5 Authentication . . . . . . . . . . . . . . 132
Configuring a Local Loopback Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Configuring High-Availability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Configuring Criteria for Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
High- Availability Solution with a Single Nokia IP40 Security Platform . . . . . . . . . 135
High Availability Solution with Dual Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Nokia IP40 Security Platform User’s Guide v1.1 9
11 Configuring Nokia IP40 Through
Out-of-Band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring OOB from the Nokia IP40 Security Platform GUI . . . . . . . . . . . . . . . . 138
Secure Shell and HTTPS Access Through Out-of-Band Dial-In . . . . . . . . . . . . . . 139
Remote Configuration Mode in the Nokia IP40 Security Platform . . . . . . . . . . . . . 139
12 Configuring Device Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Host Name Configuration by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Date and Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
System Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Setting the Syslog Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Managing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Exporting the Nokia IP40 Security Platform Configuration . . . . . . . . . . . . . . . . . 144
Importing the Nokia IP40 Security Platform Configuration . . . . . . . . . . . . . . . . . 145
Upgrading Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Installing Your Product Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Dynamic DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Configuring DDNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Resetting Nokia IP40 Security Platform to Factory Defaults . . . . . . . . . . . . . . . . . 150
Resetting Nokia IP40 Security Platform to Factory Defaults
by Using the Reset Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
13 Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing Reports on Nokia IP40 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing the Event Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing Active Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing Active Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Viewing VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Viewing the Diagnostics Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
14 Working with VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
About VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Setting Up Nokia IP40 as a VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring Remote Access VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Configuring Site-to-Site VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Completing Site Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Deleting a VPN Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Logging to a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Logging on from the Nokia IP40 Security Platform GUI . . . . . . . . . . . . . . . . . . 171
Logging On Through my.vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
10 Nokia IP40 Security Platform User’s Guide v1.1
Logging Off a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Installing VPN Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Installing VPN Certificates by Using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Installing VPN Certificates from SmartCenter . . . . . . . . . . . . . . . . . . . . . . . . . 175
Uninstalling the Certificate from your Nokia IP40
Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Downloading the Pre-compiled Security Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Installing the Security Policy by Using GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
VPN Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Nokia IP40 as VPN Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
SecuRemote to Nokia IP40 Satellite X
(VPN Client to Gateway) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Setting Up Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Nokia IP40 as VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Setting Up the Nokia IP40 Tele 8 as VPN Client . . . . . . . . . . . . . . . . . . . . . . . . 180
Adding VPN Sites by Using Nokia IP40 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . 180
Nokia IP40 Site-to-Site VPNs support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Adding VPN Sites by Using Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . 184
Nokia IP40 Tele to IP40 Satellite X
(VPN Client to Gateway) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Setting Up Nokia IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Setting Up Nokia IP40 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Nokia IP40 Tele 8 to Check Point
FP1,FP2, FP3, NG, or NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Setting Up Nokia IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Setting Up Check Point Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Nokia IP40 Tele 8 to Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Setting Up Nokia IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Setting Up Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Nokia Satellite X to Nokia Satellite X
(VPN Gateway to Gateway) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Setting Up Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Nokia IP40 Satellite X in NAT and No-NAT Modes . . . . . . . . . . . . . . . . . . . . . . 188
Unrestricted Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
NAT Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Defining a Backup VPN Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Nokia IP40 Satellite X to VPN-1 (Site-to-Site VPN) . . . . . . . . . . . . . . . . . . . . . . 190
Setting Up Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Nokia IP40 Satellite X to Check Point FP3 or DAIP. . . . . . . . . . . . . . . . . . . . . . 191
Setting Up Check Point FP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Setting Up Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Nokia IP40 Satellite X to Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . 192
Setting Up Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . . . . . . . . . . . 192
Nokia IP40 Security Platform User’s Guide v1.1 11
Setting Up the Nokia IP40 Satellite X
for VPN connection with SmartCenter FP3 . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Setting Up Check Point SmartCenter NG AI by Using
Certificates with Smart LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Site-to-Site VPN with Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Site-to-Site VPN with Nokia CryptoCluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Site-to-Site VPN with Cisco PIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
VPN Routing Between Two Nokia IP40 Security Platforms . . . . . . . . . . . . . . . . 196
Mesh VPN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15 Using Managed Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Starting Your Subscription Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Viewing Service Information from the Account Page . . . . . . . . . . . . . . . . . . . . . . . 201
Refreshing Your Service Center Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Configuring Your Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Disconnecting From Your Service Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Sofaware Security Management Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Web Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Selecting Categories to Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Virus Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Enabling or Disabling Email Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Selecting Protocols for Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Temporarily Disabling Email Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Automatic and Manual Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Checking for Software Updates when Locally Managed. . . . . . . . . . . . . . . . . . . 209
Checking for Software Updates When Remotely Managed . . . . . . . . . . . . . . . . 210
Managing with Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Check Point SmartCenter LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
16 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configuring Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Viewing Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Viewing Firmware Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Resetting the IP40 Security Platform to Factory Defaults . . . . . . . . . . . . . . . . . . 219
Failsafe Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Upgrading Firmware in Failsafe Mode by Using Console . . . . . . . . . . . . . . . . . . . 220
Upgrading Firmware from Failsafe Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
12 Nokia IP40 Security Platform User’s Guide v1.1
A Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
B Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
C End User License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
D Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Nokia IP40 Security Platform User’s Guide v1.1 13
About This Guide
This guide provides information and procedures for how to install and configure the Nokia IP40 Security Platform. This guide provides information about the new features incorporated into the Nokia IP40. This version of Nokia IP40 uses the SofaWare VPN-1 Embedded NG. For a quick reference on how to configure features in Nokia IP40, see the Nokia IP40 Security Platform Quick Start Guide and Nokia IP40 Security Platform Online Help, part of the graphical user interface (GUI) in the appliance.
Installation and maintenance should be performed by experienced technicians or Noki-approved service providers only.
This preface provides the following information:
In This Guide
Conventions This Guide Uses
Related Documentation
In This Guide
This guide is organized into the following chapters and appendixes:
Chapter 1, “Introduction” provides the information you need to know before installing
Nokia IP40 Security Platform.
Chapter 2, “Installing Nokia IP40 Security Platform” explains how to install the device, lists
operating system requirements, protocols and how to establish a network connection.
Chapter 3, “Getting Started” explains how to start by using the IP40, and provides
information on first-time login and connecting to the Internet.
Chapter 4, “Accessing Nokia IP40 Security Platform” explains different methods of
connecting to your IP40, and methods of configuring the device.
Chapter 5, “Connecting to the Internet with Nokia IP40 Security Platform” explains how to
configure your IP40 for connecting to the Internet, and viewing and managing your Internet connection.
Chapter 6, “Managing Your Local Area Network,” explains how to configure the Nokia
IP40 features.
Chapter 7, “Setting Up the Nokia IP40 Security Platform Security Policy” explains methods
to define the firewall level, configure virtual servers, and create firewall rules.
3
14 Nokia IP40 Security Platform User’s Guide v1.1
Chapter 8, “Configuring Network Access,” describes the network access procedures and
usage of SSH and SSL.
Chapter 9, “Configuring and Monitoring SNMP,” explains the procedure to configure
Simple Network Management Protocol, set community strings, send and enable SNMP traps.
Chapter 10, “High Availability,” explains the Virtual Router Redundancy Protocol and High
Availability feature.
Chapter 11, “Configuring Nokia IP40 Through Out-of-Band Management,” explains the
method to configure the Nokia IP40 through Out of Band Management.
Chapter 12, “Configuring Device Functions,” discusses how to configure device functions
such as setting date and time, loading factory defaults and performing firmware upgrade.
Chapter 13, “Viewing Reports,” explains how to view reports such as Event Log, Active
Computers, Active Connections, and VPN Tunnels.
Chapter 14, “Working with VPNs,” explains how to configure a VPN by using Nokia IP40.
Chapter 15, “Using Managed Services” describes methods for enabling and using
subscription services such as Web filtering, email antivirus, automatic and manual updates.
Chapter 16, “Troubleshooting,”discusses typical problems users encounter and provides
solutions to these problems.
Appendix A, “Specifications,” describes the Nokia IP40 specifications.
Appendix B, “Warranty,” contains the warranty details for the Nokia IP40 Security Platform
Appendix C, “End User License Agreement,” contains the End User License Agreement for
Nokia IP40 Security Platform.
Appendix D, “Compliance Information,” contains the compliance information of Nokia
IP40.
Conventions This Guide Uses
The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.
Notices
Warning
Warnings advise the user that bodily injury might occur because of a physical hazard.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.
Conventions This Guide Uses
Nokia IP40 Security Platform User’s Guide v1.1 15
Note
Notes provide information of special interest or recommendations.
Command-Line Conventions
This section defines the elements of commands that are available in Nokia products. You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
Command This required element is usually the product name or other short
word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For
example:
delete interface if_name
Supply an interface name in place of the variable. For example:
delete interface nic1
Angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
Vertical bars, also called a
pipe
(|)
Separates alternative, mutually exclusive elements.
framing <sonet | sdh>
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
3
16 Nokia IP40 Security Platform User’s Guide v1.1
Text Conventions
Tabl e 2 describes the text conventions this guide uses.
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that
represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that
you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as
shown.
Table 1 Command-Line Conventions (continued)
Convention Description
Table 2 Text Conventions
Convention Description
Monospace font
Indicates command syntax, or represents computer or window output, for example:
Log error 12453
Bold monospace font Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):
Choose File > Open.
The words enter and type Enter indicates you type something and then press the Return or
Enter key. Do not press the Return or Enter key when an instruction says
type.
Italics
Emphasizes a point or denotes new terms at the place where they are defined in the text.
Indicates an external book title reference.
Indicates a variable in a command:
delete interface
if_name
Related Documentation
Nokia IP40 Security Platform User’s Guide v1.1 17
Menu Items
Nokia IP40 menu items in procedures are separated by the greater than sign (>).
For example, Start > Programs > Nokia > Security indicates that you first click Start, then choose the Programs menu command, then choose Nokia, and finally choose Security.
Related Documentation
In addition to this guide, documentation for this product includes the following:
Nokia IP40 Security Platform Quick Start Guide Version 1.1— provides a description of the
system features and an overview of how to get your appliance up and running.
Nokia IP40 Security Platform CLI Reference Guide Version 1.1—provides a description of
all IP40 commands that are used for managing the appliance.
Nokia IP40 Security Platform Release Notes Version 1.1—provides important information
you should know before you instal and configure the IP40 Security Platform.
3
18 Nokia IP40 Security Platform User’s Guide v1.1
Nokia IP40 Security Platform User’s Guide v1.1 19
1 Introduction
This chapter introduces the Nokia IP40 Security Platform. It includes the following topics:
Nokia IP40 Security Platform
Nokia IP40 Security Platform Features
Network Requirements
Nokia IP40 Security Platform Front Panel
Nokia IP40 Security Platform Rear Panel
Nokia IP40 Security Platform
The Nokia IP40 Security Platform provides dependable Internet access for the remote and branch offices of a distributed enterprise. Nokia IP40 supports features like dial-up connection, redundant WAN connection to headquarters, and dual homing with BGP to route return traffic securely, over VPN.
The Nokia IP40 Security Platform can be integrated with an overall enterprise security policy for maximum security. The IP40 facilitates centralized management and automatic deployment with the security management architecture of Check Point, and Nokia Horizon Manager.
The Nokia IP40 Security Platform is available with the following licenses:
Nokia IP40 Tele 8
Nokia IP40 Satellite 16
Nokia IP40 Satellite 32
Nokia IP40 Satellite U (Unlimited)
All these versions of Nokia IP40 provide a Web-based interface that enables you to configure and manage the Nokia IP40.
The Nokia IP40 Security Platform comes pre-installed with the license of your choice. You can upgrade the IP40 security platform to a more advanced configuration without replacing the hardware. For details about license upgrade, contact your local reseller.
1 Introduction
20 Nokia IP40 Security Platform User’s Guide v1.1
Nokia IP40 Tele 8
Nokia IP40 Tele 8 is for home telecommuters and work extenders who also need VPN client access. The IP40 Tele 8 supports both firewall and VPN client capabilities over an eight-node network. The appliance supports VPN client capabilities for users to connect to the central office from their home with firewall protection, extending the enterprise network to the employees’ home offices.
IP40 Tele 8 can act as a VPN server, which allows a single user to securely access resources protected by the appliance from home or while travelling.
Note
Computers that actually pass through the firewall are counted. Devices such as network printers connected in LAN that do not normally get connected to the Internet are not counted.
Nokia IP40 Satellite 16, Satellite 32, Satellite Unlimited
Nokia IP40 Satellite 16, IP40 Satellite 32, and IP40 Satellite Unlimited provide full firewall, and VPN connectivity for remote and branch offices or independent, small, and medium enterprises with sixteen, thirty-two, and unlimited node networks, respectively. Using these solutions, remote and branch offices can securely exchange information between them with distributed enterprises and small and medium enterprises at a low price with excellent performance.
Nokia IP40 Security Platform Features
The following section contains a summary of Nokia IP40 Security Platform features.
Connectivity
Tabl e 3 Nokia IP40 Security Platform Connectivity give details about IP40 v1.1 connectivity.
Table 3 Nokia IP40 Security Platform Connectivity
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite 16/32/Unlimited
LAN, WAN, DMZ, and control ports
(No DMZ support)
Unnumbered PPP
Nokia IP40 Security Platform
Nokia IP40 Security Platform User’s Guide v1.1 21
Users (nodes) 8 16, 32, unlimited
PPPoE client
PPTP client
DHCP client
DHCP server
Stat ic IP
MAC cloning
Backup Internet connection, static NAT, static routes
Dial-up Internet connection
Routing support by using BGP
High availability for LAN
High availability for WAN
Table 3 Nokia IP40 Security Platform Connectivity
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite 16/32/Unlimited
1 Introduction
22 Nokia IP40 Security Platform User’s Guide v1.1
Firewall
Tabl e 4 Firewall Connectivity provides details about the IP40 Security Platform v1.1 firewall connectivity.
Table 4 Firewall Connectivity
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Firewall Type Check Point Firewall-1
Embedded NG
Check Point Firewall-1 Embedded NG
Network Address Translation (NAT)
INSPECT policy rules
User defined rules
Three levels of Preset security policies
DoS protection
Anti-spoofing
Attack logging
Voice over IP (H.323) support
Nokia IP40 Security Platform
Nokia IP40 Security Platform User’s Guide v1.1 23
VPN Connectivity
Tabl e 5 VPN Connectivity provides details about IP40 Security Platform v1.1 VPN connectivity.
Exposed host
DMZ network
Table 5 VPN Connectivity
Feature Nokia IP40 Tele8
Nokia IP40 Satellite 16/32/Unlimited
IPSEC VPN remote access server
IPSEC VPN site-to-site gateway
IPSEC VPN remote access client
VPN pass through
Encryption AES/3DES/DES AES/3DES/DES
Authentication SHA1/MD5 SHA1/MD5
X.509 certificates
Table 4 Firewall Connectivity
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
1 Introduction
24 Nokia IP40 Security Platform User’s Guide v1.1
SecuRemote server
RADIUS Client
DAIP with VPN certificates
Back up VPN gateways
SmartCenter Connector (SSC) NG AI support
Bypass NAT
Route all traffic
Route Based VPN and failover
Multiple PPP connections
Active tunnels
Table 5 VPN Connectivity
Feature Nokia IP40 Tele8
Nokia IP40 Satellite 16/32/Unlimited
Nokia IP40 Security Platform
Nokia IP40 Security Platform User’s Guide v1.1 25
Management
Tabl e 6 Management provides details about the IP40 Security Platform v1.1 management:
Table 6 Management
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Web-based management
Access to IP40 through OOB, SSH and SNMP
Telnet access
HTTPS access (local and remote)
Remote firmware upgrades
Nokia Horizon Manager support from v1.3.1 onwards
Multiple administrators
Nokia CLI shell
1 Introduction
26 Nokia IP40 Security Platform User’s Guide v1.1
Security Services
Tabl e 7 Security Services provides details about IP40 Security Platform v1.1 security services:
Management systems (Nokia Horizon Manager, Sofaware SMP, Check Point SmartCenter,Check Point Smart Update)
Check Point Smart LSM Check Point Provider-1
Table 7 Security Services
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Firewall security updates
Software updates
Web filtering
Email antivirus protection
Dynamic DNS service (When managed by Sofaware Management Portal (SMP) and Nokia Horizon Manager (NHM).
Table 6 Management
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Nokia IP40 Security Platform
Nokia IP40 Security Platform User’s Guide v1.1 27
Diagnostics and Maintenance
Tabl e 8 Diagnostics and Maintenance provides details about IP40 v1.1 diagnostics and maintenance:
VPN management
Centralized logging
Customized security policy
Protocol support for TCP/IP, ICMP, GRE, ESP and UDP
Table 8 Diagnostics and Maintenance
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Configuration Import or Export
Firmware upgrade
Preset configuration
Known good configuration
Table 7 Security Services
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
1 Introduction
28 Nokia IP40 Security Platform User’s Guide v1.1
Nokia IP40 Security Platform Package Contents
The Nokia IP40 Security Platform shipping box includes the following items:
Nokia IP40 Security Platform
A universal power supply
A country-specific power cord for universal power supply
An Ethernet-crossover cable, labeled Crossover
An RS-232 console (null modem) cable
The IP40 CD. The IP40 CD includes the following documents needed to set up and use the
device:
Nokia IP40 Security Platform Quick Start Guide
Nokia IP40 Security Platform User’s Guide Version 1.1 (this document)
Nokia IP40 Security Platform Release Notes Version 1.1 (if needed)
Translated Manuals (Spanish, Japanese, Chinese)
Nokia IP40 Security Platform CLI Reference Guide Version 1.1
A TFTP Server
Reset tool (to reset the IP40 security platform to factory defaults)
Adobe Acrobat Reader
Nokia IP40 Security Platform Quick Start Guide Version 1.1, printed
Nokia IP40 License Document, printed
You can run the CD on a Windows computer with a CD drive.
Network Requirements
To set up the Nokia IP40 Security Platform to connect to the Internet, you need the following:
OOB management
Diagnostic tools (netstat, traceroute, arp, ping, WHOIS, nslookup, tcpdump)
Table 8 Diagnostics and Maintenance
Feature Nokia IP40 Tele 8
Nokia IP40 Satellite (16/32/Unlimited)
Appliance Overview
Nokia IP40 Security Platform User’s Guide v1.1 29
A broadband Internet connection by cable or DSL modem with Ethernet interface (RJ-45) or
a dial-up connection with a serial modem (V90 or ISDN T/A)
10BaseT or 100BaseT Ethernet switch or hub (optional)
10BaseT or 100BaseT network interface card installed on each computer
TCP/IP network protocol installed on each computer
CAT5 network cable with RJ-45 connectors for each computer
Internet Explorer 5.0 or later, or Netscape Navigator 4.5 and later
Note
Nokia recommends that you use either Microsoft Internet Explorer 5.5 or later, or Netscape Navigator 6.2 or later.
Appliance Overview
The following sections provide an overview of Nokia IP40 Security Platform rear and front panels.
Nokia IP40 Security Platform Rear Panel
All physical connections (network and power) to the IP40 are made through the rear panel.
1 Introduction
30 Nokia IP40 Security Platform User’s Guide v1.1
Figure 1 Rear panel of Nokia IP40
Tabl e 9 explains the items on the rear panel of the Nokia IP40.
Table 9 Rear Panel of IP40
Label Description
Power A power jack used to supply power to the device.
Connect the power adapter to this jack. The device connects to the power source.
AUX The auxiliary port or dial-in port is a 9-pin male
connector. This port is used to dial in to IP40 through a modem when the IP40 is unreachable through other ports.
LAN Local area network. Ethernet port (RJ-45) used to
connect computers or other network devices.
DMZ Demilitarized zone: Ethernet port (RJ-45) used to
connect computers or other network devices. Similar to LAN port in operation.
WAN Wide area network:. An Ethernet port (RJ-45) used to
connect your cable or xDSL modem.
Loading...
+ 214 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use