Nokia IP45 User Manual

IP45 Security Platform

User’s Guide

Version 4.0

Part Number: N450000261 Rev. 001

December 2006

Rights reserved under the copyright laws of the United States.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

IMPORTANT NOTE TO USERS

This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

Nokia reserves the right to make changes without further notice to any products herein.

TRADEMARKS

Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.

060101

2	Nokia IP45 Security Platform User’s Guide v4.0

Nokia Contact Information

Corporate Headquarters

Web Site	http://www.nokia.com

Telephone	1-888-477-4566 or
	1-650-625-2000

Fax	1-650-691-2170

Mail	Nokia Inc.
Address	313 Fairchild Drive
	Mountain View, California
	94043-2215 USA

Regional Contact Information

Americas	Nokia Inc.	Tel: 1-877-997-9199
	313 Fairchild Drive	Outside USA and Canada: +1 512-437-7089
	Mountain View, CA 94043-2215	email: info.ipnetworking_americas@nokia.com
	USA

Europe,	Nokia House, Summit Avenue	Tel: UK: +44 161 601 8908
Middle East,	Southwood, Farnborough	Tel: France: +33 170 708 166
and Africa	Hampshire GU14 ONG UK	email: info.ipnetworking_emea@nokia.com

Asia-Pacific	438B Alexandra Road	Tel: +65 6588 3364
	#07-00 Alexandra Technopark	email: info.ipnetworking_apac@nokia.com
	Singapore 119968

Nokia Customer Support

Web Site:	https://support.nokia.com/

Email:	tac.support@nokia.com

Americas		Europe
Voice:	1-888-361-5030 or	Voice:	+44 (0) 125-286-8900
	1-613-271-6721
Fax:	1-613-271-8782	Fax:	+44 (0) 125-286-5666

Asia-Pacific
Voice:	+65-67232999
Fax:	+65-67232897

			050602

Nokia IP45 Security Platform User’s Guide v4.0

4	Nokia IP45 Security Platform User’s Guide v4.0

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Conventions this Guide uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

About the Nokia IP45 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited . . . . . . . . . . . . . . . . . . . . 22

Nokia IP45 Security Platform Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

VPN Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Diagnostics and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Nokia IP45 Security Platform Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Nokia IP45 Security Platform Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2 Installing the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Before you Install the Nokia IP45 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . 37 Setting Up the Nokia IP45 Security Platform with

Microsoft Windows 98 or Millennium Operating Systems . . . . . . . . . . . . . . . . . . . . 38 Setting Up the Nokia IP45 Security Platform with

Microsoft Windows XP and 2000 Operating Systems . . . . . . . . . . . . . . . . . . . . . . . 43 Setting Up the Nokia IP45 Security Platform with an Apple Computer . . . . . . . . . . 47 Connecting the Nokia IP45 Security Platform to the Network . . . . . . . . . . . . . . . . 47 Installing your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Nokia IP45 Security Platform User’s Guide v4.0

3 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

First-Time Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Configuring the Nokia IP45 Security Platform for Internet Connection . . . . . . . . . . 50 Making Initial Nokia IP45 Security Platform Settings . . . . . . . . . . . . . . . . . . . . . . . 51 Setting the Nokia IP45 Security Platform Time . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Registering with the Nokia Support Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Connecting to a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Logging On to the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . 55 Accessing Nokia IP45 Securely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Logging Off from the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . 58 Understanding the Nokia IP45 Web GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Using the Nokia IP45 Security Platform Web-based User Interface . . . . . . . . . . 60 Graphical User Interface Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

4 Accessing the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Connection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Connecting the Nokia IP45 Security Platform

to a Computer by Using the Console Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Using Telnet to Connect to the Nokia IP45 Security Platform . . . . . . . . . . . . . . . 68 Enabling and Disabling Telnet Access to Nokia IP45 . . . . . . . . . . . . . . . . . . . . 69 Using Secure Shell to Connect to the Nokia IP45 Security Platform . . . . . . . . . . 70 Accessing Nokia IP45 with HTTP and HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Managing Large Scale Deployments of Nokia IP45 . . . . . . . . . . . . . . . . . . . . . . . . 70 Deploying the Nokia IP45 Security Platform with the Nokia Horizon Manager . . 71

Deploying the Nokia IP45 Security Platform with the

Check Point SmartCenter Large Scale Manager . . . . . . . . . . . . . . . . . . . . . . . 71 Deploying Nokia IP45 with SofaWare Management Portal . . . . . . . . . . . . . . . . . 71

5 Connecting to the Internet with the Nokia IP45 Security Platform . . . . . . . . . . 73

Configuring an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Cable Modem Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 MAC Cloning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Cloning a MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Manually Configuring the Internet Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Dial-Up PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Configuring Dial-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Using the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Configuring Dial-up Setting by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Multiple Dial-up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Enabling or Disabling the Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Using Quick Internet Connect or Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

6	Nokia IP45 Security Platform User’s Guide v4.0

Configuring a Backup Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Viewing Internet Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Detecting Dead Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

6 Managing your Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Enabling and Disabling the DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Customizing DHCP Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Configuring a DMZ Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Configuring OfficeMode Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Tag-Based VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Configuring a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Deleting a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Configuring DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Backing Up DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Backing Up DHCP Relay by Using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Changing IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Configuring Network Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Configuring Static NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Editing Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Viewing Static NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Deleting Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Configuring DHCP Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Deleting Network Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Configuring Source Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Managing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Defining the Port Link Speed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Viewing Ports Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

7 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

About QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Using Traffic Shaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Default QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Enabling QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Adding QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Editing and Deleting QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

8 Setting Up the Nokia IP45 Security Platform Security Policy . . . . . . . . . . . . . 135

VStream Embedded Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Nokia IP45 Security Platform User’s Guide v4.0

Features Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 VStream Antivirus Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Enabling and Disabling VStream Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Viewing VStream Signature Database Information . . . . . . . . . . . . . . . . . . . . . . 138 Configuring VStream Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Configuring the antivirus policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Configuring the advanced settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Updating VStream Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Setting the Firewall Security Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Configuring Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Customizing the Nokia IP45 Security Platform

Security Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Creating Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Allow and Block Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Deleting and Editing Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Viewing the Rules Log for Accepted Connections . . . . . . . . . . . . . . . . . . . . . 157 Editing or Deleting an Exposed Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 SmartDefense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 SmartDefense Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Restoring Default Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Configuring SmartDefense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 IP and ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Port Scan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 HTTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Microsoft Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Instant Messaging Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Secure HotSpot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Enabling Secure HotSpot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

9 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Changing your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Adding Guest HotSpot Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Viewing and Editing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Setting Up Remote VPN Access for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Using RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

8	Nokia IP45 Security Platform User’s Guide v4.0

RADIUS Vendor Specific Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Configuring SSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Enabling or Disabling SSH Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 SSH Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Using SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Configuring Advanced Secure Shell Server Options. . . . . . . . . . . . . . . . . . . . . . 204 Configuring Server Authentication of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Configuring and Managing SSH Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Managing Authorized Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Secure Socket Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Enabling HTTPS Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Generating a Self-Signed Certificate and Private Key by Using the CLI. . . . . . . 207 Installing a Certificate and Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Viewing Certificate Fingerprint Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

10 Configuring and Monitoring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

SNMP Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 SNMP Configuration from the Nokia IP45 Security Platform . . . . . . . . . . . . . . . 209 Setting Up SNMP Access to the Nokia IP45 Security Platform. . . . . . . . . . . . . . 209 Configuring the SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Configuring SNMP Parameters from the Command-Line Interface . . . . . . . . . . 212

Setting SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Viewing SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

11 High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

High-Availability Sample Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Configuring Multiple HA Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Configuring High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Configuring High-Availability by Using the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . 216 High-Availability over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Dual Homing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Configuring for Dual Homing ISP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Configuring ISP Dial-Up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Generic High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Advanced High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Route-Based VPN and BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Configuring the BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 High-Availability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 High-Availability Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Nokia IP45 Security Platform User’s Guide v4.0

High-Availability Solutions with a Single Nokia IP45 Device. . . . . . . . . . . . . . 229 High-Availability Solutions with Dual Nokia IP45 Devices. . . . . . . . . . . . . . . . 229 Generic HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 HA Coupled With BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

12 Configuring Nokia IP45 Through
Out-of-Band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	233
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	233
Configuring OOB from the Nokia IP45
Security Platform GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	234
Secure Shell and HTTPS Access Through Out-of-Band Dial-In . . . . . . . . . . . . . .	235
Remote Configuration Mode in the Nokia IP45 Security Platform . . . . . . . . . . . .	235
13 Configuring Device Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	237
Host Name Configuration by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	237
Date and Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	237
System Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	238
Setting the Syslog Server by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . .	239
Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	239
Managing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	241
Exporting the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	241
Importing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	242
Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	243
Installing your Product Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	244
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	246
Configuring DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	246
Resetting the Nokia IP45 Security Platform to Factory Defaults. . . . . . . . . . . . . .	247
Resetting the Nokia IP45 Security Platform by Using the Reset Button . . . . . .	248
Restarting the Nokia IP45 Security Platform by Using the GUI . . . . . . . . . . . . . .	248

14 Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Viewing Reports on the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . 249

Viewing the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Viewing the Traffic Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Viewing Active Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Viewing Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Viewing the Diagnostics Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

15 Working with VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

About VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Setting Up the Nokia IP45 Security Platform as a VPN Server. . . . . . . . . . . . . . . 259 Configuring Remote Access VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Configuring Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

10	Nokia IP45 Security Platform User’s Guide v4.0

Completing Site Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Configuring Route-Based VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Deleting a VPN Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Logging On to a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Logging On from the Nokia IP45 Security Platform GUI . . . . . . . . . . . . . . . . . 272 Logging On Through my.vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Logging Off a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 VPN Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Installing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Generating a Self-Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Importing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Installing VPN Certificates from SmartCenter . . . . . . . . . . . . . . . . . . . . . . . . . 278 Uninstalling the VPN Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Viewing VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Viewing IKE Traces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Downloading the Precompiled Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 VPN Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Nokia IP45 Security Platform as a VPN Server. . . . . . . . . . . . . . . . . . . . . . . . . . 282

SecuRemote to Nokia IP45 Satellite X

(VPN Client to Gateway) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Setting Up Nokia IP45 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Nokia IP45 Security Platform as VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Setting Up Nokia IP45 Tele 8 as a VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Adding VPN Sites by Using Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Nokia IP45 Site-to-Site VPNs support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Adding VPN Sites by Using Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . 287 Nokia IP45 Tele to IP45 Satellite X (VPN Client to Gateway) . . . . . . . . . . . . . . . . 289 Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Nokia IP45 Tele 8 to Check Point FP1, FP2, FP3, NG, NG AI, NGX R60 or NGX R61

289

Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting Up Check Point Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Nokia IP45 Tele 8 to Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting Up Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Nokia Satellite X to Nokia Satellite X

(VPN Gateway-to-Gateway). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 Setting Up Nokia IP45 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 Nokia IP45 Satellite X in NAT and Bypass NAT Modes . . . . . . . . . . . . . . . . . . . 292 NAT Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Bypass NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Nokia IP45 Security Platform User’s Guide v4.0

Bypass Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Defining a Backup VPN Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Nokia IP45 Satellite X to VPN-1 (Site-to-Site VPN) . . . . . . . . . . . . . . . . . . . . . . 294 Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Nokia IP45 Satellite X to Check Point FP3 or DAIP. . . . . . . . . . . . . . . . . . . . . . 295 Setting Up Check Point FP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Nokia IP45 Satellite X to Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . 296 Setting Up Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . . . . . . . . . . . 296

Setting Up Nokia IP45 Satellite X

for VPN Connection with SmartCenter FP3 . . . . . . . . . . . . . . . . . . . . . . . . . 297 Setting Up Check Point SmartCenter NG AI by Using

Certificates with Smart LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Site-to-Site VPN with Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Site-to-Site VPN with Nokia CryptoCluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Site-to-Site VPN with Cisco PIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 VPN Routing Between two Nokia IP45 Security Platforms . . . . . . . . . . . . . . . . 299 IPSec NAT Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Mesh VPN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Enhanced MEP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

16 Using Managed Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Starting your Subscription Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Viewing Service Information from the Account Page . . . . . . . . . . . . . . . . . . . . . . 306 Refreshing your Service Center Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Configuring your Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Disconnecting from your Service Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 SofaWare Security Management Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Web Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Selecting Categories to Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Virus Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Enabling or Disabling Email Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Selecting Protocols for Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Temporarily Disabling Email Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Automatic and Manual Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Checking for Software Updates when Locally Managed . . . . . . . . . . . . . . . . . . 314 Checking for Software Updates when Remotely Managed . . . . . . . . . . . . . . . . 315 Managing with the Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Check Point SmartCenter LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

17 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Configuring Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

12	Nokia IP45 Security Platform User’s Guide v4.0

Viewing Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Viewing Firmware Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Resetting the IP45 Security Platform to Factory Defaults . . . . . . . . . . . . . . . . . . 326 Failsafe Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 Upgrading Firmware in Failsafe Mode by Using Console . . . . . . . . . . . . . . . . . . . 327 Upgrading Firmware from Failsafe Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Using Packet Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

A Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Nokia IP45 Security Platform User’s Guide v4.0

14	Nokia IP45 Security Platform User’s Guide v4.0

About this Guide

This guide provides information and procedures about how to install and configure the Nokia IP45 security platform. This guide provides information about the new features incorporated in the Nokia IP45. This version of the Nokia IP45 uses the SofaWare VPN-1 Embedded NG. For a quick reference on how to configure features in the Nokia IP45, see the Nokia IP45 Security Platform Quick Start Guide v4.0 and the Nokia IP45 Security Platform Online Help, part of the graphical user interface (GUI) in the device.

Installation and maintenance should be performed by experienced technicians or Nokiaapproved service providers only.

This preface provides the following information:

In this Guide

Conventions this Guide uses

The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.

Notices

Warning

Warnings advise the user that either bodily injury might occur because of a physical hazard, or that damage to a structure, such as a room or equipment closet, might occur because of equipment damage.

Caution

Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.

16	Nokia IP45 Security Platform User’s Guide v4.0

Conventions this Guide uses

Note

Notes provide information of special interest or recommendations.

Command-Line Conventions

This section defines the elements of commands that are available in Nokia products. You might encounter one or more of the following elements on a command-line path.

Table 1 Command-Line Conventions

Convention	Description

Command	This required element is usually the product name or other short
	word that invokes the product or calls the compiler or preprocessor
	script for a compiled Nokia product. It might appear alone or
	precede one or more options. You must spell a command exactly
	as shown and use lowercase letters.

Italics

Angle brackets < >

Square brackets [ ]

Vertical bars, also called a pipe (|)

Indicates a variable in a command that you must supply. For example:

delete interface if_name

Supply an interface name in place of the variable. For example: delete interface nic1

Indicates arguments for which you must supply a value: retry-limit <1–100>

Supply a value. For example: retry-limit 60

Indicates optional arguments. delete [slot slot_num]

For example: delete slot 3

Separates alternative, mutually exclusive elements. framing <sonet | sdh>

To complete the command, supply the value. For example: framing sonet

framing sdh

Nokia IP45 Security Platform User’s Guide v4.0

Table 1 Command-Line Conventions (continued)

Convention	Description

-flag	A flag is usually an abbreviation for a function, menu, or option
	name, or for a compiler or preprocessor argument. You must enter
	a flag exactly as shown, including the preceding hyphen.
.ext	A filename extension, such as .ext, might follow a variable that
	represents a filename. Type this extension exactly as shown,
	immediately after the name of the file. The extension might be
	optional in certain products.
( . , ; + * - / )	Punctuation and mathematical notations are literal symbols that
	you must enter exactly as shown.
' '	Single quotation marks are literal symbols that you must enter as
	shown.

Text Conventions

Table 2 describes the text conventions this guide uses.

Table 2 Text Conventions

Convention	Description

Monospace font	Indicates command syntax, or represents computer or window
	output, for example:
	Log error 12453

Bold monospace font

Key names

Menu commands

The words enter and type

Italics

Indicates text you enter or type, for example:

# configure nat

Keys that you press simultaneously are linked by a plus sign (+): Press Ctrl + Alt + Del.

Menu commands are separated by a greater than sign (>): Choose File > Open.

Enter indicates you type something and then press the Return or Enter key.

Do not press the Return or Enter key when an instruction says type.

•Emphasizes a point or denotes new terms at the place where they are defined in the text.

•Indicates an external book title reference.

•Indicates a variable in a command:

delete interface if_name

18	Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

This chapter introduces the Nokia IP45 security platform and includes the following topics:

About the Nokia IP45 Security Platform

Nokia IP45 Security Platform Features

Network Requirements

Nokia IP45 Security Platform Front Panel

Nokia IP45 Security Platform Rear Panel

About the Nokia IP45 Security Platform

The Nokia IP45 security platform provides dependable Internet access for the remote and branch offices of a distributed enterprise. The Nokia IP45 supports features like dial-up connection, redundant WAN connection to headquarters, and dual homing with BGP to route return traffic securely, over VPN. IP45 appliances are RoHS complaint.

The Nokia IP45 security platform can be integrated with an overall enterprise security policy for maximum security. The IP45 facilitates centralized management and automatic deployment with the security management architecture of Check Point and Nokia Horizon Manager.

The Nokia IP45 security platform is available with the following licenses:

Nokia IP45 Tele 8

Nokia IP45 Satellite 16

Nokia IP45 Satellite 32

Nokia IP45 Satellite U (Unlimited)

All these versions of the Nokia IP45 provide a Web-based interface that enables you to configure and manage the Nokia IP45.

The Nokia IP45 security platform comes pre-installed with the license of your choice. You can upgrade the IP45 security platform to a more advanced configuration without replacing the hardware. For details about license upgrade, contact your local reseller.

Nokia IP45 Tele 8

Nokia IP45 Tele 8 is for home telecommuters and work extenders who also need VPN client access. The IP45 Tele 8 supports both firewall and VPN client capabilities over an eight-node

Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

network. The device supports VPN client capabilities for users to connect to the central office from their home with firewall protection, extending the enterprise network to the employees’ home offices.

IP45 Tele 8 can act as a VPN server, which allows a single user to securely access resources protected by the device from home or while travelling.

Note

Computers that actually pass through the firewall are counted. Devices such as network printers connected in LAN that do not normally get connected to the Internet are not counted.

Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited

Nokia IP45 Satellite 16, IP45 Satellite 32, and IP45 Satellite Unlimited provide full firewall, and VPN connectivity for remote and branch offices or independent, small, and medium enterprises with sixteen, thirty-two, and unlimited node networks, respectively. Using these solutions, remote and branch offices can securely exchange information between them with distributed enterprises and small and medium enterprises at a low price with excellent performance.

Nokia IP45 Security Platform Features

The following section contains a summary of the Nokia IP45 security platform features.

Connectivity

Table 3 provides details about the IP45 v4.0 connectivity.

Table 3 Nokia IP45 Security Platform Connectivity

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	16/32/Unlimited

LAN, WAN, and console ports

DMZ Support

Manual Ethernet port settings

22	Nokia IP45 Security Platform User’s Guide v4.0

About the Nokia IP45 Security Platform

Table 3 Nokia IP45 Security Platform Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	16/32/Unlimited

Dynamic routing by using OSPF

Unnumbered PPP

Users (nodes)	8	16, 32, unlimited
PPPoE client

PPTP client

DHCP client

DHCP server

DHCP relay

Backup DHCP relay

DHCP reservation

Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

Table 3 Nokia IP45 Security Platform Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	16/32/Unlimited

Customizing DHCP Options (DNS servers, WINS servers, NTP servers, Domain name, VoIP call managers, TFTP server and TFTP boot file name)

Static IP

MAC cloning

MAC Cloning for WAN2

Static NAT, static routes

Dial-up Internet connection

Routing support by using BGP

Source routing

High-Availability

(Group ID, enhanced interface tracking, VPN effect, WAN Virtual IP)

Traffic Shaper

24	Nokia IP45 Security Platform User’s Guide v4.0

About the Nokia IP45 Security Platform

Table 3 Nokia IP45 Security Platform Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	16/32/Unlimited

Traffic Shaper
enhancements
Traffic Monitor
Dead Connection
Detection

Firewall

Table 4 provides details about the IP45 security platform firewall connectivity.

Table 4 Firewall Connectivity

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	(16/32/Unlimited)

Firewall Type	Check Point Firewall-1	Check Point Firewall-1
	Embedded NG	Embedded NG
Network Address
Translation (NAT)
INSPECT policy rules
User defined rules
Three levels of Preset
security policies
DoS protection

Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

Table 4	Firewall Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	(16/32/Unlimited)

Anti-spoofing

Attack logging

Voice over IP (H.323) support

Exposed host

DMZ network

VLAN support

SmartDefense and

Application Intelligence

VPN Connectivity

Table 5 provides details about the IP45 security platform VPN connectivity.

26	Nokia IP45 Security Platform User’s Guide v4.0

		About the Nokia IP45 Security Platform
Table 5 VPN Connectivity

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele8	16/32/Unlimited

IPSEC VPN remote
access server
IPSEC VPN site-to-site
gateway
IPSEC VPN remote
access client
Authentication
X.509 certificates
RSA secure ID
Office Mode Network
VPN pass through
Enhanced MEP support
Advanced VPN
configuration
Encryption	AES/3DES/DES	AES/3DES/DES
Authentication	SHA1/MD5	SHA1/MD5
SecuRemote server

Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

Table 5 VPN Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele8	16/32/Unlimited

L2TP VPN server
RADIUS Client
RADIUS Enhancements		(vendor specific
		attribute (VSA), Radius
		Realm support,
		Radius time-out and
		retries setting)
DAIP with VPN
certificates
Backup VPN gateways
SmartCenter Connector
(SSC) NG AI support
Bypass NAT
Bypass Firewall
NAT Traversal
Route all traffic

28	Nokia IP45 Security Platform User’s Guide v4.0

About the Nokia IP45 Security Platform

Table 5 VPN Connectivity (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele8	16/32/Unlimited

Route-Based VPN and
failover
Multiple PPP
connections
Enhanced active
tunnels display

Management

Table 6 provides details about the IP45 security platform management.

Table 6 Management

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	(16/32/Unlimited)

Web-based
management
Access to the IP45
through OOB, SSH and
SNMP
Telnet access
HTTPS access
(local and remote)
Remote firmware
upgrades

Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

Table 6 Management (continued)

		Nokia IP45 Satellite
Feature	Nokia IP45 Tele 8	(16/32/Unlimited)

Nokia Horizon Manager support from v1.5 SP1 onwards

Multiple administrators

Users Manager

Guest HotSpot Users

User account expiration

Nokia CLI shell

Management systems (

Nokia Horizon Manager,

SofaWare SMP, Check

Point SmartCenter,

Check Point Smart

Update)

Check Point Smart LSM

Check Point Provider-1

Packet Sniffer

SmartDefense policy wizard

30	Nokia IP45 Security Platform User’s Guide v4.0

+ 312 hidden pages

Nokia IP45 User Manual

Contents

About this Guide

In this Guide

Conventions this Guide uses

Notices

Command-Line Conventions

Text Conventions

Related Documentation

Menu Items

1 Introduction

About the Nokia IP45 Security Platform

Nokia IP45 Tele 8

Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited

Nokia IP45 Security Platform Features

Connectivity

Firewall

VPN Connectivity

Management