How it Works
Nokia
Loading...
IP45
User Manual
342 pgs9.81 Mb0
Table of contents
Loading...

Nokia IP45 User Manual

IP45 Security Platform
User’s Guide
Version 4.0
Part Number: N450000261 Rev. 001
December 2006
COPYRIGHT
©2006 Nokia. All rights reserved. Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.
060101
2 Nokia IP45 Security Platform User’s Guide v4.0
Nokia Contact Information
Corporate Headquarters
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or
Fax 1-650-691-2170
Mail Address
Regional Contact Information
1-650-625-2000
Nokia Inc. 313 Fairchild Drive Mountain View, California 94043-2215 USA
Americas Nokia Inc.
Europe, Middle East, and Africa
Asia-Pacific 438B Alexandra Road
Nokia Customer Support
Web Site: https://support.nokia.com/
Email: tac.support@nokia.com
Americas Europe
Voi ce: 1-888-361-5030 or
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voi ce: +65-67232999
Fax: +65-67232897
313 Fairchild Drive Mountain View, CA 94043-2215 USA
Nokia House, Summit Avenue Southwood, Farnborough Hampshire GU14 ONG UK
#07-00 Alexandra Technopark Singapore 119968
1-613-271-6721
Tel: 1-877-997-9199 Outside USA and Canada: +1 512-437-7089 email: info.ipnetworking_americas@nokia.com
Tel: UK: +44 161 601 8908 Tel: France: +33 170 708 166 email: info.ipnetworking_emea@nokia.com
Tel: +65 6588 3364 email: info.ipnetworking_apac@nokia.com
Voi ce: +44 (0) 125-286-8900
050602
Nokia IP45 Security Platform User’s Guide v4.0 3
4 Nokia IP45 Security Platform User’s Guide v4.0

Contents

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Conventions this Guide uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
About the Nokia IP45 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited . . . . . . . . . . . . . . . . . . . . 22
Nokia IP45 Security Platform Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
VPN Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Diagnostics and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Nokia IP45 Security Platform Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Nokia IP45 Security Platform Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2 Installing the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Before you Install the Nokia IP45 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . 37
Setting Up the Nokia IP45 Security Platform with
Microsoft Windows 98 or Millennium Operating Systems . . . . . . . . . . . . . . . . . . . . 38
Setting Up the Nokia IP45 Security Platform with
Microsoft Windows XP and 2000 Operating Systems . . . . . . . . . . . . . . . . . . . . . . . 43
Setting Up the Nokia IP45 Security Platform with an Apple Computer . . . . . . . . . . 47
Connecting the Nokia IP45 Security Platform to the Network . . . . . . . . . . . . . . . . 47
Installing your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Nokia IP45 Security Platform User’s Guide v4.0 5
3 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
First-Time Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring the Nokia IP45 Security Platform for Internet Connection . . . . . . . . . . 50
Making Initial Nokia IP45 Security Platform Settings . . . . . . . . . . . . . . . . . . . . . . . 51
Setting the Nokia IP45 Security Platform Time . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Registering with the Nokia Support Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Connecting to a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Logging On to the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . 55
Accessing Nokia IP45 Securely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Logging Off from the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . 58
Understanding the Nokia IP45 Web GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Using the Nokia IP45 Security Platform Web-based User Interface . . . . . . . . . . 60
Graphical User Interface Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
4 Accessing the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Connection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Connecting the Nokia IP45 Security Platform
to a Computer by Using the Console Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Using Telnet to Connect to the Nokia IP45 Security Platform . . . . . . . . . . . . . . . 68
Enabling and Disabling Telnet Access to Nokia IP45 . . . . . . . . . . . . . . . . . . . . 69
Using Secure Shell to Connect to the Nokia IP45 Security Platform . . . . . . . . . . 70
Accessing Nokia IP45 with HTTP and HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Managing Large Scale Deployments of Nokia IP45 . . . . . . . . . . . . . . . . . . . . . . . . 70
Deploying the Nokia IP45 Security Platform with the Nokia Horizon Manager . . 71 Deploying the Nokia IP45 Security Platform with the
Check Point SmartCenter Large Scale Manager . . . . . . . . . . . . . . . . . . . . . . . 71
Deploying Nokia IP45 with SofaWare Management Portal . . . . . . . . . . . . . . . . . 71
5 Connecting to the Internet with the Nokia IP45 Security Platform . . . . . . . . . . 73
Configuring an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Cable Modem Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
MAC Cloning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Cloning a MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Manually Configuring the Internet Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Dial-Up PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring Dial-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Using the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring Dial-up Setting by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Multiple Dial-up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Enabling or Disabling the Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Using Quick Internet Connect or Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
6 Nokia IP45 Security Platform User’s Guide v4.0
Configuring a Backup Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Viewing Internet Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Detecting Dead Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
6 Managing your Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Configuring Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Enabling and Disabling the DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Customizing DHCP Server Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Configuring a DMZ Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring OfficeMode Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Tag-Based VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configuring a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Deleting a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configuring DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Backing Up DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Backing Up DHCP Relay by Using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Changing IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Network Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configuring Static NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Editing Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Viewing Static NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Deleting Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Configuring DHCP Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Deleting Network Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configuring Source Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Managing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Defining the Port Link Speed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Viewing Ports Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
7 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
About QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Using Traffic Shaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Default QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Enabling QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Adding QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Editing and Deleting QoS Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
8 Setting Up the Nokia IP45 Security Platform Security Policy . . . . . . . . . . . . . 135
VStream Embedded Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Nokia IP45 Security Platform User’s Guide v4.0 7
Features Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
VStream Antivirus Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Enabling and Disabling VStream Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Viewing VStream Signature Database Information . . . . . . . . . . . . . . . . . . . . . . 138
Configuring VStream Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring the antivirus policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring the advanced settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Updating VStream Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Setting the Firewall Security Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Configuring Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Customizing the Nokia IP45 Security Platform
Security Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Creating Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Allow and Block Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Deleting and Editing Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Viewing the Rules Log for Accepted Connections . . . . . . . . . . . . . . . . . . . . . 157
Editing or Deleting an Exposed Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
SmartDefense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
SmartDefense Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Restoring Default Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring SmartDefense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
IP and ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Port Scan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
HTTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Microsoft Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Instant Messaging Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Secure HotSpot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Enabling Secure HotSpot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
9 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Changing your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Adding Guest HotSpot Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Viewing and Editing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Setting Up Remote VPN Access for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Using RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
8 Nokia IP45 Security Platform User’s Guide v4.0
RADIUS Vendor Specific Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Configuring SSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Enabling or Disabling SSH Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
SSH Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Using SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Configuring Advanced Secure Shell Server Options. . . . . . . . . . . . . . . . . . . . . . 204
Configuring Server Authentication of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Configuring and Managing SSH Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Managing Authorized Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Secure Socket Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Enabling HTTPS Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Generating a Self-Signed Certificate and Private Key by Using the CLI. . . . . . . 207
Installing a Certificate and Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Viewing Certificate Fingerprint Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
10 Configuring and Monitoring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
SNMP Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
SNMP Configuration from the Nokia IP45 Security Platform . . . . . . . . . . . . . . . 209
Setting Up SNMP Access to the Nokia IP45 Security Platform. . . . . . . . . . . . . . 209
Configuring the SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Configuring SNMP Parameters from the Command-Line Interface . . . . . . . . . . 212
Setting SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Viewing SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
11 High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
High-Availability Sample Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configuring Multiple HA Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Configuring High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Configuring High-Availability by Using the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . 216
High-Availability over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Dual Homing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Configuring for Dual Homing ISP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Configuring ISP Dial-Up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Generic High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Advanced High-Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Route-Based VPN and BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Configuring the BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
High-Availability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
High-Availability Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Nokia IP45 Security Platform User’s Guide v4.0 9
High-Availability Solutions with a Single Nokia IP45 Device. . . . . . . . . . . . . . 229
High-Availability Solutions with Dual Nokia IP45 Devices. . . . . . . . . . . . . . . . 229
Generic HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
HA Coupled With BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
12 Configuring Nokia IP45 Through
Out-of-Band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Configuring OOB from the Nokia IP45
Security Platform GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Secure Shell and HTTPS Access Through Out-of-Band Dial-In . . . . . . . . . . . . . . 235
Remote Configuration Mode in the Nokia IP45 Security Platform . . . . . . . . . . . . 235
13 Configuring Device Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Host Name Configuration by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Date and Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
System Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Setting the Syslog Server by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Managing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Exporting the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Importing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Installing your Product Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Configuring DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Resetting the Nokia IP45 Security Platform to Factory Defaults. . . . . . . . . . . . . . 247
Resetting the Nokia IP45 Security Platform by Using the Reset Button . . . . . . 248
Restarting the Nokia IP45 Security Platform by Using the GUI . . . . . . . . . . . . . . 248
14 Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Viewing Reports on the Nokia IP45 Security Platform . . . . . . . . . . . . . . . . . . . . . 249
Viewing the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Viewing the Traffic Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Viewing Active Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Viewing Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Viewing the Diagnostics Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
15 Working with VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
About VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Setting Up the Nokia IP45 Security Platform as a VPN Server. . . . . . . . . . . . . . . 259
Configuring Remote Access VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Configuring Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
10 Nokia IP45 Security Platform User’s Guide v4.0
Completing Site Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Configuring Route-Based VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Deleting a VPN Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Logging On to a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Logging On from the Nokia IP45 Security Platform GUI . . . . . . . . . . . . . . . . . 272
Logging On Through my.vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Logging Off a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Installing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Generating a Self-Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Importing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Installing VPN Certificates from SmartCenter . . . . . . . . . . . . . . . . . . . . . . . . . 278
Uninstalling the VPN Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Viewing VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Viewing IKE Traces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Downloading the Precompiled Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
VPN Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Nokia IP45 Security Platform as a VPN Server. . . . . . . . . . . . . . . . . . . . . . . . . . 282
SecuRemote to Nokia IP45 Satellite X
(VPN Client to Gateway) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Setting Up Nokia IP45 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Nokia IP45 Security Platform as VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Setting Up Nokia IP45 Tele 8 as a VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Adding VPN Sites by Using Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Nokia IP45 Site-to-Site VPNs support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Adding VPN Sites by Using Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . 287
Nokia IP45 Tele to IP45 Satellite X (VPN Client to Gateway) . . . . . . . . . . . . . . . . 289
Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Nokia IP45 Tele 8 to Check Point FP1, FP2, FP3, NG, NG AI, NGX R60 or NGX R61 289
Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Setting Up Check Point Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Nokia IP45 Tele 8 to Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Setting Up Nokia IP45 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Setting Up Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Nokia Satellite X to Nokia Satellite X
(VPN Gateway-to-Gateway). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Setting Up Nokia IP45 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Nokia IP45 Satellite X in NAT and Bypass NAT Modes . . . . . . . . . . . . . . . . . . . 292
NAT Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Bypass NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Nokia IP45 Security Platform User’s Guide v4.0 11
Bypass Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Defining a Backup VPN Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Nokia IP45 Satellite X to VPN-1 (Site-to-Site VPN) . . . . . . . . . . . . . . . . . . . . . . 294
Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Nokia IP45 Satellite X to Check Point FP3 or DAIP. . . . . . . . . . . . . . . . . . . . . . 295
Setting Up Check Point FP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Setting Up Nokia IP45 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Nokia IP45 Satellite X to Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . 296
Setting Up Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . . . . . . . . . . . 296
Setting Up Nokia IP45 Satellite X
for VPN Connection with SmartCenter FP3 . . . . . . . . . . . . . . . . . . . . . . . . . 297
Setting Up Check Point SmartCenter NG AI by Using
Certificates with Smart LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Site-to-Site VPN with Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Site-to-Site VPN with Nokia CryptoCluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Site-to-Site VPN with Cisco PIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
VPN Routing Between two Nokia IP45 Security Platforms . . . . . . . . . . . . . . . . 299
IPSec NAT Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Mesh VPN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Enhanced MEP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
16 Using Managed Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Starting your Subscription Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Viewing Service Information from the Account Page . . . . . . . . . . . . . . . . . . . . . . 306
Refreshing your Service Center Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Configuring your Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Disconnecting from your Service Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
SofaWare Security Management Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Web Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Selecting Categories to Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Virus Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Enabling or Disabling Email Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Selecting Protocols for Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Temporarily Disabling Email Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Automatic and Manual Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Checking for Software Updates when Locally Managed . . . . . . . . . . . . . . . . . . 314
Checking for Software Updates when Remotely Managed . . . . . . . . . . . . . . . . 315
Managing with the Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Check Point SmartCenter LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
17 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Configuring Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
12 Nokia IP45 Security Platform User’s Guide v4.0
Viewing Debugging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Viewing Firmware Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Resetting the IP45 Security Platform to Factory Defaults . . . . . . . . . . . . . . . . . . 326
Failsafe Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Upgrading Firmware in Failsafe Mode by Using Console . . . . . . . . . . . . . . . . . . . 327
Upgrading Firmware from Failsafe Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Using Packet Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
A Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Nokia IP45 Security Platform User’s Guide v4.0 13
14 Nokia IP45 Security Platform User’s Guide v4.0

About this Guide

This guide provides information and procedures about how to install and configure the Nokia IP45 security platform. This guide provides information about the new features incorporated in the Nokia IP45. This version of the Nokia IP45 uses the SofaWare VPN-1 Embedded NG. For a quick reference on how to configure features in the Nokia IP45, see the Nokia IP45 Security Platform Quick Start Guide v4.0 and the Nokia IP45 Security Platform Online Help, part of the graphical user interface (GUI) in the device.
Installation and maintenance should be performed by experienced technicians or Nokia­approved service providers only.
This preface provides the following information:
In this Guide
Conventions this Guide uses
Related Documentation

In this Guide

This guide is organized into the following chapters and appendixes:
Chapter 1, “Introduction” provides the information you need to know before installing the
Nokia IP45 security platform.
Chapter 2, “Installing the Nokia IP45 Security Platform” describes how to install the device,
lists operating system requirements, protocols and how to establish a network connection.
Chapter 3, “Getting Started” describes how to start by using the IP45, and provides
information on first-time login and connecting to the Internet.
Chapter 4, “Accessing the Nokia IP45 Security Platform” describes different methods of
connecting to your IP45, and methods of configuring the device.
Chapter 5, “Connecting to the Internet with the Nokia IP45 Security Platform” describes
how to configure your IP45 for connecting to the Internet, and viewing and managing your Internet connection.
Chapter 6, “Managing your Local Area Network,” describes how to configure the Nokia
IP45 features.
Chapter 7, “Quality of Service” provides information about Quality of Service (QoS) and
how to configure the QoS classes.
Nokia IP45 Security Platform User’s Guide v4.0 15
Chapter 8, “Setting Up the Nokia IP45 Security Platform Security Policy”describes methods
to define the firewall level, configure virtual servers, and create firewall rules.
Chapter 9, “Configuring Network Access,” describes the network access procedures and
usage of SSH and SSL.
Chapter 10, “Configuring and Monitoring SNMP,” describes the procedure to configure
Simple Network Management Protocol, set community strings, send and enable SNMP traps.
Chapter 11, “High-Availability,” describes about the High Availability feature.
Chapter 12, “Configuring Nokia IP45 Through Out-of-Band Management,” describes the
method to configure the Nokia IP45 through Out of Band Management.
Chapter 13, “Configuring Device Functions,” discusses how to configure device functions
such as setting date and time, loading factory defaults and performing firmware upgrade.
Chapter 14, “Viewing Reports,” describes how to view reports such as Event Log, Active
Computers, Active Connections, and VPN Tunnels.
Chapter 15, “Working with VPNs,” describes how to configure a VPN by using the Nokia
IP45.
Chapter 16, “Using Managed Services” describes methods for enabling and using
subscription services such as Web filtering, email antivirus, automatic and manual updates.
Chapter 17, “Troubleshooting,”discusses typical problems users encounter and provides
solutions to these problems.
Appendix A, “Specifications,” describes the Nokia IP45 specifications.
Appendix B, “Compliance Information,” contains the compliance information of the Nokia
IP45 security platform.

Conventions this Guide uses

The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.

Notices

Warning
Warnings advise the user that either bodily injury might occur because of a physical hazard, or that damage to a structure, such as a room or equipment closet, might occur because of equipment damage.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.
16 Nokia IP45 Security Platform User’s Guide v4.0
Note
Notes provide information of special interest or recommendations.

Command-Line Conventions

This section defines the elements of commands that are available in Nokia products. You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
Command This required element is usually the product name or other short
word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For
example:
delete interface if_name
Conventions this Guide uses
Supply an interface name in place of the variable. For example:
delete interface nic1
Angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
Vertical bars, also called a
pipe
(|)
Separates alternative, mutually exclusive elements.
framing <sonet | sdh>
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
Nokia IP45 Security Platform User’s Guide v4.0 17
Table 1 Command-Line Conventions (continued)
Convention Description
-flag A flag is usually an abbreviation for a function, menu, or option
.ext A filename extension, such as .ext, might follow a variable that
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that
' ' Single quotation marks are literal symbols that you must enter as

Text Conventions

Tabl e 2 describes the text conventions this guide uses.
name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
you must enter exactly as shown.
shown.
Table 2 Text Conventions
Convention Description
Monospace font
Indicates command syntax, or represents computer or window output, for example:
Log error 12453
Bold monospace font
Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):
Choose File > Open.
The words enter and type Enter indicates you type something and then press the Return or
Enter key. Do not press the Return or Enter key when an instruction says
type.
Italics
Emphasizes a point or denotes new terms at the place where they are defined in the text.
Indicates an external book title reference.
Indicates a variable in a command:
delete interface
if_name
18 Nokia IP45 Security Platform User’s Guide v4.0

Menu Items

The Nokia IP45 menu items in procedures are separated by the greater than sign (>).
For example, Start > Programs > Nokia > Security indicates that you first click Start, then choose the Programs menu command, then choose Nokia, and finally choose Security.

Related Documentation

In addition to this guide, documentation for this product includes the following:
Nokia IP45 Security Platform Quick Start Guide Version 4.0—describes the system features
and provides an overview of how to get your appliance up and running.
Nokia IP45 Security Platform Getting Started Guide Version 4.0—describes how to install
and configure the Nokia IP45 security platform.
Nokia IP45 Security Platform CLI Reference Guide Version 4.0—describes all the IP45
commands that are used for managing the appliance.
Nokia IP45 Security Platform Release Notes Version 4.0—describes what you should know
before you install and configure the IP45.
Related Documentation
Nokia IP45 Security Platform User’s Guide v4.0 19
20 Nokia IP45 Security Platform User’s Guide v4.0

1 Introduction

This chapter introduces the Nokia IP45 security platform and includes the following topics:
About the Nokia IP45 Security Platform
Nokia IP45 Security Platform Features
Network Requirements
Nokia IP45 Security Platform Front Panel
Nokia IP45 Security Platform Rear Panel

About the Nokia IP45 Security Platform

The Nokia IP45 security platform provides dependable Internet access for the remote and branch offices of a distributed enterprise. The Nokia IP45 supports features like dial-up connection, redundant WAN connection to headquarters, and dual homing with BGP to route return traffic securely, over VPN. IP45 appliances are RoHS complaint.
The Nokia IP45 security platform can be integrated with an overall enterprise security policy for maximum security. The IP45 facilitates centralized management and automatic deployment with the security management architecture of Check Point and Nokia Horizon Manager.
The Nokia IP45 security platform is available with the following licenses:
Nokia IP45 Tele 8
Nokia IP45 Satellite 16
Nokia IP45 Satellite 32
Nokia IP45 Satellite U (Unlimited)
All these versions of the Nokia IP45 provide a Web-based interface that enables you to configure and manage the Nokia IP45.
The Nokia IP45 security platform comes pre-installed with the license of your choice. You can upgrade the IP45 security platform to a more advanced configuration without replacing the hardware. For details about license upgrade, contact your local reseller.

Nokia IP45 Tele 8

Nokia IP45 Tele 8 is for home telecommuters and work extenders who also need VPN client access. The IP45 Tele 8 supports both firewall and VPN client capabilities over an eight-node
Nokia IP45 Security Platform User’s Guide v4.0 21
1 Introduction
network. The device supports VPN client capabilities for users to connect to the central office from their home with firewall protection, extending the enterprise network to the employees’ home offices.
IP45 Tele 8 can act as a VPN server, which allows a single user to securely access resources protected by the device from home or while travelling.
Note
Computers that actually pass through the firewall are counted. Devices such as network printers connected in LAN that do not normally get connected to the Internet are not counted.

Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited

Nokia IP45 Satellite 16, IP45 Satellite 32, and IP45 Satellite Unlimited provide full firewall, and VPN connectivity for remote and branch offices or independent, small, and medium enterprises with sixteen, thirty-two, and unlimited node networks, respectively. Using these solutions, remote and branch offices can securely exchange information between them with distributed enterprises and small and medium enterprises at a low price with excellent performance.

Nokia IP45 Security Platform Features

The following section contains a summary of the Nokia IP45 security platform features.
Connectivity
Table 3 provides details about the IP45 v4.0 connectivity.
Table 3 Nokia IP45 Security Platform Connectivity
Nokia IP45 Satellite
Feature Nokia IP45 Tele 8
LAN, WAN, and console ports
DMZ Support
Manual Ethernet port settings
16/32/Unlimited
22 Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
Feature Nokia IP45 Tele 8
Dynamic routing by using OSPF
Unnumbered PPP
Users (nodes) 8 16, 32, unlimited
PPPoE client
PPTP client
16/32/Unlimited
DHCP client
DHCP server
DHCP relay
Backup DHCP relay
DHCP reservation
Nokia IP45 Security Platform User’s Guide v4.0 23
1 Introduction
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
Feature Nokia IP45 Tele 8
Customizing DHCP Options (DNS servers, WINS servers, NTP servers, Domain name, VoIP call managers, TFTP server and TFTP boot file name)
Stat ic IP
MAC cloning
MAC Cloning for WAN2
16/32/Unlimited
Static NAT, static routes
Dial-up Internet connection
Routing support by using BGP
Source routing
High-Availability (Group ID, enhanced
interface tracking, VPN effect, WAN Virtual IP)
Traffic Shaper
24 Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
Feature Nokia IP45 Tele 8
Traffic Shaper enhancements
Traffic Monitor
Dead Connection Detection
16/32/Unlimited
Firewall
Table 4 provides details about the IP45 security platform firewall connectivity.
Table 4 Firewall Connectivity
Feature Nokia IP45 Tele 8
Firewall Type Check Point Firewall-1
Embedded NG
Network Address Translation (NAT)
INSPECT policy rules
User defined rules
Three levels of Preset security policies
Nokia IP45 Satellite (16/32/Unlimited)
Check Point Firewall-1 Embedded NG
DoS protection
Nokia IP45 Security Platform User’s Guide v4.0 25
1 Introduction
Table 4 Firewall Connectivity (continued)
Feature Nokia IP45 Tele 8
Anti-spoofing
Attack logging
Voice over IP (H.323) support
Exposed host
Nokia IP45 Satellite (16/32/Unlimited)
DMZ network
VLAN support
SmartDefense and Application Intelligence
VPN Connectivity
Table 5 provides details about the IP45 security platform VPN connectivity.
26 Nokia IP45 Security Platform User’s Guide v4.0
Table 5 VPN Connectivity
Feature Nokia IP45 Tele8
IPSEC VPN remote access server
IPSEC VPN site-to-site gateway
IPSEC VPN remote access client
Authentication X.509 certificates
RSA secure ID
About the Nokia IP45 Security Platform
Nokia IP45 Satellite 16/32/Unlimited
Office Mode Network
VPN pass through
Enhanced MEP support
Advanced VPN configuration
Encryption AES/3DES/DES AES/3DES/DES
Authentication SHA1/MD5 SHA1/MD5
SecuRemote server
Nokia IP45 Security Platform User’s Guide v4.0 27
1 Introduction
Table 5 VPN Connectivity (continued)
Nokia IP45 Satellite
Feature Nokia IP45 Tele8
L2TP VPN server
RADIUS Client
RADIUS Enhancements (vendor specific
DAIP with VPN certificates
16/32/Unlimited
attribute (VSA), Radius Realm support,
Radius time-out and retries setting)
Backup VPN gateways
SmartCenter Connector (SSC) NG AI support
Bypass NAT
Bypass Firewall
NAT Traversal
Route all traffic
28 Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 5 VPN Connectivity (continued)
Nokia IP45 Satellite
Feature Nokia IP45 Tele8
Route-Based VPN and failover
Multiple PPP connections
Enhanced active tunnels display
16/32/Unlimited
Management
Table 6 provides details about the IP45 security platform management.
Table 6 Management
Feature Nokia IP45 Tele 8
Web-based management
Access to the IP45 through OOB, SSH and SNMP
Telnet access
HTTPS access (local and remote)
Remote firmware upgrades
Nokia IP45 Satellite (16/32/Unlimited)
Nokia IP45 Security Platform User’s Guide v4.0 29
1 Introduction
Table 6 Management (continued)
Feature Nokia IP45 Tele 8
Nokia Horizon Manager support from v1.5 SP1 onwards
Multiple administrators
Users Manager
Guest HotSpot Users
Nokia IP45 Satellite (16/32/Unlimited)
User account expiration
Nokia CLI shell
Management systems ( Nokia Horizon Manager, SofaWare SMP, Check Point SmartCenter, Check Point Smart Update)
Check Point Smart LSM Check Point Provider-1
Packet Sniffer
SmartDefense policy wizard
30 Nokia IP45 Security Platform User’s Guide v4.0
Loading...
+ 312 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use