Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not
limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or
registered trademarks of their respective holders.
060101
2Nokia IP45 Security Platform User’s Guide v4.0
Nokia Contact Information
Corporate Headquarters
Web Sitehttp://www.nokia.com
Telephone1-888-477-4566 or
Fax1-650-691-2170
Mail
Address
Regional Contact Information
1-650-625-2000
Nokia Inc.
313 Fairchild Drive
Mountain View, California
94043-2215 USA
AmericasNokia Inc.
Europe,
Middle East,
and Africa
Asia-Pacific 438B Alexandra Road
Nokia Customer Support
Web Site:https://support.nokia.com/
Email:tac.support@nokia.com
Americas Europe
Voi ce:1-888-361-5030 or
Fax:1-613-271-8782Fax:+44 (0) 125-286-5666
Asia-Pacific
Voi ce:+65-67232999
Fax:+65-67232897
313 Fairchild Drive
Mountain View, CA 94043-2215
USA
Nokia House, Summit Avenue
Southwood, Farnborough
Hampshire GU14 ONG UK
#07-00 Alexandra Technopark
Singapore 119968
1-613-271-6721
Tel: 1-877-997-9199
Outside USA and Canada: +1 512-437-7089
email: info.ipnetworking_americas@nokia.com
This guide provides information and procedures about how to install and configure the Nokia
IP45 security platform. This guide provides information about the new features incorporated in
the Nokia IP45. This version of the Nokia IP45 uses the SofaWare VPN-1 Embedded NG. For a
quick reference on how to configure features in the Nokia IP45, see the Nokia IP45 Security Platform Quick Start Guide v4.0 and the Nokia IP45 Security Platform Online Help, part of the
graphical user interface (GUI) in the device.
Installation and maintenance should be performed by experienced technicians or Nokiaapproved service providers only.
This preface provides the following information:
In this Guide
Conventions this Guide uses
Related Documentation
In this Guide
This guide is organized into the following chapters and appendixes:
Chapter 1, “Introduction” provides the information you need to know before installing the
Nokia IP45 security platform.
Chapter 2, “Installing the Nokia IP45 Security Platform” describes how to install the device,
lists operating system requirements, protocols and how to establish a network connection.
Chapter 3, “Getting Started” describes how to start by using the IP45, and provides
information on first-time login and connecting to the Internet.
Chapter 4, “Accessing the Nokia IP45 Security Platform” describes different methods of
connecting to your IP45, and methods of configuring the device.
Chapter 5, “Connecting to the Internet with the Nokia IP45 Security Platform” describes
how to configure your IP45 for connecting to the Internet, and viewing and managing your
Internet connection.
Chapter 6, “Managing your Local Area Network,” describes how to configure the Nokia
IP45 features.
Chapter 7, “Quality of Service” provides information about Quality of Service (QoS) and
how to configure the QoS classes.
Nokia IP45 Security Platform User’s Guide v4.015
Chapter 8, “Setting Up the Nokia IP45 Security Platform Security Policy”describes methods
to define the firewall level, configure virtual servers, and create firewall rules.
Chapter 9, “Configuring Network Access,” describes the network access procedures and
usage of SSH and SSL.
Chapter 10, “Configuring and Monitoring SNMP,” describes the procedure to configure
Simple Network Management Protocol, set community strings, send and enable SNMP
traps.
Chapter 11, “High-Availability,” describes about the High Availability feature.
Chapter 12, “Configuring Nokia IP45 Through Out-of-Band Management,” describes the
method to configure the Nokia IP45 through Out of Band Management.
Chapter 13, “Configuring Device Functions,” discusses how to configure device functions
such as setting date and time, loading factory defaults and performing firmware upgrade.
Chapter 14, “Viewing Reports,” describes how to view reports such as Event Log, Active
Computers, Active Connections, and VPN Tunnels.
Chapter 15, “Working with VPNs,” describes how to configure a VPN by using the Nokia
IP45.
Chapter 16, “Using Managed Services” describes methods for enabling and using
subscription services such as Web filtering, email antivirus, automatic and manual updates.
Chapter 17, “Troubleshooting,”discusses typical problems users encounter and provides
solutions to these problems.
Appendix A, “Specifications,” describes the Nokia IP45 specifications.
Appendix B, “Compliance Information,” contains the compliance information of the Nokia
IP45 security platform.
Conventions this Guide uses
The following sections describe the conventions this guide uses, including notices, text
conventions, and command-line conventions.
Notices
Warning
Warnings advise the user that either bodily injury might occur because of a physical hazard,
or that damage to a structure, such as a room or equipment closet, might occur because of
equipment damage.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of
performance, loss of data, or interruption of service.
16Nokia IP45 Security Platform User’s Guide v4.0
Note
Notes provide information of special interest or recommendations.
Command-Line Conventions
This section defines the elements of commands that are available in Nokia products. You might
encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
ConventionDescription
CommandThis required element is usually the product name or other short
word that invokes the product or calls the compiler or preprocessor
script for a compiled Nokia product. It might appear alone or
precede one or more options. You must spell a command exactly
as shown and use lowercase letters.
ItalicsIndicates a variable in a command that you must supply. For
example:
delete interface if_name
Conventions this Guide uses
Supply an interface name in place of the variable. For example:
delete interface nic1
Angle brackets < > Indicates arguments for which you must supply a value:
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
Nokia IP45 Security Platform User’s Guide v4.017
Table 1 Command-Line Conventions (continued)
ConventionDescription
-flagA flag is usually an abbreviation for a function, menu, or option
.extA filename extension, such as .ext, might follow a variable that
( . , ; + * - / )Punctuation and mathematical notations are literal symbols that
' 'Single quotation marks are literal symbols that you must enter as
Text Conventions
Tabl e 2 describes the text conventions this guide uses.
name, or for a compiler or preprocessor argument. You must enter
a flag exactly as shown, including the preceding hyphen.
represents a filename. Type this extension exactly as shown,
immediately after the name of the file. The extension might be
optional in certain products.
you must enter exactly as shown.
shown.
Table 2 Text Conventions
ConventionDescription
Monospace font
Indicates command syntax, or represents computer or window
output, for example:
Log error 12453
Bold monospace font
Indicates text you enter or type, for example:
# configure nat
Key namesKeys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commandsMenu commands are separated by a greater than sign (>):
Choose File > Open.
The words enter and typeEnter indicates you type something and then press the Return or
Enter key.
Do not press the Return or Enter key when an instruction says
type.
Italics
• Emphasizes a point or denotes new terms at the place where
they are defined in the text.
• Indicates an external book title reference.
• Indicates a variable in a command:
delete interface
if_name
18Nokia IP45 Security Platform User’s Guide v4.0
Menu Items
The Nokia IP45 menu items in procedures are separated by the greater than sign (>).
For example, Start > Programs > Nokia > Security indicates that you first click Start, then
choose the Programs menu command, then choose Nokia, and finally choose Security.
Related Documentation
In addition to this guide, documentation for this product includes the following:
Nokia IP45 Security Platform Quick Start Guide Version 4.0—describes the system features
and provides an overview of how to get your appliance up and running.
Nokia IP45 Security Platform Getting Started Guide Version 4.0—describes how to install
and configure the Nokia IP45 security platform.
Nokia IP45 Security Platform CLI Reference Guide Version 4.0—describes all the IP45
commands that are used for managing the appliance.
Nokia IP45 Security Platform Release Notes Version 4.0—describes what you should know
before you install and configure the IP45.
Related Documentation
Nokia IP45 Security Platform User’s Guide v4.019
20Nokia IP45 Security Platform User’s Guide v4.0
1Introduction
This chapter introduces the Nokia IP45 security platform and includes the following topics:
About the Nokia IP45 Security Platform
Nokia IP45 Security Platform Features
Network Requirements
Nokia IP45 Security Platform Front Panel
Nokia IP45 Security Platform Rear Panel
About the Nokia IP45 Security Platform
The Nokia IP45 security platform provides dependable Internet access for the remote and branch
offices of a distributed enterprise. The Nokia IP45 supports features like dial-up connection,
redundant WAN connection to headquarters, and dual homing with BGP to route return traffic
securely, over VPN. IP45 appliances are RoHS complaint.
The Nokia IP45 security platform can be integrated with an overall enterprise security policy for
maximum security. The IP45 facilitates centralized management and automatic deployment with
the security management architecture of Check Point and Nokia Horizon Manager.
The Nokia IP45 security platform is available with the following licenses:
Nokia IP45 Tele 8
Nokia IP45 Satellite 16
Nokia IP45 Satellite 32
Nokia IP45 Satellite U (Unlimited)
All these versions of the Nokia IP45 provide a Web-based interface that enables you to configure
and manage the Nokia IP45.
The Nokia IP45 security platform comes pre-installed with the license of your choice. You can
upgrade the IP45 security platform to a more advanced configuration without replacing the
hardware. For details about license upgrade, contact your local reseller.
Nokia IP45 Tele 8
Nokia IP45 Tele 8 is for home telecommuters and work extenders who also need VPN client
access. The IP45 Tele 8 supports both firewall and VPN client capabilities over an eight-node
Nokia IP45 Security Platform User’s Guide v4.021
1 Introduction
network. The device supports VPN client capabilities for users to connect to the central office
from their home with firewall protection, extending the enterprise network to the employees’
home offices.
IP45 Tele 8 can act as a VPN server, which allows a single user to securely access resources
protected by the device from home or while travelling.
Note
Computers that actually pass through the firewall are counted. Devices such as network
printers connected in LAN that do not normally get connected to the Internet are not
counted.
Nokia IP45 Satellite 16, Satellite 32, Satellite Unlimited
Nokia IP45 Satellite 16, IP45 Satellite 32, and IP45 Satellite Unlimited provide full firewall, and
VPN connectivity for remote and branch offices or independent, small, and medium enterprises
with sixteen, thirty-two, and unlimited node networks, respectively. Using these solutions,
remote and branch offices can securely exchange information between them with distributed
enterprises and small and medium enterprises at a low price with excellent performance.
Nokia IP45 Security Platform Features
The following section contains a summary of the Nokia IP45 security platform features.
Connectivity
Table 3 provides details about the IP45 v4.0 connectivity.
Table 3 Nokia IP45 Security Platform Connectivity
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
LAN, WAN, and console
ports
DMZ Support
Manual Ethernet port
settings
16/32/Unlimited
22Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
Dynamic routing by
using OSPF
Unnumbered PPP
Users (nodes)816, 32, unlimited
PPPoE client
PPTP client
16/32/Unlimited
DHCP client
DHCP server
DHCP relay
Backup DHCP relay
DHCP reservation
Nokia IP45 Security Platform User’s Guide v4.023
1 Introduction
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
Customizing DHCP
Options (DNS servers,
WINS servers, NTP
servers, Domain name,
VoIP call managers,
TFTP server and TFTP
boot file name)
Stat ic IP
MAC cloning
MAC Cloning for WAN2
16/32/Unlimited
Static NAT, static routes
Dial-up Internet
connection
Routing support by
using BGP
Source routing
High-Availability
(Group ID, enhanced
interface tracking, VPN
effect, WAN Virtual IP)
Traffic Shaper
24Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 3 Nokia IP45 Security Platform Connectivity (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
Traffic Shaper
enhancements
Traffic Monitor
Dead Connection
Detection
16/32/Unlimited
Firewall
Table 4 provides details about the IP45 security platform firewall connectivity.
Table 4 Firewall Connectivity
FeatureNokia IP45 Tele 8
Firewall TypeCheck Point Firewall-1
Embedded NG
Network Address
Translation (NAT)
INSPECT policy rules
User defined rules
Three levels of Preset
security policies
Nokia IP45 Satellite
(16/32/Unlimited)
Check Point Firewall-1
Embedded NG
DoS protection
Nokia IP45 Security Platform User’s Guide v4.025
1 Introduction
Table 4 Firewall Connectivity (continued)
FeatureNokia IP45 Tele 8
Anti-spoofing
Attack logging
Voice over IP (H.323)
support
Exposed host
Nokia IP45 Satellite
(16/32/Unlimited)
DMZ network
VLAN support
SmartDefense and
Application Intelligence
VPN Connectivity
Table 5 provides details about the IP45 security platform VPN connectivity.
26Nokia IP45 Security Platform User’s Guide v4.0
Table 5 VPN Connectivity
FeatureNokia IP45 Tele8
IPSEC VPN remote
access server
IPSEC VPN site-to-site
gateway
IPSEC VPN remote
access client
Authentication
X.509 certificates
RSA secure ID
About the Nokia IP45 Security Platform
Nokia IP45 Satellite
16/32/Unlimited
Office Mode Network
VPN pass through
Enhanced MEP support
Advanced VPN
configuration
EncryptionAES/3DES/DESAES/3DES/DES
AuthenticationSHA1/MD5SHA1/MD5
SecuRemote server
Nokia IP45 Security Platform User’s Guide v4.027
1 Introduction
Table 5 VPN Connectivity (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele8
L2TP VPN server
RADIUS Client
RADIUS Enhancements(vendor specific
DAIP with VPN
certificates
16/32/Unlimited
attribute (VSA), Radius
Realm support,
Radius time-out and
retries setting)
Backup VPN gateways
SmartCenter Connector
(SSC) NG AI support
Bypass NAT
Bypass Firewall
NAT Traversal
Route all traffic
28Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Table 5 VPN Connectivity (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele8
Route-Based VPN and
failover
Multiple PPP
connections
Enhanced active
tunnels display
16/32/Unlimited
Management
Table 6 provides details about the IP45 security platform management.
Table 6 Management
Feature Nokia IP45 Tele 8
Web-based
management
Access to the IP45
through OOB, SSH and
SNMP
Telnet access
HTTPS access
(local and remote)
Remote firmware
upgrades
Nokia IP45 Satellite
(16/32/Unlimited)
Nokia IP45 Security Platform User’s Guide v4.029
1 Introduction
Table 6 Management (continued)
Feature Nokia IP45 Tele 8
Nokia Horizon Manager
support from v1.5 SP1
onwards
Multiple administrators
Users Manager
Guest HotSpot Users
Nokia IP45 Satellite
(16/32/Unlimited)
User account expiration
Nokia CLI shell
Management systems (
Nokia Horizon Manager,
SofaWare SMP, Check
Point SmartCenter,
Check Point Smart
Update)
Check Point Smart LSM
Check Point Provider-1
Packet Sniffer
SmartDefense policy
wizard
30Nokia IP45 Security Platform User’s Guide v4.0
About the Nokia IP45 Security Platform
Security Services
Table 7 provides details about the IP45 security platform security services.
Table 7 Security Services
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
VStream embedded
antivirus
Firewall security
updates
Software updates
Web filtering
(16/32/Unlimited)
Email antivirus
protection
Secure HotSpot
Dynamic DNS service
(When managed by
SofaWare Management
Portal (SMP) and Nokia
Horizon Manager
(NHM)).
VPN management
Centralized logging
Nokia IP45 Security Platform User’s Guide v4.031
1 Introduction
Table 7 Security Services (continued)
Nokia IP45 Satellite
FeatureNokia IP45 Tele 8
Customized security
policy
Protocol support for
TCP/IP, ICMP, GRE,
ESP and UDP
Certificate Finger print
display
(16/32/Unlimited)
Diagnostics and Maintenance
Table 8 provides details about the IP45 v4.0 diagnostics and maintenance.
To set up the Nokia IP45 security platform to connect to the Internet, you need the following:
A broadband Internet connection by cable or DSL modem with Ethernet interface (RJ-45) or
a dial-up connection with a serial modem (V90 or ISDN T/A)
10Base-T or 100Base-T Ethernet switch or hub (optional)
10Base-T or 100Base-T network interface card installed on each computer
TCP/IP network protocol installed on each computer
CAT5 network cable with RJ-45 connectors for each computer
Internet Explorer 5.0 or later, or Netscape Navigator 4.5 and later
Overview
Nokia IP45 Satellite
(16/32/Unlimited)
Note
Nokia recommends that you use either Microsoft Internet Explorer 5.5 or later, or Netscape
Navigator 6.2 or later.
Overview
The following sections provide an overview of the Nokia IP45 security platform rear and front
panels.
Nokia IP45 Security Platform Rear Panel
All physical connections (network and power) to the IP45 are made through the rear panel.
Tabl e 9explains the items on the rear panel of the Nokia IP45.
Nokia IP45 Security Platform User’s Guide v4.033
1 Introduction
Figure 1 Rear panel of the Nokia IP45
Table 9 Rear Panel of the IP45
Label Description
ConsoleThe console port is a 9-pin male connector that can be
connected to the serial (COM) port of your computer.
You can then use the command-line interface (CLI) to
communicate with the device.
WANWide area network. An Ethernet port (RJ-45) used to
connect your cable or xDSL modem.
DMZ
(WAN2)
LANLocal area network. Ethernet port (RJ-45) used to
AUXThe auxiliary port or dial-in port is a 9-pin male
Demilitarized zone. Ethernet port (RJ-45) used to
connect computers or other network devices. Similar to
LAN port in operation.
This can be used as WAN2, secondary WAN
connection.
connect computers or other network devices.
connector. This port is used to dial in to the IP45
through a modem when the IP45 is unreachable
through other ports.
34Nokia IP45 Security Platform User’s Guide v4.0
Table 9 Rear Panel of the IP45 (continued)
Label Description
PowerA power jack used to supply power to the device.
Connect the power adapter to this jack. The device
connects to the power source.
ResetUsed to reboot or reset the IP45 to its factory defaults.
Use a large flat-tipped object, such as a thick paper
clip, to press the reset button.
Short press (one second): reboots the Nokia IP45
security platform.
Long press (seven seconds): resets the IP45 to its
factory defaults. This results in loss of all security
services and passwords.
Short press during boot up: boots the IP45 in special
deployment mode. See “Resetting the Nokia IP45
Security Platform by Using the Reset Button” on page
248.
Overview
Note
Do not use a sharp pin or thin piece of metal to press the Reset button.
Nokia IP45 Security Platform Front Panel
You can monitor the IP45 operations by viewing the LEDs on the front panel.
Figure 2 Front Panel of the Nokia IP45 Security Platform
The items on the front panel of the Nokia IP45 security platform are explained in Tabl e 10 on
page 36.
Nokia IP45 Security Platform User’s Guide v4.035
1 Introduction
Table 10 Front Panel of the Nokia IP45
Label Description
PWROff: Device not powered on
Green Solid: Device is on
STATOff: Device off
Green solid: Device passed hardware test and finished booting.
Red solid: Hardware error
Amber solid: Booting
Green blinking: Device passed hardware test and is fully booted.
Device is at its default state. First-time password is not set.
Red blinking: Software error
Amber blinking: Device is performing a function such as setting
factory defaults, loading firmware or loading an exported
configuration.
LAN
DMZ
WAN
Off: No connection
Green solid: Interface connected and auto-negotiated at 10 Mbps
Amber solid: Interface connected and auto-negotiated at 100
Mbps
Amber/Green blinking: Traffic passing through the interface
36Nokia IP45 Security Platform User’s Guide v4.0
2Installing the Nokia IP45 Security
Platform
This chapter describes how to set up and install the Nokia IP45 security platform in a networking
environment. The chapter includes the following topics:
Before you Install the Nokia IP45 Security Platform
Setting Up the Nokia IP45 Security Platform with Microsoft Windows 98 or Millennium
Operating Systems
Setting Up the Nokia IP45 Security Platform with Microsoft Windows XP and 2000
Operating Systems
Setting Up the Nokia IP45 Security Platform with an Apple Computer
Connecting the Nokia IP45 Security Platform to the Network
Installing your Network
Before you Install the Nokia IP45 Security Platform
Before you connect and set up the Nokia IP45 security platform, you must check the following:
Whether TCP/IP is installed on your computer.
The TCP/IP settings of your computer, to ensure that it obtains its IP address automatically.
The following sections guide you through the TCP/IP setup and installation process.
Nokia IP45 Security Platform User’s Guide v4.037
2 Installing the Nokia IP45 Security Platform
Setting Up the Nokia IP45 Security Platform with
Microsoft Windows 98 or Millennium Operating Systems
If you are using Windows 98 or Windows ME, configure TCP/IP as follows.
To check for TCP/IP Installation
1. Choose Start > Settings > Control Panel.
The Control Panel window opens.
2. Double-click the Network icon.
The Network window opens.
38Nokia IP45 Security Platform User’s Guide v4.0
Setting Up the Nokia IP45 Security Platform with Microsoft Windows 98 or Millennium Operating Systems
In the Network window, check if TCP/IP appears in the network components list and if it is
already configured with the Ethernet card installed on your computer.
If TCP/IP is already installed and configured on your computer, skip the following procedure
about how to install TCP/IP.
To install TCP/IP
1. In the Network window, click Add.
The Select Network Component Type window opens.
2. Choose Protocol and click Add.
Nokia IP45 Security Platform User’s Guide v4.039
2 Installing the Nokia IP45 Security Platform
The Select Network Protocol window opens.
3. In the Select Network Protocol window, choose Microsoft in Manufacturers and TCP/IP in
Network Protocols.
4. Click OK.
If you are prompted for original Windows installation files, provide the installation CD and
relevant path, D:\win98, D:\win95, and so on.
5. Restart your computer if prompted.
If you are connecting the IP45 to an existing LAN, consult your network manager/system
administrator for the correct configuration.
40Nokia IP45 Security Platform User’s Guide v4.0
Setting Up the Nokia IP45 Security Platform with Microsoft Windows 98 or Millennium Operating Systems
To make TCP/IP settings
1. In the Network window, double-click the TCP/IP Service for the Ethernet card on your
computer (TCP/ IP > PCI Fast Ethernet DEC 21143 Based Adapter).
The TCP/IP Properties window opens.
2. Click the Gateway tab and delete any installed gateways.
3. Click the DNS Configuration tab and click Disable DNS.
Nokia IP45 Security Platform User’s Guide v4.041
2 Installing the Nokia IP45 Security Platform
4. Click the IP Address tab, and click Obtain an IP address automatically.
42Nokia IP45 Security Platform User’s Guide v4.0
Setting Up the Nokia IP45 Security Platform with Microsoft Windows XP and 2000 Operating Systems
Note
Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static
IP address to your computer. To assign a static IP address, click Specify an IP address and
enter an IP address in the range of 192.168.10.129 to 254. Enter 255.255.255.0 as the
Subnet Mask. Click OK to save the new settings.
5. Click Yes when the Do you want to restart your computer? message appears.
Your computer must restart for the new settings to take effect.
Your computer is now ready to access the IP45.
Setting Up the Nokia IP45 Security Platform with
Microsoft Windows XP and 2000 Operating Systems
Windows XP has an Internet connection firewall option. Nokia recommends that you disable the
firewall option if you are using the Nokia IP45.
To check for TCP/IP installation
1. Choose Start > Settings > Control Panel (in Windows XP Start > Control Panel from.)
The Control Panel window opens.
2. Double-click the Network and Dial-up Connections icon (in Windows XP double-click the
Network Connections icon).
Nokia IP45 Security Platform User’s Guide v4.043
2 Installing the Nokia IP45 Security Platform
The Network and Dial-up Connections window opens.
3. Right-click the Local Area Connection icon and select Properties from the drop-down list.
The Local Area Connection Properties window opens.
4. Check for TCP/IP in the Component list and whether it is configured with the Ethernet card
installed on your computer.
If TCP/IP does not appear in the Components list, install it as described in the section “To
install TCP/IP” on page 39. If TCP/IP is already installed, skip the next section.
44Nokia IP45 Security Platform User’s Guide v4.0
Setting Up the Nokia IP45 Security Platform with Microsoft Windows XP and 2000 Operating Systems
To install TCP/IP
1. In the Local Area Connection Properties window, click Install.
The Select Network Component Type window opens.
2. Choose Protocol and click Add.
The Select Network Protocol window opens.
3. In the Select Network Protocol window, choose Internet Protocol (TCP/IP) and click OK.
The TCP/IP protocol is installed on your computer.
Nokia IP45 Security Platform User’s Guide v4.045
2 Installing the Nokia IP45 Security Platform
To make TCP/IP settings
1. In the Local Area Connection Properties window, double-click Internet Protocol (TCP/IP)
and click Properties.
The Internet Protocol (TCP/IP) Properties window opens.
2. Click Obtain an IP address automatically.
Note
Nokia recommends that you use DHCP to assign IP addresses instead of assigning a
static IP address to your computer. To assign a static IP address, select Specify an IP
address and enter an IP address in the range of 192.168.10.129 to 254. Enter
255.255.255.0 as the subnet mask. Click Ok to save the new settings.
3. Click Obtain DNS server address automatically.
4. Click OK to save the new settings.
Your computer is now ready to access your IP45.
46Nokia IP45 Security Platform User’s Guide v4.0
Setting Up the Nokia IP45 Security Platform with an Apple Computer
Setting Up the Nokia IP45 Security Platform with an Apple
Computer
Use the following procedure to set up the TCP/IP protocol:
To make TCP/IP settings
1. Choose Apple Menus > Control Panels > TCP/IP.
The TCP/IP window opens.
2. Select Ethernet from the Connect drop-down list.
3. Select Using DHCP Server from the Configure drop-down list.
4. Close the window and save the setup.
Connecting the Nokia IP45 Security Platform to the Network
The following examples illustrate proper network cabling of the IP45 topology.
Figure 3 IP45 Topologies
Installing your Network
Plan your network and the location of the IP45 to install the network.
To install the network
1. Connect the LAN cable
a. Connect one end of the Ethernet cable to the LAN port at the rear end of the device.
b. Connect the other end of the Ethernet cable to the computer, hubs, or another network.
device.
Nokia IP45 Security Platform User’s Guide v4.047
2 Installing the Nokia IP45 Security Platform
2. Connect the DMZ cable
a. Connect one end of the Ethernet cable to the DMZ port at the rear end of the device.
b. Connect the other end of the Ethernet cable to the computer, hubs, or another network
device.
3. Connect the WAN cable:
a. Connect one end of the Ethernet cable to the WAN port at the rear end of the device.
b. Connect the other end of the Ethernet cable to a cable modem, xDSL modem, or a
corporate network.
4. Connect the power adapter to the power socket at the rear end of the device.
5. Plug in the AC power adapter to the electrical outlet.
48Nokia IP45 Security Platform User’s Guide v4.0
3Getting Started
This chapter describes the basic configurations and settings you need to perform to start using
your Nokia IP45 security platform.
This chapter includes the following topics:
First-Time Login
Configuring the Nokia IP45 Security Platform for Internet Connection
Making Initial Nokia IP45 Security Platform Settings
Logging On to the Nokia IP45 Security Platform
Accessing Nokia IP45 Securely
First-Time Login
After you connect your IP45 security platform to your network as described in “Connecting the
Nokia IP45 Security Platform to the Network” on page 47, wait for the STAT LED to turn green.
To login for the first time
1. Open your Web browser and type http://my.firewall in the location text box.
The first time login page opens, prompting for a password.
If you cannot access the GUI portal, see “Troubleshooting” on page 319 in this document.
Note
The IP45 ships without a password defined. If you are logging in for the first time, you are
prompted to define the password by entering it twice. If you logged in before, enter the
username and password you previously defined.
Nokia IP45 Security Platform User’s Guide v4.049
3 Getting Started
2. Type a password and re-type the password to confirm.
3. Click OK.
Note
The password must be between five and eleven alphanumeric characters. To change the
password, click Setup on the main menu, and click Password. Enter the new password and
confirm to update the change.
Configuring the Nokia IP45 Security Platform for Internet
Connection
This section describes how to make the initial settings for your Nokia IP45 security platform to
connect to the Internet by using the Setup wizard.
50Nokia IP45 Security Platform User’s Guide v4.0
Making Initial Nokia IP45 Security Platform Settings
To connect to the Internet from the Nokia IP45 security platform
1. After you set the administrator password, you are prompted to make the initial settings from
the Setup wizard.
The wizard guides you through making an Internet connection, setting the device time,
registering for support services, and performing other basic configurations.
2. Click OK to continue.
3. The Internet Connection Method dialog box appears.
For more information about how to connect to the Internet, see “To configure an Internet
connection by using the setup wizard” on page 74.
Making Initial Nokia IP45 Security Platform Settings
When you exit the Internet Connection Method wizard, you are prompted to set the device time.
This section describes how to use the Setup wizard to set the device time, and how to make the
initial Nokia IP45 security platform settings.
Nokia IP45 Security Platform User’s Guide v4.051
3 Getting Started
Setting the Nokia IP45 Security Platform Time
Use the following procedure to set the time of the NokiaIP45 security platform.
To set the time
1. When the IP45 Set Time wizard opens, check the appropriate setting.
If you check Your computer’s clock, the IP45 automatically updates with the time settings
of your computer.
If you check Keep the current time, the IP45 retains its current time settings. No changes
are made.
If you check Use a time Server, the Time Servers window opens
Enter the IP Addresses for the Primary and Secondary time servers.
Select the time zone
Click Next
Click Finish.
Note
To edit the IP addresses of the time servers, click Clear next to the Primary and Secondary
servers, enter the new IP address.
52Nokia IP45 Security Platform User’s Guide v4.0
Making Initial Nokia IP45 Security Platform Settings
The IP45 automatically applies the time settings.
If you check Specify date and time, the Specify Date and Time window opens.
You can manually update the IP45 time settings.
2. Click Next to change your IP45 time settings:
If you choose to use a time server by clicking Use a Time Server, the Time Servers
window opens.
3. Specify the IP addresses of the Primary and Secondary servers, to use as NTP time servers.
Select time zone from the Time Zone drop down list.
4. Click Next.
Nokia IP45 Security Platform User’s Guide v4.053
3 Getting Started
The IP45 Set Time Wizard Date and Time Updated dialog box appears, indicating that time
settings are changed successfully.
5. Click Finish to exit the Set Time wizard.
Registering with the Nokia Support Site
You can register with the Nokia Support Site when you make your time settings.
The IP45 Setup Wizard begins when you exit the Set Time wizard.
Check the I want to register my product check box, and click Next.
You are automatically taken to Nokia Support Web site:
Use the instructions on the Web site to complete the registration process and gain access to
support Web resources and software updates.
54Nokia IP45 Security Platform User’s Guide v4.0
Making Initial Nokia IP45 Security Platform Settings
Connecting to a Central Management Server
When you are registered for support, the Service Center window opens.
This window allows you to define the central management server that the IP45 connects to.
The IP45 can connect to a central management server to allow central management of the
firewall and VPN policies. Central management can also allow the IP45 to subscribe to
additional services such as antivirus and URL filtering. The central server can be either a Check
Point Smart Center, Smart Center Pro, or SofaWare Management Portal.
If your IP45 is centrally managed by any of these servers, check Connect toa service center and
enter the IP address of the central management server in the Specified IP text box, then click
Next. You are then prompted to enter the authentication information that allows the IP45 to
communicate with the management server where you previously defined the IP45 object.
If your IP45 is not managed by a central management server, check Connect to a service center,
and click Next.
For information connecting to service centers, see “Managing Large Scale Deployments of
Nokia IP45” on page 70. For information about how to use subscription services, see “Using
Managed Services” on page 303.
Logging On to the Nokia IP45 Security Platform
When you exit the Setup wizard, the IP45 Welcome page opens.
Nokia IP45 Security Platform User’s Guide v4.055
3 Getting Started
To access the graphical user interface of the Nokia IP45 security platform
1. Open your Web browser, and enter http://my.firewall in the address bar.
The Login page opens.
2. Enter the password for the IP45 Tele 8 license.
For IP45 Satellite X licenses, enter the username and password. If you are logging on for the
first time, use admin as the username.
Note
The default user name for all Nokia IP45 licenses is admin. For the IP45 Satellite X licenses,
you can define additional users. These additional users have separate usernames and
passwords. For the IP45 Tele 8 license, you can only log on with the username admin.
However, you can change the password. The password in all cases should be five to eleven
alphanumeric characters.
You need to define your password in two instances:
At the initial login
When you reset the device to defaults
56Nokia IP45 Security Platform User’s Guide v4.0
Making Initial Nokia IP45 Security Platform Settings
After the initial login, the Welcome page opens.
The Welcome page displays the license type of your device (Tele 8 or Satellite X).
Accessing Nokia IP45 Securely
You can access the IP45 graphical user interface (GUI) through HTTPS either remotely or
locally (from your internal network). For information about how to access through HTTPS from
a remote location, see “Enabling HTTPS Web Access” on page 206.
Note
First configure HTTPS to access the IP45 GUI from a remote location.
To access the Nokia IP45 security platform through HTTPS from the Internet
1. To access the IP45 locally, enter https://my.firewall in the address bar of your browser
Note
The URL starts with HTTPS, not HTTP.
The Welcome page opens.
To access the Nokia IP45 security platform from a remote location
1. Enter https://<external IP address of IP45>:981 in the address bar of your browser.
Note
The URL starts with HTTPS, not HTTP.
Nokia IP45 Security Platform User’s Guide v4.057
3 Getting Started
2. Click Yes to install the security certificate of the IP45 that you are trying to access. If you are
If you are accessing the Nokia IP45 security platform for the first time, the security
certificate in the IP45 is not yet known to the browser, so a security alert appears.
using Internet Explorer 5.0 or later, do the following:
a. Click View Certificate.
The Certificate information page opens, with the General tab displayed.
b. Click Install Certificate.
The Certificate Import Wizard appears.
c. Click Next.
The Certificate Store appears.
Select Automatically select the Certificate Store based on the type of certificate.
d. Click Next.
Completing the Certificate Import Wizard message appears.
e. Click Finish.
The Root certificate Store message appears.
f. Click Yes.
The certificate is installed.
Logging Off from the Nokia IP45 Security Platform
Logging off terminates the Nokia IP45 security platform session. To connect to the IP45 again,
enter the password.
To log off from IP45, perform one of the following procedures:
If you are connected locally, click Logout.
58Nokia IP45 Security Platform User’s Guide v4.0
Understanding the Nokia IP45 Web GUI
The Logout page opens.
If you are connected through HTTPS, close the browser window.
For information about connecting to your device through HTTPS, see “Accessing Nokia IP45
Securely” on page 57.
Understanding the Nokia IP45 Web GUI
When you log on to the Nokia IP45 security platform by using HTTP or HTTPS, you can
configure the device by using the following methods:
Quick Setup Wizard—configures the most common settings required for the IP45 to be up
and running. The Web-based graphical user interface (GUI) automatically guides you
through this wizard after your initial login.
Advanced GUI—configures the various advanced features of the IP45.
For a configuration to take effect, click Submit.
For a brief description of the main components of the IP45 GUI, see the following sections.
When you are familiar with these components, you are ready to make advanced configuration
changes to the IP45 security platform.
Nokia IP45 Security Platform User’s Guide v4.059
3 Getting Started
Using the Nokia IP45 Security Platform Web-based User Interface
Table 11 provides a summary of the web-based GUI.
Tabl e 11 Summary of the main components of the Nokia IP45 GUI
ComponentDescription
Navigation barUsed to access various feature sets in the IP45 security
platform
Tab barUsed to access and configure all features in the IP45
security platform
WizardUsed to configure common settings
Status barProvides status after a specific configuration
HelpOnline help to assist you in configuring the IP45
60Nokia IP45 Security Platform User’s Guide v4.0
Understanding the Nokia IP45 Web GUI
Graphical User Interface Details
This section provides details about Nokia IP45 v4.0 graphical user interface (GUI).
Figure 4 Main Components of the Nokia IP45 Security Platform GUI
Tab bar
Service center connection status
Navigation bar
Internet connection status
Click for online help
Setup wizard
Note
The Nokia IP45 Tele 8 license does not support all of the features described in Table 12. For
information on features supported by the Tele configuration, see “Nokia IP45 Security
Platform Features” on page 22.
Nokia IP45 Security Platform User’s Guide v4.061
3 Getting Started
Table 12 provides information about the name and functionality of each element in the Nokia
IP45 GUI.
Table 12 Names and Functions of the Nokia IP45 GUI Elements
Main TabSecondary TabsDescription
WelcomeDisplays Welcome and configuration information.
ReportsEvent LogDisplays the last 100 events in four different
categories: Blue, Red, Orange, and Green.
Traffic MonitorAllows you to visualize the network traffic(in
graphical representation)
Active ComputersAllows you to view computers on your network.
Active
Connections
VPN TunnelsDisplays a list of established VPN tunnels.
SecurityFirewallAllows you to control firewall security level.
ServersAllows you to selectively allow incoming traffic
RulesAllows you to customize your security policy.
SmartDefenseAllows you to deal with application-level attacks.
HotSpotAllows you to access the network from a public
Exposed HostAllows you to define a Demilitarized Zone, i.e. a
AntivirusAntivirusAllows you to enable or disable the antivirus
PolicyAllows you to add new rules and edit existing
AdvancedAllows you to select the file types to scan and
Allows you to view current connections between
your network and the external world.
from known applications and Internet services.
place on authentication
computer not protected by firewall.
settings
rules of antivirus policy
block and also to define various other advanced
settings such as archiving files, defining nested
levels and compression ratio etc.
ServicesAccountProvides information on services available in
your service plan, and allows you to manage
security services.
NetworkInternetDisplays information on network setup and
activity.
62Nokia IP45 Security Platform User’s Guide v4.0
Understanding the Nokia IP45 Web GUI
Table 12 Names and Functions of the Nokia IP45 GUI Elements (continued)
Main TabSecondary TabsDescription
My NetworkAllows you to configure network settings.
PortsAllows you to manage ports and view ports
status.
Traffic ShaperAllows you to define QoS classes.
Network ObjectsAllows you to configure network objects.
RoutesAllows you to configure and edit routes
SetupFirmwareDisplays current firmware version and details
High AvailabilityAllows you to configure high availability feature.
LoggingEnables you to specify syslog server and syslog
port.
ManagementAllows you to specify the protocols and
accessing information for the IP45.
ToolsComprises several tools to effectively manage
your IP45.
UsersInternal UsersAllows you to view, add, edit, and delete list of
the IP45 users.
RADIUSAllows you to change your RADIUS settings.
VPNVPN ServerAllows you to enable or disable a VPN server.
VPN SitesAllows you to view and edit a list of the
configured VPN sites.
VPN LoginEnables you to manually log in to a VPN site.
CertificateAllows you to control certificates for site-to-site
VPN usage.
HelpOnline Help.
LogoutLogs you out of the IP45.
Nokia IP45 Security Platform User’s Guide v4.063
3 Getting Started
Table 13 provides information about the elements in Status Bar.
Table 13 Status Bar
FieldDescription
InternetYour Internet connection status.
Service Center Displays your subscription services status.
You have different fields under Internet status. They are:
• Connected: your IP45 device is connected to the Internet
• Not Connected: your IP45 device is not connected to the
Internet
• Establishing Connection: your IP45 device is connecting to the
Internet.
• Contacting Gateway: your IP45 device is trying to contact the
Internet default gateway.
• Disabled: The Internet connection has been disabled, manually.
You can configure both primary and secondary Internet
connections. When both the connections are configured, the
Status bar shows this status.
Your Service Center offer various subscription services like firewall
services, and optional services such as Web filtering, and email
antivirus.
The service center status can be one of the following:
• Not Subscribed: you are not subscribe to security services
• Connection Failed: your IP45 device failed to connect to the
service center.
• Connecting: your IP45 device is connecting to the service center
• Connected: you are connected to the service center, and the
security services are active.
Note
You can view help information about a field by pointing to the help icon in the right corner of
the IP45 GUI screens. The Help icon is visible only for those fields that have further
information available. For information about other fields, please see related sections in the
IP45 Security Platform User’s Guide Version 4.0 or choose Help from the main menu.
64Nokia IP45 Security Platform User’s Guide v4.0
4Accessing the Nokia IP45 Security
Platform
This chapter discusses the methods for accessing and configuring the Nokia IP45 security
platform. This chapter also provides an introduction to centrally managing large scale
deployments of Nokia IP45 by using Nokia Horizon Manager, SmartCenter Large Scale
Manager, and the SofaWare Security Management Portal.
The main topics for this chapter include:
Connection Methods
Configuration Methods
Connecting the Nokia IP45 Security Platform to a Computer by Using the Console Port
Using Telnet to Connect to the Nokia IP45 Security Platform
Enabling and Disabling Telnet Access to Nokia IP45
Accessing Nokia IP45 with HTTP and HTTPS
Managing Large Scale Deployments of Nokia IP45
Connection Methods
You can connect to your Nokia IP45 security platform locally through LAN, WAN, DMZ, or
console ports for Inband management. You can also connect from a remote location by using
modem dial-in for out-of-band management (OOB).
For information about how to use OOB to configure your device, see “Configuring Nokia IP45
Through Out-of-Band Management” on page 233.
Typically the WAN port for your device is connected to your Internet service provider (ISP),
while the LAN port is connected to your computer, or to a hub, if you are using the IP45 between
your computer network and the outside world. You can connect your computer to the console
port of your IP45 to manage the device by using the command-line interface (CLI).
Configuration Methods
The Nokia IP45 security platform supports the following configuration methods:
Command-line interface (CLI) by using console, Telnet, Secure Shell (SSH)
Nokia IP45 Security Platform User’s Guide v4.065
4 Accessing the Nokia IP45 Security Platform
Web-based graphical user interface (GUI) by using HTTP, and HTTPS.
Connecting the Nokia IP45 Security Platform
to a Computer by Using the Console Port
Your Nokia IP45 security platform has a console serial port. Connect the RS-232 cable (that is
shipped along with the device) from the serial port of your computer to the console port of the
IP45. You can then manage the device by using a terminal emulation program such as Hyper
Term inal.
To connect to Nokia IP45 with HyperTerminal
1. To start the HyperTerminal program, choose: Start > Programs > Accessories >
Communications > HyperTerminal.
The Connection Description window opens.
2. Assign a name for your connection, such as IP45, and click OK.
3. Select the serial port that you will use: COM1 or COM2, and click OK.
66Nokia IP45 Security Platform User’s Guide v4.0
Configuration Methods
4. When you select the serial port, the COM1 (or COM2) Properties window opens.
Select the following port settings:
Bits per second: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None
5. Click Ok to continue.
6. The login prompt is displayed by default.
Nokia IP45 Security Platform User’s Guide v4.067
4 Accessing the Nokia IP45 Security Platform
The IP45 ships without a password defined. If you are logging in for the first time, you are
prompted to define the password by entering it twice. If you logged in before, enter the
username and password you previously defined.
For more information about CLI commands, see the NokiaIP45 Security Platform CLI Reference Guide, Version 4.0.
Using Telnet to Connect to the Nokia IP45 Security Platform
You can access the command-line interface through a Telnet session.
Telnet access is disabled by default. You can allow Telnet access from the LAN, and WAN by
configuring separate user rules. (No LAN or WAN access is available until it is configured)
Note
Before you start Telnet, ensure that the Telnet program is installed on your computer, and
that you can access the IP45 by using Telnet. The method for starting Telnet differs between
operating systems. You can use the method given here to start a Telnet session from
Windows 2000.
To connect to the IP45 security platform by using Telnet
1. Choose Start > Run
2. In the command window that opens, type telnet followed by the IP address of your IP45
security platform.
If your device IP address is 192.168.10.1, the run window opens as follows:
3. Click OK.
68Nokia IP45 Security Platform User’s Guide v4.0
Configuration Methods
The Telnet command window opens with a login prompt.
4. Enter your username and password.You can now manage your IP45 security platform by
using simple commands.
5. Press the tab key to view a list of useful, simple commands to start managing your IP45. For
more information, see the Nokia IP45 Security Platform CLI Reference Guide Version 4.0.
Enabling and Disabling Telnet Access to Nokia IP45
Telnet access is disabled by default.
Use the following command from the IP45 CLI to enable Telnet access to the device:
set acl service telnet enable
Use the following command to disable Telnet:
set acl service telnet disable
This command disables Telnet access from the WAN, LAN, and DMZ ports.
Nokia IP45 Security Platform User’s Guide v4.069
4 Accessing the Nokia IP45 Security Platform
Using Secure Shell to Connect to the Nokia IP45 Security
Platform
You can use Secure Shell (SSH) to access your IP45 security platform, securely. SSH is an
application protocol and software suite that allows secure network services over an insecure
network such as the Internet.
Note
By default, SSH access is allowed from LAN, and DMZ.
To access your Nokia IP45 security platform with SSH
1. Install an SSH client that allows you to make SSH connections to your IP45.
2. Provide the following information to connect to the device:
IP Address of the device
username
Authentication method, whether Password or Public Key
For more information about SSH, see “Configuring Network Access” on page 191.
Accessing Nokia IP45 with HTTP and HTTPS
You can access and manage your IP45 through a user-friendly GUI. For more information, see
Logging On to the Nokia IP45 Security Platform on page 55.
Managing Large Scale Deployments of Nokia IP45
You can centrally manage the Nokia IP45 security platform by using the following applications:
Nokia Horizon Manager
Check Point SmartCenter LSM
SofaWare Management Portal
These centralized management applications allow you to manage large-scale deployments.
For an overview of how to manage your device, see “Using Managed Services” on page 303.
70Nokia IP45 Security Platform User’s Guide v4.0
Managing Large Scale Deployments of Nokia IP45
Deploying the Nokia IP45 Security Platform with the Nokia
Horizon Manager
You can manage the Nokia IP45 security platform by using the Nokia Horizon Manager.
Nokia Horizon Manager is a software application designed to manage, and configure a large
number of Nokia IP security platforms (devices) that reside on a corporate enterprise, managed
service provider (MSP), or hosted applications service provider network (ASP).
You can use Nokia Horizon Manager to perform software inventory, configuration, and image
management operations.
Deploying the Nokia IP45 Security Platform with the
Check Point SmartCenter Large Scale Manager
The Check Point SmartCenter Large Scale Manager (LSM) allows you to manage many Check
Point Remote Office/Branch Office (ROBO) gateways from a single SmartCenter Server.
For additional information on installing and configuring LSM, see Check Point SmartCenter
LSM documentation.
Deploying Nokia IP45 with SofaWare Management Portal
The SofaWare Security Management Portal (SMP) is a security platform that enables centralized
management of a large number of firewalls embedded in broadband access devices or gateways.
You can use the SofaWare SMP for both policy and configuration management.
Note
Configure the management servers by using SofaWare Management Portal before you can
use subscription services such as Web filtering, email antivirus, and software updates by
Nokia IP45.
Using the Sofaware Management Portal, you can:
Update security policies and user interface files.
Configure and fine-tune SofaWare management services like Web filtering, email antivirus,
and software updates.
Nokia IP45 Security Platform User’s Guide v4.071
4 Accessing the Nokia IP45 Security Platform
72Nokia IP45 Security Platform User’s Guide v4.0
5Connecting to the Internet with the
Nokia IP45 Security Platform
This chapter explains how to configure the Internet to make a secure connection by using the
Nokia IP45 security platform.
This chapter includes the following topics:
Using the Setup Wizard
Manually Configuring the Internet Setting
Enabling or Disabling the Internet Connection
Using Quick Internet Connect or Disconnect
Configuring a Backup Internet Connection
Detecting Dead Connections
Configuring an Internet Connection
You can configure an Internet connection by using one of the following setup tools:
Setup Wizard—guides you through the configuration process, step by step.
Advanced Setup—provides advanced setup options.
Note
You must configure the Internet connection on initial operation, and reset to defaults
operations.
Using the Setup Wizard
You can use the Setup Wizard to configure the Internet connection for the Nokia IP45 security
platform through the graphical user interface (GUI). The Setup Wizard guides you through the
configuration process, step by step.
You can connect to the Internet using any of the following broadband connection methods:
PPPoE (PPP over Ethernet)
PPTP
Nokia IP45 Security Platform User’s Guide v4.073
5 Connecting to the Internet with the Nokia IP45 Security Platform
Cable Modem
Static IP
DHCP (Dynamic IP)
Note
The IP45 Setup wizard, which you can use for basic configuration of the device, is always
accessible from Setup > Firmware.
To configure an Internet connection by using the setup wizard
1. Choose Network from the main menu.
The Internet page opens.
2. Click Internet Wizard at the bottom of the page.
The IP45 Internet Wizard appears.
74Nokia IP45 Security Platform User’s Guide v4.0
Configuring an Internet Connection
3. Click Next to proceed.
4. The Internet Connection Method window opens.
5. Select the Internet connection method, and click Next.
You can choose between the following modes of broadband connection:
PPPoE (PPP over Ethernet)
PPTP
Cable Modem
Static IP
DHCP (Dynamic IP)
Note
If you select to connect by PPTP or PPPoE dialer, do not use dial-up software to
connect to the Internet. The IP45 does the PPPoE negotiation.
6. Follow the wizard instructions until the Connected message appears.
Nokia IP45 Security Platform User’s Guide v4.075
5 Connecting to the Internet with the Nokia IP45 Security Platform
7. Click Finish.
You are now connected to the Internet.
The wizard prompts you to register and set up your subscription options, which vary from
product to product.
For information about configuring device time, registering with Nokia Support Center and
subscribing to additional services with the Setup wizard, see “Getting Started” on page 49.
Cable Modem Connection Settings
If you select cable modem connection through the procedure “To configure an Internet
connection by using the setup wizard” on page 74, the Identification window opens.
Type the Host name and MAC Clone address if they are required by the ISP. For more details on
cloning MAC address, see “To configure for cable modem connection” on page 77.
76Nokia IP45 Security Platform User’s Guide v4.0
To configure for cable modem connection
1. Type the Host name in the Identification window.
This field is optional. It might be required by your ISP and if so the ISP provides it.
2. Click Next.
The Confirmation message appears.
3. Click Next.
The device attempts to connect to the Internet.
At the end of the connection process, the Connected message appears. When you are
connected, the wizard prompts you to register your details and set up your subscription
options, which vary from product to product.
4. Follow the instructions until the wizard is done, and then click Finish.
MAC Cloning
Some ISPs require that you register any MAC addresses of the computer behind the cable
modem before you establish an Internet connection.
MAC Cloning
Nokia IP45 takes the place of the computer behind the cable modem and you can use MAC
cloning to enter the original computer MAC address without contacting the ISP to change that
information.
Cloning a MAC Address
A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts
connections to specific, recognized MAC addresses, you must clone a MAC address.
IP45 v4.0 supports MAC cloning for WAN2 (DMZ).
To clone a MAC address
1. Choose Network from the main menu.
The Internet page opens.
2. To clone the MAC address, click the Edit next to the interface.
The Internet Setup page opens.
3. Click Show Advanced Settings.
Nokia IP45 Security Platform User’s Guide v4.077
5 Connecting to the Internet with the Nokia IP45 Security Platform
The Internet Setup page now displays the MAC cloning option.
4. Select MAC Cloning. Do one of the following:
a. Click This Computerto automatically clone the MAC address of your computer to the
IP45.
or
b. If the ISP requires authentication by using the MAC address of a different computer, type
the MAC address in the Cloned MAC Address field.
5. Click Apply.
78Nokia IP45 Security Platform User’s Guide v4.0
To connect by using a PPPoE connection
1. Select PPPoE from the Internet Connection Method window.
The PPP Configuration window opens.
2. Type the following:
a. Your username, and password and confirm the password.
MAC Cloning
b. The service name. This field is optional.
3. Click Next.
The system attempts to connect to the Internet through the PPPoE connection. At the end of
the connection process, the Connected message appears.
To connect by using the PPTP connection
1. Select PPTPfrom the Internet Connection Method window.
The PPP Configuration window opens.
2. Type the following information:
Username and Password, and confirm the password.
Nokia IP45 Security Platform User’s Guide v4.079
5 Connecting to the Internet with the Nokia IP45 Security Platform
Service name.
IP address of the PPTP modem in the Server IP text box.
Local IP address required for accessing the PPTP modem in the Internal IP text box.
Subnet Mask of the PPTP modem.
3. Click Next.
The Connecting message appears while the system attempts to connect to the Internet
through the PPTP connection. At the end of the connection process, the Connected message
appears.
To connect by using a static IP connection
1. Select Static IPfrom the Internet Connection Method window.
The Static IP Configuration window opens.
2. Type the following information:
Static IP address of the Nokia IP45 appliance.
Subnet Mask that applies to the static IP address.
IP address of the Default Gateway of your Internet service provider.
IP address of the Primary DNS Server
IP address of the Secondary DNS Server. This field is optional.
IP address of the WINS Server. This field is optional.
3. Click Next.
The Connecting message appears while the system attempts to connect to the Internet
through the static IP connection. At the end of the connection process, the Connected
message appears.
80Nokia IP45 Security Platform User’s Guide v4.0
Manually Configuring the Internet Setting
To connect using a DHCP connection
1. Select DHCP (Dynamic IP)from the Internet Connection Method window.
2. Click Next.
The Confirmation message appears.
3. Click Next.
The Connecting message appears while the system attempts to connect to the Internet
through the DHCP connection. At the end of the connection process, the Connected message
appears.
Manually Configuring the Internet Setting
You can configure the Internet settings for your IP45 manually.
To configure the Internet connection
1. Proceed as per steps 1 and 2 in “Using the Setup Wizard” on page 73 to connect using PPTP
and PPPoE.
2. Click Cancel on the Internet Setup wizard.
Nokia IP45 Security Platform User’s Guide v4.081
5 Connecting to the Internet with the Nokia IP45 Security Platform
The Welcome page is displayed.
3. Choose Network from the main menu.
The Internet page opens.
4. Click Edit next to Primary.
The Internet Setup page with a list of connection type options appears.
5. Select the Connection Type.
The display changes according to the connection type you select. Perform the following
procedures in accordance with the connection type you choose.
To use a LAN connection
The following steps provide details about the LAN connection.
1. Select LAN connection from the Internet Setup page at Connection Type.
2. Click Show Advanced Settings.
82Nokia IP45 Security Platform User’s Guide v4.0
The following page opens.
Manually Configuring the Internet Setting
3. Select the Port: WAN, WAN2, Serial, None.
4. If you do not want the IP45 to obtain an IP address automatically by using DHCP, do the
following:
a. Uncheck the Obtain IP address automatically (using DHCP) check box.
b. Type the IP address that your service provider provides.
c. Select the subnet mask from the drop-down list that applies to the IP address you Typed.
d. Type the IP address of the default gateway of your service provider.
5. To assign an IP address automatically by using DHCP, but not configure DNS servers
automatically, do the following:
a. Uncheck the Obtain DNS Servers automatically check box.
b. Type the Primary DNS server IP address.
c. Type the Secondary DNS server IP address.
d. Type the WINS Server IP address.
6. Select the Shape Upstream and Shape Downstream to enable traffic shaper.
7. Type the Upstream Link Rate value in kbps.
8. Type the Downstream Link Rate value in kbps, slightly lower than the Upstream Link Rate
value.
Nokia IP45 Security Platform User’s Guide v4.083
5 Connecting to the Internet with the Nokia IP45 Security Platform
9. Click Show Advanced Settings.
10. Type the maximum transmission unit (MTU-1500)
11. Ty pe th e Hos t Nam e.
This field is optional: some ISPs might require it, and they provide the host name.
12. Click Apply.
To use a cable modem connection
1. Select Cable Modem type from the Internet Setup page at Connection Type.
2. Click Show Advanced Settings.
The Internet Setup page opens.
3. Enter the Host Name.
This field is optional: some ISPs might require it, and they provide the host name.
4. Complete the remaining fields as per the information provided in the procedure “To use a
LAN connection” on page 82.
5. Click Apply.
To use a PPPoE connection
1. Choose PPPoE from the Internet Setup page at Connection Type.
2. Click Show Advanced Settings.
84Nokia IP45 Security Platform User’s Guide v4.0
The following page opens:
Manually Configuring the Internet Setting
3. Enter the following information:
Enter your Username and Password, and confirm the Password.
Enter the service name as given by your service center
Note
If your service center did not provide you with a service name, leave this text box empty.
You can set the maximum transmission unit size (MTU). Nokia recommends that you leave
this field empty. However, to modify the default MTU, consult with your service provider.
4. If you are not using automatic configuration of DNS servers, do the following:
Uncheck the Obtain Domain Name Servers automatically check box
Enter the Primary DNS server IP address.
Enter the Secondary DNS server IP address.
Enter the WINS Server IP address.
Nokia IP45 Security Platform User’s Guide v4.085
5 Connecting to the Internet with the Nokia IP45 Security Platform
The following page opens:
5. Click Apply.
To use a PPTP connection
1. Choose PPTP Internet Setup page at Connection Type.
2. Click Show Advanced Settings.
86Nokia IP45 Security Platform User’s Guide v4.0
The following page opens:
Manually Configuring the Internet Setting
3. Enter the following information:
a. Your username and password, and confirm the password.
b. The service name as given by your service provider.
c. The IP address of the PPTP server as given by your service provider.
d. The IP address of the PPTP client as given by your service provider.
e. Select the PPTP client subnet as given by your service provider.
You can configure the MTU size. Nokia recommends that you leave this field empty.
Consult your service provider to modify the default MTU.
4. If you are not using automatic configuration of DNS servers, do the following:
a. Clear the Obtain DNS servers automatically check box.
The Internet page with DNS server options appears.
b. Enter the Primary DNS server IP address.
c. Enter the Secondary DNS server IP address.
Nokia IP45 Security Platform User’s Guide v4.087
5 Connecting to the Internet with the Nokia IP45 Security Platform
5. Click Apply.
Table 14 Internet Connection Fields
FieldAction
Host NameType the hostname for authentication.
If your ISP has not provided you with a host name, leave this field
blank. Most ISPs do not require a specific hostname.
PortType of port you want to use for connecting to the Internet.
Options:
• WAN: configuring an ethernet-based connection through WAN
port.
• WAN2: configuring an ethernet-based connection through DMZ/
WAN2 port.
• Serial: to configure a dial-up connection.
• None: To configure none.
UsernameType your user name.
PasswordType your password.
Confirm
password
ServiceType your service name.
Server IPIP address of the server.
Internal IPLocal IP address.
Obtain IP
address
automatically
(Using DHCP)
Obtain Domain
Name Servers
automatically
IP AddressType the static IP address of your IP45 device.
Re type your password to confirm.
If your ISP has not provided you with a service name, leave this
field empty.
If you selected PPTP, type the IP address of the PPTP server as
given by your ISP.
If you selected PPTP, type the local IP address required for
accessing the PPTP modem.
Clear this option if you do not want the Nokia IP45
device to obtain an IP address automatically.
Clear this option if you do not want the Nokia IP45
device to obtain an IP address automatically.
Subnet Mask Select the subnet mask that applies to the static IP
address of your device.
88Nokia IP45 Security Platform User’s Guide v4.0
Table 14 Internet Connection Fields (continued)
FieldAction
Manually Configuring the Internet Setting
Default Gateway.
Primary DNS
Server
Secondary
DNS Server
WINS Server
Shape
Upstream
Link Rate
Shape
Downstream
Link Rate
Type the IP address of your ISP’s default gateway.
Type the primary DNS server IP address.
Type the secondary DNS server IP address.
Type the WINS server IP address.
Select this option to enable traffic shaper for outgoing traffic. Type
a rate (in kilobits/second) slightly lower than
lower than the
maximum measured upstream speed of your Internet
connection,
Try different rates in order to determine which one provides the
best results.
For information on using traffic shaper, see “Using Traffic Shaper”
on page 127.
Select this option to enable Traffic Shaper for incoming traffic.
Then type a rate (in kilobits/second) slightly lower than
in the field provided.
lower than
the maximum measured downstream speed of your Internet
connection.
You may try different rates in order to determine which one
provides the best results.
Note
Traffic Shaper cannot control the number or type of packets it
receives from the Internet; it can only affect the rate of incoming
traffic by dropping inbound traffic less accurate than the shaping of
outbound traffic. It is therefore recommended to enable traffic
shaping for incoming traffic only if necessary.
For information on using Traffic Shaper, see“Using Traffic Shaper”
on page 127.
Do not
connect if this
gateway is in
passive state
If you are using High Availability, select this option to configure
WAN high availability. The gateway connects to the Internet only if
it is the active gateway in the high availability cluster.
This field is only enabled if high availability is configured.
For information on high availability, see “High-Availability” on page
213.
Nokia IP45 Security Platform User’s Guide v4.089
5 Connecting to the Internet with the Nokia IP45 Security Platform
Table 14 Internet Connection Fields (continued)
FieldAction
External IPIf you selected PPTP, type the IP address of the PPTP client as
given by your ISP.
If you selected PPPoE, this field is optional, and you
need not enter this value unless specified by your ISP.
MTU This field allows you to control the maximum transmission unit
size.
As a general recommendation you should leave this
field empty. To modify the default MTU value, it is recommended
that you consult with your ISP first and use MTU values between
1300 and 1500.
Dial-Up PPP
You can connect the Nokia IP45 security platform to the Internet by using a dial-up connection.
The device can establish a PPP connection to an ISP by using an external modem connected to
an auxiliary port. The modem can be an analog modem or an ISDN terminal adapter.
You can use the following modems:
Analog modem 56 Kbps (DTE speed: up to 115200)
ISDN TA (using PPP) 64 Kbps (DTE speed: up to 230400)
ISDN TA (using MLPPP) 128 Kbps (DTE speed: up to 460800)
Configuring Dial-Up
You can configure the dial-up option using either the GUI or the command-line interface (CLI).
Using the GUI
The following sections provide details about how to configure dial-up connections on the Nokia
IP45 security platform by using the GUI:
90Nokia IP45 Security Platform User’s Guide v4.0
To configure dial-up settings using the GUI
1. Choose Network from the main menu.
The Internet page opens.
Dial-Up PPP
2. Click Edit next to the Primary Internet connection.
The Internet Setup page opens.
3. Select Serial from the drop-down list next to Port.
4. Select Dialup from the drop-down list next to Connection Type.
The following page opens.
5. Click Apply.
Dialup is configured.
Nokia IP45 Security Platform User’s Guide v4.091
5 Connecting to the Internet with the Nokia IP45 Security Platform
Configuring Dial-up Setting by Using the CLI
To configure the dial-up by using the command line interface, log in through the console port.
Dial-up mode can be enabled by using the following options available in the CLI:
Disable—WAN connection is established regardless of any interesting traffic.
Immediate—WAN connection is established only when no other higher priority connection
(primary) exists, regardless of any interesting traffic. This connection becomes inactive
when primary becomes active.
Note
Any traffic that goes to the Internet through LAN is called interesting traffic.
Activity—WAN connection is established only when interesting traffic is initiated from
internal network to WAN and when no other higher priority connection (primary) exists. The
dialup connection terminates if another higher priority connection becomes active or if there
is no traffic for 1 minute.
Note
Dial-up connection option (always on, demand dialing) and other parameters (number,
username, password, and so on) can be configured by using CLI.
Use the following commands to configure the dialup profile:
set interface wan mode dialup connectondemand <disable |immediate |
activity>
set interface wan2 mode dialup connectondemand <disable
activity>
For more information about dial-up commands, see the Nokia IP45 Security Platform CLI
Reference Guide Version 4.0.
CLI Wizard
Use the following command to configure dial-up by using the CLI wizard:
wizard dialup
For more information about how to use other dialup commands, see the Nokia IP45 Security
Platform CLI Reference Guide, Version 4.0.
Multiple Dial-up Profiles
The Nokia IP45 security platform supports 10 dial-up profiles. A round-robin mechanism is
used to choose the profiles for connecting to the Internet. By default, the first dial-up profile is
used. On failure of the first dial-up, the device attempts to use the successive profiles for
successful Internet connection.
|immediate |
92Nokia IP45 Security Platform User’s Guide v4.0
Enabling or Disabling the Internet Connection
Either dial-up or an out-of-band management (OOB) instance alone can exist on the device at
any given time.
Note
You can configure ten dial-up profiles. Only one profile will be active at a time.You cannot
configure dial-up for both primary and secondary Internet connections.
Enabling or Disabling the Internet Connection
You can enable or disable the Internet connection by using the following procedure.
To enable or disable the Internet connection
1. Choose Network from the main menu.
The Internet page opens.
2. Next to the Internet connection, do one of the following:
a. To enable the connection, click the adjacent sign (x) mark
The button changes to a check mark, and the connection is enabled.
b. To disable the connection, click the adjacent check mark.
The button changes to sign (x) mark, and the connection is disabled.
Using Quick Internet Connect or Disconnect
By using connect or disconnect (depending on the connection status) on the Internet page, you
can establish a quick Internet connection by using the currently selected connection type. In the
same manner, you can terminate the active connection.
The Internet connection retains its connected or not connected status until the Nokia IP45 is
rebooted. The IP45 then connects to the Internet if the connection is enabled. For information on
how to enable the Internet connection, see “Enabling or Disabling the Internet Connection” on
page 93.
Configuring a Backup Internet Connection
You can configure both a primary and a secondary Internet connection for the Nokia IP45
security platform. The secondary connection acts as a backup, so that even if the primary
connection fails, the IP45 remains connected to the Internet.
You can configure different DNS servers for the two connections. The IP45 device acts as a DNS
relay and routes requests from computers within the network to the appropriate DNS server for
the active Internet connection.
Nokia IP45 Security Platform User’s Guide v4.093
5 Connecting to the Internet with the Nokia IP45 Security Platform
The two connections can be of different types. But they both cannot be LAN, and DHCP
connections.
To set up backup Internet connection
1. Choose Networks from the main menu.
The Internet page opens.
2. Click Edit next to Primary, and Secondary connection types to configure a backup Internet
connection.
For basic topology illustrations, see “Connecting the Nokia IP45 Security Platform to the
Network” on page 47.
Note
To physically connect multiple WAN devices to Nokia IP45, you must have a switch,
connected to the WAN port.
Viewing Internet Information
To view the status, duration, and activity information, choose Network from the main menu. The
Internet page opens.
Table 15 displays the Internet connection information.
Table 15 Internet Connection Information
FieldDescription
StatusIndicates the connection status.
DurationIndicates the connection duration, if active. The duration is given in
the format hh:mm:ss, where:
hh = hours
mm = minutes
ss = seconds
IP AddressYour IP address
EnabledIndicates whether or not the connection is enabled.
WAN MAC
Address
Cloned MAC
Address
MAC address of IP45.
Cloned MAC address.
94Nokia IP45 Security Platform User’s Guide v4.0
Table 15 Internet Connection Information (continued)
FieldDescription
Detecting Dead Connections
Received
Packets
Sent PacketsNumber of data packets sent in the active connection.
Number of data packets received in the active connection.
Detecting Dead Connections
The Nokia IP45 security platform v4.0 supports dead internet connection detection. If the
Internet connection is identified to be inactive, a failover is performed to the secondary Internet
connection to insure continuous connectivity.
You can detect dead connection by using the methods as described in the following procedure.
To configure dead connection detection
1. Choose Internet from the main menu.
2. Click Edit next to the type of connection to choose. For example Primary LAN.
The following page opens.
3. Click Show Advanced Settings.
The following page opens displaying the dead connection configuration details.
Nokia IP45 Security Platform User’s Guide v4.095
5 Connecting to the Internet with the Nokia IP45 Security Platform
4. To automatically detect the loss of connectivity to the default gateway, select Probe Next
Hop.
5. Select probing method from the options provided in Connection Probing Method drop-down
list.
6. Choose the values for the option selected by using the information provided in Tab le 16.
7. Click Apply.
96Nokia IP45 Security Platform User’s Guide v4.0
Table 16 Dead Connection Detection
FieldDescription
Detecting Dead Connections
Probe Next
Hop
Connection
Probing
Method
Select this option to automatically detect loss of connectivity to the
default gateway. If the default gateway does not respond and the
Internet connection is considered to be down, a failover is
performed to the second Internet connection, (if configured) to
ensure continuous Internet connectivity.
By default, this option is selected.
Select the method for probing by using this option. The probing
methods available are:
• None (default value)—does not perform Internet connection
probing. Next hop probing is still used, if the Probe Next Hop
check box is selected. This is the default value
• Ping Addresses—ping anywhere from one to three servers
specified by IP address or DNS name in the 1, 2, and 3 fields. If
no response is received for 45 seconds from the defined
servers, the Internet connection is considered to be inactive.
Use this method if you have reliable servers that can be pinged.
• Probe DNS Servers—probes the primary and secondary DNS
servers. If no response is received for 45 seconds from any of
the gateways, the Internet connection is considered to be
inactive.
• Probe VPN Gateway (RDP)—sends RDP echo requests to up to
three Check Point VPN gateways specified by IP address or
DNS name in the 1, 2, and 3 fields. If no response is received for
45 seconds from any of the defined gateways, the Internet
connection is considered to be inactive.
For information about how to configure dead connection detection by using the CLI, see the
Nokia IP45 Security Platform CLI Reference Guide Version 4.0.
Nokia IP45 Security Platform User’s Guide v4.097
5 Connecting to the Internet with the Nokia IP45 Security Platform
98Nokia IP45 Security Platform User’s Guide v4.0
6Managing your Local Area Network
This chapter provides detailed information to manage your local area network by using the
Nokia IP45 security platform.
You can manage and configure your network connection and settings, and view the connections
information on the connection in terms of status, connection duration, and activity.
This chapter includes the following topics:
Configuring Network Settings
Enabling and Disabling the DHCP Server
Changing IP Addresses
Configuring Network Objects
Configuring DHCP Reservation
OSPF
Viewing Ports Status
Configuring Source Routes
Defining the Port Link Speed
Configuring Network Settings
Caution
Network settings are advanced settings. Nokia recommends that these settings not be
changed unless it is necessary and you are qualified to do so. Changing network
settings might result in losing the connection to the device.
If you change the network settings to incorrect values, and you are unable to correct the error,
reset the IP45 to its factory settings.
To reset the Nokia IP45 security platform to its factory default settings, choose Setup >
Firmware > Tools > Factory Settings. You can also press the Reset button at the rear panel of the
device.
Nokia IP45 Security Platform User’s Guide v4.099
6 Managing your Local Area Network
Note
To set the device to factory defaults by using the Reset button, press the Reset button for a
minimum of seven seconds.
Enabling and Disabling the DHCP Server
The Nokia IP45 security platform has a built-in Dynamic Host Configuration Protocol (DHCP)
server that is enabled by default. This allows the IP45 to configure all the devices on your
network automatically.
If you have another DHCP server configured in your network, you must disable the DHCP
server in your IP45 before you connect the IP45 to the network.
To enable or disable the DHCP server
1. Choose Network from the main menu.
The Internet page opens.
2. Click My Network.
The My Network page opens.
3. To configure the DHCP server for LAN/DMZ settings, click Edit next to LAN/DMZ.
100Nokia IP45 Security Platform User’s Guide v4.0
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.