Nokia IP560 - Hard Disk Drive Based Installation Manual

Part No. N450000382 Rev 001

Published August 2008

IP560 Security Platform

Installation Guide

2 IP560 Security Platform Installation Guide

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

IMPORTANT NOTE TO USERS

This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

Nokia reserves the right to make changes without further notice to any products herein.

TRADEMARKS

Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.

080101

IP560 Security Platform Installation Guide 3

Nokia Contact Information

Corporate Headquarters

Regional Contact Information

Nokia Customer Support

Web Site http://www.nokia.com

Telephone 1-888-477-4566 or

1-650-625-2000

Fax 1-650-691-2170

Mail Address

Nokia Inc. 313 Fairchild Drive Mountain View, California 94043-2215 USA

Americas Nokia Inc.

313 Fairchild Drive Mountain View, CA 94043-2215 USA

Tel: 1-877-997-9199 Outside USA and Canada: +1 512-437-7089 email: info.ipnetworking_americas@nokia.com

Europe, Middle East, and Africa

Nokia House, Summit Avenue Southwood, Farnborough Hampshire GU14 ONG UK

Tel: UK: +44 161 601 8908 Tel: France: +33 170 708 166 email: info.ipnetworking_emea@nokia.com

Asia-Pacific 438B Alexandra Road

#07-00 Alexandra Technopark Singapore 119968

Tel: +65 6588 3364 email: info.ipnetworking_apac@nokia.com

Web Site: https://support.nokia.com/

Email: tac.support@nokia.com

Americas Europe

Voi ce: 1-888-361-5030 or

1-613-271-6721

Voi ce: +44 (0) 125-286-8900

Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666

Asia-Pacific

Voi ce: +65-67232999

Fax: +65-67232897

050602

4 IP560 Security Platform Installation Guide

IP560 Security Platform Installation Guide 5

Contents

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Conventions this Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

About the Nokia IP560 Security Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Managing the Nokia IP560 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Nokia IP560 Security Platform Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Four-Port 10/100/1000 Ethernet NIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

PMC Expansion Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Connecting to the Console or Auxiliary Port with the

Supplied Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Auxiliary Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Logging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Power Supply and Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Fan Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Site Requirements, Warnings, and Cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2 Installing the Nokia IP560 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Rack-Mounting the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6 IP560 Security Platform Installation Guide

3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Using a Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Connecting Power and Turning the Power On . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Performing the Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Using Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Viewing Nokia IPSO Documentation by Using

Nokia Network Voyager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Using the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Using Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4 Installing and Replacing Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . 47

Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Installing NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Monitoring Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

5 About IP560 Appliance Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . 53

Four-Port 10/100 Ethernet NIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

10/100 Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Ethernet NIC Connectors and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Four-Port and Two-Port Copper Gigabit Ethernet

NIC (10/100/1000). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Copper Gigabit Ethernet NIC Features in the IP560 . . . . . . . . . . . . . . . . . . . . . . 56

Copper Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . . . . 59

Two-Port Fiber-Optic Gigabit Ethernet NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Fiber-Optic Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Fiber-Optic Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . 61

6 Installing, Using, and Replacing ADP Services Modules . . . . . . . . . . . . . . . . . . 63

Installing and Replacing ADP Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Nokia ADP Module LED Reference Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Configuring Nokia IPSO with IP560 ADP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 73

Effect on Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Nokia ADP Module Interface Names for IP560 Appliances . . . . . . . . . . . . . . . . . 74

Configuring Network Topology with an IP560 Appliance . . . . . . . . . . . . . . . . . . . 74

Configuration Example with VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Deleting VRRP Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Reconfiguring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Reconfiguring VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

IP560 Security Platform Installation Guide 7

7 Installing and Replacing Components Other than Network Interface Cards (NICs)

and Accelerated Data Path (ADP) Services Modules . . . . . . . . . . . . . . . . . . . . . 83

Replacing the Compact Flash Memory Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Installing a PC Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Installing or Replacing a Hard-Disk Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Configuring a Hard-Disk Drive for Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Replacing a Nokia Encryption Accelerator Card . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Software to Use Hardware Acceleration . . . . . . . . . . . . . . . . . . . . . 102

Replacing a Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Replacing a Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Monitoring the IP560 Appliance Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Replacing the Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

General Troubleshooting Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Troubleshooting Routing Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

8 IP560 Security Platform Installation Guide

IP560 Security Platform Installation Guide 9

Figures

Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 2 Four-Port 10/100/1000 Ethernet PMC Details . . . . . . . . . . . . . . . . . . . . 22

Figure 3 Pin Assignments for Console Connector and Console Cable . . . . . . . . . 24

Figure 4 Pin Assignments for Auxiliary and Modem Cables . . . . . . . . . . . . . . . . . 25

Figure 5 Nokia IP560 Security Platform System Status LEDs . . . . . . . . . . . . . . . 26

Figure 6 Power Supply and Fan Unit Locations . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Figure 7 Power Supply, Fan, and Power Switch Locations . . . . . . . . . . . . . . . . . . 27

Figure 8 Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Figure 9 Rack-Mounting Screw Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Figure 10 Power Switch Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Figure 11 Nokia Network Voyager Reference Access Points . . . . . . . . . . . . . . . . 44

Figure 12 Four-Port 10/100 Ethernet NIC Front Panel Details . . . . . . . . . . . . . . . 54

Figure 13 Output Connector for the Ethernet Cable . . . . . . . . . . . . . . . . . . . . . . . 55

Figure 14 Ethernet Crossover-Cable Pin Connections . . . . . . . . . . . . . . . . . . . . . 56

Figure 15 Gigabit Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . . 56

Figure 16 Four-Port Copper Gigabit Ethernet NIC Front Panel Details . . . . . . . . 57

Figure 17 Two-Port Copper Gigabit Ethernet NIC Front Panel Details . . . . . . . . . 57

Figure 18 Gigabit Ethernet Cable Connector Output Pin Assignments . . . . . . . . . 59

Figure 19 Gigabit Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . . 60

Figure 20 PMC Two-Port Short-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 61

Figure 21 PMC Two-Port Long-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 61

Figure 22 Compact Flash Memory Card Slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Figure 23 External PC Card Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Figure 24 Location of Hard-Disk Drive on the Chassis Tray Assembly . . . . . . . . . 90

Figure 25 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Figure 26 Power Supply Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

10 IP560 Security Platform Installation Guide

IP560 Security Platform Installation Guide 11

Tables

Table 1 Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Table 2 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Table 3 Nokia IP560 Security Platform Specifics . . . . . . . . . . . . . . . . . . . . . . . . . 19

Table 4 System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Table 5 Power Supply Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Table 6 NIC PCI Frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

12 IP560 Security Platform Installation Guide

IP560 Security Platform Installation Guide 13

About this Guide

This manual provides information for the installation and use of the Nokia IP560 security platforms. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only.

This preface provides the following information:

 In this Guide

 Conventions this Guide Uses

 Related Documentation

In this Guide

This guide is organized into the following chapters and appendixes:

 Chapter 1, “Overview” presents a general overview of the Nokia IP560 security platform.

 Chapter 2, “Installing the Nokia IP560 Appliance” describes how to rack-mount the

appliance.

 Chapter 3, “Performing the Initial Configuration” describes how to physically connect the

Nokia IP560 security platform to a network and to a power source and how to make the security platform available on the network.

 Chapter 4, “Installing and Replacing Network Interface Cards” describes how to install,

monitor, and replace network interface cards (NICs).

 Chapter 5, “About IP560 Appliance Network Interface Cards” describes how to connect to

and use each of the supported NICs.

 Chapter 6, “Installing, Using, and Replacing ADP Services Modules” describes how to use

Accelerated Data Path (ADP) services modules with your IP560 appliance.

 Chapter 7, “Installing and Replacing Components Other than Network Interface Cards

(NICs) and Accelerated Data Path (ADP) Services Modules” describes how to install or

replace memory, hard disk drives, the fan unit, power supply, battery, compact flash memory card, PC card, and the Nokia encryption accelerator card.

 Chapter 8, “Troubleshooting” discusses problems you might encounter and proposes

solutions to these problems.

 Appendix A, “Technical Specifications” provides technical specifications such as interface

characteristics.

14 IP560 Security Platform Installation Guide

 Appendix B, “Compliance Information” provides compliance and regulatory information.

Conventions this Guide Uses

The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.

Notices

Warning

Warnings advise the user that either bodily injury might occur because of a physical hazard, or that damage to a structure, such as a room or equipment closet, might occur because of equipment damage.

Caution

Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.

Note

Notes provide information of special interest or recommendations.

Command-Line Conventions

This section defines the elements of commands that are available in Nokia Network Security Solutions products. You might encounter one or more of the following elements on a command-line path.

Conventions this Guide Uses

IP560 Security Platform Installation Guide 15

Table 1 Command-Line Conventions

Convention Description

command This required element is usually the product name or other short

word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.

Italics Indicates a variable in a command that you must supply. For

example:

delete interface if_name

Supply an interface name in place of the variable. For example:

delete interface nic1

angle brackets < > Indicates arguments for which you must supply a value:

retry-limit <1–100>

Supply a value. For example:

retry-limit 60

Square brackets [ ] Indicates optional arguments.

delete [slot slot_num]

For example:

delete slot 3

Vertical bars, also called a

pipe

(|)

Separates alternative, mutually exclusive elements.

framing <sonet | sdh>

To complete the command, supply the value. For example:

framing sonet

framing sdh

-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.

.ext A filename extension, such as .ext, might follow a variable that

represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.

( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that

you must enter exactly as shown.

' ' Single quotation marks are literal symbols that you must enter as

shown.

16 IP560 Security Platform Installation Guide

Text Conventions

Table 2 describes the text conventions this guide uses.

Related Documentation

IP560 Security Platform Installation Guide 17

the Nokia Network Voyager Reference Guide, and the CLI Reference Guide from Nokia Network Voyager.

Check Point documentation is available from the Check Point Web site at: http://

www.checkpoint.com/

060306

18 IP560 Security Platform Installation Guide

IP560 Security Platform Installation Guide 19

1 Overview

This chapter provides an overview of the Nokia IP560 security platform and the requirements for its use. The following topics are covered:

 About the Nokia IP560 Security Platform

 Managing the Nokia IP560 Security Platform

 Nokia IP560 Security Platform Overview

 Logging Options

 Power Supply and Fan Unit

 Site Requirements, Warnings, and Cautions

 Software Requirements

 Product Disposal

About the Nokia IP560 Security Platform

The Nokia IP560 security platform combines the power of the Nokia IPSO operating system with Check Point VPN-1 enterprise applications. The Nokia IP560 security platform is a mid-range, multi-port security platform that is ideally suited for the enterprise data center.

Table 3 presents specifics about the IP560.

The IP560 is a one rack-unit disk-based or flash-based appliance that incorporates a serviceable slide-out tray into the chassis design. In its base configuration, the IP560 consists of:

 Solid state IDE compact flash memory.

In disk-based appliances, the IPSO operating system and Check Point application are stored on the hard drive, and the boot manager is stored in the flash memory.

In flash-based appliances, the IPSO operating system, Check Point application, and boot manager are stored in the flash memory.

 Hard-disk drive in disk-based appliances.

Table 3 Nokia IP560 Security Platform Specifics

Platform Initial Memory Configuration Upgradeable RAM

Nokia IP560 1 GB 2 GB

1 Overview

20 IP560 Security Platform Installation Guide

 1 GB system RAM.

 AC power supply.

 Fan unit.

 Encryption acceleration card to further enhance VPN performance.

The front panel of the IP560 security platform contains:

 Four PMC slots for network interfaces cards (NICs) and Accelerated Data Path (ADP)

services modules, including:

 a single-slot PCMCIA PMC option slot in slot 3

 a four-port Ethernet 10/100/1000 interface in slot 4

 A console port

 An auxiliary port

 Front-panel reset button

Note

Any slot can be used for an Ethernet NIC. The PCMCIA PC card carrier that comes preinstalled in slot 3 is removable; slot 3 can accept a Nokia-approved NIC. For Accelerated Data Path (ADP) services modules usage information, see Chapter 6, “Installing, Using, and

Replacing ADP Services Modules.”

The network interfaces provide exceptional data forwarding and monitoring performance when used with Nokia and partner applications. The network interfaces are designated for management, monitoring, and high-availability traffic.

For flash-based appliances, you can purchase optional 2.5-inch hard-disk drives to use for logging.

The IP560 security platform is designed to meet other mid- to high-end availability requirements, including port density for connections to redundant internal, external, DMZ, and management networks. In addition, the IP560 security platform provides N + 1 cooling.

As a network device, the IP560 security platform supports a comprehensive suite of IP-routing functions and protocols.

The integrated router functionality eliminates the need for separate intranet and access routers in security applications.

Managing the Nokia IP560 Security Platform

You can manage the IP560 security platform by using the following interfaces:

 Nokia Network Voyager—an SSL-secured, Web-based element management interface to

Nokia IP security platforms. Network Voyager is preinstalled on the IP560 security platform and enabled through the IPSO operating system. With Network Voyager, you can manage, monitor, and configure the IP560 security platform from any authorized location within the network by using a standard Web browser. Use one of the four Ethernet ports to access the Network Voyager interface.

Nokia IP560 Security Platform Overview

IP560 Security Platform Installation Guide 21

For information about how to access Network Voyager and the related reference materials, see “Using Nokia Network Voyager” on page 42.

 The IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you

to easily configure Nokia IP security platforms from the command line. Everything that you can accomplish with Network Voyager—manage, monitor, and configure the IP560 security platform—you can also do with the CLI.

For information about how to access the CLI, see the Nokia CLI Reference Guide for IPSO v3.6 or later.

 Nokia Horizon Manager—a secure GUI-based software image management application.

With Horizon Manager, you can securely install and upgrade the Nokia proprietary IPSO operating system, plus hardware and third-party applications such as Check Point VPN-1. Horizon Manager can perform installations and upgrades on up to 2,500 Nokia IP security platforms, offering administrators the most rapid and dependable method to perform Check Point application upgrades.

For information about how to obtain Horizon Manager, contact your Nokia solution provider or see the “Nokia Contact Information” on page 3.

Nokia IP560 Security Platform Overview

Figure 1 shows the component locations for the IP560.

Figure 1 Component Locations Front View

Four-Port 10/100/1000 Ethernet NIC

The four-port 10/100/1000 Mbps Ethernet ports are located in slot 4. Figure 2 shows the layout of the Ethernet ports and link LEDs. The top link LED represents the left-most port (port 1). The remaining LEDs represent the remaining ports from top to bottom and left to right.

00350

SLOT 1 SLOT 2 SLOT 3 SLOT 4

1 2 3 4

IP560

System status LEDs

AUX port

Console port

Four-port Ethernet 10/100/1000 (slot 4)

PC-card slot (slot 3)

PMC NIC and ADP module slots (slots 1 and 2)—unpopulated in base bundle

Reset button

1 Overview

22 IP560 Security Platform Installation Guide

Note

The Ethernet ports are intended for management or high-speed traffic.

Figure 2 Four-Port 10/100/1000 Ethernet PMC Details

Caution

Cables that connect to the Ethernet card must be compliant with IEEE 802.3ab, Cat 5E, or Cat 5 cables to prevent potential data loss.

PMC Expansion Slots

The IP560 security platform provides two additional PMC expansion slots for NIC and ADP module options.

For information about NICs, see Chapter 4, “Installing and Replacing Network Interface Cards” and Chapter 5, “About IP560 Appliance Network Interface Cards.”

For information about ADP modules, see Chapter 6, “Installing, Using, and Replacing ADP

Services Modules.”

Nokia products only support NICS and ADP modules purchased from Nokia or Nokia-approved resellers. The Nokia Global Support Services group can only provide support for Nokia products that use Nokia-approved accessories. For sales or reseller information, contact a Nokia service provider listed in the “Nokia Contact Information” on page 3.

Connecting to the Console or Auxiliary Port with the Supplied Cable

The cable that Nokia provides with IP560 appliances includes a latching mechanism used to secure the cable to the console port or auxiliary port of your appliance.

00120a

RJ-45 connectors

LInk LEDs (green)

Port 2 Port 4

Port 1

Port 3

Nokia IP560 Security Platform Overview

IP560 Security Platform Installation Guide 23

Note

To use the cable for modem connections from the auxiliary port, you need to order a modem cable kit. For information about contacting Nokia to order the kit, see “Nokia Contact

Information” on page 3.

Note

The cable described in this section is a rollover cable, which is required for IP560 console and auxiliary port connections. You cannot use standard Ethernet cables for IP560 console and auxiliary connections.

To connect the cable, push the connector into the receptacle, as you would with other similar cables. To disconnect the cable, push the cable toward the appliance, pull back on the boot to release the latch, and pull the connector out of the receptacle.

You can connect the other end of the cable to a DB-9 console connection (using the appliance console port and the DB-9 female adaptor) or to a DB-25 modem connection (using the

1 + 2 =

00548a

Push cable

Pull boot

To connect the cable

To disconnect the cable

1 Overview

24 IP560 Security Platform Installation Guide

appliance auxiliary port and the DB-25 male adaptor). The DB-9 adapter is provided with the cable. The DB-25 adaptor is provided with Nokia modem cable kits for the IP560.

Console Port

The default configuration of the serial ports are: 9600 baud, 8 bits, no parity, and 1 stop. Figure 3 provides pin assignment information for console connections. If you need to access the devices locally, you must use the console port.

Figure 3 Pin Assignments for Console Connector and Console Cable

The console cable provided with the IP560 is comprised of two parts:

 a 6-foot rollover cable with RJ-45 terminations

 an RJ-45 to DB-9 adapter

On the opposite end of the console cable, connect the RJ-45 to the DB-9 adapter, which you can then connect to the host terminal.

00552

DB-9 female adapter

DB-25 male adapter

Console Port (DTE)

RJ-45 to RJ-45 Rollover Cable

RJ-45 to DB-9 Ter min al Adapter Console Device

Signal RJ-45 Pin RJ-45 Pin DB-9 Pin Signal

RTS 1 8 8 CTS

DTR 2 7 6 DSR

TxD 3 6 2 RxD

GND 4 5 5 GND

GND 5 4 5 GND

RxD 6 3 3 TxD

DSR 7 2 4 DTR

CTS 8 1 7 RTS

Nokia IP560 Security Platform Overview

IP560 Security Platform Installation Guide 25

Auxiliary Port

Use the built-in serial (AUX) port, shown in Figure 1, to establish a modem connection for managing the appliance remotely or out-of-Band. The default configuration of the serial ports are: 9600 baud, 8 bits, no parity, and 1 stop. bit.Figure 4 provides pin assignment information for modem connections.

Figure 4 Pin Assignments for Auxiliary and Modem Cables

System Status LEDs

You can visually monitor the status of the IP560 security platform by checking the system status LEDs. The system status LEDs are located on the center of the front panel, as shown in Figure 5.

Auxiliary Port (DTE)

RJ-45 to RJ-45 Rollover Cable

RJ-45 to DB-25 Modem Adapter Modem

Signal RJ-45 Pin RJ-45 Pin DB-25 Pin Signal

RTS 1 8 4 RTS

DTR 2 7 20 DTR

TxD 3 6 3 TxD

GND 4 5 7 GND

GND 5 4 7 GND

RxD 6 3 2 RxD

DSR 7 2 8 DCD

CTS 8 1 5 CTS

1 Overview

26 IP560 Security Platform Installation Guide

Figure 5 Nokia IP560 Security Platform System Status LEDs

The location and definition of the status LEDs for the installed network interface cards (NICs) is described in Chapter 5, “About IP560 Appliance Network Interface Cards.”

The location and definition of the status LEDs for Accelerated Data Path (ADP) services modules is described in Chapter 6, “Installing, Using, and Replacing ADP Services Modules.”

Note

The symbols in Ta bl e 4 are visible only if there is an alarm condition, as specified.

Table 4 shows the system status LEDs and describes their meaning.

Table 4 System Status LEDs

Status Indicator Definition Symbol

Solid blue Power on

Solid yellow Appliance is experiencing an

internal voltage problem.

Blinking yellow Appliance is experiencing a

temperature problem.

Solid red One or more fans are not

operating properly. Power supply over temperature fault.

Blinking green System activity indicator

00351

SLOT 2 SLOT 3 SLOT 4

1 2 3 4

Power indicator (blue)

Fault (red)

Warning

(yellow) System OK (green)

Logging Options

IP560 Security Platform Installation Guide 27

Logging Options

The IP560 supports an option for storing local system log files, as described in “Configuring a

Hard-Disk Drive for Logging” on page 93.

Power Supply and Fan Unit

The power supply and fan unit are located at the rear of the IP560 appliance, as shown in

Figure 6.

Figure 6 Power Supply and Fan Unit Locations

Power Supply

The IP560 supports one power supply. The power supply is autosensing and can accept input voltages between 47Hz-64Hz and 85VAC-264VAC. The power supply output is regulated to a tolerance of ± 5 percent of the specified output voltage.

Figure 7 Power Supply, Fan, and Power Switch Locations

For information about how to install or remove and replace a failed power supply, see

“Replacing a Power Supply” on page 104.

The power supply status LEDs provide the status of the power supply as described in Table 5.

00353

Power supply

Fan unit

00353

AC power receptacle

Integrated power supply cooling fan

Power supply switch

Power supply

1 Overview

28 IP560 Security Platform Installation Guide

Fan Unit

The IP560 fan is a single unit made up of four individual fans to provide the air flow required to maintain a proper operating temperature. The fan unit can provide proper airflow for a short time even if an individual fan fails.

Figure 8 Fan Unit

Caution

If an individual fan fails, replace the fan unit as soon as possible. For information about how to replace a failed fan unit, see “Replacing a Fan Unit” on page 103.

The system status LEDs on the front panel of the appliance show the status of the fan unit. For more information about the system status LEDs, see “System Status LEDs” on page 25.

Table 5 Power Supply Status LEDs

LED LED status Meaning

Fault Red Power supply has a voltage problem

and power was turned off.

One power supply in a redundant system is not turned on.

Over Temp Yellow Power supply has an internal

temperature problem. All power to the unit is turned off. After the internal temperature returns to normal, power will be turned back on.

PWR OK Green Power is on and the power supply is

functioning properly.

00362

Site Requirements, Warnings, and Cautions

IP560 Security Platform Installation Guide 29

Site Requirements, Warnings, and Cautions

Before you install a Nokia IP560 security platform, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical

Specifications.”

Warning

Excessive electromagnetic interference (EMI) can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.

Warning

To reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.

Warning

On Nokia IP560 security platforms intended for shipment outside of the United States, the cord set might be optional. If a cord set is not provided, use a power cord rated at 10A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.

Caution

Replace the battery only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.

Caution

Do not block any of the ventilation holes on the appliance. The components might overheat and become damaged.

Software Requirements

The Nokia IP560 security platform supports the following operating system and applications as of the publication date for this guide:

 Nokia operating system software requirements—IPSO v4.0.1 or later

 Check Point VPN-1 versions compatible with the version of Nokia IPSO you are using

For information about updates to the software requirements or additional applications that have become available since this guide was published, contact your Nokia service provider, as listed in “Nokia Contact Information” on page 3.

1 Overview

30 IP560 Security Platform Installation Guide

Product Disposal

At the end of its useful life, your appliance and all peripherals included with it, including power cords and cables, must be disposed of in accordance with all applicable national, state, and local laws and regulations. These devices contain materials and components that must be disposed of properly. Therefore, to help prevent damage to the environment, Nokia encourages you to dispose of these devices in an environmentally-friendly manner.

The following resources are available to you to help with equipment-disposal decisions:

 Many Nokia products are labeled with information about the materials used in their

manufacture that can help those who will process equipment after you have disposed of it.

 The Nokia web site (http://www.nokia.com) provides information about our environmental

programs and practices, which includes details about materials used in manufacturing and end-of-life practices. You can also find your product’s Eco Declaration, which provides basic information on the environmental attributes of the product covering material use, packaging, disassembly, and recycling.

 Contact your local waste management agencies for guidelines specific to your area.

The crossed-out wheeled bin means that within the European Union the product must be taken to separate collection at the product end-of-life. This applies to your device but also to any enhancements marked with this symbol. Do not dispose of these products as unsorted municipal waste.

+ 103 hidden pages

Nokia IP560 - Hard Disk Drive Based Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual