Nokia NPS6113000 - Secure Access System, Secure Access System Getting Started Manual
Nokia Secure Access System
Getting Started Guide
Version 3.0
Part No. N450867004 Rev A
Published November 2004
2 Nokia Secure Access System Getting Started Guide
COPYRIGHT
©2004 Nokia. All rights reserved.
Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not
limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or
registered trademarks of their respective holders.
030114
Nokia Secure Access System Getting Started Guide 3
Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Nokia Customer Support
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or
1-650-625-2000
Fax 1-650-691-2170
Mail
Address
Nokia Inc.
313 Fairchild Drive
Mountain View, California
94043-2215 USA
Americas Nokia Inc.
313 Fairchild Drive
Mountain View, CA 94043-2215
USA
Tel: 1-877-997-9199
Outside USA and Canada: +1 512-437-7089
email: ipsecurity.na@nokia.com
Europe,
Middle East,
and Africa
Nokia House, Summit Avenue
Southwood, Farnborough
Hampshire GU14 ONG UK
Tel: UK: +44 161 601 8908
Tel: France: +33 170 708 166
email: ipsecurity.emea@nokia.com
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark
Singapore 119968
Tel: +65 6588 3364
email: ipsecurity.apac@nokia.com
Web Site: https://support.nokia.com
Email: tac.support@nokia.com
Americas Europe
Voice: 1-888-361-5030 or
1-613-271-6721
Voice: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
031014
4 Nokia Secure Access System Getting Started Guide
Nokia Secure Access System Getting Started Guide 5
Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Web User Interface Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1 Installing the Nokia Secure Access System Gateway . . . . . . . . . . . . . . . . . . . . . 9
Nokia Secure Access System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Security Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Client Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Web Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Email Client Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installation Tasks Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing the Hardware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
About the Nokia IPSO Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Performing Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring Nokia Network Voyager Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Enabling Nokia Network Voyager Web Access with SSL . . . . . . . . . . . . . . . . . 15
Installing the No k ia S e cu re Access Packa g e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Determining If the Package Is Preinstalled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Initializing When the Package Is Preinstalled . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing the Package with Nokia Network Voyager. . . . . . . . . . . . . . . . . . . . . . . 17
Before you Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Obtaining the Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Transferring the Package with FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing or Upgrading the Package with Nokia Network Voyager . . . . . . . . . . 18
Activating the Package with Nokia Network Voyager. . . . . . . . . . . . . . . . . . . . . 22
Installing the Package From the Command-Line Interface. . . . . . . . . . . . . . . . . . 25
newpkg Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Signing On to the G a te w a y as th e Ad ministrator . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Overview of the Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring Nokia Secure Access System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Authenticating the admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
6 Nokia Secure Access System Getting Started Guide
Installing the License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Configuring a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring a Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding a User to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring a Web Resource. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring Access Control Lists for a Web Resource . . . . . . . . . . . . . . . . . . . 44
Specifying User Portal Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Nokia Secure Access System Getting Started Guide 7
About This Guide
Welcome to Nokia Secure Access System. This guide is intended for the system administrator
who installs and configures Nokia Secure Access System. This guide describes how to install
Nokia Secure Access System software and get started with some example configuration
procedures.
For detailed gateway and configuration information, see the Nokia Secure Acces s System
Configuration Guide v3.0.
For an overview of the technologies that the Nokia Secure Access System uses, see the Nokia
Secure Access System Technology Overview.
Conventions This Guide Uses
This document uses the following conventions.
Notices
Note
Notes provide information of special interest or recommendations.
Web User Interface Conventions
Throughout this guide, a greater than sign (>), with spaces before and after the sign, is used to
indicate navigatio n throu ghou t the Web user i nterf ace menu b y clic king menu option s an d links.
For example, to configure a new user group, choose Users > User Configuration > New User
Group.
Note
The globe icon indicates that the adjacent field (in yellow) supports Unicode encoding.
8 Nokia Secure Access System Getting Started Guide
Note
When you provide information in the Nokia Secure Access System configuration fields, click
Save Settings before you select tabs or buttons to ensure that your changes are saved
before you go to a new configuration page.
Related Documentation
For supporting documentati on, che ck the Nokia Secure Access System v3. 0 CD-ROM for the
following documents:
Nokia Secure Access System Release Notes v3.0
Nokia Secure Access System Technology Overview v3.0
Nokia Secure Access System Configuration Guide v3.0
Nokia Secure Access System User’s Guide v3.0
Nokia Secure Access System Getting Started Guide 9
1 Installing the Nokia Secure Access
System Gateway
This section describes how to install the Nokia Secure Access gateway, including:
Nokia Secure Access System Requirements
Installation Tasks Overview
Installing the Hardware
Initial Configuration
Install i ng the Nokia S ecure Access Package
Signing On to the Gateway as the Administrator
Overview of the Configuration Menu
Configuring Nokia Secure Access System
Note
Your Nokia appliance ships with the Nokia Secure Access System package installed. If the
package is not installed, you can install it by using Nokia Network Voyager. For more
information, see “Installing the Package with Nokia Network Voyager” on page 17.
Nokia Secure Access System Requirements
This section describes the hardware and software required to run Nokia Secure Access System,
including security platforms, client operating systems, Web browsers and email client systems.
Server Requirements
This section describes the security platform and operating system requirements for the Nokia
Secure Access System server.
Installing the Nokia Secure Acce ss System Gate way
10 Nokia Secure Access System Getting Started Guide
Security Platforms
The following Nokia IP security appliances support Nokia Secure Access System v3.0:
Nokia IP130
Nokia IP350
Nokia IP380
Nokia IP1260
Note
To run Nokia Secure Access System, the appliance must have at least 256 MB of RAM
installed. For optimum performance, Nokia recommends that at least 512 MB be installed.
Operating System
The following versions of Nokia IPSO-SB support Nokia Secure Access System v3.0:
v3.7 Build 34, 39, 41
v3.7.1 Build 7, 10, 12, 16
v3.8 Build 31, 34, 39
Client Operating Systems
The following client operating systems are supported:
Micro soft Windows operating systems:
98 SE
ME and ME Pocket PC
NTv4, 2000 with SP4
XP Home and Professional, with SP1 and SP2
CE
Red Hat versions 7.3, 8.0, and 9.0
MAC OS X
Note
All operating systems must have the most current version of service packs applied to be
supported.
Installation Task s Ove rvie w
Nokia Secure Access System Getting Started Guide 11
Web Browser Requirements
Most SSL-capable Web browsers are compatible with Nokia Secure Access System, including
the followin g:
Microsoft Internet Explorer v5.5 and later
Netscape v6.2 and later
Mozilla v1.6 and later
Firefox v0.8 and later
Mac OS X Safari
Email Client Systems
The following is a list of supported email client systems for the Nokia Secure Access System:
Microsoft Outlook 98, 2000, 2002, 2003
Outlook Express
Lotus Notes client 5.0, 6.5, 6.0.2
Eudora
Netscape
Mozilla v1.6 and later
Installation Tasks Overview
Table 1 list the common tasks and steps for instal ling the Nokia Secure Access System.
Table 1 Nokia Secure Access System Task Overview
Check
box Task overview Where to find information
Install and connect the hardware “Installing the Hardware” on page 13 of this
guide.
Configure the appliance
• Configure Nokia IPSO
• Perform the initial configuration
• Configure Nokia Network Voyager
settings
“Initial Configuration” on page 13 of this guide.
Install the Nokia Secure Access System
package
“Installing th e Noki a S ecure Ac cess Pack age” on
page 15 of this guide.
Sign on to the gateway as an
administrator
“Signing On to the Gateway as th e Administrator”
on page 27 of this guide.
Install the license “Installing the License” on page 33 of this guide.
Installing the Nokia Secure Acce ss System Gate way
12 Nokia Secure Access System Getting Started Guide
Configure the server certificat e Nokia Secure Ac cess System Configuration
Guide v3.0
Configure network settings
(Listen on specific interfaces, encryption
levels, and so on.)
Nokia Secure Ac cess System Configuration
Guide v3.0
Configure logging
(Syslog, SNMP)
Nokia Secure Ac cess System Configuration
Guide v3.0
Specify user portal settings “Specifying User Portal Settings” on page 45 of
this guide.
Configure users “Configuring a User” on page 37 of this guide.
Configure groups “Configuring a Group” on page 39 of this guide.
Add a user to a group “Adding a User to a Group” on page 40 of this
guide.
Configure Web resources “Configuring a Web Resource” on page 41 of this
guide.
Configuring file resources Nokia Secure Access System Configuration
Guide v3.0
Configuring email resources Nokia Secure Ac cess System Configuration
Guide v3.0
Configuring authentication methods:
• Authenticating users at sign on
• Authenticating with external serv ers
Nokia Secure Ac cess System Configuration
Guide v3.0
Configure client integrity scanning Nokia Secure Access Syst em Configuration
Guide v3.0
Configure advanced access control Nokia Secure Ac cess System Configuration
Guide v3.0
Table 1 Nokia Secure Access System Task Overview (continued)
Check
box Task overview Where to find information
Installing the Hardware
Nokia Secure Access System Getting Started Guide 13
Installing the Hardware
For information about how to install the hardware and ho w to phys ically connect your device to
the network, see t h e do cumen tation for your speci fi c device. For example , if you are installing a
Nokia IP350 security platform, see the installation guide included with your appliance.
Initial Confi guration
This section describes how to perform initial configuration of the Nokia IP security appliance,
and configuring Nokia Voyager settings.
Note
If your appliance was preconfigured, skip the following sections and proceed to “Signing On
to the Gateway as the Administrator” on page 27.
About the Nokia IPSO Operating System
Nokia IP security platforms are based on the Nokia IPSO operating system. The Nokia Secure
Access System software is installed as a package on the Nokia IPSO appliance. Configure your
appliance before you install the Nokia Secure Access System package.
For more information about configuring IPSO, see the Nokia Voyager Reference Guide.
Performing Initial Configuration
This section describes how to perform initial configuration of the Nokia IP security platform.
The first time you supply power to your Nokia appliance, the initial configuration process
begins. This process enables you to configure the network settings and provides access to the
admin account.
You can perform the initial configuration in two ways:
You can configure a DHCP server to provide the initial configuration information the first
time the appliance is started.
You can perform the initial configuration manually by using a console connection. Connect
the supplied null-mode m cable ( consol e cabl e) to t he DB9 por t labe led Cons ole and con nect
the other end of the cable to a system running a terminal-emulation program.
Specify the following information:
Hostname of the appliance.
Use a fully qualified domain name, such as gateway.example.com.
In itial password for the administrator ac count.
Username is admin.
Installing the Nokia Secure Acce ss System Gate way
14 Nokia Secure Access System Getting Started Guide
IP address and netmask bit length for at least one network interface.
Set the netmask b it -l engt h inp ut to the number of bi t s i n the network mask. For example,
for a network mask of 255.255.255.0, enter 24.
Default route address.
Note
For information about how to configure the initial settings, see the IP series installation guide
that is included with your appliance.
Configuring Nokia Network Voyager Settings
After you complete the initial configuration, you can access the Nokia Network Voyager
configuration menu by using your Web browser.
Nokia Network Voyager is an SSL-ca pable, Web-bas ed element managemen t interf ace to Nokia
IP security platforms . Network Voyager is preinst alled on you r applianc e and is enabled t hrough
the Nokia IPSO operating system. With Network Voyager, you can manage, monitor, and
configure the appliance from any authorized location within the network by using a Web
browser.
To access Nokia Network Voyager
1. Enter the URL of the appliance into your Web browser, by using either the appliance IP
address or hostname (for example, http://gateway.example.com).
2. When prompted, authenticate to Network Voyager with the username admin and the
password you specified during the initial configuration.
3. Configure the following appliance settings in Network Voyager:
a. Click the Local Time Setup link in the System Configu rati on secti on to set the loc al time
so that time stamps on logging messages are accurate.
b. Set the default domain suffix, such as example.com.
c. Click the DNS link in the System Configuration section.
d. Specify a valid DNS server so that the gateway can resolve hostnames. The gateway
Network Information System (NIS) client requires that DNS be configured to operate.
Click the DNS link in the System Configuration section.
Installing the Nokia Secure Access Package
Nokia Secure Access System Getting Started Guide 15
Enabling Nokia Network Voyager Web Access with SSL
Secure Socket Layer (SSL) provides a secure way to connect to network appliances by using
Nokia IPSO. Before you install Nokia Secure Access System, enable SSL Web access by using
Network Voyager.
To enable SSL Web access with Network Network Voyager
1. From the Nokia Network Voyager main page, select Security and Access Configuration.
2. From the Voyager Configuration page, select Voyager Web Access.
3. In Voyager Access, check that Allow Voyager Web access is set to Yes.
By default, this is set to Yes.
4. Enter the number of the port to activate in the Voyager SSL port number text box.
The default is 443.
5. Click the encryption level appropriate for your security needs.
For example, 128-bit key or stronger. The default is none, which disables SSL.
When you enter the encry pti on level, you are enterin g the minimum level of encrypt ion y ou
require. Encryption is stronger by default if your Web browser supports it.
6. Click Apply.
Note
Replace http:// with https:// in your browser window before you click Save because you
are enabling a secured connection.
7. Click Save.
IPSO includes a default sample certificate and private key for testing purposes only and do not
provide a secure SSL connectio n. You must generate a certificat e, and the priv ate key associ ated
with the certificate, to create a secure connection by using SSL. For more information, see the
Nokia Network Voyager Reference Guide.
Installing the Nokia Secure Access Package
This section describes how to install the Nokia Secure Access System package on your
appliance, includ ing how t o determine whether the pac kage has been preinstal l ed, how to install
the package from the command line, and performing initialization for both cases.
Note
If your system is preconfigured for use with Nokia Secure Access System, skip this section
and continue to “Signing On to the Gateway as the Administrator” on page 27.
Loading...