background image

4

Nokia IP2255 Security Platform Installation Guide

Summary of Contents for IP2255 - Security Appliance

Page 1: ...Part No N450000275 Rev 002 Published March 2007 Nokia IP2255 Security Platform Installation Guide ...

Page 2: ... by Nokia Inc as is and any express or implied warranties including but not limited to implied warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall Nokia or its affiliates subsidiaries or suppliers be liable for any direct indirect incidental special exemplary or consequential damages including but not limited to procurement of substitute goods or ser...

Page 3: ...SA and Canada 1 512 437 7089 email info ipnetworking_americas nokia com Europe Middle East and Africa Nokia House Summit Avenue Southwood Farnborough Hampshire GU14 ONG UK Tel UK 44 161 601 8908 Tel France 33 170 708 166 email info ipnetworking_emea nokia com Asia Pacific 438B Alexandra Road 07 00 Alexandra Technopark Singapore 119968 Tel 65 6588 3364 email info ipnetworking_apac nokia com Web Sit...

Page 4: ...4 Nokia IP2255 Security Platform Installation Guide ...

Page 5: ...atform 19 Managing the Nokia IP2255 Appliance 20 Nokia IP2255 Appliance Overview 21 Ethernet Management Ports 23 Nokia Network Interface Cards 24 Console Port 26 Serial Port 27 System Status LEDs 29 Fan Unit 30 Storage Devices 31 Power Supplies 31 Product Disposal 32 Site Requirements Warnings and Cautions 33 Software Requirements 34 2 Installing Nokia IP2255 Appliances 37 Rack Mounting the Securi...

Page 6: ...ernet NIC Connectors and Cables 61 Two Port and Four Port Copper Gigabit Ethernet NIC 64 Copper Gigabit Ethernet NIC Features 64 Copper Gigabit Ethernet NIC Connectors and Cables 65 Two Port and Four Port Fiber Optic Gigabit Ethernet NIC 67 Fiber Optic Gigabit Ethernet NIC Features 67 Fiber Optic Gigabit Ethernet NIC Connectors and Cables 68 Single Port Fiber Optic 10 Gigabit Ethernet NIC 69 Fiber...

Page 7: ...7 Installing and Replacing Other Components 85 Replacing the Compact Flash Memory Card 86 Replacing the Memory 91 Replacing the Fan Unit 96 Replacing a Power Supply 98 Replacing the Management NIC 100 8 Troubleshooting 105 General Troubleshooting Information 105 A Technical Specifications 113 Space Requirements 113 B Compliance Information 115 Declaration of Conformity 115 Compliance Statements 11...

Page 8: ...8 Nokia IP2255 Security Platform Installation Guide ...

Page 9: ...P2255 Security Platform Installation Guide 9 Tables Table 1 Text Conventions 15 Table 2 NICs Available for the Network Interface Card Slots 25 Table 3 System Status LEDs 29 Table 4 Power Supply Status LEDs 32 ...

Page 10: ...10 Nokia IP2255 Security Platform Installation Guide ...

Page 11: ...nting Screw Locations 38 Figure 10 Power Switch Location Rear View 48 Figure 11 Nokia Network Voyager Reference Access Points 55 Figure 12 Eight Port Ethernet NIC Front Panel Details 61 Figure 13 Output Connector for the Ethernet Cable 62 Figure 14 Ethernet Crossover Cable Pin Connections 63 Figure 15 Gigabit Ethernet Crossover Cable Pin Connections 63 Figure 16 Two Port Copper Gigabit Ethernet NI...

Page 12: ... Installation Guide Figure 20 Four Port Fiber Optic Gigabit Ethernet NIC Front Panel Details 68 Figure 21 ADP Single Port 10 Gigabit Ethernet NIC 70 Figure 22 Location of Compact Flash Memory Card 87 Figure 23 DIMM Socket Locations 92 ...

Page 13: ...nformation In this Guide Conventions this Guide Uses Related Documentation In this Guide This guide is organized into the following chapters and appendixes Chapter 1 Overview presents a general overview of the IP2255 security platform Chapter 2 Installing Nokia IP2255 Appliances describes how to rack mount the appliance Chapter 3 Performing the Initial Configuration describes how to connect the po...

Page 14: ... flash memory card DIMMs the fan tray unit power supplies and the Ethernet management ports Chapter 8 Troubleshooting describes problems you might encounter and proposes solutions to these problems Appendix A Technical Specifications provides physical technical specifications Appendix B Compliance Information provides compliance and regulatory information Conventions this Guide Uses The following ...

Page 15: ...tions Text Conventions Table 1 describes the text conventions this guide uses Table 1 Text Conventions Convention Description monospace font Indicates command syntax or represents computer or screen output for example Log error 12453 bold monospace font Indicates text you enter or type for example ifconfig a Key names Keys that you press simultaneously are linked by a plus sign Press Ctrl Alt Del ...

Page 16: ...on of Nokia IPSO you are using Nokia IPSO Boot Manager Reference Guide which describes how to use the Nokia IPSO boot manager Clustering Configuration Guide for the version of Nokia IPSO you are using Nokia Network Voyager inline help You can find the most up to date version of the Nokia IP2255 Security Platform Installation Guide in PDF on the Nokia support site https The words enter and type Ent...

Page 17: ...stallation Guide 17 support nokia com You can access inline help the Nokia Network Voyager Reference Guide and the CLI Reference Guide from Nokia Network Voyager Check Point documentation is available from the Check Point Web site at http www checkpoint com ...

Page 18: ...18 Nokia IP2255 Security Platform Installation Guide ...

Page 19: ...okia IP2255 appliance combines the power of Nokia IPSO software with Check Point VPN 1 enterprise applications Nokia IP2255 appliances are ideally suited to handle small packet sizes short lived sessions and short lived connections and to provide secure Internet connectivity The Nokia IP2255 appliances use accelerated data path ADP technology to deliver gigabit firewall and VPN forwarding performa...

Page 20: ...ations Managing the Nokia IP2255 Appliance You can manage the Nokia IP2255 appliance by using one of the following interfaces Nokia Network Voyager an SSL secured Web based element management interface to Nokia IP Security Platforms Network Voyager is preinstalled on the IP2255 appliance and enabled through the IPSO operating system With Network Voyager you can manage monitor and configure the app...

Page 21: ...2 500 Nokia IP Security Platforms offering administrators the most rapid and dependable method to perform Check Point application upgrades For information about how to obtain Horizon Manager see the Nokia Contact Information on page 3 Nokia IP2255 Appliance Overview The front panel of the Nokia IP2255 appliance includes the following components Four 10 100 1000 Ethernet management ports Four netwo...

Page 22: ...em storage The power supplies are located at the back of the IP2255 appliance as shown in Figure 2 00010 1 2 3 4 10 100 1000BaseT IP2255 10Base SR X2 10 100BaseT 10 100BaseT 10Base SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 L A L A L A L A SLOT 3 SLOT 4 SLOT 1 SLOT 2 SLOT 5 CONSOLE AUX PCMCIA RESET Console port Fan tray System status LEDs PC card slots 10 100 100...

Page 23: ...gned to be used for the following purposes Managing the platform Firewall synchronization traffic IP cluster protocol traffic Connection to a log server The Nokia IP2255 appliance management ports are not suitable for forwarding production data traffic Do not use them for this purpose Nokia recommends that you configure one port as the primary management interface and a second port as the backup m...

Page 24: ... Nokia recommends the use of shielded twisted pair cables and connectors for best Electromagnetic Interference and Immunity performance Nokia Network Interface Cards The Nokia IP2255 appliances have four network interface card NIC slots Each slot can accommodate one NIC The NICs interface with the ADP subsystem Figure 4 shows the slot numbers for the NIC slots 1 2 3 4 10 100 1000BaseT 00157 RJ 45 ...

Page 25: ...see Two port copper Gigabit Ethernet NIC Two Port and Four Port Copper Gigabit Ethernet NIC on page 64 Two port fiber optic Gigabit Ethernet NIC Two Port and Four Port Fiber Optic Gigabit Ethernet NIC on page 67 Eight port 10 100 Ethernet NIC Eight Port 10 100 Ethernet NIC on page 60 One port fiber optic 10 Gigabit Ethernet NIC Fiber Optic 10 Gigabit Ethernet NIC Features on page 69 Nokia encrypti...

Page 26: ... can provide support only for Nokia products that use Nokia approved accessories For sales or reseller information contact a Nokia service provider listed in the Nokia Contact Information on page 3 Console Port Use the built in console port shown in Figure 1 on page 22 to supply information that makes the appliance available on the network Figure 5 provides pin assignment information for console c...

Page 27: ...l Port Use the built in serial AUX port shown in Figure 1 on page 22 to establish a modem connection to manage the appliance Figure 6 provides pin assignment information for modem connections 00156 6 9 5 1 Pin Assignment Input Output 1 DCD Input 2 RXD Input 3 TXD Output 4 DTR Output 5 GND 6 DSR Input 7 RTS Output 8 CTS Input 9 DTR Output ...

Page 28: ...nnection 00156 6 9 5 1 Pin Input or output To DB25 cable out To DB9 cable out 1 DCD Input 8 DCD 7 RTS 8 CTS 2 RXD Input 2 TXD 3 TXD 3 TXD Output 3 RXD 2 RXD 4 DTR Output 20 DTR 6 DSR 9 RI 5 GND 7 GND 5 GND 6 DSR Input 6 DSR 4 DTR 7 RTS Output 4 RTS 1 DCD 8 CTS Input 5 CTS 1 DCD 9 RI Output 22 RI 4 DTR ...

Page 29: ... system status LEDs are located on the front panel of the appliance as shown in Figure 7 Figure 7 System Status LEDs Table 3 shows the system status LEDs and describes their meaning Table 3 System Status LEDs Status indicator Meaning Symbol Solid blue Power on Solid yellow Appliance is experiencing an internal voltage problem 00025 10Base SR X2 A L Power and status Voltage Fan unit and power suppl...

Page 30: ...fan fails Caution If an individual fan fails replace the fan unit as soon as possible For information about how to replace a failed fan unit see Replacing the Fan Unit on page 96 The system status LEDs on the front panel of the appliance show the status of the fan unit For more information about the system status LEDs see System Status LEDs on page 29 Blinking yellow Appliance is experiencing a te...

Page 31: ...r supplies for enhanced power sharing and redundancy The power supplies are hot swappable and perform load sharing while two active power supplies are connected in parallel Load sharing increases the life of the power supplies Note Both power supplies should be turned on for load sharing and redundancy The power supplies are autosensing and can accept input voltages between 100 to 127 VAC and 200 ...

Page 32: ...ces contain materials and components that must be disposed of properly Therefore to help prevent damage to the environment Nokia encourages you to dispose of these devices in an environmentally friendly manner Table 4 Power Supply Status LEDs LED LED status Meaning PWR OK Green Power is on and the power supply is functioning properly FAULT Red Power supply has a voltage problem and power is turned...

Page 33: ...e environmental attributes of the product covering material use packaging disassembly and recycling Contact your local waste management agencies for guidelines specific to your area Site Requirements Warnings and Cautions Before you install your appliance ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A Technical Specifications Warni...

Page 34: ...ning can result in injuries to personnel or damage to equipment Warning An explosion might occur if the battery is incorrectly placed Replace the battery only with the same or equivalent type that the manufacturer recommends Dispose of used batteries according to the manufacturer s instructions Caution Do not block any ventilation slots on the appliance Internal components might overheat and be da...

Page 35: ...m Installation Guide 35 For information about updates to the software requirements or additional applications that have become available since this guide was published contact your Nokia service provider as listed in Nokia Contact Information on page 3 ...

Page 36: ...1 Overview 36 Nokia IP2255 Security Platform Installation Guide ...

Page 37: ...re you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic components Rack Mounting the Security Platform The Nokia IP2255 appliances mount in a standard 19 inch equipmen...

Page 38: ...might overheat and be damaged Before You Begin Since the Nokia IP2255 appliances are very heavy Nokia recommends that you remove the power supplies fan unit and chassis tray assembly from the chassis before you install the security platform in the equipment rack To rack mount the appliance you need A Phillips head screwdriver Suitable grounded work surface on which to place the chassis tray assemb...

Page 39: ...he fan unit from the appliance a Locate the two retaining screws on the front panel that secure the fan unit b Loosen the retaining screws by turning them counterclockwise by hand or by using a screwdriver 00010 1 2 3 4 10 100 1000BaseT IP2255 10Base SR X2 10 100BaseT 10 100BaseT 10Base SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 L A L A L A L A SLOT 3 SLOT 4 SLOT...

Page 40: ...ve each power supply from the rear of the appliance a Locate the power supplies on the back of the appliance and the two retaining screws that secure each power supply b Loosen the retaining screws by turning them counterclockwise 00081 10Base SR X2 10Base SR X2 A L A L SLOT 1 SLOT 2 CONSOLE AUX RESET 00034 PWR OK FAULT OVR TEMP PWR OK FAULT OVR TEMP Retaining screws 4 ...

Page 41: ...IP2255 Security Platform Installation Guide 41 c Use the handle to gently pull each power supply out of the chassis 4 Optionally remove the chassis tray assembly from the security platform 00083 PW R OK FAU LT OVR TEM P PW R OK FAU LT OVR TEM P ...

Page 42: ...ope before you open the appliance a Loosen the four chassis tray assembly retaining screws from the front panel of the appliance 00010 1 2 3 4 10 100 1000BaseT IP2255 10Base SR X2 10 100BaseT 10 100BaseT 10Base SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 L A L A L A L A SLOT 3 SLOT 4 SLOT 1 SLOT 2 SLOT 5 CONSOLE AUX PCMCIA RESET Chassis tray assembly retaining scr...

Page 43: ...t the right side of the chassis tray assembly slightly as you pull it out of the chassis so that the release tab clears the slot on the chassis 00094 IP2255 1 2 3 4 10 100 10 00B ase T 10 Ba se SR X2 10 10 0B as eT 10 10 0B as eT 10 Ba se SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A L A L A SL OT 1 SL OT 2 SL OT 4 SL OT 5 SL OT 3 CO NS OL E AU X PC MC IA 1 2 RE SET Chassis tra...

Page 44: ...ting screws located on the mounting brackets Secure the bottom two screws first 7 Slide the chassis tray assembly back into the appliance until it clicks into place and resecure the four chassis tray assembly retaining screws 8 Reinstall the fan unit into the front of the appliance 9 Reinstall the power supplies 00553 IP2255 IP2255 Brackets located for flush with rack installation Brackets located...

Page 45: ...appliance is started Perform the initial configuration manually by using a console connection This chapter describes how to perform the initial configuration manually by using a console connection It includes the following sections Using a Console Connection Connecting Power and Turning the Power On Performing the Initial Configuration Connecting Network Interfaces Using Nokia Network Voyager Usin...

Page 46: ...celerator Card Using a Console Connection If you do not use DHCP to perform the initial configuration of your Nokia appliance you must use a serial console connection cable included After you perform the initial configuration you no longer need the console connection You can use any standard VT100 compatible terminal with an RS 232 data terminal equipment DTE interface or terminal emulation progra...

Page 47: ...f the cable to the VT100 console or to a system running a terminal emulation program Connecting Power and Turning the Power On A power switch and a receptacle for the power cord are located on each power supply on the back of the appliance as shown in Figure 10 00010 1 2 3 4 10 100 1000BaseT IP2255 10Base SR X2 10 100BaseT 10 100BaseT 10Base SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 ...

Page 48: ...ment Nokia strongly recommends that you use an uninterruptible power supply UPS with surge protection with your appliance To connect the power supply 1 Connect the power cord securely into the power cord receptacle on the power supply 2 Plug the other end of the power cord into a grounded power strip or wall outlet 3 Toggle the power switch to the on position to provide power to the appliance 0003...

Page 49: ...peat step 1 through step 3 to connect and turn on the second power supply 5 Check the power LED the Nokia logo on the front panel of the appliance to ensure that the power supply is operating correctly For more information about the system status LEDs see System Status LEDs on page 29 If the fans are not running or if the power LED is not illuminated make sure that The power cord is properly conne...

Page 50: ... to configure the management interface To perform the initial configuration 1 Turn on the appliance At the console a series of startup messages appears then the following prompt appears Type any character to enter command mode The prompt remains on the screen for about five seconds Note For information about how to use the boot manager see the Nokia IPSO Boot Manager Reference Guide After some mis...

Page 51: ...ed to respond to any request To reset the incorrect host name and IP address a Establish a console connection to the system b Enter the following rm config active or mv config active config active old c Reboot the appliance d Respond to the Hostname prompt within 30 seconds to prevent the DHCP client from restarting 3 At each subsequent prompt enter the requested configuration information For more...

Page 52: ...so connect the remaining LAN interface cables at this point although you are not required to do so To connect Gigabit Ethernet devices to the copper Gigabit Ethernet NIC use a straight through or crossover cable with an RJ 45 connector For details see Copper Gigabit Ethernet NIC Connectors and Cables on page 65 To connect Gigabit Ethernet devices to the fiber optic Gigabit Ethernet NIC use a multi...

Page 53: ... devices to the 8 port Ethernet NIC or 10 100 1000 Ethernet devices to the management ports use a straight through cable with an RJ 45 connector For details see 10 100 Ethernet NIC Connectors and Cables on page 61 Using Nokia Network Voyager Use Nokia Network Voyager to configure and monitor your appliance For additional information about how to use Network Voyager see Viewing Nokia IPSO Documenta...

Page 54: ...s accessible from the Network Voyager interface as shown in Figure 11 Nokia Network Voyager Reference Guide This guide is the comprehensive reference source for Nokia Network Voyager To access this source look at the list in the navigation tree on the left side of the window as shown in Figure 11 You can also access the Nokia Network Voyager Reference Guide and other Nokia IPSO documentation at th...

Page 55: ...e Access Points Using the Command Line Interface You can also use the IPSO command line interface CLI to manage and configure Nokia appliances from the command line Everything that you can accomplish with Network Voyager you can also do with the CLI Link to complete user documentation Link to inline help context sensitive help ...

Page 56: ...settings but you cannot change them You can now execute CLI commands from the CLI shell and the IPSO shell The IPSO shell is what you see when you initially log on to the platform For more information about how to access and use the CLI see the Nokia CLI Reference Guide for the version of IPSO you are using Execute from To Implement Purpose IPSO command line Enter the following command to invoke t...

Page 57: ...tain configuration information upgrade or downgrade the operating system perform application installations and distribute necessary licensing to multiple platforms simultaneously thereby reducing potential human error and improving productivity Using Horizon Manager a network security professional can manage multiple devices simultaneously perform parallel software upgrades device verifications de...

Page 58: ...3 Performing the Initial Configuration 58 Nokia IP2255 Security Platform Installation Guide ...

Page 59: ...rchase a NIC with your appliance the NIC is installed before the appliance is delivered to you For information about how to add or replace a NIC see Chapter 6 Installing and Replacing Network Interface Cards For information about the Ethernet management ports in slot 5 see Ethernet Management Ports on page 23 The NICs that the Nokia IP2255 appliances support connect to the Nokia ADP subsystem All ...

Page 60: ...appliance If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic component Eight Port 10 100 Ethernet NIC Every Nokia IP2255 appliance has four dual mode 10 Mbps and 100 Mbps Ethernet ports for management and synchronization traffic Additionally the Nokia IP2255 appliances support Nokia approved eight port UTP5 dual mode 10 Mbps and 100 Mbps ...

Page 61: ...minate The IP2255 appliances can accommodate up to four eight port 10 100 Ethernet NICs 10 100 Ethernet NIC Connectors and Cables The Ethernet connectors on the eight port 10 100 Ethernet NIC are RJ 45 connectors Use a straight through cable to connect the NIC to a 10 Mbps or 100 Mbps hub or switch Use a crossover cable to connect directly to a host Use IEEE 802 3 10BASE T 100Base TX Cat 5 shielde...

Page 62: ...agnetic Interference and Immunity performance Figure 13 shows the pin assignments for the straight through cable with an RJ 45 connector The RJ 45 cable output connector is numbered from right to left with the copper tabs facing up and toward you Figure 13 Output Connector for the Ethernet Cable Figure 14 shows the pin assignments for the RJ 45 crossover cable 00270 8 1 Pin Assignme nt 1 TX 2 TX 3...

Page 63: ...n also use cables intended for Gigabit Ethernet NIC connections for your Ethernet NIC connections as shown in Figure 15 Figure 15 Gigabit Ethernet Crossover Cable Pin Connections You can order appropriate adapter cables separately from a cable vendor of your choice 00017 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 00020 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 ...

Page 64: ...r Gigabit Ethernet NICs For software requirements applicable to this product see Software Requirements on page 34 Copper Gigabit Ethernet NIC Features The copper Gigabit Ethernet NIC supports tracing through tcpdump Figure 16 shows the front panel layout of the two port Ethernet NIC Figure 16 Two Port Copper Gigabit Ethernet NIC Front Panel Details 00292 1 Port 1 Port 2 Receive LEDs yellow Transmi...

Page 65: ...eceived RX and transmitted TX the appropriate LEDs on the appliance illuminate yellow The IP2255 appliances can accommodate up to four copper Gigabit Ethernet NICs Copper Gigabit Ethernet NIC Connectors and Cables The Ethernet connectors on the two port copper Gigabit Ethernet NIC are RJ 45 connectors Use a straight through or crossover cable to connect the NIC to a 1000 Mbps hub or switch or to c...

Page 66: ...ectors for best Electromagnetic Interference and Immunity performance For straight through cable pin assignments see Figure 13 on page 62 and for crossover cable pin assignments see Figure 19 Note The cable configuration shown in Figure 18 can be used for Ethernet crossover connections as well Figure 18 Gigabit Ethernet Crossover Cable Pin Connections 00020 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 ...

Page 67: ...nts applicable to this product see Software Requirements on page 34 Fiber Optic Gigabit Ethernet NIC Features The fiber optic Gigabit Ethernet NIC supports tracing through tcpdump Figure 19 shows the front panel layout of the two port fiber optic Gigabit Ethernet NIC Figure 19 Two Port Fiber Optic Gigabit Ethernet NIC Front Panel Details Figure 20 shows the front panel layout of the four port fibe...

Page 68: ...can accommodate up to four fiber optic Gigabit Ethernet NICs Fiber Optic Gigabit Ethernet NIC Connectors and Cables To connect the fiber optic Gigabit Ethernet NIC to other network components use a multimode fiber optic cable with an LC connector for each NIC interface The destination end of the cable can be either LC or SC depending on the type of connector required for the destination Gigabit Et...

Page 69: ...s provide the following features High bandwidth Full duplex mode operation no half duplex support Tracing through tcpdump Compliance with IEEE 802 3ae 10 Gigabit Ethernet specification Support for ANSI ITUT OC192 STM 64 SONET SDH interfaces ITUT G 709 OIF OC192 VSR and INCIT ANSI 10GFC 10 Gigabit Fibre Channel Support for VLAN as specified by the IEEE 802 1q standard Figure 21 shows the front pane...

Page 70: ...ct the fiber optic 10 Gigabit Ethernet NIC to other network components use a floating not rigid multi mode for short range interfaces or single mode for long range interfaces duplex SC optical connector for each NIC interface The destination end of the cable can be either LC or SC depending on the type of connector required for the destination 10 Gigabit Ethernet device You can also use a half dup...

Page 71: ...255 Security Platform Installation Guide 71 interfaces or 10GBASE LR for long range interfaces compatible cables from a cable vendor of your choice Cables that connect to the 10 Gigabit Ethernet NIC must be IEEE 802 3 compliant to prevent potential data loss ...

Page 72: ...4 Connecting to the Network Interface Cards 72 Nokia IP2255 Security Platform Installation Guide ...

Page 73: ...ing that enhances performance The Nokia encryption accelerator card has no external ports or LEDs and requires no cables When you specify that a Nokia encryption accelerator card is to be included with a Nokia appliance the card is installed before the appliance is delivered to you For software requirements applicable to this product see Software Requirements on page 34 This chapter covers the fol...

Page 74: ...ncryption Accelerator Card The Nokia IP2255 appliances have four slots on the front of the appliance that hold one NIC each You can install the Nokia encryption accelerator card in any available slot The Nokia encryption accelerator card does not support hot swapping You must shut down the appliance before you remove install or replace a Nokia encryption accelerator card Before you Begin To remove...

Page 75: ... see Using Nokia Network Voyager on page 53 2 Identify the location of the NIC or cover plate to remove 3 Loosen the two retaining screws on the front plate of the NIC Caution To avoid damage to the ejector and locking lever loosen the two retaining screws before you remove any NIC One screw is located behind the ejector and locking lever and the other screw is on the opposite side of the NIC Note...

Page 76: ...s released and extends slightly beyond the front panel of the appliance 1 2 3 4 10 10 0 10 00 Ba seT 10 1 00 Ba se T 10 1 00 Ba se T 10 Ba se SR X2 A L A L IP2255 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A L A L A SL OT 1 SL OT 2 SL OT 4 SL OT 5 SL OT 3 CO NSO LE PC MCIA 1 2 RE SE T 10 Ba se SR X2 A L Push red button to disengage or engage lock Unscrew screw to release Release or lock int...

Page 77: ...late onto the front of the empty slot formerly occupied by the NIC you removed The cover plate is required for the IP2255 appliances to meet emissions requirements during operation 9 Reboot the appliance If you used Network Voyager to halt the system push the reset button on the front panel of the security platform If you used the CLI to halt the system press any key to reboot 00305 1 2 3 4 10 10 ...

Page 78: ...onfig utility to disable SecureXL You can also configure the IP2255 appliances to use the Nokia encryption accelerator card for IKE acceleration When you enable IKE acceleration the Nokia encryption accelerator card performs cryptographic operations for IPsec tunnel negotiation To enable IKE acceleration 1 From the Network Voyager home page click Security and Access Configuration then click IKE Ac...

Page 79: ...Cs Eight port 10 100 Ethernet NIC Two port copper Gigabit Ethernet NIC Two port fiber optic Gigabit Ethernet NIC Single port fiber optic 10 Gigabit Ethernet NIC The Nokia IP2255 appliances also support the Nokia encryption accelerator card in any of the four slots on the front of the chassis For information about the Nokia encryption accelerator card see Chapter 5 Installing Replacing and Configur...

Page 80: ...strap and following the instructions provided with the wrist strap before you handle the components or open the appliance If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic component Removing Installing and Replacing NICs The Nokia IP2255 appliances have four slots on the front of the appliance that hold one NIC each Because the Nokia IP2...

Page 81: ...r cover plate to remove or replace 2 Loosen the two retaining screws on the front plate of the NIC Caution To avoid damage to the ejector and locking lever loosen the two retaining screws before you remove any NIC One screw is located behind the ejector and locking lever and the other screw is on the opposite side of the NIC Note If no NIC is currently installed remove the two retaining screws on ...

Page 82: ...d extends slightly beyond the front panel of the appliance 1 2 3 4 10 10 0 10 00 Ba seT 10 1 00 Ba se T 10 1 00 Ba se T 10 Ba se SR X2 A L A L IP2255 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A L A L A SL OT 1 SL OT 2 SL OT 4 SL OT 5 SL OT 3 CO NSO LE PC MCIA 1 2 RE SE T 10 Ba se SR X2 A L Push red button to disengage or engage lock Unscrew screw to release Release or lock into place 10 Ba...

Page 83: ...meet emissions requirements during operation 8 Press the lever to make sure that the NIC is locked into place 9 Tighten the two retaining screws on the front plate of the NIC If you cannot tighten the retaining screws the NIC is not installed properly Remove the NIC and reinstall it The front plate of the NIC must be flush with the chassis The link light might illuminate even if the NIC is not ful...

Page 84: ... Voyager see Using Nokia Network Voyager on page 53 For information about how to access Network Voyager see Using the Command Line Interface on page 55 Monitoring NICs You can assess the general operating condition of the NICs in your appliance by looking at the LED status indicators on each NIC The status indicators for each NIC are explained in Chapter 4 Connecting to the Network Interface Cards...

Page 85: ...red Replacing the Compact Flash Memory Card Replacing the Memory Replacing the Fan Unit Replacing a Power Supply Replacing the Management NIC For information about how to add or replace network interface cards NICs see Chapter 6 Installing and Replacing Network Interface Cards For information about how to add or replace the Nokia encryption accelerator card see Installing Replacing and Configuring...

Page 86: ...rounding wrist strap make sure you are properly grounded before you touch any electronic component Note You should have a working knowledge of networking equipment before you attempt to service an IP2255 appliance Limit service of the appliance to the procedures described in this chapter Replacing the Compact Flash Memory Card The compact flash memory card is located in a slot on the motherboard n...

Page 87: ...eed Physical access to the appliance Access to the appliance by using Nokia Network Voyager or the CLI A Phillips head screwdriver Replacement compact flash memory card and accompanying documentation You must perform an orderly shutdown of the appliance and turn the power off whenever you open the chassis tray assembly to service internal components 00180 Compact flash memory card slot ...

Page 88: ...twork Voyager or the CLI halt command to perform an orderly shutdown of your appliance For information about how to access Network Voyager and the related reference materials see Using Nokia Network Voyager on page 53 2 Press the power switch located on each power supply at the back of the appliance to turn off power to the appliance Note Make sure you turn off both power supplies 3 Locate the fan...

Page 89: ...assembly retaining screws on the front panel of the appliance 00081 10Base SR X2 10Base SR X2 A L A L SLOT 1 SLOT 2 CONSOLE AUX RESET Retaining screws 00010 1 2 3 4 10 100 1000BaseT IP2255 10Base SR X2 10 100BaseT 10 100BaseT 10Base SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 L A L A L A L A SLOT 3 SLOT 4 SLOT 1 SLOT 2 SLOT 5 CONSOLE AUX PCMCIA RESET Chassis tray ...

Page 90: ...card into the slot 10 Slide the chassis tray assembly back into the appliance until it clicks into place 11 Resecure the four chassis tray assembly retaining screws 12 Replace the fan unit and resecure the two fan unit retaining screws 00094a IP2255 1 2 3 4 10 10 0 10 00 Ba seT 10 Ba se SR X2 10 1 00 Ba se T 10 1 00 Ba se T 10 Ba se SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A...

Page 91: ...l inline memory module DIMM sockets and comes with 2 GB of memory in four 512 MB DIMMs which is the maximum supported memory configuration Note Nokia products only support memory kits purchased from Nokia or Nokia approved resellers For further information contact the appropriate Nokia customer support site listed in Nokia Contact Information on page 3 The DIMM sockets are located on the center re...

Page 92: ... the components or open the appliance If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic component To replace the appliance memory you need Physical access to the appliance Access to the security platform by using Nokia Network Voyager or the CLI A Phillips head screwdriver 00117 IP2255 1 2 3 4 10 10 0 1 00 0B ase T 10 Ba se SR X2 10 1 00...

Page 93: ...ter the system shuts down press the power switch located on each power supply at the back of the appliance to turn off power to the appliance Note Make sure you turn off both power supplies 3 Loosen the four chassis tray assembly retaining screws on the front panel of the security platform 4 Slide the chassis tray assembly forward to expose the DIMM sockets on the IP2255 motherboard 00010 1 2 3 4 ...

Page 94: ... lift the right side of the chassis tray assembly slightly as you pull it out of the chassis so that the release tab clears the slot on the chassis 00094 IP2255 1 2 3 4 10 100 10 00B ase T 10 Ba se SR X2 10 10 0B as eT 10 10 0B as eT 10 Ba se SR X2 A L A L 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A L A L A SL OT 1 SL OT 2 SL OT 4 SL OT 5 SL OT 3 CO NS OL E AU X PC MC IA 1 2 RE SET Chassis...

Page 95: ...IMM alternately to gradually free it from the contact pins 7 Press the new DIMM into the socket until it clicks into place The top of the DIMM is smooth The bottom edge has two different length sets of contacts which mate with the slots on the socket Be sure the contacts and slots are properly aligned before you insert the DIMM The retaining clips move into the lock position as you press the DIMM ...

Page 96: ...f four individual fans to provide the air flow required to maintain a proper operating temperature The fan unit provides N 1 cooling so it can provide proper airflow even if an individual fan fails Caution To help guard against electrostatic discharge damage make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you ...

Page 97: ...swappable which means you can remove and install the fan unit on the front of the appliance without shutting down the device To replace a fan unit 1 Locate the fan unit on the front of the appliance and the two retaining screws that secure it to the chassis 2 Loosen the screws by turning them counterclockwise 3 Slowly pull the fan unit out of the chassis toward the front 4 If the appliance is runn...

Page 98: ... instructions provided with the wrist strap before you handle the components or open the appliance If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic component To replace a power supply you need Physical access to the appliance A Phillips head screwdriver Replacement power supply and accompanying documentation Warning To reduce the risk o...

Page 99: ...nect the power cord from the power supply 4 Loosen the two retaining screws that secure the power supply 5 Use the handle to gently pull the power supply out of the chassis 6 Insert the new power supply into the empty bay 7 Resecure the two retaining screws 8 Connect the power cord to the power supply Nokia recommends that you connect the power cord to the power supply only when it is safely insta...

Page 100: ... power to the unit before you attempt to remove the management NIC Failure to do so could cause electric shock with burns or death resulting to the user To remove the Ethernet management NIC 1 Use Network Voyager or the CLI halt command to perform an orderly shutdown of the appliance For information about how to access Network Voyager and the related reference materials see Using Nokia Network Voy...

Page 101: ...ard the outer edge of the appliance d Continue to press or push the lever outward until the NIC is released and extends slightly beyond the front panel of the appliance e Gently pull the NIC out from the slot and place it on a suitable grounded work surface 1 2 3 4 10 10 0 1 00 0B aseT 10 1 00 Ba se T 10 1 00 Ba se T 10 Ba se SR X2 A L A L IP2255 1 3 5 7 2 4 6 8 1 3 5 7 2 4 6 8 1 3 5 7 5 7 L A L A...

Page 102: ...y platform To Install the replacement NIC 1 Insert the replacement NIC into slot 5 and guide both sides of the NIC into the metal tracks on either side of the slot 2 Press the NIC into the slot until it reconnects to the motherboard and is flush with the front panel of the security platform Note If the management NIC does not slide easily into the slot or if it extends beyond the front panel it mi...

Page 103: ... the appliance The security platform automatically recognizes the new four port 10 100 1000 Ethernet management NIC 7 Reconnect the cables to the ports on the management NIC and access Network Voyager by using the same connection you used before you replaced the NIC If you cannot access Network Voyager verify that the NIC is installed properly Verify that the status LEDs indicate a connection to t...

Page 104: ...7 Installing and Replacing Other Components 104 Nokia IP2255 Security Platform Installation Guide ...

Page 105: ...nformation in this section relates to problems you might encounter during the IP2255 appliance installation Problems Interfacing to 1483 Devices Classical IP Problem Remote and local devices are not configured for the same VC and VP value Solution Set remote and local devices to the same VC and VP values Consult your 1483 device documentation Problem Remote and local devices are not in the support...

Page 106: ...t Receiving Power Problem Power cord is not properly plugged in Solution Check cord Make sure it is properly seated at both ends Problem Power supply not providing power Solution Check power source If there is no power at the source take appropriate action such as inserting a new fuse or resetting circuit breaker Unable to Log In to the Console Port No Error Message Two laptop computers using term...

Page 107: ...olution The Nokia IP2255 appliances do not use flow control The terminal should be set for no flow control Problem Defective appliance or file system Solution Contact the Nokia customer support site listed in Nokia Contact Information on page 3 Login Prompt Appears But Password Not Accepted Problem Database is corrupt Solution Return to default settings as described in To reset the default databas...

Page 108: ...nter D Shift 6 D to boot to multiuser mode 7 After the system boots log on to the security platform by using Network Voyager or the CLI and set a permanent password For information about how to access Network Voyager and the related reference materials see Using Nokia Network Voyager on page 53 For information about how to access the CLI and the related reference materials see Using the Command Li...

Page 109: ...mplete the full installation procedure see the current release notes The release notes are located on the Nokia customer support Web site as listed in the Nokia Contact Information on page 3 Not Able to Connect to Nokia Network Voyager by Using the Ethernet Port But Console Access Works Problem Using the wrong Ethernet cable Solution Use a crossover Ethernet cable if you are connecting directly to...

Page 110: ...ting by using the CLI For information about how to access the CLI and the related reference materials see Using the Command Line Interface on page 55 Problem NIC is not installed correctly Solution Remove the NIC and reinstall it Ensure that you are able to tighten the retaining screws on both sides of the NIC Do Not See Interfaces that Should be Present Problem Local appliance ports do not appear...

Page 111: ...100 Mbps or 1000 Mbps Problem Port not enabled Solution Verify that the interface port is configured as active by using the using the CLI show interfaces command For information about how to access the CLI and the related reference materials see Using the Command Line Interface on page 55 Problem High collision rate on the hub Solution Disconnect connections one at a time until the problem is loca...

Page 112: ...8 Troubleshooting 112 Nokia IP2255 Security Platform Installation Guide ...

Page 113: ...ch appliance requires the following space in a rack 5 25 inches 13 5 centimeters of vertical space Dimensions Height 5 21 in 13 24 cm Width 17 in 44 cm 19 in 48 cm rack mountable Depth 21 88 in 55 58 cm Operational Temperature 0 C to 45 C 32 F to 113 F Humidity 5 to 85 Short Term Operational Temperature not to exceed 96 consecutive hours 5 C to 50 C 23 F to 122 F Humidity 5 to 90 ...

Page 114: ...6 centimeters behind the front panel of the rack 7 inches 18 centimeters behind the appliance to allow the back exit fan to move air through the appliances and to remove the power supply Caution Do not block the ventilation holes on the appliance The appliance might overheat and become damaged ...

Page 115: ...pendix contains the following compliance information Declaration of Conformity Compliance Statements FCC Notice US Declaration of Conformity According to ISO IEC Guide 22 and EN 45014 Manufacturer s Name Nokia Inc Manufacturer s Address 313 Fairchild Drive Mountain View CA 94043 2215 USA ...

Page 116: ... this product complies with the requirements of the Low Voltage Directive 73 23 EEC and the EMC Directive 89 336 EEC with Amendment 93 68 EEC Product Names IP2255 Model Number IP02200 Product Options All Serial Number 1 to 100 000 Date First Applied 2003 Safety EN60950 1992 A1 A2 1993 A3 1995 A4 1997 A11 1998 with Japanese National Deviations EMC EN55024 1998 EN55022A 1998 EN61000 3 2 EN61000 3 3 ...

Page 117: ...missions Standards Christopher Saleem Compliance Reliability Engineering Manager Security Mobile Connectivity Enterprise Solutions Mountain View California May 2006 Tom Furlong Vice President and General Manager Security Mobile Connectivity Enterprise Solutions Mountain View CA FCC Part 15 Subpart B Class A US Canada EN55022 CISPR 22 Class A European Community CE ...

Page 118: ...rsuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency EN55024 European Community CE EN61000 4 2 EN61000 4 3 EN61000 4 4 EN61000 4 5 EN61000 4 6 EN61000 4 8 EN61000 4 11 EN61000 3 2 European Community CE EN61000 3 3 European Community CE UL EN...

Page 119: ...r television reception the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the computer and receiver Connect the computer into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Caution...

Page 120: ...B Compliance Information 120 Nokia IP2255 Security Platform Installation Guide ...

Page 121: ...ompact flash 22 31 card location 86 replacing 86 compliance statements 117 component locations 21 configuration removing active 51 configuring console connection 46 conformity declaration of 115 connecting Ethernet devices 53 modem 27 network interfaces 52 power 47 connectors 10 100 Ethernet 61 copper Gigabit Ethernet 65 fiber optic Ethernet 68 console cable 46 cable pin assignments 27 performing ...

Page 122: ... help Voyager 53 Horizon Manager Nokia 21 hostname assigning 50 hot swap network interface cards 59 80 power supplies 31 I IKE acceleration 78 input voltage power supplies 31 interfaces configuring and activating 84 connecting network 52 IPsec tunnel negotiation 78 L LC connector 52 53 68 LEDs 10 100 Ethernet NIC 61 copper Gigabit Ethernet NIC 65 fiber optic Gigabit Ethernet NIC 68 power supply 32...

Page 123: ...okia Network Voyager 53 output connector Ethernet cable 62 P PC card slot 31 physical names management ports 24 pin assignments console connection 27 modem connection 28 PKCS 11 token 78 ports management 23 power supplies input voltage 31 load sharing 31 overview 31 redundancy 31 removing 40 status LEDs 32 power connecting and turning on 47 R rack mounting the security platform 39 rack mounting po...

Page 124: ...hnical specifications 113 terminal emulation settings 46 text conventions 15 troubleshooting general information 105 two port copper Gigabit Ethernet network interface card 64 two port Ethernet network interface card 70 two port fiber optic Gigabit Ethernet network interface card 67 69 W warning notices 14 ...

Reviews: