manualshive.com logo in svg

Nokia IP40 - Satellite Unlimited - Security Appliance, User Manual

Share
Download
Nokia IP40 - Satellite Unlimited - Security Appliance User Manual Download Page 134

10

 High Availability

134

Nokia IP40 Security Platform User’s Guide v1.1

Internet connection if any one high priority BGP peer becomes reachable. It drops the dial-
up connection when device falls back to primary Internet connection.

„

BGP

—This mode is useful if device has LAN/PPPOE/PPTP/DHCP as primary Internet 

connection and has no dial-up connection. Primary device of the Dual Device HA scenario 
is configured to operate in this mode. In this scenario, you have another device acting as 

backup

. The backup device can have either dial-up or LAN/PPPOE/PPTP/DHCP for 

Internet connection. primary and backup devices establish internal BGP (IBGP) session with 
each other. The fail-over automatically takes place in the primary device based on the 
availability of CO routes. (external or internal BGP (EBGP or IBGP)).

„

BGP-external

—this mode is useful if the device has LAN/PPPOE/PPTO/DHCP as primary 

Internet connection and DMZ as secondary Internet connection. In this mode, DMZ is 
assumed to be secure and the traffic passing through DMZ will not be encrypted. So, DMZ 
can be connected to an external VPN device or a router connected to frame relay network. In 
this mode, IP40 uses DMZ as backup to the primary Internet connection. The traffic is 
tunneled as long as BGP peer is reachable over VPN through primary Internet connection. 
As soon as the BGP peer becomes unreachable, the traffic goes in plain text through DMZ 
interface. Similar to the other modes, device continues to monitor the status of high priority 
BGP peers and falls back to primary Internet connection if atleast one high priority BGP 
peer becomes reachable.

Note

In this mode, encrypt flag must be disabled for DMZ.

Configuring Criteria for Path Selection

A VPN tunnel established with the given VPN peer is assumed to be disconnected or unavailable 
if the corresponding BGP peer is unreachable.

HA enforces the primary Internet connection as the path for each high priority BGP peer and its 
associated VPN peer by inserting static routes towards primary Internet connection. This ensures 
continuous status monitoring of high priority BGP peers. 
Use the following command to configure a remote-peer:

add bgp remote-peer <value ip_address> 

  vpn-peer <value ip_address>

  priority <normal | high>

  [gateway <value>

   password <value>]

Use the following command to delete a remote peer:

delete bgp remote-peer <value-ip_address>

Summary of Contents for IP40 - Satellite Unlimited - Security Appliance

Page 1: ...N450916002 Rev A June 2004 IP40 Security Platform User s Guide Version 1 1 ...

Page 2: ...ed by Nokia Inc as is and any express or implied warranties including but not limited to implied warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall Nokia or its affiliates subsidiaries or suppliers be liable for any direct indirect incidental special exemplary or consequential damages including but not limited to procurement of substitute goods or s...

Page 3: ...99 Outside USA and Canada 1 512 437 7089 email ipsecurity na nokia com Europe Middle East and Africa Nokia House Summit Avenue Southwood Farnborough Hampshire GU14 ONG UK Tel UK 44 161 601 8908 Tel France 33 170 708 166 email ipsecurity emea nokia com Asia Pacific 438B Alexandra Road 07 00 Alexandra Technopark Singapore 119968 Tel 65 6588 3364 email ipsecurity apac nokia com Web Site https support...

Page 4: ...4 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 5: ...ics and Maintenance 27 Nokia IP40 Security Platform Package Contents 28 Network Requirements 28 Appliance Overview 29 Nokia IP40 Security Platform Rear Panel 29 Nokia IP40 Security Platform Front Panel 32 2 Installing Nokia IP40 Security Platform 33 Before You Install Nokia IP40 Security Platform 33 Setting Up Nokia IP40 Security Platform with Microsoft Windows 98 or Millennium Operating Systems 3...

Page 6: ... Security Platform to a Computer by Using the Console Port 58 Using Telnet to Connect to Nokia IP40 Security Platform 60 Enabling and Disabling Telnet Access to Nokia IP40 61 Using Secure Shell to Connect to Nokia IP40 Security Platform 62 Accessing Nokia IP40 with HTTP and HTTPS 62 Managing Large Scale Deployments of Nokia IP40 62 Deploying Nokia IP40 Security Platform with Nokia Horizon Manager ...

Page 7: ...Routes 91 7 Setting Up the Nokia IP40 Security Platform Security Policy 95 Setting the Firewall Security Level 95 Configuring Virtual Servers 96 Customizing Nokia IP40 Security Platform Security Policy 98 Creating Firewall Rules 98 Allow and Block Rules 98 Deleting Rules 102 Defining an Exposed Host 102 8 Configuring Network Access 105 Changing Your Password 105 Adding Users 107 Viewing and Editin...

Page 8: ...IP40 Security Platform for Dual Homing ISP Connectivity 126 Configuring ISP Dial Up Profiles 127 Route Based VPN and BGP 127 Border Gateway Protocol 128 Enabling BGP Routing 129 Configuring the Local AS and Router ID 129 Configuring Nokia IP40 Security Platform for BGP Route Advertisement 129 Monitoring BGP 129 Viewing Debugging Information 130 Adding a BGP Peer to Nokia IP40n Security Platform 13...

Page 9: ...IP40 Security Platform Configuration 145 Upgrading Firmware 147 Installing Your Product Key 147 Dynamic DNS 149 Configuring DDNS 150 Resetting Nokia IP40 Security Platform to Factory Defaults 150 Resetting Nokia IP40 Security Platform to Factory Defaults by Using the Reset Button 151 13 Viewing Reports 153 Viewing Reports on Nokia IP40 Security Platform 153 Viewing the Event Log 153 Viewing Active...

Page 10: ...llite X 184 Nokia IP40 Tele to IP40 Satellite X VPN Client to Gateway 185 Setting Up Nokia IP40 Tele 8 186 Setting Up Nokia IP40 Satellite X 186 Nokia IP40 Tele 8 to Check Point FP1 FP2 FP3 NG or NG AI 186 Setting Up Nokia IP40 Tele 8 186 Setting Up Check Point Server 186 Nokia IP40 Tele 8 to Check Point NG AI 186 Setting Up Nokia IP40 Tele 8 187 Setting Up Check Point NG AI 187 Nokia Satellite X ...

Page 11: ...Your Service Center 202 Sofaware Security Management Portal 203 Web Filtering 204 Selecting Categories to Block 205 Virus Scanning 206 Enabling or Disabling Email Antivirus 206 Selecting Protocols for Scanning 207 Temporarily Disabling Email Antivirus 208 Automatic and Manual Updates 209 Checking for Software Updates when Locally Managed 209 Checking for Software Updates When Remotely Managed 210 ...

Page 12: ...ty Platform User s Guide v1 1 A Specifications 223 Technical Specifications 223 Safety Precautions 223 B Warranty 225 C End User License Agreement 229 D Compliance Information 235 Compliance Statement 236 FCC Notice US 236 ...

Page 13: ...chapters and appendixes Chapter 1 Introduction provides the information you need to know before installing Nokia IP40 Security Platform Chapter 2 Installing Nokia IP40 Security Platform explains how to install the device lists operating system requirements protocols and how to establish a network connection Chapter 3 Getting Started explains how to start by using the IP40 and provides information ...

Page 14: ...ing with VPNs explains how to configure a VPN by using Nokia IP40 Chapter 15 Using Managed Services describes methods for enabling and using subscription services such as Web filtering email antivirus automatic and manual updates Chapter 16 Troubleshooting discusses typical problems users encounter and provides solutions to these problems Appendix A Specifications describes the Nokia IP40 specific...

Page 15: ...pt for a compiled Nokia product It might appear alone or precede one or more options You must spell a command exactly as shown and use lowercase letters Italics Indicates a variable in a command that you must supply For example delete interface if_name Supply an interface name in place of the variable For example delete interface nic1 Angle brackets Indicates arguments for which you must supply a ...

Page 16: ... that you must enter as shown Table 1 Command Line Conventions continued Convention Description Table 2 Text Conventions Convention Description Monospace font Indicates command syntax or represents computer or window output for example Log error 12453 Bold monospace font Indicates text you enter or type for example configure nat Key names Keys that you press simultaneously are linked by a plus sig...

Page 17: ...addition to this guide documentation for this product includes the following Nokia IP40 Security Platform Quick Start Guide Version 1 1 provides a description of the system features and an overview of how to get your appliance up and running Nokia IP40 Security Platform CLI Reference Guide Version 1 1 provides a description of all IP40 commands that are used for managing the appliance Nokia IP40 S...

Page 18: ...3 18 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 19: ...ecurely over VPN The Nokia IP40 Security Platform can be integrated with an overall enterprise security policy for maximum security The IP40 facilitates centralized management and automatic deployment with the security management architecture of Check Point and Nokia Horizon Manager The Nokia IP40 Security Platform is available with the following licenses Nokia IP40 Tele 8 Nokia IP40 Satellite 16 ...

Page 20: ... get connected to the Internet are not counted Nokia IP40 Satellite 16 Satellite 32 Satellite Unlimited Nokia IP40 Satellite 16 IP40 Satellite 32 and IP40 Satellite Unlimited provide full firewall and VPN connectivity for remote and branch offices or independent small and medium enterprises with sixteen thirty two and unlimited node networks respectively Using these solutions remote and branch off...

Page 21: ... client DHCP client DHCP server Static IP MAC cloning Backup Internet connection static NAT static routes Dial up Internet connection Routing support by using BGP High availability for LAN High availability for WAN Table 3 Nokia IP40 Security Platform Connectivity Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited ...

Page 22: ...nnectivity Table 4 Firewall Connectivity Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited Firewall Type Check Point Firewall 1 Embedded NG Check Point Firewall 1 Embedded NG Network Address Translation NAT INSPECT policy rules User defined rules Three levels of Preset security policies DoS protection Anti spoofing Attack logging Voice over IP H 323 support ...

Page 23: ...d host DMZ network Table 5 VPN Connectivity Feature Nokia IP40 Tele8 Nokia IP40 Satellite 16 32 Unlimited IPSEC VPN remote access server IPSEC VPN site to site gateway IPSEC VPN remote access client VPN pass through Encryption AES 3DES DES AES 3DES DES Authentication SHA1 MD5 SHA1 MD5 X 509 certificates Table 4 Firewall Connectivity Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited ...

Page 24: ...ADIUS Client DAIP with VPN certificates Back up VPN gateways SmartCenter Connector SSC NG AI support Bypass NAT Route all traffic Route Based VPN and failover Multiple PPP connections Active tunnels Table 5 VPN Connectivity Feature Nokia IP40 Tele8 Nokia IP40 Satellite 16 32 Unlimited ...

Page 25: ...P40 Security Platform v1 1 management Table 6 Management Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited Web based management Access to IP40 through OOB SSH and SNMP Telnet access HTTPS access local and remote Remote firmware upgrades Nokia Horizon Manager support from v1 3 1 onwards Multiple administrators Nokia CLI shell ...

Page 26: ...Point SmartCenter Check Point Smart Update Check Point Smart LSM Check Point Provider 1 Table 7 Security Services Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited Firewall security updates Software updates Web filtering Email antivirus protection Dynamic DNS service When managed by Sofaware Management Portal SMP and Nokia Horizon Manager NHM Table 6 Management Feature Nokia IP40 Tele...

Page 27: ...enance VPN management Centralized logging Customized security policy Protocol support for TCP IP ICMP GRE ESP and UDP Table 8 Diagnostics and Maintenance Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited Configuration Import or Export Firmware upgrade Preset configuration Known good configuration Table 7 Security Services Feature Nokia IP40 Tele 8 Nokia IP40 Satellite 16 32 Unlimited ...

Page 28: ...ide Version 1 1 this document Nokia IP40 Security Platform Release Notes Version 1 1 if needed Translated Manuals Spanish Japanese Chinese Nokia IP40 Security Platform CLI Reference Guide Version 1 1 A TFTP Server Reset tool to reset the IP40 security platform to factory defaults Adobe Acrobat Reader Nokia IP40 Security Platform Quick Start Guide Version 1 1 printed Nokia IP40 License Document pri...

Page 29: ...TCP IP network protocol installed on each computer CAT5 network cable with RJ 45 connectors for each computer Internet Explorer 5 0 or later or Netscape Navigator 4 5 and later Note Nokia recommends that you use either Microsoft Internet Explorer 5 5 or later or Netscape Navigator 6 2 or later Appliance Overview The following sections provide an overview of Nokia IP40 Security Platform rear and fr...

Page 30: ...vice connects to the power source AUX The auxiliary port or dial in port is a 9 pin male connector This port is used to dial in to IP40 through a modem when the IP40 is unreachable through other ports LAN Local area network Ethernet port RJ 45 used to connect computers or other network devices DMZ Demilitarized zone Ethernet port RJ 45 used to connect computers or other network devices Similar to ...

Page 31: ...sed to reboot or reset the IP40 to its factory defaults Use a large flat tipped object such as a thick paper clip to press the reset button Short press one second reboots the Nokia IP40 Security Platform Long press seven seconds resets the IP40 to its factory defaults This results in loss of all security services and passwords Short press during boot up boots the IP40 in special deployment mode Se...

Page 32: ...Off appliance off Green solid appliance passed hardware test and finished booting Red solid hardware error Amber solid booting Green blinking appliance passed hardware and is fully booted appliance is at its default state First time password is not set Red blinking software error Amber blinking appliance is performing a function such as setting factory defaults loading firmware or loading an expor...

Page 33: ...curity Platform with an Apple Computer Connecting Nokia IP40 Security Platform to the Network Installing Your Network Before You Install Nokia IP40 Security Platform Before you connect and set up the Nokia IP40 Security Platform you must check the following Whether TCP IP is installed on your computer The TCP IP settings of your computer to ensure that it obtains its IP address automatically The f...

Page 34: ...work icon The Network window appears In the Network window check if TCP IP appears in the network components list and if it is already configured with the Ethernet card installed on your computer If TCP IP is already installed and configured on your computer skip the following procedure about how to install TCP IP ...

Page 35: ...rs and TCP IP in Network Protocols 4 Click OK If you are prompted for original Windows installation files provide the installation CD and relevant path D win98 D win95 and so on 5 Restart your computer if prompted If you are connecting the IP40 to an existing LAN consult your network manager system administrator for the correct configuration To make TCP IP settings 1 In the Network window double c...

Page 36: ...orm 36 Nokia IP40 Security Platform User s Guide v1 1 2 Click the Gateway tab and remove any installed gateways 3 Click the DNS Configuration tab and click Disable DNS 4 Click the IP Address tab and click Obtain an IP address automatically ...

Page 37: ...k OK to save the new settings 5 Click Yes when the Do you want to restart your computer message appears Your computer must restart for the new settings to take effect Your computer is now ready to access the IP40 Setting Up Nokia IP40 Security Platform With Microsoft Windows XP and 2000 Operating Systems Windows XP has an Internet connection firewall option Nokia recommends that you disable the fi...

Page 38: ...le click the Network and Dial up Connections icon in Windows XP double click the Network Connections icon The Network and Dial up Connections window appears 3 Right click the Local Area Connection icon and select Properties from the drop down list The Local Area Connection Properties window appears ...

Page 39: ...onfigured with the Ethernet card installed on your computer If TCP IP does not appear in the Components list install it as described in the section To install TCP IP on page 35 If TCP IP is already installed skip the next section To install TCP IP 1 In the Local Area Connection Properties window click Install The Select Network Component Type window appears ...

Page 40: ...rs 3 In the Select Network Protocol window choose Internet Protocol TCP IP and click OK to install the TCP IP protocol on your computer TCP IP protocol is installed on your computer To make TCP IP settings 1 In the Local Area Connection Properties window double click Internet Protocol TCP IP and click Properties The Internet Protocol TCP IP Properties window opens ...

Page 41: ...to 254 Enter 255 255 255 0 as the subnet mask Click Ok to save the new settings 3 Click Obtain DNS server address automatically 4 Click OK to save the new settings Your computer is now ready to access your IP40 Setting Up Nokia IP40 Security Platform with an Apple Computer Use the following procedure to set up the TCP IP protocol To make TCP IP settings 1 Choose Apple Menus Control Panels TCP IP T...

Page 42: ... of the appliance b Connect the other end of the Ethernet cable to the computer hubs or another network device 2 Connect the DMZ cable a Connect one end of the Ethernet cable to the DMZ port at the back of the appliance b Connect the other end of the Ethernet cable to the computer hubs or another network device 3 Connect the WAN cable a Connect one end of the Ethernet cable to the WAN port at the ...

Page 43: ... After you connect your IP40 Security Platform to your network as shown in section Connecting Nokia IP40 Security Platform to the Network on page 42 wait for the STAT LED to turn green To login for the first time 1 Open your Web browser and enter http my firewall in the location text box The first time login window appears prompting for a password If you cannot access the GUI portal see Troublesho...

Page 44: ... between five to eleven alphanumeric characters To change the password click Setup on the main menu and click Password Configuring Nokia IP40 Security Platform for Internet Connection This section provides information about how to make the initial settings for your Nokia IP40 Security Platform by using the Setup wizard and connecting to the Internet ...

Page 45: ...ons 2 Click OK to continue 3 The Internet Connection Method dialog box appears For more information about how to connect to the Internet see To connect to the Internet from Nokia IP40 Security Platform on page 45 Making Initial Nokia IP40 Security Platform Settings When you exit the Internet Connection Method wizard you are prompted to set the device time This section provides the information abou...

Page 46: ...P40 is automatically updated with the time settings of your computer If you click Keep the current time the IP40 retains its current time settings No changes are made to the time settings If you click Specify date and time you can manually update the IP40 time settings The Specify Date and Time dialog box appears 2 Click Next to change your IP40 time settings If you choose to use a time server by ...

Page 47: ...ct your time zone from the Time Zone drop down list 4 Click Next The IP40 Set Time Wizard dialog box appears indicating that time settings are changed successfully 5 Click Finish to exit the Set Time wizard Registering with the Nokia Support Site You can register with the Nokia Support Site when you make your time settings The IP40 Setup Wizard dialog box appears when you exit the Set Time wizard ...

Page 48: ...es Connecting to a Central Management Server When you are registered for support the Subscription Services window appears This window allows you to define the central management server that the IP40 connects to The IP40 can connect to a central management server to allow central management of the firewall and VPN policies Central management can also allow the IP40 to subscribe to additional servic...

Page 49: ...e center and click Next For information connecting to service centers see Managing Large Scale Deployments of Nokia IP40 on page 62 For information about how to use subscription services see Using Managed Services on page 197 Logging On to Nokia IP40 Security Platform When you exit from the Setup wizard the IP40 Welcome screen appears The following section shows how to log on subsequently To acces...

Page 50: ...racters You need to define your password in two instances At the initial login When you reset the device to defaults After the initial login the Welcome window appears The following is the sample Welcome window The Welcome window displays the product identity of your device Tele 8 or Satellite X Accessing Nokia IP40 Securely You can access the IP40 graphical user interface GUI through HTTPS either...

Page 51: ...nstall the security certificate of the IP40 that you are trying to access If you are using Internet Explorer 5 0 or later do the following a Click View Certificate The Certificate information window appears with the General tab displayed b Click Install Certificate The Certificate Import Wizard opens c Click Next The Certificate Store appears Select Automatically select the Certificate Store based...

Page 52: ...gure the device by using the following methods Quick Setup Wizard configures the most common settings required for the IP40 to be up and running The GUI automatically guides you through this wizard after your initial login Advanced GUI configures the various advanced features provided in the Nokia IP40 For a configuration to take effect click Submit For a brief description of the main components o...

Page 53: ...ty Platform GUI Note The Tele 8 license of IP40 does not support all of the features mentioned in the table 12 below For information on features supported by the Tele configuration see Nokia IP40 Security Platform Features on page 20 No Component Description 1 Navigation bar Access various feature sets in the IP40 security platform 2 Tab bar Access and configure all features in the IP40 security p...

Page 54: ...o selectively allow incoming traffic from known applications and Internet services Rules Allows you to customize your security policy Exposed Host Allows you to define a Demilitarized Zone i e a computer not protected by firewall Services Account Provides information on services available in your service plan and allows you to manage security services Network Internet Displays information on netwo...

Page 55: ... you to change your RADIUS settings VPN VPN Server Allows you to enable or disable a VPN server VPN Sites Allows you to view and edit a list of the configured VPN sites VPN Login Enables you to manually log in to a VPN site Certificate Allows you to control certificates for site to site VPN usage Help Online Help Logout Logs you out of the IP40 Table 12 Names and Functions of the Nokia IP40 GUI El...

Page 56: ...efault gateway Disabled The Internet connection has been disabled manually You can configure both primary and secondary Internet connections When both the connections are configured the Status bar shows this status Service Center Displays your subscription services status Your Service Center offer various subscription services like firewall services and optional services such as Web filtering and ...

Page 57: ... Telnet Access to Nokia IP40 Accessing Nokia IP40 with HTTP and HTTPS Managing Large Scale Deployments of Nokia IP40 Connection Methods You can connect to your Nokia IP40 Security Platform locally through LAN WAN DMZ or console ports for Inband management You can also connect from a remote location by using modem dial in for out of band management OOB For information about how to use OOB to config...

Page 58: ...rial port Connect the RS 232 cable that is shipped along with the appliance from the serial port of your computer to the console port of IP40 You can then manage the device by using a terminal emulation program such as Hyper Terminal To Connect to Nokia IP40 with HyperTerminal 1 To start the HyperTerminal program choose Start Programs Accessories Communications HyperTerminal The Connection Descrip...

Page 59: ...okia IP40 Security Platform User s Guide v1 1 59 Select the following port settings Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control None 5 Click Ok to continue 6 The login prompt is displayed by default ...

Page 60: ...lnet access is disabled by default You can allow Telnet access from the LAN and WAN by configuring separate user rules No LAN or WAN access is available until it is configured Note Before you start Telnet ensure that the Telnet program is installed on your computer and that you can access your IP40 by using Telnet The method for starting Telnet differs between operating systems You can use the met...

Page 61: ...more information see Nokia IP40 Security Platform CLI Reference Guide Version 1 1 Enabling and Disabling Telnet Access to Nokia IP40 Telnet access is disabled by default in Nokia IP40 Security Platform Use the following command from the IP40 CLI to enable Telnet access to the device set acl service telnet enable Use the following command from the IP40 CLI to disable Telnet set acl service telnet d...

Page 62: ... to connect to the device a IP Address of the device b username c Authentication method whether Password or Public Key For more information about SSH see Configuring Network Access on page 105 Accessing Nokia IP40 with HTTP and HTTPS You can access and manage your IP40 through a user friendly GUI For more information see Logging On to Nokia IP40 Security Platform on page 49 Managing Large Scale De...

Page 63: ...M allows you to manage many Check Point Remote Office Branch Office ROBO gateways from a single SmartCenter Server For additional information on installing and configuring LSM see Check Point SmartCenter LSM documentation Deploying Nokia IP40 with Sofaware Management Portal The SofaWare Management Center SMC is a Web based application for managing and configuring the SofaWare Security Management P...

Page 64: ...4 Accessing Nokia IP40 Security Platform 64 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 65: ...kup Internet Connection Configuring Internet Connection You can configure your Internet connection by using one of the following setup tools Setup Wizard guides you through the configuration process step by step Advanced Setup offers advanced setup options Note You must configure the Internet connection on initial operation and reset to defaults operations Using the Setup Wizard You can use the Se...

Page 66: ...er Dial up Internet access by using V90 or ISDN T A modems To configure the Internet connection by using the Setup wizard 1 Click Network from the main menu The Internet page appears 2 Click Setup Wizard at the bottom of the window The Setup Wizard window appears 3 Click Next to proceed The Internet Connection Method window appears ...

Page 67: ...ternet The IP40 does the PPPoE negotiation To use a direct LAN connection To use a direct LAN connection to connect to the Internet 1 Select Direct LAN from the list of Internet connection methods and click Next tab A Connecting message appears followed by a Connected message When you are connected the wizard prompts you to register your details and set up your subscription options which vary from...

Page 68: ...rect LAN connection Cable Modem Connection Settings If you selected cable modem connection through the procedure To configure the Internet connection by using the Setup wizard on page 66 the Host Name window appears Enter the Host name and Mac Clone address if they are required by the ISP MAC Cloning Some ISPs require that you register any MAC addresses of the computer behind the cable modem befor...

Page 69: ...stem attempts to connect to the Internet At the end of the connection process the Connected message appears When you are connected the wizard prompts you to register your details and set up your subscription options which vary from product to product 4 Follow the instructions until the wizard is done and then click Finish Cloning a MAC Address A MAC address is a 12 digit identifier assigned to eve...

Page 70: ... address of your computer to the IP40 or b If the ISP requires authentication by using the MAC address of a different computer enter the MAC address in the MAC cloning field 4 Click Apply tab 5 Click Back tab The Internet page reappears with the MAC address of your computer displayed DSL Connection Settings Select PPTP or PPPoE connection method The DSL Connection Type wizard window appears ...

Page 71: ... the PPPoE dialog box enter the following a Your Username and Password and confirm the Password b The service name this is optional 2 Click Next The system attempts to connect to the Internet through the DSL connection At the end of the connection process the Connected message appears Once connected the wizard prompts you to register your details and set up your subscription options which vary fro...

Page 72: ...f the connection process the Connected message appears Note If you enabled automatic DHCP no further settings are required The Confirmation message appears To connect by using the automatic DHCP method 1 In the DSL Connection type window select Automatic DHCP 2 Click Next The system attempts to connect to the Internet through the selected connection The Connecting message appears At the end of the...

Page 73: ... also To configure the Internet connection 1 Proceed as per steps 1 and 2 in Using the Setup Wizard on page 65 to connect using DHCP PPTP and PPPoE 2 Click Cancel on the Internet Setup wizard window The Welcome page appears 3 Click Setup in the main menu and click Network The Internet page appears 4 Click Edit against Primary The Internet Setup Page with a list of connection type options appears ...

Page 74: ...ame is provided by them 3 Enter the maximum transmission unit MTU 1500 4 If you do not want the IP40 to obtain an IP address automatically by using DHCP do the following a Uncheck the Obtain IP address automatically using DHCP check box b Enter the IP address that your service provider provides c Select the from the pull down list subnet mask that applies to the IP address you entered d Enter the ...

Page 75: ...tting on page 73 The following window appears 2 Enter the Host name This field is optional some ISPs might require it and they provide the host name 3 Click Apply To use a PPPoE connection If you choose PPPoE type Internet connection in procedure as described in Manually Configuring the Internet Setting on page 73 the following window appears 1 Enter the following information Enter your Username a...

Page 76: ...this field empty However to modify the default MTU consult with your service provider 2 If you are not using automatic configuration of DNS servers do the following Uncheck the Obtain Domain Name Servers automatically check box The following window appears Enter the Preferred primary DNS server IP address Enter the Alternate secondary DNS server IP address 3 Click Apply To use a PPTP connection If...

Page 77: ...ou are not using automatic configuration of DNS servers do the following a Clear the Obtain DNS servers automatically check box The Internet page with DNS server options appears b Enter the Preferred primary DNS server IP address c Enter the Alternate secondary DNS server IP address 3 Click Apply Direct Dial Up PPP You can connect the Nokia IP40 Security Platform to the Internet by using a dial up...

Page 78: ... Internet through LAN is called interesting traffic Direct dial up when enabled the WAN connection is established regardless of whether or not any interesting traffic is present in the network You can configure dial up and direct dial up by using the following procedure Note You must use the CLI to configure the dial up parameters number username password and so on before you can connect to dial u...

Page 79: ...p by using the command line interface log in through the console port Use the following command to configure the dialup profile set dialup profile value 1 10 For more information about dial up commands see the Nokia IP40 Security Platform CLI Reference Guide Version 1 1 CLI Wizard Use the following command to configure dial up by using the CLI wizard wizard dialup For more information about how to...

Page 80: ...his feature To enable or disable the Internet connection 1 Click Network in the main menu and click the Internet tab The Internet page appears 2 Next to the Internet connection do one of the following a To enable the connection click the adjacent sign x mark The button changes to a check mark and the connection is enabled b To disable the connection click the adjacent check mark The button changes...

Page 81: ...on The two connections can be of different types But they both cannot be LAN and DHCP connections To set up backup Internet connection 1 Click Networks on the main menu select Internet 2 Click Edit next to Primary and Secondary connection types to configure a backup Internet connection For basic topology illustrations see Connecting Nokia IP40 Security Platform to the Network on page 42 Note To ph...

Page 82: ...dicates the connection duration if active The duration is given in the format hh mm ss where hh hours mm minutes ss seconds IP Address Your IP address Enabled Indicates whether or not the connection is enabled WAN MAC Address MAC address of IP40 Cloned MAC Address Cloned MAC address Received packets Number of data packets received in the active connection Sent Packets Number of data packets sent i...

Page 83: ...figuring a DMZ Network Using Static NAT Using Static Routes Configuring Network Settings Caution Network settings are advanced settings Nokia recommends that these settings not be changed unless it is necessary and you are qualified to do so Changing network settings might result in losing the connection to the device If you change the network settings to incorrect values and you are unable to cor...

Page 84: ...rs 2 In the DHCP Servers drop down list select Enabled or Disabled 3 Click Apply 4 If you do not have another DHCP server in your network and your computers were originally configured differently do the following Reconfigure all of the computers on your network Use DHCP to disable the Obtain IP address automatically setting in the TCP IP settings Changing IP Addresses You can change the IP address...

Page 85: ...e to reset the network to its default settings the settings are reset 5 Do one of the following If your computer is configured to obtain its IP address automatically by using DHCP and the DHCP server in your IP40 is enabled restart your computer Your computer obtains an IP address in the new range Otherwise manually reconfigure your computer to use the new address range by using the TCP IP setting...

Page 86: ...les that allow specific DMZ computers such as a manager s computer to connect to the LAN network and the accounting department Note DHCP server is supported on a DMZ network To configure a DMZ network DMZ configuration is not available for Tele 8 License 1 Connect the DMZ computer to the DMZ port If you have more than one computer in the DMZ network connect a hub or switch to the DMZ port and conn...

Page 87: ... Allow rule When you specify firewall rules for such hosts use the host internal IP address and not the Internet IP address to which the internal IP address is mapped Note You can use static NAT and hide NAT together Note IP40 supports Proxy Address Resolution Protocol ARP When an external source attempts to communicate with a computer that has static NAT enabled the IP40 automatically replies to ...

Page 88: ...o one of the following To add a new static NAT mapping click the New tab The Static NAT wizard opens with the Static NAT Mapping dialog box displayed 3 Complete the fields using the information given in the Table 15 on page 90 4 Click Next The Static NAT Mapping Updated dialog box appears ...

Page 89: ...Using Static NAT Nokia IP40 Security Platform User s Guide v1 1 89 5 Click Finish If you added a new mapping it appears in the static NAT page To edit an existing static NAT mapping click Edit tab ...

Page 90: ...ps an Internet IP address to a local computer You must then fill in the MAP this WAN IP and To this Internal IP fields MAP this WAN IP Type the desired Internet IP address To this Internal IP Type the IP address of the local computer or click This Computer to specify your computer Map this WAN IP range Maps a range of Internet IP addresses to a range of local computer IP addresses of the same size...

Page 91: ... static routes if it is required A static route is a setting that explicitly specifies the route for packets destined for a certain subnet Packets with a destination that does not match any defined static route is routed to the default gateway The Static Routes page lists all existing routes including the default and indicates whether each route is currently connected or reachable or not reachable...

Page 92: ...te The Edit Route page appears 3 Complete the fields by using the information given in Table 16 on page 92 4 Click Apply The new static route is saved Table 16 Edit Route Page Fields Field Action Destination Network Type the network address of the destination network Subnet Mask Select the subnet mask ...

Page 93: ...e b Edit the fields by using the information inTable 16 on page 92 c Click Apply The changes are saved To delete a static route 1 Click Network in the main menu and click the Static Routes tab The Static Routes page appears with a listing of existing static routes 2 In the desired route row click the Erase tab A confirmation message appears 3 Click OK The route is deleted Gateway IP Type the IP ad...

Page 94: ...6 Managing Your Local Area Network 94 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 95: ...t this level all inbound traffic is blocked to the external IP address except for ICMP echoes All outbound connections are allowed Medium level security enforces strict control on all incoming connections while permitting safe outgoing connections When this level is selected all inbound traffic is blocked All outbound traffic is allowed to the Internet except for windows file sharing High level se...

Page 96: ...the service Configuring Virtual Servers Note If you do not intend to host any public Internet servers Web server email server and so on in your network you can skip this section Configuring servers allows you to create simple Allow and Forward rules for common services This is equivalent to creating Firewall rules You can selectively allow incoming network connections into your network For example...

Page 97: ...ne of your network computers or click This Computer to allow your computer to host the service 6 Click Apply A success message appears and the selected computer is allowed to run the desired service or application To restrict access from external network 1 Click Security on the main menu and choose Servers The Virtual Servers page appears displaying a list of services and a host IP address for eac...

Page 98: ...t WAN to the LAN and allows all outgoing connection attempts from the LAN to the Internet WAN Note User defined rules have priority over default rules Allow and Block Rules The Allow and Block rules provide you with greater flexibility in defining and customizing your security policy You can allow additional inbound services that are not on the virtual servers list or block outbound communications...

Page 99: ...he following table gives more information about the firewall rules that you create Table 18 Firewall Rules Rule Description Comments Allow and Forward This rules enables you to Permit incoming access from the internet to a specific service in your internal network Forward all such connections to a specific computer in your network Creating an Allow and Forward rule is equivalent to defining a serv...

Page 100: ...internal network to a specific service on the Internet Permit incoming access from the Internet to a specific service in your internal network You can allow outgoing connections for services that are not permitted by the default security policy You cannot use an Allow rule to permit incoming traffic if the network or VPN uses hide NAT You can use Allow rules for static NAT IP addresses Block This ...

Page 101: ...s 7 Click Finish The new rule appears in the Firewall Rules page Table 19 on page 101 gives more information about the firewall rule fields Table 19 Firewall Rule Fields Field Action Any Service Specifies that the rule should apply to any service Standard Service Specifies that the rule should apply to a specific standard service You must then select the desired service from the drop down list ...

Page 102: ...ervice Specifies that the rule should apply to a specific nonstandard service The Protocol and Port Range fields are enabled You must fill them in Protocol Select the protocol ESP GRE TCP UDP or ANY for which the rule should apply Ports To specify the port range to which the rule applies type the start port number in the left text box and the end port number in the right text box Note If you do no...

Page 103: ...ecurity risks To define a computer as an exposed host The exposed host receives all traffic that is not forwarded to another computer by using Allow and Forward rules 1 Click Security in the main menu and click the Exposed Host tab The Exposed Host window appears 2 In the Exposed Host text box type the IP address of the computer to define as an exposed host Alternatively you can click This Compute...

Page 104: ...7 Setting Up the Nokia IP40 Security Platform Security Policy 104 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 105: ...g and Editing Users Deleting Users Setting Up Remote VPN Access for Users Telnet Access Secure Socket Layer Using RADIUS Authentication Access Control Changing Your Password You can change the password of your Nokia IP40 Security Platform any time The method for changing password varies depending on the IP40 configuration you are using The default username and password for Nokia IP40 Tele 8 Config...

Page 106: ... Your changes are saved In Nokia IP40 Satellite X you can define multiple users and perform the following tasks Change your password Add users View and edit users Delete users Set up remote VPN access for users To change the password for IP40 Satellite X 1 Click Users in the main menu The Users page appears 2 In the username row click Edit The Edit User page appears 3 Edit the Password and Confirm...

Page 107: ... X only The number of IP40 users you can add is limited according to your software To add a user 1 Click Users on the main menu The Users page appears 2 Click New User The Edit User page appears The options that appear on the page depend on the software and services you are using 3 Complete the fields by using the information in Table 20 on page 108 4 Click Apply The new user is saved The Edit Use...

Page 108: ...ives details about the Editing User fields Table 20 Edit User Page Fields Field Action Username Enter a username for the user You cannot change the admin user s username Password Enter a password for the user Use five to twenty five alphanumeric characters letters or numbers for the new password Confirm Password Re enter the user s password Administrator Level Select the user s level of access to ...

Page 109: ... Check Point SecureClient Check Point SecuRemote IP40 Tele 8 or another IP40 Satellite X To set up remote VPN access for a user 1 Enable your VPN server by using the procedure in To set up your IP40 as a VPN server on page 163 2 Add the user to the system by using the procedure in Adding Users on page 107 You must select the VPN Remote Access option VPN Remote Access Allows the user to connect to ...

Page 110: ...authentication 1 Click Users in the main menu and click the RADIUS tab The RADIUS page appears 2 Complete the fields by using the information in Table 21 on page 110 You can enable the VPN Remote access check box optional 3 Click Apply Table 21 gives more information about the fields in RADIUS page Table 21 RADIUS Page Fields Fields Action Address Type the IP address of the computer that will run ...

Page 111: ...vel Select the level of access to the IP40 portal to assign to all users that the RADIUS server authenticates The levels are No Access The user cannot access the IP40 Read Write The user can log on to the IP40 and modify system settings Read Only The user can log on to the IP40 but cannot modify system settings The default level is No Access Web Filtering Override Select this option to allow all u...

Page 112: ...net access is disabled by default To allow Telnet access from the LAN WAN and DMZ configure separate user rules For more information about Telnet access to Nokia IP40 see Using Telnet to Connect to Nokia IP40 Security Platform on page 60 Secure Shell Nokia IP40 supports SSH 2 0 The SSH feature in IP40 provides secure remote access to the appliance In addition SCP is supported to enable secure upgr...

Page 113: ...ANY to enable any host with any IP address to connect to IP40 through SSH and so on Enabling or Disabling SSH Service Note Secure Shell SSH options cannot be configured from the Nokia IP40 GUI Use the command line options from a command shell such as HyperTerminal to configure these options A brief list of important command line options for configuring Secure Shell SSH is included in the user guid...

Page 114: ...ey and public key A public key is not useful unless you have the corresponding private key Using SSH Client You need an SSH client to connect to the SSH server running on IP40 Install an SSH client if you do not have one already You can use the SSH client to connect to the IP40 by using password authentication or public key authentication For additional information see User Manual of the SSH clien...

Page 115: ...rt Configuring Service Details Use the following commands to configure the service details set ssh server login grace time integer Use the following commands to show the service details show ssh server login grace time Configuring Server Implementation Use the following commands to configure the type of authentication the server will use to authenticate users set ssh server log level name Use the ...

Page 116: ...uthorized keys delete ssh authkeys dsa rsa user admin id Use the following commands to view keys configured for various user accounts show ssh authkeys dsa rsa user admin id identifier dsa rsa user admin list Secure Socket Layer Secure Socket Layer SSL enables secured communication over insecure networks This protocol uses a private key to encrypt data that is passed through an SSL connection and ...

Page 117: ...nternal network and users connected to your IP40 through a VPN tunnel to access your IP40 through HTTPS IP Address Range to give a range of IP addresses Traffic from these IP addresses only can access your IP40 through HTTPS ANY to enable traffic generated from any IP address to access your IP40 through HTTPS 4 Click Apply when you are finished making the settings The Saved Successfully message ap...

Page 118: ...ion see the Nokia IP40 Security Platform CLI Reference Guide Version 1 1 Installing a Certificate and Private Key Use the following commands to copy a certificate and its associated private key in the var etc https_ssl_cert_server crt and var etc https_ssl_server key files Copying the certificate and private key to these files makes them available to establish SSL secure Web connections set https ...

Page 119: ...erface SNMP Description SNMP is the industry standard for monitoring and managing devices on data communication and telecommunication devices or systems SNMP helps in centrally monitoring and diagnosing such devices Nokia IP40 Security Platform supports the following MIBs MIB II for more information see RFC 1213 Host Resource MIB for more information see RFC 1514 SNMP Configuration from Nokia IP40...

Page 120: ...allowed from computers in your internal network or LAN only if you select IP Address Range you can specify a range of IP addresses from which SNMP access is allowed to your IP40 Configuring the SNMP Parameters When you set the SNMP access rules you can configure the SNMP parameters from the Nokia IP40 Security Platform GUI To configure the SNMP parameters 1 Define the SNMP community name in the Ma...

Page 121: ...r when SNMP access is attempted with an incorrect community name 7 Specify the IP address where the SNMP Manager is running so that traps that are generated can be sent to the correct IP address The default port number is 162 Note Set the trapPduAgent to a specified IP address from the command prompt so as to view the IP address of the device from where a trap is generated Use the command set snmp...

Page 122: ...eceiver snmp Trapreceiver traps SNMP Traps Viewing SNMP Parameters Use the following commands to view the SNMP parameters show snmp community SNMP Community contact SNMP Contact enable Displays SNMP Daemon location SNMP Location port SNMP Port trapPduAgent snmp trappduagent trapreceiver snmp Trapreceiver traps SNMP Traps For additional and detailed information on how to use the set and show comman...

Page 123: ...by using BGP to cater to ISP link failures and seamless routing of encrypted traffic across multiple WAN links This chapter includes the following topics Virtual Router Redundancy Protocol Dual Homing Route Based VPN and BGP Virtual Router Redundancy Protocol Nokia IP40 Security Platform eliminates the single point of failure in static default routed environment for the networks connected to LAN a...

Page 124: ...a single virtual router ID V1 If IP40 R1 becomes unavailable IP40 R2 takes over VRID V1 and its associated virtual IP addresses Packets sent to the Internet using 192 168 1 1 as the router are then forwarded by IP40 R2 When IP40 R1 becomes active again it takes over as the master and IP40 R2 reverts to backup Note You can configure VRRP through CLI only HA support in not provided in Nokia IP40 GUI...

Page 125: ...face lan dmz config summary status Use the following command to view the VRRP configuration on LAN and DMZ interfaces show vrrp interfaces Disabling VRRP for LAN and DMZ networks Use the following commands to delete the VRRP configuration delete vrrp interface lan dmz virtual router vrid value For more information about VRRP commands see the Nokia IP40 Security Platform CLI Reference Guide Version...

Page 126: ...guring Internet Connection on page 65 Configuring secondary Internet profile for dial up mode see Chapter 5 Configuring Dial Up with the GUI on page 78 Configuring modem parameters Use the following commands to configure modem parameters For more information see Nokia IP40 Security Platform CLI Reference Guide Version 1 1 set modem dialmode tone pulse set modem extrainit string set modem manufactu...

Page 127: ... externalip ip_address mtu value staticdns yes no dns1 ip_address dns2 ip_address Use the following command to delete selected ISP dial up profiles set dialup profile id disable Route Based VPN and BGP The Nokia IP40 Security Platform has built in features to automatically detect the failure of an IPSec VPN connection from a remote office or branch office to the headquarters On failure it forwards...

Page 128: ... Security Platform with restricted BGP route advertisement of LAN and static NAT addresses This scenario is supported with Check Point SmartLSM The VPN policy installed on Nokia IP40 includes the topology of immediate protected network behind the central office gateway only This enables the traffic between these two networks tunneled including the communication between BGP peers The central office...

Page 129: ...ble Configuring the Local AS and Router ID Use the following command to configure the local AS set bgp as value router id value ipaddress Configuring Nokia IP40 Security Platform for BGP Route Advertisement The network and redistribute commands are used to inject routes into the BGP table The network mask portion of the IP address allows supernetting and subnetting Use the following commands to co...

Page 130: ...following command to delete a BGP neighbor delete bgp neighbor value ip_address Clearing BGP Clearing a BGP neighbor session resets BGP connections to enable inbound and outbound policy changes Use the following commands to clear a BGP neighbor session clear bgp neighbor value ip_address neighbors Creating Prefix Lists on Nokia IP40 Security Platform Prefix lists are used to filter the updates to ...

Page 131: ...nds The match commands specify match criteria and the set commands specify the action to be taken if match criteria are met Only those routes that pass through the route map inbound route maps are accepted or forwarded outbound routes Use the following commands to add route maps add bgp route map name map name action permit deny seq no value match ip address value ip next hop value metric value se...

Page 132: ... invoke MD5 authentication with a remote BGP peer such that each segment sent on the TCP connection between the peers is verified This feature must be configured with the same password on both BGP peers or the connection between them is not established The authentication feature uses the MD5 algorithm Invocation of this feature enables Nokia IP40 to generate and check the MD5 digest of every segme...

Page 133: ...GP peers as soon as at least one of the high priority BGP peers becomes reachable Use the following commands to configure the high availability options set ha monitoring interval value wan failover none dialup secondary bgp bgp dialup bgpexternal Use the following commands to view the high availability options show ha monitoring level wan failover The high availability options are explained as fol...

Page 134: ... external VPN device or a router connected to frame relay network In this mode IP40 uses DMZ as backup to the primary Internet connection The traffic is tunneled as long as BGP peer is reachable over VPN through primary Internet connection As soon as the BGP peer becomes unreachable the traffic goes in plain text through DMZ interface Similar to the other modes device continues to monitor the stat...

Page 135: ...kia IP40 R1 connects to the RO1 and establishes VPN connection on DSL preferred connection Nokia IP40 R1 and BGP peer R3 located in RO1 establishes a BGP connection over VPN If this BGP session fails because of any service interruption dial up is activated Nokia IP40 R1 connects to RO2 and establishes a VPN connection R1 and the BGP peer R4 located in RO2 establish a BGP connection over VPN and th...

Page 136: ...s the default virtual router for the branch office network and is connected to RO1 by using DSL or a cable connection preferred path If any service interruption occurs in the R1 LAN Nokia IP40 R2 takes over as the default virtual router and forwards the branch office traffic on the DMZ to RO1 securely If the IP40 R1 device fails R2 becomes master and dial up is activated Now R2 connects to RO2 and...

Page 137: ...port of your appliance with dial up Internet connection Out Of Band management is useful in the cases where you cannot connect to your device locally by using either LAN WAN or DMZ ports In these cases you can use OOB to connect the device for normal operations Nokia IP40 supports ISDN terminal adaptor or analog modems for modem dial in You can dial into the device using a dial up Internet connect...

Page 138: ...Modem you can specify an additional initialization string apart from the standard initialization string see step 6 4 Select Tone or Pulse from the Dial Mode drop down list 5 Select the port speed in bps from the Port Speed drop down list This speed defines the modem port speed The values can be 9600 19200 38400 57600 115200 230400 or 460800 bps 6 Check Answer incoming PPP calls to answer the incom...

Page 139: ...137 for details you can establish a normal SSH or HTTPS session For details on using the Secure Shell see Telnet Access on page 112 and for details on using HTTPS see Enabling HTTPS Web Access on page 116 Note Allow SSH and HTTPS access on the Nokia IP40 before you establish the sessions from OOB dial in For more details see Configuring Virtual Servers on page 96 Remote Configuration Mode in the N...

Page 140: ...11 Configuring Nokia IP40 Through Out of Band Management 140 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 141: ... Logging Configuration Exporting the Nokia IP40 Security Platform Configuration Upgrading Firmware Resetting Nokia IP40 Security Platform to Factory Defaults Host Name Configuration by Using the CLI Use the following commands to view or change your platform host name show hostname set hostname name For more information on setting the host name see Nokia IP40 Security Platform CLI Reference Guide V...

Page 142: ...r UDP Nokia IP40 supports local event logging which you can view from Reports Event Log Up to 100 events can be logged here You can also configure an external syslog server by using the following method To configure an external syslog server 1 Click Setup from the main menu and select the Logging tab The Logging page appears 2 Enter the IP address for the syslog server in the Syslog Server field N...

Page 143: ...dition to the above utiliities you can also use the following utilities by using the command exec arp netstat nslookup ping tcpdump traceroute To use the network utilities from the Nokia IP40 GUI 1 Click Setup from the main menu and select the Tools tab The Tools page appears 2 Select either ping traceroute or WHOIS from the IP Tools drop down list depending on the tool you want to use 3 Enter the...

Page 144: ...ture when the device is accidentally misconfigured and the original configuration needs to be restored You can use the configuration file cfg which includes all the IP40 settings to backup and restore the settings Exporting the Nokia IP40 Security Platform Configuration You can export the Nokia IP40 Security Platform configuration to a cfg file and use this file to back up and restore IP40 setting...

Page 145: ...he Save As dialog box appears 4 Browse to a destination directory of your choice 5 Type a name for the configuration file and click Save The cfg configuration file is created and saved to the specified directory Importing the Nokia IP40 Security Platform Configuration To restore the configuration of your appliance from a configuration file you must import the file ...

Page 146: ...e following In the Import Settings field type the full path to the configuration file or Click Browse and browse to the configuration file 4 Click Upload A Confirmation message appears 5 Click OK IP40 settings are imported A success message appears 6 Click OK The Tools page reappears Note You can use the HTTP TFTP FTP SCP protocols through the IP40 CLI for configuration export and import For addit...

Page 147: ...ice you must update your firmware manually To update firmware manually 1 Click Setup on the main menu The Firmware page appears 2 Click Firmware Update The Firmware Update page appears 3 Click Browse A browse window appears 4 Select the firmware file that you purchased 5 Click Upload 6 The IP40 firmware is updated This might take one minute When the update is complete the IP40 restarts automatical...

Page 148: ...install a product key 1 Click Setup on the main menu 2 Click the Firmware tab The Firmware page appears 3 Click Upgrade Product The Setup wizard opens with the Install Product Key dialog box displayed 4 Select Product Key 5 In the Product Key field enter the new product key 6 Click Next ...

Page 149: ...opens with https support nokia com agreement SOHOregister html 9 Click Finish IP40 restarts and the Welcome page appears Dynamic DNS The Nokia IP40 Security Platform supports the use of a domain name without requiring a permanent IP address on the Internet This is useful for Nokia Horizon Manager to locate the IP40 devices that it manages by the host names that are used at remote office and branch...

Page 150: ...nce Guide Version 1 1 Resetting Nokia IP40 Security Platform to Factory Defaults You can reset Nokia IP40 to its default settings When you reset your IP40 it reverts to the state it was originally in when you purchased it and your firmware reverts to the version that shipped with the device Caution Resetting to factory defaults erases all of your settings and password information You must set a ne...

Page 151: ...ing the Reset Button The Restore Defaults button is inside a hole on the back panel of Nokia IP40 To press the button use a large flat tipped object such as a thick paper clip Pressing the Restore Defaults button for seven seconds restores all IP40 settings back to factory defaults The button works only after booting is complete and the green light must be illuminated to activate the button The st...

Page 152: ...12 Configuring Device Functions 152 Nokia IP40 Security Platform User s Guide v1 1 Note You can also reset your Nokia IP40 to factory defaults by using the GUI or the CLI and remote config mode ...

Page 153: ... the Event Log You can track network activity by using the event log The event log displays the last 100 events in the following categories Events highlighted in Green indicate the traffic accepted by the firewall Events highlighted in Blue indicate changes in your setup that you made or that are the result of a security update implemented by your service center Events highlighted in Red indicate ...

Page 154: ...r and a window displays the name of the entity to whom the IP address is registered and their contact information This information is useful in tracking down external attacks Viewing Active Computers The Viewing Active Computers option allows you to view the currently active computers on your network In the Active Computers report licensed computers are shown in green Computers that did not pass t...

Page 155: ...d by your license a warning message appears and the computers that exceed the node limit are marked in red These computers might not be able to access the Internet through IP40 Note To increase the number of computers that your license allows you must upgrade your product If desired click Refresh to refresh the display 2 To view node limit information a Click Node Limit The Node Limit window appea...

Page 156: ...etwork and the external world The active connections are displayed as a list specifying source IP address destination IP address and port and the protocol used TCP UDP and so on To view active connections 1 Click Reports on the main menu and then choose Active Connections The Active Connections page appears 2 Do the following Click Refresh to refresh the display To view information about the desti...

Page 157: ...unnel is created whenever your computer attempts to communicate with a computer at the VPN site after you have logged on to the site When you log off all open tunnels connecting to a VPN site are closed To view VPN tunnels 1 Click Reports on the main menu The Event Log page appears 2 In the submenu click VPN Tunnels The VPN Tunnels page appears with a table of open tunnels to VPN sites Table 22 VP...

Page 158: ...mmary To view the diagnostics summary 1 From the main menu select Setup Tools The Tools page appears 2 Click Diagnostics on the right side 3 The Diagnostics window opens The following figure shows a sample section of the diagnostics window that displays information about your IP40 Encryption Type Type of encryption used to secure the connection followed by the type of authentication used to verify...

Page 159: ...Viewing Reports on Nokia IP40 Security Platform Nokia IP40 Security Platform User s Guide v1 1 159 4 5 Use the scroll bar to view more information ...

Page 160: ...13 Viewing Reports 160 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 161: ... corporate network remotely available to authorized users such as employees working from home who connect to the VPN server by using VPN clients A VPN gateway can be connected to another VPN gateway in a permanent bidirectional relationship The two connected networks function as a single network A connection between two VPN sites is called a VPN tunnel VPN tunnels encrypt and authenticate all traf...

Page 162: ... Satellite Gateway Nokia IP40 Satellite Gateway Nokia IP40 Satellite Gateway Check Point NG AI NG FP3 FP2 FP1 Nokia IP40 Satellite Check Point NG AI using VPN 1 Edge Embedded Gateway Check Point Smart LSM using VPN 1 Edge Embedded ROBO Gateway SecuRemote Check Point NG AI NG FP1 FP2 VPN 1Edge Embedded Gateway RAS community Check Point Smart LSM VPN 1Edge Embedded ROBO Gateway Check Point NG AI NG ...

Page 163: ...lite both provide VPN functionality Nokia IP40 Tele license contains a VPN client and can act as a VPN server Nokia IP40 satellite can act as a VPN client a VPN server or a VPN gateway To set up your IP40 as a VPN server 1 Click VPN on the main menu The VPN Server page appears 2 Drag the Enabled Disabled lever to Enabled The VPN server is enabled 3 Follow the procedures in Setting Up Remote VPN Ac...

Page 164: ...loading it from the VPN site select Download Configuration This option automatically configures your VPN settings by downloading the network topology definition from the VPN server Note You can download the network configuration only if you are connecting to a Check Point VPN 1 or Nokia IP40 Security Platform To provide the network configuration manually select Specify Configuration To route all n...

Page 165: ...om the VPN gateway s system administrator c In the configure backup gateway column type the name of the VPN gateway to use if the primary VPN gateway fails Note The backup gateway can be configured only in case of Check Point Multiple Entry Point For information about how to configure the primary and secondary Check Point management stations see the Check Point Multiple Entry Point document d Clic...

Page 166: ... The Contacting VPN Site window appears 5 Click Next Proceed to Completing Site Creation on page 169 Note The automatic login option in the GUI is supported for Nokia IP40 Satellite X and only manual login is available for Nokia IP40 Tele license Configuring Site to Site VPN If you selected site to site VPN the VPN Gateway Address window appears To configure a site to site VPN gateway 1 Enter the ...

Page 167: ...ion the Authentication window appears 5 if the topology is to be downloaded a Enter the Topology username and Topology password b Check Use Shared Secret or Use Certificate depending on the secure communication method to be used c If you choose Use Shared Secret enter the Shared Secret 6 If Specify Configuration option is selected the following window appears ...

Page 168: ...up to three destination network addresses at the VPN site to which you want to connect b In the Subnet mask column select the subnet masks for the destination network addresses Note Obtain the destination networks and subnet masks from the VPN site system administrator c Click Next The Authentication window appears ...

Page 169: ... the VPN site You may choose any name 2 Click Next The VPN Site Created window appears a Enter the Site name b If the Keep Alive Option is selected enter the Host IP address The connection is kept active by sending packets to the IP address that you enter 3 Click Finish The VPN Sites page reappears If you added a VPN site the new site appears in the VPN Sites list If you edited a VPN site the modi...

Page 170: ...te If you chose manual login log on to a VPN site every time you want to access the VPN site You can log on to a VPN site either through the Nokia IP40 GUI or the my vpn page When you log on a VPN tunnel is established Only the computer from which you logged on can use the tunnel To share the tunnel with other computers in your home network you must log on to the VPN site from those computers usin...

Page 171: ...d password in the appropriate fields 5 Click Connect If your IP40 is configured to automatically download the network configuration the IP40 downloads the network configuration If you specified a network configuration when you add the VPN site the IP40 attempts to create a tunnel to the VPN site The VPN Login Status dialog box and the Connecting window appears When the IP40 is finished connecting ...

Page 172: ...Platform User s Guide v1 1 Logging On Through my vpn Note You do not need to know the my firewall page administrator s password to use the my vpn page To log on to a VPN site through the my vpn page 1 Go to http my vpn The VPN Login window appears ...

Page 173: ...og box closes Closing the browser or dismissing the VPN Login Status box also terminates the VPN session within a short time Installing VPN Certificates A digital certificate is a secure means of authenticating the Nokia IP40 Security Platform to other VPN gateways The certificate is issued by the Certificate Authority CA to entities such as gateways users or computers The entity then uses the cer...

Page 174: ...cate page appears as follows 2 Click Install Certificate The certificate page appears as follows 3 Click Browse to open a file browser Locate and select the file 4 Click Upload you will be prompted to enter the pass phrase 5 Type the pass phrase that your received from the network administrator 6 Click Ok Your certificate is installed and a success message appears 7 Click Ok ...

Page 175: ...t uses Check Point Large Scale Manager and the dynamically configured IP40 security platform that uses the DAIP The certificate created on the Check Point NG AI can be uploaded to the IP40 Satellite To upload VPN certificates and to create a dynamic VPN site by using Check Point Smart LSM 1 Click Services on the main menu and then choose Connect The Subscription Services wizard appears 2 Enter the...

Page 176: ...ding the Pre compiled Security Policy For traditional policy management solutions create a customized policy for each individual customer You can upload the customized High Medium Low pfz file from the SmartCenter server to the Nokia IP40 Security Platform The Check Point INSPECT engine enables you to dynamically update a security policy adding support for new applications and attaching signatures...

Page 177: ...e filename is the name of the file downloaded Installing the Security Policy by Using GUI You can install the security policy by using the graphical user interface GUI also The procedure is described in the following sections To install the security policy by using GUI 1 Click Setup on the main menu The Firmware window appears 2 Click Firmware Update The Firmware Update window appears ...

Page 178: ...e See Running Diagnostics on page 221 for more information VPN Scenarios Nokia IP40 Security Platform supports the following VPN scenarios Note The following sections provide only an introduction to the VPN scenarios supported by Nokia IP40 Security Platform They DO NOT discuss the complete usage scenario For more information about usage scenarios contact the Nokia support site Nokia IP40 as VPN S...

Page 179: ...ite X VPN server solution in which two IP40 devices a Check Point SecuRemote and a Check Point SecureClient act as VPN clients that download topology information from the IP40 Satellite X VPN server Figure 6 SecuRemote and SecureClient to Satellite X Setting Up Nokia IP40 Satellite X Configure a VPN tunnel between SecuRemote and IP40 Satellite X To set up IP40 Satellite X 1 Add a User 2 Enable VPN...

Page 180: ... IP40 Remote access VPN with VPN 1 For more information on remote access VPNs see Configuring Remote Access VPNs on page 164 Setting Up the Nokia IP40 Tele 8 as VPN Client You can configure the IP40 Tele 8 as a VPN client To enable the VPN client functionality in your IP40 device If you have subscribed to security services then connect with your service provider or enterprise and receive a securit...

Page 181: ...site click Edit in the desired VPN site row If you click the option a the Nokia VPN Site Wizard opens as shown in the following window 3 Click Next The VPN Gateway Address dialog box appears 4 Enter the IP address of the VPN gateway to connect to as given by the network administrator 5 Click Next The VPN Network Configuration dialog box appears ...

Page 182: ... network traffic from the VPN site Note You can download the network configuration only if you are connecting to a Check Point VPN 1 or Nokia IP40 Satellite X VPN Gateway To specify configuration 7 If you chose Specify Configuration in the preceding procedure a dialog box appears 8 Enter destination network address and subnet mask of the site to connect Note Obtain destination network and subnet m...

Page 183: ...x appears 1 Click Next the Network Topology is downloaded from the specified VPN gateway The VPN Login page appears 2 Follow steps 9 to 13 in To specify configuration on page 182 to proceed The VPN sites page updates with the added VPN sites If you edited a VPN site the modifications are reflected in the VPN sites list To route all traffic If you chose Route All Traffic in Adding VPN sites by usin...

Page 184: ...using the following procedure VPN Gateway do the following Define the second VPN site as a site to site VPN gateway by using the following procedure Define the first VPN site as a site to site VPN gateway To add or edit VPN sites by using Nokia IP40 Satellite X 1 Click VPN on the main menu 2 The VPN Server page appears 3 In the VPN submenu click VPN Sites The VPN Sites page appears with a list of ...

Page 185: ...PN tunnels with the Phase I negotiation used In order to see the Phase II negotiation refer to Reports Active Connections and point the mouse on the lock symbol of the FTP HTTPS SSH traffic passing through the VPN tunnel Nokia IP40 Tele to IP40 Satellite X VPN Client to Gateway Nokia IP40 Tele 8 functions in VPN client mode in which connection is initiated only by the VPN client Nokia IP40 Tele 8 ...

Page 186: ...rsion 4 1 FP1 FP2 FP3 NG or NG AI For more information see Check Point documentation Setting Up Nokia IP40 Tele 8 Configure a VPN tunnel between an IP40 Tele 8 and an IP40 Satellite X Setting Up Check Point Server Open the Check Point policy editor and select the Firewall 1 VPN 1 workstation object that will receive the VPN 1 Edge Embedded gateway session request For more information see Check Poi...

Page 187: ...4 In the policy editor create a rule with the following parameters Source User any Destination any Through remote access community Target NG AI firewall object Note You can also use Check Point FP3 or FP4 in place of NG AI Nokia Satellite X to Nokia Satellite X VPN Gateway to Gateway The VPN configuration between Nokia IP40 Satellite X and another Nokia IP40 Satellite X enables you to establish si...

Page 188: ...our VPN should function Use of NAT and No NAT modes offer great flexibility NAT mode allows you to define VPNs at peer gateway sites without knowing the protected network behind the IP40 devices To access a resource that is protected by a VPN in NAT mode you must contact the hiding Internet address of the VPN gateway Your request is then forwarded to the correct computer in the protected network a...

Page 189: ...2 are uses routable IP addresses Figure 9 No NAT Mode NAT Mode Use NAT mode in site to site VPNs where bidirectional initiation of traffic between networks using public IP addresses is required NAT Mode shows two instances of a site to site VPN gateways in NAT mode Figure 10 NAT Mode Solution A Nokia IP40 Satellite X to VPN 1 Site to Site VPN Hosts on Network 1 establish the TCP IP connection to t...

Page 190: ...tation with enforcement module Enter 255 255 255 0 as the subnet mask 6 In the Destination Network text box 2 enter the network address behind the secondary Check Point management station with enforcement module Enter 255 255 255 0 as the subnet mask 7 Enter the IP address of the secondary Check Point management station in the Backup Gateway field For information about how to configure the primary...

Page 191: ...oint Virtual Private Network documentation Nokia IP40 Satellite X to Check Point FP3 or DAIP You can use Nokia IP40 Satellite X as a VPN server to establish a VPN connectivity with Check Point FP3 server by using Check Point FP3 DAIP object Setting Up Check Point FP3 Configure a VPN tunnel between an IP40 Satellite X and Check Point FP3 server To set up Check Point FP3 1 Define a DAIP object Enabl...

Page 192: ...ass phrase that you use to create the certificate 4 Click OK When you create a VPN connection between IP40 Satellite X and Check Point FP3 select Use Certificate instead of Use Shared Secret Nokia IP40 Satellite X to Check Point SmartCenter FP3 NG AI You can use Nokia IP40 Satellite X as a VPN server to establish a VPN connectivity with SmartCenter FP3 NG AI server by using VPN 1 Edge Embedded gat...

Page 193: ...t is known to both the IP40 Satellite X and the VPN 1 Server Setting Up Check Point SmartCenter NG AI by Using Certificates with Smart LSM Configure the Check Point SmartCenter NG AI for a VPN connection with Nokia IP40 Satellite X using Certificates with Smart LSM To set up Check Point Smart LSM 1 Define a VPN 1 Edge Embedded ROBO gateway with a dynamic IP address on the Smart LSM 2 Create a Chec...

Page 194: ...click New Site 8 Specify the IP address of the Check Point NG AI management station and check the Unrestricted 9 Click Next 10 Select Specify Configuration 11 Enter the Destination network and the subnet mask 12 Click Next 13 Click Use Certificate 14 Click Next 15 Click Finish Note In order to download the certificate from Check Point NG AI and create a VPN site manually on the Nokia IP40 use the ...

Page 195: ...Cluster for site to site VPN Authentication supported preshared secret Perfect Forward Secrecy supported The following scenarios are supported Nokia VPN Gateway to Nokia IP40 Satellite X in Unrestricted mode in this mode traffic is encrypted between the gateways subnets network A to network B Nokia VPN Gateway to Nokia IP40 Satellite X in Restricted mode in this mode traffic is encrypted between t...

Page 196: ...e solution is to forward traffic through a central VPN 1 Router to which both DAIP modules connect Mimicking the architecture of Frame Relay networks for an easier migration from traditional networks to IP based network using IPsec VPN Enabling simple configuration for branch offices by hiding from it the entire network while allowing them full connectivity Mesh VPN Support This section explains m...

Page 197: ...ing It includes the following topics Starting Your Subscription Services Sofaware Security Management Portal Automatic and Manual Updates Managing with Nokia Horizon Manager Check Point SmartCenter LSM For information about how to use Sofaware Management Center to configure subscription services like Web filtering email antivirus and software updates see Deploying Nokia IP40 with Sofaware Manageme...

Page 198: ...ubscription Services dialog box displayed 3 Make sure that I wish to connect to a Service Center check box is checked 4 Do the following To specify a Service Center do the following Select Specified In the Specified text box enter the IP address of the desired Service Center as given to you by the service center 5 Click Next The Connecting screen appears ...

Page 199: ...thentication a second Service Center Login dialog box appears Do the following a Enter your gateway ID and registration key in the appropriate fields as given to you by your service provider b Click Next The Connecting window appears The Confirmation dialog box appears with a list of services to which you are subscribed ...

Page 200: ... If a new firmware is available the IP40 downloads it This can take several minutes When the download is complete the IP40 restarts by using the new firmware The Welcome page appears The services to which you are subscribed are now available on your IP40 and listed as such on the Account page For more information see Viewing Service Information from the Account Page on page 201 ...

Page 201: ...k the Account tab The Account page appears Table 24 Account Page Fields Field Description Service Center Name Name of the Service Center to which you are connected if known Subscription will end on Date on which your subscription to services ends Service Services available in your service plan Subscription Status of your subscription to each service Subscribed Not Subscribed Status Status of each ...

Page 202: ...o access your service center Web site which might offer additional configuration options for your account To configure your account 1 Click Services in the main menu and click the Account tab The Account page appears 2 In the Service Account area click Configure Note If no additional settings are available from your service center this button does not appear Your service center Web site opens 3 Fo...

Page 203: ...r available on your IP40 Sofaware Security Management Portal The SofaWare Management Center SMC is a Web based application for managing and configuring the SofaWare Security Management Portal SMP SofaWare managed security platform enables centralized management of a large number of firewalls embedded in residential broadband access devices or gateways Note Configure the management servers by using...

Page 204: ...ering is enabled access to Web content is restricted according to the categories specified under Allow Categories Adult users can view Web pages with no restrictions only after they provide the administrator password from the Web filtering popup window Note If you are remotely managed contact your service center to change these settings To enable or disable Web filtering 1 Click Services in the ma...

Page 205: ...le categories marked with a plus mark are blocked and require the administrator password for viewing Note If you are remotely managed contact your service center to change these settings To allow or block a category 1 In the Allow Categories area click the check mark or the plus sign next to the desired category 2 Click Apply To temporarily disable Web filtering 1 Click Services in the main menu a...

Page 206: ... the Web Filtering page the button changes to Snooze If you clicked Resume in the Web Filtering Off popup window the popup window closes Virus Scanning Enabling this option results in automatic scanning of your email for the detection and elimination of all known viruses and vandals Enabling or Disabling Email Antivirus This section gives you information about how to enable or disable the email an...

Page 207: ...upwards or downwards Email Antivirus is enabled or disabled for all internal network computers Selecting Protocols for Scanning If you are locally managed you can define which protocols should be scanned for viruses Email retrieving POP3 If enabled all incoming email in the POP3 protocol is scanned Email sending SMTP If enabled all outgoing email is scanned Protocols marked with a check mark are s...

Page 208: ...esired protocol 2 Click Apply Temporarily Disabling Email Antivirus If you are having problems sending or receiving email you can temporarily disable the email antivirus service To temporarily disable Email Antivirus 1 Click Services in the main menu and click the Email Antivirus tab The Email Antivirus page appears 2 Click Snooze Email antivirus is temporarily disabled for all internal network co...

Page 209: ...ivirus Off popup window the popup window closes Automatic and Manual Updates If you are subscribed to Software Updates you can check for new security and software updates Checking for Software Updates when Locally Managed If your Nokia IP40 security platform is locally managed you can set it to automatically check for software updates or you can set it so that software updates can be checked manua...

Page 210: ...atic Manual level downwards The IP40 does not check for software updates automatically 4 To manually check for software updates click Update Now The system checks for new updates and installs them Checking for Software Updates When Remotely Managed If your IP40 is remotely managed it automatically checks for software updates and installs them without user intervention However you can still Check f...

Page 211: ...ty Platform 1 Click Devices in the main menu and choose Create Devices to create an IP40 device 2 Click Nokia Small Office Series Platform IP40 for device type 3 In the Device text box type the Device Name IP40 or the IP address 4 Click Yes for Use Secure connection 5 Type the device login and password 6 Click OK at the bottom of the menu Your IP40 device is created For more details see Nokia Hori...

Page 212: ...s open by sending packets from IP40 to the VPN 1 gateway To configure NG AI and Nokia IP40 Security Platform for site to site by using LSM profiles on Check Point 1 Enable LSM in the command prompt type LSMenabler on and reset the FW services 2 Open SmartDashboard and define a new VPN 1 edge embedded ROBO profile 3 Name the LSM profile and click OK 4 Click Save on SmartDashboard and close Open Sma...

Page 213: ...aying feature specific information to the enabling console and optionally to the log file You can configure debug levels through the CLI for the following features VRRP DDNS Dial up HAD The performance of the device does not get affected even if debugging is disabled But when debugging is enabled for many features it can affect the primary firewall and VPN task of Nokia IP40 Debugging should be en...

Page 214: ...uld I do Check for the following Check if the PWR LED is active If not check the power connection to the IP40 Check if the WAN LED is on If not check the network cable to the modem and make sure the modem is turned on Check if the LAN LED for the port that your computer uses is on If not check if the network cable linking your computer to the IP40 is connected properly Use your web browser to go t...

Page 215: ...rnet Explorer the application searches for an Internet connection This is unnecessary since I am connected through the IP40 What should I do For Internet Explorer versions 5 and 6 do the following 1 Open the browser 2 On the Tools menu click Internet Options then click the Connections tab 3 For each item in the Dial up Settings list do the following a Select the item b Select Never dial a connecti...

Page 216: ... Platform to Factory Defaults on page 219 This will erase all your settings I cannot connect to a VPN site using IP40 Satellite or IP40 Tele What should I do Check whether your VPN client has a problem Do one of the following If you are using IP40 Tele add the demo Check Point VPN site using the procedure Adding and Editing VPN Sites using IP40 Tele as follows In the VPN Gateway Address dialog box...

Page 217: ...tages of the IP40 such as broad application support and high performance I cannot open http my firewall page when the LAN address is changed What should I do Renew the IP address of the computer using ipconfig I cannot connect to the HTTPS server in the DMZ What should I do Ensure that HTTPS access to the device is enabled I cannot establish HTTPS session to the device even when the HTTPS access t...

Page 218: ...tificate Ensure that the certificate used in the device is the one associated to the certificate created for this gateway on Smart Center FP3 Failed to Create VPN tunnel invalid certificate Ensure that the certificate used is not expired Failed to Create VPN tunnel invalid cert encoding Ensure that the certificate used is PKCS 12 format Error Message Verify Failed to Create VPN tunnel payload malf...

Page 219: ...ge appears The Firmware page displays a table with the following information Resetting the IP40 Security Platform to Factory Defaults You can reset to factory defaults with the GUI or by manually pressing the Reset button For more information see Resetting Nokia IP40 Security Platform to Factory Defaults on page 150 Table 25 Firmware Status Field Description Firmware Version the current version of...

Page 220: ...upgrade the firmware To upgrade the firmware using the console and LAN 1 Connect to the console Use admin and password as the default username and password The following message appears Welcome to IP40 failsafe login admin password You will see the following message displayed on the console Device is running in failsafe mode You must upgrade the device immediately 2 Specify the LAN IP address and ...

Page 221: ...s 2 After booting dial in to the appliance with username admin and password password Note IP40 uses the IP address 192 168 40 1 for the dial up interface 3 Open a Telnet session to IP40 by using the preceding IP address and username password information 4 Upload the firmware file to the device by using FTP or TFTP You are prompted to confirm firmware upgrade when the upload is completed 5 Upgrade ...

Page 222: ...0 Security Platform User s Guide v1 1 3 Click Diagnostics Technical information about the IP40 appears in a new window 4 To refresh the contents of the window click Refresh The contents are refreshed 5 To close the window click Close ...

Page 223: ...of safety or performance and could result in violation of part 15 of the FCC Rules When installing the IP40 ensure that the vents are not blocked Do not use the IP40 outdoors Do not expose the IP40 to liquid or moisture Do not expose the IP40 to extreme high or low temperatures Do not drop throw or bend the IP40 since rough treatment could damage it Do not use any accessories other than those appr...

Page 224: ...A Specifications 224 Nokia IP40 Security Platform User s Guide v1 1 Do not route the cables in a walkway or in a location that will crimp the cables ...

Page 225: ...ive clients in order to market MSP s managed services and to use the Software to provide managed services provided that each copy of the Software is used solely on behalf of and for the benefit of a single client on the single piece of equipment provided by Nokia An MSP may discontinue use of the Software on behalf of one client and use the Software to provide managed services to another single cl...

Page 226: ... or electrical stress misuse negligence or accident 4 has been used in ultra hazardous activities or 5 has been used in such a way that Nokia cannot reasonably reproduce the Software error Furthermore the above warranty does not apply to any portion of the product supplied by a third party In no event does Nokia warrant that the Software is error free or that the Customer will be able to operate i...

Page 227: ... performance whatsoever due to reasons beyond its reasonable control 8 TERM AND TERMINATION This Agreement is effective until terminated The license to the Software granted by Nokia will terminate upon any attempt by Customer to transfer or assign the Software this Agreement or any rights or obligations hereunder without Nokia s prior written consent In addition Nokia may terminate this Agreement ...

Page 228: ...agreement are commercial items and are deemed to be commercial computer software and commercial computer software documentation Consistent with the Federal Acquisition Guidelines and related laws any use modification reproduction release performance display or disclosure of such commercial software or commercial software documentation by the US Government shall be governed solely by the terms of t...

Page 229: ...PAYMENT TO THE PLACE YOU OBTAINED IT FOR A FULL REFUND 1 DEFINITIONS 1 1 Product means the object code copy of the software program provided to You in connection with this Agreement together with the associated original electronic media and or associated hardware devices and all accompanying manuals and other documentation and together with all enhancements upgrades and extensions thereto that may...

Page 230: ...use or examine any source code or design documentation relating to the Product 2 2 Standard User Restrictions If You are a Standard User the Products are licensed to You solely for use by You for Your own operations No Product nor any portion thereof may be used by or on behalf of accessed by re sold to rented to or distributed to any other party 2 3 Managed Service Provider Restrictions If You ar...

Page 231: ...day evaluation period or in the event that SofaWare advises You that discussions with respect to a licensing transaction have terminated then Your rights under this Agreement shall terminate and You shall promptly return all Product to the representative that supplied the Product 3 MAINTENANCE AND SUPPORT SofaWare has no obligation to provide support maintenance upgrades modifications or new relea...

Page 232: ... the above limitations may not apply to You This warranty gives You specific legal rights You may have other rights which vary from jurisdiction to jurisdiction 7 2 Limitation of Liability EXCEPT FOR PERSONAL INJURY IN NO EVENT WILL SOFAWARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DAMAGES ARISING OUT OF THE SUBJECT MATTER OF THIS AGREEMENT THE PRODUCT OR ANY SERVICES UNDER ANY CONTRACT NEGLIGE...

Page 233: ...eement and the remainder of the provisions of this Agreement shall remain in full force and effect The laws of the State of Israel shall govern all issues arising under or relating to this Agreement without giving effect to the conflict of laws principles thereof All disputes arising under or relating to this Agreement shall be resolved exclusively in the appropriate Israeli court sitting in Tel A...

Page 234: ...C End User License Agreement 234 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 235: ... to 100 000 Date first applied 2004 conforms to the following standards Safety EN60950 1992 A1 A2 1993 A3 1995 A4 1997 A11 1998 with Japanese National Deviations EMC EN50024 EN55022B 1998 CISPR 22 Class B 1985 EN61000 3 2 EN61000 3 3 Supplementary information The product complies with the requirements of the Low Voltage Directive 73 23 EEC and the EMC Directive 89 336 EEC Alan Hutchinson Quality E...

Page 236: ...de reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this device does cause harmful inte...

Page 237: ...FCC Notice US Nokia IP40 Security Platform User s Guide v1 1 237 ...

Page 238: ...D Compliance Information 238 Nokia IP40 Security Platform User s Guide v1 1 ...

Page 239: ... 129 configuring criteria for path selection 134 configuring DDNS 150 configuring device functions 141 configuring system logging 142 date configuration 141 exporting the configuration 144 host name configuration 141 importing the configuration 145 managing configuration 144 configuring dial up with CLI 79 CLI wizard 79 configuring dial up with GUI 78 configuring external syslog server 142 configu...

Page 240: ...rnet connection 80 enabling IP40 to accept SSH requests 112 enabling or disabling Internet connection 80 using quick Internet connect or disconnect 80 enabling or disabling Telnet access 61 enabling SNMP access 120 end user license agreement 229 external BGP 134 F failsafe mode 220 failsafe mode using console 220 FCC Notice 236 firmware upgrade GUI window 147 forgot password 216 frequently asked q...

Page 241: ...es and functions of IP40 GUI elements 54 NAT mode No NAT mode 188 network protocol window 35 Network requirements 28 network requirements 28 network utilities 143 network window 34 Nokia 20 Nokia IP40 as VPN client 180 as VPN server 178 Nokia IP40 configuration methods 58 Nokia IP40 connection methods 57 using console port 58 using secure shell 62 using Telnet 60 Nokia IP40 Front Panel 31 Nokia IP...

Page 242: ...toCluster 195 site to site VPN with Windows 2000 194 SNMP configuration 119 SofaWare secure management portal 203 specifications compliance 236 emissions 236 safety 236 SSH access through OOB 139 starting your subscription services 197 T TCP IP properties window 35 TCP IP window 35 telnet window 60 temporarily disabling email antivirus 208 text conventions 16 Time configuration 141 to configure so...

Page 243: ...ndancy protocol VRRP 123 virus scanning 206 VPN 178 VPN scenarios 178 VPN topologies 162 W warranty 225 Web filtering 204 enabling Web filtering 204 selecting categories to block 205 temporarily disabling Web filtering 205 to allow or block a category 205 working with VPNs 161 ...

Page 244: ...Index 244 Nokia IP40 Security Platform User s Guide v1 1 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands