manualshive.com logo in svg

Nokia IPSO IP350, Инструкция по установке, Страница: 1 / 20

Поделиться
Скачать
Nokia IPSO IP350 Скачать руководство пользователя страница 1

Check Point NG FP3 step-by-step Install guide on NOKIA IPSO 

By Brandon E. Robrahn 

 

INTRO 

This document is to be used as a reference on how to install a NOKIA IP350 with Check Point NG FP3.  In this 
document I have provided a step-by-step reference guide on loading a NOKIA IP350 with IPSO version 
3.7.1Build010, and Check Point version NG FP3.  Voyager and command line were both used in this guide; this is 
just one way that a NOKIA device can be configured as a Check Point Firewall.  Not all of the patches and hot fixes 
for these versions are shown in this document.  There was only one patch applied to this device, this was simply to 
show how to apply it to the NOKIA.  The two vulnerabilities that have to be addressed when using this version of 
Check Point and IPSO are:  

1.  Hot fix Accumulator 325 
2. Open 

SSL 

vulnerability 

After using this document as a reference guide (not a configuration guide), you should be able to put the device in 
line and connect it to a management server with out any issues.  This document guides you from entering in the 
hostname of the firewall, and ends with applying the default filter and running CPCONFIG.  Good luck with your 
install and thanks for using this guide as a reference on how to configure a Check Point firewall.         
 

           
           
                                                                                                          

After the start up script runs you will be prompt to enter a hostname, if you hit enter it will get rid of the text 
so that you can type the hostname that you choose.  Listed below is an actual screen shot taken from 
Secure CRT of how an install is performed.  I used 

red

 text in the areas where you need to type in 

commands to configure this Firewall.       

 

 
 
 
        Please choose the host name for this system.  This name will be used  
        in messages and usually corresponds with one of the network hostnames 
        for the system.  Note that only letters, numbers, dashes, and dots (.) 
        are permitted in a hostname. 
 
Hostname? 

fw-test

 

Hostname set to "fw-test", OK? [ y ] ? 

y

  

 
Please enter password for user admin:  

password

 

Please re-enter password for confirmation:  

password  

 
 
You can configure your system in two ways: 
 
    1) configure an interface and use our Web-based Voyager via a remote 
       browser 
    2) VT100-based Lynx browser 
 
Please enter a choice [ 1-2, q ]: 

1

 

 
 
Select an interface from the following for configuration: 
 
    1) eth1 
    2) eth2 
    3) eth3 
    4) eth4 
    5) quit this menu 
 
Enter choice [1-5]: 

1

 

 
Enter the IP address to be used for eth1: 

10.0.0.1

 

 

Содержание IPSO IP350

Страница 1: ...firewall and ends with applying the default filter and running CPCONFIG Good luck with your install and thanks for using this guide as a reference on how to configure a Check Point firewall After the start up script runs you will be prompt to enter a hostname if you hit enter it will get rid of the text so that you can type the hostname that you choose Listed below is an actual screen shot taken f...

Страница 2: ...ling 10baseT UTP port in half duplex mode netlog eth1 enabling 100baseTX UTP port in full duplex mode done Apr 28 16 08 20 fw test LOG_INFO kernel netlog eth4 enabling 10baseT UTP port in half duplex mode Apr 28 16 08 20 fw test LOG_INFO kernel netlog eth2 enabling 10baseT UTP port in half duplex mode Apr 28 16 08 20 fw test LOG_INFO kernel netlog eth3 enabling 10baseT UTP port in half duplex mode...

Страница 3: ... are going to change it to the correct version by installing a new IPSO image from an FTP server using Voyager Voyager is web based you are able to configure almost everything via Voyager To access the Voyager web page type in http 10 0 0 1 and then enter the user name and password Any interface that is configured on this NOKIA can be used to get access to Voyager NOTE Leave the SSH connection run...

Страница 4: ...that you have an FTP Server loaded on your PC EXAMPLE 3COM Server Make sure that your FTP Server is configured for Anonymous that way you don t have to type in a user name and password Type ftp 10 0 0 2 ipso_3_7_1_Build007 tgz I am using IPSO 3 7 1 build 007 for an example you use whatever IPSO version that is current or that you want to use Now click on Apply Click on the Apply button one more ti...

Страница 5: ... install When the install is finished the screen will look like the one shown below The install is now complete and you need to reboot your NOKIA device Before you reboot click on Manage IPSO images including REBOOT and Next Boot Image Selection located at the bottom of the page ...

Страница 6: ...ge click on Test Boot NOTE Test boot is used incase something happens when you re rebooting this way you can revert back to the old version and no harm was done This is a precautionary measure After selecting Test Boot you will see the page shown above Wait about 5 minutes and then hit the Refresh button at the top of the page ...

Страница 7: ...he steps to install Check Point NG FP3 on this NOKIA device Follow the steps by typing in the commands shown in red listed below During this process you will be asked if you want to download certain images hot fixes or packages Only choose the one that says Do you want to download CP_FP3_IPSO tgz For all of the other prompts type n and wait until they have all been addressed NOTE If you are using ...

Страница 8: ...hname to the packages or exit to exit Loading Package List Do you want to download cpinfo_ipso_550000007 tgz yes default or no or exit n Skipping package cpinfo_ipso_550000007 tgz Do you want to download cpshared_NG_FP3_53267_2_Nokia tgz yes default or no or exit n Skipping package cpshared_NG_FP3_53267_2_Nokia tgz Do you want to download CP_FP3_IPSO tgz yes default or no or exit y Processing pack...

Страница 9: ...IT PKG_INSTALL etc newpkg S m LOCAL i n CPfwbc 41 fw 1_ipso tgz May 6 21 32 43 fw test LOG_CRIT PKG_INSTALL May 6 21 32 43 fw test LOG_CRIT PKG_INSTALL May 6 21 32 56 fw test LOG_CRIT PKG_INSTALL May 6 21 32 56 fw test LOG_CRIT PKG_INSTALL etc newpkg S m LOCAL i n CPdtps 50 polsrv_ipso tgz May 6 21 32 56 fw test LOG_CRIT PKG_INSTALL May 6 21 32 56 fw test LOG_CRIT PKG_INSTALL etc newpkg S m LOCAL ...

Страница 10: ...ll May 6 21 33 21 fw test LOG_CRIT PKG_INSTALL 2 Run cpconfig and configure the firewall May 6 21 33 21 fw test LOG_CRIT PKG_INSTALL 3 Install the new License if required May 6 21 33 21 fw test LOG_CRIT PKG_INSTALL 3 Install the new License if required May 6 21 33 21 fw test LOG_CRIT PKG_INSTALL 4 Reboot the box May 6 21 33 21 fw test LOG_CRIT PKG_INSTALL 4 Reboot the box May 6 21 33 21 fw test LO...

Страница 11: ...gz Do you want to download RSNS_NokiaRelease_7_0_2003_62 tgz yes default or no or exit n Skipping package RSNS_NokiaRelease_7_0_2003_62 tgz End of new package installation cleaning up done Use Voyager to activate packages fw test admin You can now log back into Voyager by typing http 10 0 0 1 if you click on Config then click on Manage Installed Packages under System Configuration your screen shou...

Страница 12: ...Click on SNMP and make sure that it is turned off If you click on UP it will take you back to the Configuration screen NOTE Your configuration may be different from the guide if you need SNMP enabled This is up to you if you want to use it Under Security and Access Configuration click on Network Access and Services make sure that Telnet and FTP are turned off If you click on UP it will take you ba...

Страница 13: ...s is turned on so that you can manage your NOKIA box via SSH Under Security and Access Configuration click on SSL Certificate Tool here is where you configure your SSL certificate After clicking on SSL Certificate Tool you should see the screen shown below Enter the same data shown below into the configuration for your certificate you are creating The pass phrase can be whatever you choose When ...

Страница 14: ...s a certificate and a private key in it you need to copy the entire text that is listed After highlighting the entire certificate right click and select copy After you have copied the certificate scroll to the bottom of the screen and click on the Voyager SSL certificate page that is shown below ...

Страница 15: ...u are doing Now you should be back to the page where you can copy the Private Key this is the one below the Server Certificate After you copy the key click on the green arrow that allows you to advance to the previous page in IE Netscape or whatever you are using Now that you are back to the area shown below paste the Private Key in the area that reads Associated Private Key You will then need to ...

Страница 16: ...ger After selecting the radio button click on Apply and Save You should still see that same screen shown above if you click on UP you will get the error message The page cannot be displayed You are getting this error message because you need to change the URL to use HTTPS rather then HTTP As soon as you put an S behind HTTP and hit enter you will be back to the Voyager configuration page ...

Страница 17: ...d you can move on to the second to last step of the configuration All of the appropriate patches and hot fixes should be applied at this time I will demonstrate one for you it is best to use the directory var tmp NOTE Make sure that your FTP server is running for this portion You can get all of the current patches and hot fixes on Check Point s website fw test admin cd var tmp fw test admin ls ls ...

Страница 18: ...25 installation completed successfully fw test admin fw1_HOTFIX_HFA_325_332553950_1 Do you want to proceed with installation of Check Point VPN 1 FireWall 1 NG FP3 Support HFA 325 for Check Point VPN 1 FireWall 1 NG FP3 on this computer If you choose to proceed installation will perform CPSTOP y yes else no y SVN Foundation cpd is not running SVN Foundation cpWatchDog is not running SVN Foundation...

Страница 19: ...of license agreement Do you accept all the terms of this license agreement y n y Select installation type 1 Enforcement Module 2 Enterprise Management 3 Enterprise Management and Enforcement Module 4 Enterprise Log Server 5 Enforcement Module and Enterprise Log Server Enter your selection 1 5 a abort 1 1 Would you like to install a Check Point clustering product CPHA CPLS or State Synchronization ...

Страница 20: ...is will shut the device down properly and you can then hit the power button in the past If you don t shut it down like this you run the risk of putting the device into Single User Mode You are all set to connect this device to your network and get the management server configured in order to apply a license and push a policy to this device About the Author Brandon E Robrahn CCSA is a Firewall Admi...

Отзывы:

Нет отзывов