background image

Installing the Nokia Secure Access System Gateway

10

Nokia Secure Access System Getting Started Guide

Security Platforms

The following Nokia IP security appliances support Nokia Secure Access System v3.0:

„

Nokia IP130

„

Nokia IP350

„

Nokia IP380

„

Nokia IP1260

Note
To run Nokia Secure Access System, the appliance must have at least 256 MB of RAM 
installed. For optimum performance, Nokia recommends that at least 512 MB be installed.

Operating System

The following versions of Nokia IPSO-SB support Nokia Secure Access System v3.0:

„

v3.7 Build 34, 39, 41

„

v3.7.1 Build 7, 10, 12, 16

„

v3.8 Build 31, 34, 39

Client Operating Systems

The following client operating systems are supported:

„

Microsoft Windows operating systems:

„

98 SE

„

ME and ME Pocket PC

„

NTv4, 2000 with SP4

„

XP Home and Professional, with SP1 and SP2

„

CE

„

Red Hat versions 7.3, 8.0, and 9.0

„

MAC OS X

Note
All operating systems must have the most current version of service packs applied to be 
supported.

Содержание NPS6113000 - Secure Access System

Страница 1: ...Nokia Secure Access System Getting Started Guide Version 3 0 Part No N450867004 Rev A Published November 2004 ...

Страница 2: ...by Nokia Inc as is and any express or implied warranties including but not limited to implied warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall Nokia or its affiliates subsidiaries or suppliers be liable for any direct indirect incidental special exemplary or consequential damages including but not limited to procurement of substitute goods or serv...

Страница 3: ...199 Outside USA and Canada 1 512 437 7089 email ipsecurity na nokia com Europe Middle East and Africa Nokia House Summit Avenue Southwood Farnborough Hampshire GU14 ONG UK Tel UK 44 161 601 8908 Tel France 33 170 708 166 email ipsecurity emea nokia com Asia Pacific 438B Alexandra Road 07 00 Alexandra Technopark Singapore 119968 Tel 65 6588 3364 email ipsecurity apac nokia com Web Site https suppor...

Страница 4: ...4 Nokia Secure Access System Getting Started Guide ...

Страница 5: ...tial Configuration 13 Configuring Nokia Network Voyager Settings 14 Enabling Nokia Network Voyager Web Access with SSL 15 Installing the Nokia Secure Access Package 15 Determining If the Package Is Preinstalled 16 Initializing When the Package Is Preinstalled 17 Installing the Package with Nokia Network Voyager 17 Before you Start 17 Obtaining the Package 17 Transferring the Package with FTP 17 In...

Страница 6: ...ng Started Guide Installing the License 33 Configuring a User 37 Configuring a Group 39 Adding a User to a Group 40 Configuring a Web Resource 41 Configuring Access Control Lists for a Web Resource 44 Specifying User Portal Settings 45 ...

Страница 7: ...rview of the technologies that the Nokia Secure Access System uses see the Nokia Secure Access System Technology Overview Conventions This Guide Uses This document uses the following conventions Notices Note Notes provide information of special interest or recommendations Web User Interface Conventions Throughout this guide a greater than sign with spaces before and after the sign is used to indic...

Страница 8: ...ensure that your changes are saved before you go to a new configuration page Related Documentation For supporting documentation check the Nokia Secure Access System v3 0 CD ROM for the following documents Nokia Secure Access System Release Notes v3 0 Nokia Secure Access System Technology Overview v3 0 Nokia Secure Access System Configuration Guide v3 0 Nokia Secure Access System User s Guide v3 0 ...

Страница 9: ... Secure Access System Note Your Nokia appliance ships with the Nokia Secure Access System package installed If the package is not installed you can install it by using Nokia Network Voyager For more information see Installing the Package with Nokia Network Voyager on page 17 Nokia Secure Access System Requirements This section describes the hardware and software required to run Nokia Secure Access...

Страница 10: ...rmance Nokia recommends that at least 512 MB be installed Operating System The following versions of Nokia IPSO SB support Nokia Secure Access System v3 0 v3 7 Build 34 39 41 v3 7 1 Build 7 10 12 16 v3 8 Build 31 34 39 Client Operating Systems The following client operating systems are supported Microsoft Windows operating systems 98 SE ME and ME Pocket PC NTv4 2000 with SP4 XP Home and Profession...

Страница 11: ...d later Installation Tasks Overview Table 1 list the common tasks and steps for installing the Nokia Secure Access System Table 1 Nokia Secure Access System Task Overview Check box Task overview Where to find information Install and connect the hardware Installing the Hardware on page 13 of this guide Configure the appliance Configure Nokia IPSO Perform the initial configuration Configure Nokia Ne...

Страница 12: ...g a Group on page 39 of this guide Add a user to a group Adding a User to a Group on page 40 of this guide Configure Web resources Configuring a Web Resource on page 41 of this guide Configuring file resources Nokia Secure Access System Configuration Guide v3 0 Configuring email resources Nokia Secure Access System Configuration Guide v3 0 Configuring authentication methods Authenticating users at...

Страница 13: ...our appliance before you install the Nokia Secure Access System package For more information about configuring IPSO see the Nokia Voyager Reference Guide Performing Initial Configuration This section describes how to perform initial configuration of the Nokia IP security platform The first time you supply power to your Nokia appliance the initial configuration process begins This process enables y...

Страница 14: ...he Nokia IPSO operating system With Network Voyager you can manage monitor and configure the appliance from any authorized location within the network by using a Web browser To access Nokia Network Voyager 1 Enter the URL of the appliance into your Web browser by using either the appliance IP address or hostname for example http gateway example com 2 When prompted authenticate to Network Voyager w...

Страница 15: ...enter the encryption level you are entering the minimum level of encryption you require Encryption is stronger by default if your Web browser supports it 6 Click Apply Note Replace http with https in your browser window before you click Save because you are enabling a secured connection 7 Click Save IPSO includes a default sample certificate and private key for testing purposes only and do not pro...

Страница 16: ...installed it still needs to be activated To determine if the package is preinstalled 1 From the Nokia Network Voyager main page select System Configuration 2 From the Voyager Configuration page select Manage Installed Packages The Manage Packages page opens If the list of the installed packages includes a package named Nokia Secure Access System activate the package See Activating the Package with...

Страница 17: ...of Nokia IPSO you can upgrade to a newer version by obtaining the Nokia IPSO installation file from http support nokia com First you should check for compatibility between Nokia IPSO and Nokia Secure Access System versions at https support nokia com register productsSupported jsp ems Then you can install this file by using Nokia Network Voyager Obtaining the Package If the Nokia Secure Access Syst...

Страница 18: ...ecure Access System package beginning with step 4 of To install or upgrade the package with Nokia Network Voyager Installing or Upgrading the Package with Nokia Network Voyager This section describes how to install the package by using Nokia Network Voyager Table 2 shows by version number which directory the package installs to on the appliance These are some of the previous Nokia Secure Access Sy...

Страница 19: ...upgrade the package with Nokia Network Voyager 1 From the Nokia Network Voyager main page select System Configuration 2 From the Voyager Configuration page select Manage Installed Packages The Manage Packages page opens 3 From the Manage Packages page select FTP and Install Packages The FTP Packages page opens ...

Страница 20: ... Installation and Upgrade page refreshes and displays the package name class version and description On some platforms you might see the message Timeout waiting for response from database server when completing this step If this occurs click Up to return to the Manage Packages page then select FTP and Install Packages The link to install and upgrade the package will be visible on the FTP Packages ...

Страница 21: ...click the following link located in the bottom left corner of the window Click here to finish the initial configuration If you are installing a package the Nokia Secure Access page opens and begins to generate the random number seed If you are upgrading the package the Nokia Secure Access page opens Note The Nokia Secure Access System page shows that the system is creating the random number seed T...

Страница 22: ...the package is disabled continue to Activating the Package with Nokia Network Voyager on page 22 Activating the Package with Nokia Network Voyager Disable any other packages including firewall and VPN packages before you activate the Nokia Secure Access System package This section describes how to activate the package with Nokia Network Voyager To activate the Nokia Secure Access System package 1 ...

Страница 23: ...ctivated and enabled Note During the installation Nokia Network Voyager is moved off of port 80 or 443 so that Nokia Secure Access System can use those ports If you are not already on the Nokia Secure Access page by following the link after you install the package access this page from the Nokia Network Voyager main page by selecting Security and Access Configuration The Voyager Configuration page...

Страница 24: ...n management is enabled in Network Voyager you can select Acquire Exclusive Configuration Lock when you log on to Network Voyager If you acquire this lock before you install and enable the Nokia Secure Access System package the lock does not clear when the Network Voyager Web server port switches from port 80 to 8080 or from port 443 to 8443 When you log on to Network Voyager after the port change...

Страница 25: ... not supported To access the CLI 1 Log on to the appliance by using a command line connection SSH console or Telnet over a TCP IP network For example telnet 10 5 189 21 2 Sign on by using the username admin and use the admin password To install the package from the CLI 1 From the command line enter newpkg n opt packages nsas_3_0_0_ timestamp tgz The following options appear Load new package from 1...

Страница 26: ... opt nsas old version m ftp l username s ip addr of ftp server p password n directory location nsas_3_0_0_ timestamp tgz For example newpkg o opt nsas 1 3 0 m ftp l jsmith s 10 10 22 23 p password n eng newbuilds nsas_3_0_0_2004040514 tgz Table 3 newpkg Options Option Description d Print debug messages to the screen h Display help lines for command line parameters i Install only do not activate l ...

Страница 27: ... 4 or your applicable path The following response appears Do you want to upgrade from nsas 3 0 0 to nsas3 0 0 y n 4 Enter y The following response appears End of new package installation cleaning up done Signing On to the Gateway as the Administrator After you install activate and enable the Nokia Secure Access System package you can sign on to the gateway as the Administrator from the Sign on pag...

Страница 28: ...oes not appear in the links under the Security and Access Configuration heading the package is not installed or activated See Installing the Nokia Secure Access Package on page 15 2 Click Nokia Secure Access System The Nokia Secure Access System page opens 3 Click the following link Click here to sign on to the Nokia Secure Access System ...

Страница 29: ...tor password in the Password text box As an administrator sign on by using the username admin and the same password you used to access Nokia Network Voyager or the Nokia IPSO CLI Note The Sign On page shows the currently enabled language for the user interface By default English is enabled Nokia Secure Access System supports language packs that allow users to view the system in multiple languages ...

Страница 30: ...ay 30 Nokia Secure Access System Getting Started Guide The Nokia Secure Access System configuration page opens From the Nokia Secure Access System configuration pages the administrator can manage and configure the Nokia Secure Access System gateway ...

Страница 31: ...scription General Configure general gateway settings including gateway logging exporting and importing the gateway configuration file entering and updating a new server license You can also view a summary of the gateway status and enable configuration sharing Global Properties Configure access control network settings the appearance of the user interface enable language packs configure Nokia Secur...

Страница 32: ...ntication scheme 1 From the configuration menu choose User Configuration Users The Manage Users page opens 2 Click the username of the admin user The General Properties for the admin user page opens 3 Choose one of the options for Admin User Authentication Authenticate admin user by using the standard Nokia IPSO authentication Authenticate admin user by using the general authentication methods For...

Страница 33: ...ense page and matches the serial number located on the Nokia Secure Access gateway Use the LAC and Host Identifier number to generate the license from the Nokia License Center When you submit a purchase order to Nokia or your reseller for Nokia Secure Access System the hardware is shipped from the factory A License Authentication Code LAC is emailed to the email address on the purchase order and i...

Страница 34: ...our login name and password or Click Register if you are a first time visitor If you are a first time visitor your username and password is emailed to you after you complete the new user registration process 4 Enter the LAC in the dialog box Access this dialog box after you are logged in to the License Center with your username and password ...

Страница 35: ...Click Generate The license is generated 8 Enter the company name and user email address that the license is to be sent to 9 Click Confirm 10 To save the file do one of the following Click Save for File or Copy and paste the information between Begin License and End License The license is emailed to you You might want to add the lic extension when you name the license Note Nokia recommends that you...

Страница 36: ...ccess System no license file is present on the gateway 2 To upload a new license in the File Name text box enter the file name of the license file stored on your computer or click Browse to locate the file 3 Click Upload New License The license is uploaded to the gateway and the Configure License page refreshes The license feature details show the number of simultaneous users that the gateway supp...

Страница 37: ... external authorization servers To configure a user that authenticates to an external server see the Nokia Secure Access System Configuration Guide v3 0 To add a new user 1 From the configuration menu choose User Configuration Users The Manage Users page opens 2 Click New User The General Properties for User page opens 3 Click Locally Defined and enter the Username For example jsmith Usernames can...

Страница 38: ...make sure that the Allow checkbox next to Local Password is checked default 7 Under Identification click Set Local Password The Local Password page opens 8 Enter and confirm the password for the new user The password must contain at least eight characters The default is eight characters but this number is configurable The password cannot contain spaces colons or control characters For information ...

Страница 39: ... user s portal page To add a new user group 1 From the configuration menu choose User Configuration User Groups The Manage User Groups page opens 2 Click New User Group The General Properties for User Group page opens 3 Enter the Group Name and Description for the new group For example Finance in the Group Name text box and Finance Department in the Description text box Group names can contain ASC...

Страница 40: ...er Configuration Users The Manage Users page opens 2 Click the name of the user from the Username list box For example jsmith The General Properties for User page opens 3 Click Edit List in User Group Memberships The Edit User Groups page opens 4 Select the groups to add then click Add For example Finance 5 Click Save Settings The new group is added to the Users General Properties page Note You ca...

Страница 41: ...he Manage Web Resources page opens 2 Click New Resource The Properties for Web Resource page opens 3 Enter the Identification information including Resource Name Description Portal Link Text and check the check box to specify that pass through link credentials should be used For example Nokia in the Resource Name text box and Nokia Web site in the Description text box Resource names can contain AS...

Страница 42: ...Installing the Nokia Secure Access System Gateway 42 Nokia Secure Access System Getting Started Guide ...

Страница 43: ...itrix Nfuse Classic Web server check the check box to specify that the Web resource is a Citrix Web server b Specify the access control settings Do not perform access control on connections to MetaFrame servers default Use the Global Rules to perform access control on connections to MetaFrame servers 7 Specify the proxy settings You can configure Web resources to use No proxy the gateway communica...

Страница 44: ...to the new resource Configuring Access Control Lists for a Web Resource Use the Simple Access Control pages to configure access control lists ACLs and select which user groups are allowed or denied access to the Web resource To configure ACLs for a Web resource 1 From the General Properties Web Resource page click the Access Control Simple tab The Simple Access Control page for the resource opens ...

Страница 45: ...ss the user portal pages to specify user portal properties for the Web resource These settings determine the list of resources on the Main Page of the user portal For instance if you configure a Web resource in the portal settings the user sees a link to the defined resource from the user portal page Note You can also put the users in a group and configure the group portal To configure user portal...

Страница 46: ...now include the portal settings of all user groups to which the user belongs For more information about user and group settings see the Nokia Secure Access System Configuration Guide v3 0 5 Specify the Resource settings a To add a Web resource click Edit List for Web Resources b Select the resource to add then click Add For example Nokia c Click Save Settings d Click Return to Portal Properties ...

Страница 47: ...b resources by clicking the Web resource links from the Resources page in the user portal An example of the user portal page follows For information about how to configure file email or port forwarding resources see the Nokia Secure Access System Configuration Guide v3 0 Note When the administrator is viewing the Nokia Secure Access System configuration page they can access their own portal page b...

Страница 48: ...Installing the Nokia Secure Access System Gateway 48 Nokia Secure Access System Getting Started Guide ...

Отзывы: