Installation Guide
Page 5
... Uses 14 Notices 14 Command-Line Conventions 14 Text Conventions 15 Related Documentation 16 1 Overview 17 About the Nokia IP390 Appliance 17 Built-In Gigabit Ethernet Ports 18 PMC Expansion Slots 19 System Status LEDs 19 Managing the IP390 Appliance 20 Site Requirements, Warnings... Interfaces 29 3 Performing the Initial Configuration 31 Using a Console Connection 31 Using Nokia Network Voyager 33 Viewing Nokia IPSO Documentation by Using Nokia Network Voyager 34 Using the Command-Line Interface 35 Using Nokia Horizon Manager 36 IP390 Security Platform Installation Guide 5
... Uses 14 Notices 14 Command-Line Conventions 14 Text Conventions 15 Related Documentation 16 1 Overview 17 About the Nokia IP390 Appliance 17 Built-In Gigabit Ethernet Ports 18 PMC Expansion Slots 19 System Status LEDs 19 Managing the IP390 Appliance 20 Site Requirements, Warnings... Interfaces 29 3 Performing the Initial Configuration 31 Using a Console Connection 31 Using Nokia Network Voyager 33 Viewing Nokia IPSO Documentation by Using Nokia Network Voyager 34 Using the Command-Line Interface 35 Using Nokia Horizon Manager 36 IP390 Security Platform Installation Guide 5
Installation Guide
Page 9
Tables Table 1 Command-Line Conventions 14 Table 2 Text Conventions 15 Table 3 Specifications for the IP390 Platform 17 Table 4 PMC Network Interface Card Slots 19 Table 5 System Status LEDs 20 Table 6 Pin Assignments Console Connector and Cable 28 Table 7 Pin Assignments for AUX Connector and Modem Cable 28 IP390 Security Platform Installation Guide 9
Tables Table 1 Command-Line Conventions 14 Table 2 Text Conventions 15 Table 3 Specifications for the IP390 Platform 17 Table 4 PMC Network Interface Card Slots 19 Table 5 System Status LEDs 20 Table 6 Pin Assignments Console Connector and Cable 28 Table 7 Pin Assignments for AUX Connector and Modem Cable 28 IP390 Security Platform Installation Guide 9
Installation Guide
Page 14
.... It might appear alone or precede one or more options. For example: delete interface nic1 Indicates arguments for a compiled Nokia product. For example: retry-limit 60 14 IP390 Security Platform Installation Guide Table 1 Command-Line Conventions Convention Description command This required element is usually the product name or other short word that you must spell...
.... It might appear alone or precede one or more options. For example: delete interface nic1 Indicates arguments for a compiled Nokia product. For example: retry-limit 60 14 IP390 Security Platform Installation Guide Table 1 Command-Line Conventions Convention Description command This required element is usually the product name or other short word that you must spell...
Installation Guide
Page 15
... Conventions Convention Description Square brackets [ ] Indicates optional arguments. Menu commands Menu commands are literal symbols that you must enter as shown. Conventions this extension exactly as shown, immediately after the name ... font Indicates command syntax, or represents computer or screen output, for example: Log error 12453 bold monospace font Indicates text you enter or type, for a compiler or preprocessor argument. Punctuation and mathematical notations are linked by a greater than sign (>): Choose File > Open. IP390 Security Platform Installation ...
... Conventions Convention Description Square brackets [ ] Indicates optional arguments. Menu commands Menu commands are literal symbols that you must enter as shown. Conventions this extension exactly as shown, immediately after the name ... font Indicates command syntax, or represents computer or screen output, for example: Log error 12453 bold monospace font Indicates text you enter or type, for a compiler or preprocessor argument. Punctuation and mathematical notations are linked by a greater than sign (>): Choose File > Open. IP390 Security Platform Installation ...
Installation Guide
Page 16
...the Nokia IP390 Security Platform Installation Guide in PDF on the Nokia IPSO operating system CD issued with your Nokia IP390 security platform. Check Point documentation is available from Nokia Network Voyager. Italics • Emphasizes a point or denotes new terms at : http:// www.checkpoint.com/ 060306 16 IP390 Security Platform...to this guide and other documents shipped with your appliance, documentation for this guide in PDF on the Nokia support Web site (https:// support.nokia.com/) and on the Nokia support site (https://support.nokia.com). Do not press the Return or Enter ...
...the Nokia IP390 Security Platform Installation Guide in PDF on the Nokia IPSO operating system CD issued with your Nokia IP390 security platform. Check Point documentation is available from Nokia Network Voyager. Italics • Emphasizes a point or denotes new terms at : http:// www.checkpoint.com/ 060306 16 IP390 Security Platform...to this guide and other documents shipped with your appliance, documentation for this guide in PDF on the Nokia support Web site (https:// support.nokia.com/) and on the Nokia support site (https://support.nokia.com). Do not press the Return or Enter ...
Installation Guide
Page 21
... Manager can occur if you to easily configure Nokia IP appliances from the command line. Warning Hazardous radiation exposure can also accomplish with the CLI. Caution Replace the battery only with Network Voyager-manage, monitor, and configure the IP390 appliance-you use the product near water. IP390 Security Platform Installation Guide 21 Warning To reduce the risk...
... Manager can occur if you to easily configure Nokia IP appliances from the command line. Warning Hazardous radiation exposure can also accomplish with the CLI. Caution Replace the battery only with Network Voyager-manage, monitor, and configure the IP390 appliance-you use the product near water. IP390 Security Platform Installation Guide 21 Warning To reduce the risk...
Installation Guide
Page 31
...the admin password? Will you use Nokia Network Voyager for initial configuration, see "Connecting to provide the initial configuration information the first time the appliance is the interface speed? IP390 Security Platform Installation Guide 31 3 Performing the Initial ... a Console Connection Using Nokia Network Voyager Using the Command-Line Interface Using Nokia Horizon Manager For information about console connections, see the Read Me First document. This chapter describes how to a Nokia IP390 appliance, the initial configuration process begins....
...the admin password? Will you use Nokia Network Voyager for initial configuration, see "Connecting to provide the initial configuration information the first time the appliance is the interface speed? IP390 Security Platform Installation Guide 31 3 Performing the Initial ... a Console Connection Using Nokia Network Voyager Using the Command-Line Interface Using Nokia Horizon Manager For information about console connections, see the Read Me First document. This chapter describes how to a Nokia IP390 appliance, the initial configuration process begins....
Installation Guide
Page 35
IP390 Security Platform Installation Guide 35 Using the Command-Line Interface Figure 8 Nokia Network Voyager Reference Access Points Link to complete user documentation Link to inline help (context sensitive help) Using the Command-Line Interface You can also use the Nokia IPSO command-line interface (CLI) to the appliance by using . 2. To access the command-line interface 1. For information about...
IP390 Security Platform Installation Guide 35 Using the Command-Line Interface Figure 8 Nokia Network Voyager Reference Access Points Link to complete user documentation Link to inline help (context sensitive help) Using the Command-Line Interface You can also use the Nokia IPSO command-line interface (CLI) to the appliance by using . 2. To access the command-line interface 1. For information about...
Installation Guide
Page 36
... Horizon Manager concentrates on secure software image, inventory, and management of Nokia security appliances that contains load commands commands. For more about how to access and use the CLI, see "Nokia Contact Information" on a...IP390 Security Platform Installation Guide You must be the name of the Network Voyager management functionality. Using Horizon Manager, a network security professional can obtain configuration information, upgrade (or downgrade) the operating system, perform application installations, and distribute necessary licensing to multiple appliances...
... Horizon Manager concentrates on secure software image, inventory, and management of Nokia security appliances that contains load commands commands. For more about how to access and use the CLI, see "Nokia Contact Information" on a...IP390 Security Platform Installation Guide You must be the name of the Network Voyager management functionality. Using Horizon Manager, a network security professional can obtain configuration information, upgrade (or downgrade) the operating system, perform application installations, and distribute necessary licensing to multiple appliances...
Installation Guide
Page 55
Use Network Voyager to configure and activate the logical and physical interfaces on page 40. IP390 Security Platform Installation Guide 55 The status indicators for the two-port copper Gigabit Ethernet NIC, see "Two-Port Copper Gigabit Ethernet ... The IP390 appliance automatically detects any new NIC when the appliance is restarted. For information about accessing Network Voyager, see "Using Nokia Network Voyager" on page 33. Tighten the retaining screws that hold the chassis tray assembly. Monitoring Network Interface Cards You can also use the Nokia IPSO tcpdump command to ...
Use Network Voyager to configure and activate the logical and physical interfaces on page 40. IP390 Security Platform Installation Guide 55 The status indicators for the two-port copper Gigabit Ethernet NIC, see "Two-Port Copper Gigabit Ethernet ... The IP390 appliance automatically detects any new NIC when the appliance is restarted. For information about accessing Network Voyager, see "Using Nokia Network Voyager" on page 33. Tighten the retaining screws that hold the chassis tray assembly. Monitoring Network Interface Cards You can also use the Nokia IPSO tcpdump command to ...
Installation Guide
Page 60
... detected by using Nokia Network Voyager or the command-line interface (CLI) Compact flash-memory PC card and accompanying documentation Caution To avoid potential equipment malfunction, Nokia recommends that can support a flash-memory PC card having a capacity of the appliance. Before You Begin... appliance by your appliance, and you are notified through your console connection. 60 IP390 Security Platform Installation Guide Turn on page 3. The eject button to the appliance or loss of the slot should be flush with the card. The card is firmly seated in Nokia ...
... detected by using Nokia Network Voyager or the command-line interface (CLI) Compact flash-memory PC card and accompanying documentation Caution To avoid potential equipment malfunction, Nokia recommends that can support a flash-memory PC card having a capacity of the appliance. Before You Begin... appliance by your appliance, and you are notified through your console connection. 60 IP390 Security Platform Installation Guide Turn on page 3. The eject button to the appliance or loss of the slot should be flush with the card. The card is firmly seated in Nokia ...
Installation Guide
Page 61
... files to the left of the card. Use the cp command to transfer Nokia IPSO images or configuration files to and from the compact flash memory to the flash-memory PC card, use the following command if you do not use Nokia Network Voyager to prevent the card from ejecting too quickly. ... by using . For back up your appliance: mount /dev/wd1 /cdrom Or, if you push the eject button to configure the flash-memory PC card as an optional disk, you must mount the flash-memory PC card when you insert it : umount /cdrom 6. IP390 Security Platform Installation Guide 61 You do have...
... files to the left of the card. Use the cp command to transfer Nokia IPSO images or configuration files to and from the compact flash memory to the flash-memory PC card, use the following command if you do not use Nokia Network Voyager to prevent the card from ejecting too quickly. ... by using . For back up your appliance: mount /dev/wd1 /cdrom Or, if you push the eject button to configure the flash-memory PC card as an optional disk, you must mount the flash-memory PC card when you insert it : umount /cdrom 6. IP390 Security Platform Installation Guide 61 You do have...
Installation Guide
Page 77
...), choose the option to restore or reload an IP390 appliance. Solution Contact the Nokia customer support site listed in Chapter 3, "Performing the Initial Configuration". Create the new default configuration. For information about how to complete the full installation procedure, see "Using Nokia Network Voyager" on page 3. IP390 Security Platform Installation Guide 77 However, the password is...
...), choose the option to restore or reload an IP390 appliance. Solution Contact the Nokia customer support site listed in Chapter 3, "Performing the Initial Configuration". Create the new default configuration. For information about how to complete the full installation procedure, see "Using Nokia Network Voyager" on page 3. IP390 Security Platform Installation Guide 77 However, the password is...
Installation Guide
Page 80
...to 1483 Devices Problem Remote and local devices are set to use the tcpdump command, see "Using Nokia Network Voyager" on each network. Nokia does not support larger MTU sizes. 80 IP390 Security Platform Installation Guide Solution Verify that the client is enabled on the interfaces ... Use tcpdump to the same VC and VP values. Under Routing Options in the Routing Configuration section in use the following command: ipsctl ifphys:logical interface:max_rxlabel Problem Encapsulation is not 1500 (for Ethernet interfaces) or 16018 (for Gigabit Ethernet interfaces). Problem...
...to 1483 Devices Problem Remote and local devices are set to use the tcpdump command, see "Using Nokia Network Voyager" on each network. Nokia does not support larger MTU sizes. 80 IP390 Security Platform Installation Guide Solution Verify that the client is enabled on the interfaces ... Use tcpdump to the same VC and VP values. Under Routing Options in the Routing Configuration section in use the following command: ipsctl ifphys:logical interface:max_rxlabel Problem Encapsulation is not 1500 (for Ethernet interfaces) or 16018 (for Gigabit Ethernet interfaces). Problem...
Installation Guide
Page 81
...command at the boot manager prompt, as shown in this example: BOOTMGR> set , and it is properly seated at the source, take appropriate action such as shown in . Solution You can verify what the current boot manager settings are set -defaults IP390 Security Platform Installation Guide 81 Appliance locks up after you upgrade Nokia... .. Make sure it responds by issuing a printenv command at the boot manager prompt as inserting a new fuse or resetting circuit breaker. No error messages appear, but the appliance stops responding to determine that no power at both ends...
...command at the boot manager prompt, as shown in this example: BOOTMGR> set , and it is properly seated at the source, take appropriate action such as shown in . Solution You can verify what the current boot manager settings are set -defaults IP390 Security Platform Installation Guide 81 Appliance locks up after you upgrade Nokia... .. Make sure it responds by issuing a printenv command at the boot manager prompt as inserting a new fuse or resetting circuit breaker. No error messages appear, but the appliance stops responding to determine that no power at both ends...
Installation Guide
Page 82
... the Monitor page in this information from which you issue the printenv command again, the boot-file and boot-device entries are available to restart your appliance. For information about the ICLID command, see "Using Nokia Network Voyager" on page 33. 82 IP390 Security Platform Installation Guide For information about how to access Network Voyager and...
... the Monitor page in this information from which you issue the printenv command again, the boot-file and boot-device entries are available to restart your appliance. For information about the ICLID command, see "Using Nokia Network Voyager" on page 33. 82 IP390 Security Platform Installation Guide For information about how to access Network Voyager and...
Installation Guide
Page 83
... 0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111 In addition, several types of available commands. Problem OSPF is properly configured for OSPF. IP390 Security Platform Installation Guide 83 You can also enable several trace options are available. exit get help quit show hostname | ... routing updates for that are logged in /var/tmp/ ipsrd.log. For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide. BGP, O - OSPF, E - You can enable these options under the routing options in OSPF routing. static,...
... 0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111 In addition, several types of available commands. Problem OSPF is properly configured for OSPF. IP390 Security Platform Installation Guide 83 You can also enable several trace options are available. exit get help quit show hostname | ... routing updates for that are logged in /var/tmp/ ipsrd.log. For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide. BGP, O - OSPF, E - You can enable these options under the routing options in OSPF routing. static,...
Installation Guide
Page 84
... a protocol that the appliance supports and exchange routes with RIP Use tcpdump to view routing information. Common Problems Exchanging Routes Always enter a metric value if you follow all steps. 84 IP390 Security Platform Installation Guide Follow the tasks in the Nokia Network Voyager Reference Guide ... in /var/tmp/ipsrd.log. Problem Exchanging routes are logged in Network Voyager, you can also use the tcpdump command, see "Using Nokia Network Voyager" on each link are identical. Note You can also enable several configuration steps. These traces are not configured...
... a protocol that the appliance supports and exchange routes with RIP Use tcpdump to view routing information. Common Problems Exchanging Routes Always enter a metric value if you follow all steps. 84 IP390 Security Platform Installation Guide Follow the tasks in the Nokia Network Voyager Reference Guide ... in /var/tmp/ipsrd.log. Problem Exchanging routes are logged in Network Voyager, you can also use the tcpdump command, see "Using Nokia Network Voyager" on each link are identical. Note You can also enable several configuration steps. These traces are not configured...
Installation Guide
Page 93
Index A appliance 17 auxiliary port connecting to the 26 pin assignments 28 B battery holder 73 location 72 replacing 70 built-in Gigabit ...for 45 Channel Service Unit/Data Service Unit see CSU/DSU Check Point VPN-1 requirements 22 command-line interface (CLI) overview 21 using the 35 compact flash memory card (internal) Nokia IPSO storage 17 replacing 57 compliance information 89 declaration of conformity 89 FCC notice 92 statements... 39 connecting to 38 crossover-cable pin connections 39 front panel 38 IEEE 802.3ab compliance 38 LEDs 38 IP390 Security Platform Installation Guide Index - 93
Index A appliance 17 auxiliary port connecting to the 26 pin assignments 28 B battery holder 73 location 72 replacing 70 built-in Gigabit ...for 45 Channel Service Unit/Data Service Unit see CSU/DSU Check Point VPN-1 requirements 22 command-line interface (CLI) overview 21 using the 35 compact flash memory card (internal) Nokia IPSO storage 17 replacing 57 compliance information 89 declaration of conformity 89 FCC notice 92 statements... 39 connecting to 38 crossover-cable pin connections 39 front panel 38 IEEE 802.3ab compliance 38 LEDs 38 IP390 Security Platform Installation Guide Index - 93
Installation Guide
Page 94
... status 19 M memory (RAM) DIMM socket locations 67 replacing 66 specification upgrading 66 modem, connecting to the 28 monitoring appliances 19 multicast traffic 17 multi-mode, fiber-optic cable 44 N network interface cards see NICs network interfaces connecting to 29 NICs... interface specifications 88 specifications 17, 88 T1 45 Nokia Horizon Manager overview 21 using the 36 Nokia IPSO command-line interface (CLI) 35 reference documentation 34 requirements 22 transferring images 61 Nokia Network Voyager opening 33 overview 20 using 33 Index - 94 IP390 Security Platform Installation Guide
... status 19 M memory (RAM) DIMM socket locations 67 replacing 66 specification upgrading 66 modem, connecting to the 28 monitoring appliances 19 multicast traffic 17 multi-mode, fiber-optic cable 44 N network interface cards see NICs network interfaces connecting to 29 NICs... interface specifications 88 specifications 17, 88 T1 45 Nokia Horizon Manager overview 21 using the 36 Nokia IPSO command-line interface (CLI) 35 reference documentation 34 requirements 22 transferring images 61 Nokia Network Voyager opening 33 overview 20 using 33 Index - 94 IP390 Security Platform Installation Guide