Date post: | 01-Nov-2014 |
Category: |
Documents |
Upload: | david-aryanto |
View: | 35 times |
Download: | 6 times |
IP300 Series Security PlatformInstallation Guide
Part No. N450312006 Rev A
Published September 2005
Downloaded from www.Manualslib.com manuals search engine
2 Nokia IP300 Series Security Platform Installation Guide
COPYRIGHT©2005 Nokia. All rights reserved.Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGENDUse, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.
050110
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 3
Nokia Contact InformationCorporate Headquarters
Regional Contact Information
Nokia Customer Support
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or 1-650-625-2000
Fax 1-650-691-2170
Mail Address
Nokia Inc.313 Fairchild DriveMountain View, California94043-2215 USA
Americas Nokia Inc.313 Fairchild DriveMountain View, CA 94043-2215USA
Tel: 1-877-997-9199Outside USA and Canada: +1 512-437-7089email: [email protected]
Europe, Middle East, and Africa
Nokia House, Summit AvenueSouthwood, FarnboroughHampshire GU14 ONG UK
Tel: UK: +44 161 601 8908Tel: France: +33 170 708 166email: [email protected]
Asia-Pacific 438B Alexandra Road#07-00 Alexandra TechnoparkSingapore 119968
Tel: +65 6588 3364email: [email protected]
Web Site: https://support.nokia.com/
Email: [email protected]
Americas Europe
Voice: 1-888-361-5030 or 1-613-271-6721
Voice: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
050602
Downloaded from www.Manualslib.com manuals search engine
4 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 5
Contents
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Conventions this Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9About the Nokia IP300 Series Disk-Based Appliance . . . . . . . . . . 10About the Nokia IP300 Series Flash-Based Appliance . . . . . . . . . 11Managing the IP300 Series Appliance . . . . . . . . . . . . . . . . . . . . . . 12About the IP300 Series Appliance . . . . . . . . . . . . . . . . . . . . . . . . . 13
Ethernet Management Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Built-in Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Built-in AUX Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Site Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2 Installing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Connecting Power and Turning the Power on . . . . . . . . . . . . . . . . 25Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Downloaded from www.Manualslib.com manuals search engine
6 Nokia IP300 Series Security Platform Installation Guide
3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . 27Using a Console Connection to Perform the Initial Configuration . 28Accessing Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . 30
Accessing Network Voyager Reference Information. . . . . . . . . . 31Using Network Voyager to Monitor an IP300 Series Appliance . 32
Using Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4 Installing and Replacing Network Interface Cards . . . . . . . . . 35Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 36Removing, Installing, and Replacing NICs. . . . . . . . . . . . . . . . . . . 36
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . 43Monitoring Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . 43
5 Connecting PMC Network Interface Cards . . . . . . . . . . . . . . . . 45Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC . . 46
Ethernet PMC NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Connectors and Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Two-Port V2 Gigabit Ethernet Card, PMC, Copper . . . . . . . . . . . . 49Connectors and Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Two-Port Gigabit Ethernet Card, PMC, Fiber. . . . . . . . . . . . . . . . . 52Connectors and Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6 Installing and Replacing Other Components . . . . . . . . . . . . . . 55Installing a PCMCIA Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Adding or Replacing DIMMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Installing an Encryption Accelerator Card . . . . . . . . . . . . . . . . . . . 67Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 7
Installing the Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Configuring Software to Use Hardware Acceleration . . . . . . . . . 72
Replacing the Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7 Installing PC Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Installing a Flash-Memory PC Card . . . . . . . . . . . . . . . . . . . . . . 78Storing System Logs on the Flash-Memory PC Card . . . . . . . . . 78Transferring Files with the Flash-Memory PC Card . . . . . . . . . . 79
8 Using the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Viewing the Variables and Other System Parameters . . . . . . . . 84Setting the Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Other Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Booting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Using the Boot Manager to Install IPSO. . . . . . . . . . . . . . . . . . . . . 89Protecting the Boot Manager with a Password . . . . . . . . . . . . . . . 90Installing the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Upgrading the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95General Troubleshooting Information. . . . . . . . . . . . . . . . . . . . . . . 95Troubleshooting Routing Problems . . . . . . . . . . . . . . . . . . . . . . . 105
A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111NIC Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Downloaded from www.Manualslib.com manuals search engine
8 Nokia IP300 Series Security Platform Installation Guide
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 1
Figures
Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . 13Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . 14Figure 3 Ethernet Management Ports Details . . . . . . . . . . . . . . . 14Figure 4 Pin Assignments for Console Connection . . . . . . . . . . . 16Figure 5 Pin Assignments for Modem Connection . . . . . . . . . . . 17Figure 6 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . 18Figure 7 Mounting Screws Location . . . . . . . . . . . . . . . . . . . . . . 24Figure 8 Adjustable Mounting Brackets . . . . . . . . . . . . . . . . . . . . 24Figure 9 Back Panel Power Switch . . . . . . . . . . . . . . . . . . . . . . . 25Figure 10 Network Voyager Reference Access Points . . . . . . . . 31Figure 11 Four-Port Ethernet NIC Front Panel Details . . . . . . . . 46Figure 12 Two-Port Ethernet NIC Front Panel Details . . . . . . . . 47Figure 13 Output Connector for the Ethernet Cable . . . . . . . . . . 48Figure 14 Ethernet Crossover-Cable Pin Connections . . . . . . . . 49Figure 15 Two-Port V2 Gigabit Ethernet NIC, Copper . . . . . . . . 50Figure 16 Ethernet Cable Connector Output Pin Assignments . . 51Figure 17 Gigabit Ethernet Crossover Cable Pin Connections . . 52Figure 18 10/100 Ethernet Crossover Cable Pin Connections . . 52Figure 19 Two-Port Gigabit Ethernet NIC, Fiber . . . . . . . . . . . . . 53Figure 20 Hard-Disk Drive Location . . . . . . . . . . . . . . . . . . . . . . 58Figure 21 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . 63Figure 22 Battery Location in the Nokia IP300 Series Appliance 75
Downloaded from www.Manualslib.com manuals search engine
2 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 3
About this Guide
This guide describes how to install and use the Nokia IP300 Series security platforms—Nokia IP350, Nokia IP355, Nokia IP380, and Nokia IP385. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only. This preface provides the following information:
In this GuideConventions t his Guide UsesRelated Documentation
In this GuideThis guide is organized into the following chapters and appendixes:
Chapter 1, “Overview” presents a general overview of the IP300 Series appliance.Chapter 2, “Installing the Appliance” describes how to rack-mount the appliance and how to physically connect it to a network and power.Chapter 3, “Performing the Initial Configuration” describes how to make the appliance available on the network.Chapter 4, “Installing and Replacing Network Interface Cards” describes how to install, monitor, and replace network interface cards (NICs).
Downloaded from www.Manualslib.com manuals search engine
4 Nokia IP300 Series Security Platform Installation Guide
Chapter 5, “Connecting PMC Network Interface Cards” describes how to connect to and use each of the supported NICs.Chapter 6, “Installing and Replacing Other Components” describes how to install or replace PCMCIA modems, memory, the hard-disk drive, an encryption accelerator card, and the battery.Chapter 7, “Installing PC Cards” describes how to install the flash-memory PC cards.Chapter 8, “Using the Boot Manager” describes how to use the Nokia IPSO boot manager.Chapter 9, “Troubleshooting” discusses problems you might encounter and proposes solutions to these problems.Appendix A, “Technical Specifications” gives technical specifications such as interface characteristics.Appendix B, “Compliance Information” includes compliance and regulatory information.
Conventions this Guide UsesThe following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.
Notices
WarningWarnings advise the user that bodily injury might occur because of a physical hazard.
Downloaded from www.Manualslib.com manuals search engine
Conventions t his Guide Uses
Nokia IP300 Series Security Platform Installation Guide 5
CautionCautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.
NoteNotes provide information of special interest or recommendations.
Command-Line ConventionsThis section defines the elements of commands that are available in Nokia Network Security Solutions products. You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other short word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For example:delete interface if_name
Supply an interface name in place of the variable. For example:delete interface nic1
Downloaded from www.Manualslib.com manuals search engine
6 Nokia IP300 Series Security Platform Installation Guide
angle brackets < > Indicates arguments for which you must supply a value:retry-limit <1–100>
Supply a value. For example:retry-limit 60
Square brackets [ ] Indicates optional arguments.delete [slot slot_num]
For example:delete slot 3
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as shown.
Table 1 Command-Line Conventions (continued)
Convention Description
Downloaded from www.Manualslib.com manuals search engine
Conventions t his Guide Uses
Nokia IP300 Series Security Platform Installation Guide 7
Text ConventionsTable 2 describes the text conventions this guide uses.
Table 2 Text Conventions
Convention Description
monospace font Indicates command syntax, or represents computer or screen output, for example:Log error 12453
bold monospace font Indicates text you enter or type, for example:# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):Choose File > Open.
The words enter and type Enter indicates you type something and then press the Return or Enter key.Do not press the Return or Enter key when an instruction says type.
Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text.
• Indicates an external book title reference.• Indicates a variable in a command: delete interface if_name
Downloaded from www.Manualslib.com manuals search engine
8 Nokia IP300 Series Security Platform Installation Guide
Related DocumentationThe documentation set for the Nokia IP300 Series security platform consists of:
Getting Started Guide and Release Notes for the version of Nokia IPSO you are usingNokia IP300 Series Security Platform Installation Guide (this document)Nokia Network Voyager inline help feature, and Nokia Network Voyager Reference Guide (online)CLI Reference Guide for the version of Nokia IPSO you are using
You can find the Nokia IP300 Series Security Platform Installation Guide in PDF on the Nokia support site (https://support.nokia.com). You can access inline help and the Nokia Network Voyager Reference Guide from Nokia Network Voyager.
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 9
1 Overview
This guide describes the installation and use of the Nokia IP300 Series appliances–the IP350 and IP380 disk-based appliances and the IP355 and IP385 flash-based appliances. Most of the information for how to use these appliances is the same. Where differences exist between different IP300 platforms, they are noted in the documentation.The Nokia IP300 Series appliance combines the power of Nokia IPSO software with your choice of firewall, VPN, and intrusion detection security applications. These appliances are ideally suited for growing companies and satellite offices that want high-performance IP routing combined with the industry-leading Check Point VPN-1/FireWall-1 enterprise security suite. The small size of the IP300 Series appliance makes them ideal for installations that need to conserve space.As network devices, these appliances support a comprehensive suite of IP-routing functions and protocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicast traffic, and DVMRP for multicast traffic. The integrated router functionality eliminates the need for separate intranet and access routers in security applications.This chapter provides an overview of the IP300 Series appliance and the requirements for using it. The following topics are covered:
About the Nokia IP300 Series Disk-Based ApplianceAbout the Nokia IP300 Series Flash-Based ApplianceManaging the IP300 Series ApplianceAbout the IP300 Series Appliance
Downloaded from www.Manualslib.com manuals search engine
1 Overview
10 Nokia IP300 Series Security Platform Installation Guide
Site RequirementsProduct DisposalSoftware Requirements
About the Nokia IP300 Series Disk-Based Appliance
Both the IP350 and the IP380 share the same one-rack unit (1 RU) size and support the same selection of network interface cards. The IP350 appliance supports a minimum memory configuration of 256 MB, and a maximum memory configuration of 512 MB. The IP380 appliance supports a minimum memory configuration of 256 MB, and a maximum memory configuration of 1 GB.The Nokia IP300 Series appliance provides built-in hardware-based encryption acceleration. The IP380 appliance also supports an optional encryption accelerator card to further enhance VPN performance.
Table 3 Specifications for IP300 Series Disk-Based Appliances
Feature Nokia IP350 Nokia IP380
Maximum memory size 512 MB 1 GB
Optional encryption accelerator card
No Yes
Line cards • 2 two-port 10/100 NICs• 1 four-port 10/100 NIC• 2 two-port V2 Copper
Gigabit Ethernet NICs• 2 two-port Fiber
Gigabit Ethernet NICs
• 2 two-port 10/100 NICs• 1 four-port 10/100 NIC• 2 two-port V2 Copper
Gigabit Ethernet NICs• 2 two-port Fiber
Gigabit Ethernet NICs
Downloaded from www.Manualslib.com manuals search engine
About the Nokia IP300 Series Flash-Based Appliance
Nokia IP300 Series Security Platform Installation Guide 11
About the Nokia IP300 Series Flash-Based Appliance
Both the IP355 and the IP385 share the same one-rack unit (1 RU) size. The Nokia IP355 and IP385 flash-based appliances support the same cards as IP350 and IP380 appliances. Both flash-based appliances have a maximum memory size of 1GB.
Nokia IPSO version 3.9 3.9
Check Point (Enforcement Module support only)
Check Point NGX R60 Check Point NGX R60
Table 3 Specifications for IP300 Series Disk-Based Appliances
Feature Nokia IP350 Nokia IP380
Table 4 Specifications for IP300 Series Flash-Based Appliances
Feature Nokia IP355 Nokia IP385
Maximum memory size 1 GB 1 GB
Compact Flash 512 MB 512 MB
Optional PC card flash for logging (PCMCIA slot)
1 GB 1 GB
Optional encryption accelerator card
No Yes
Downloaded from www.Manualslib.com manuals search engine
1 Overview
12 Nokia IP300 Series Security Platform Installation Guide
Managing the IP300 Series ApplianceYou can manage the IP300 Series appliance by using one of the following interfaces:
Nokia Network Voyager—an SSL-secured, Web-based element management interface to Nokia IP security platforms. Network Voyager is preinstalled on the IP300 Series appliance and enabled through the IPSO operating system. With Network Voyager, you can manage, monitor, and configure the IP300 Series appliance from any authorized location within the network by using a standard Web browser.For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.The IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Nokia IP security platforms from the command line. Everything that you can accomplish with Network Voyager—manage, monitor, and configure the IP300 Series appliance—you can also accomplish with the CLI.
Line cards • 2 two-port 10/100 NICs• 1 four-port 10/100 NIC• 2 two-port V2 Copper
Gigabit Ethernet NICs• 1 two-port Fiber
Gigabit Ethernet NICs
• 2 two-port 10/100 NICs• 1 four-port 10/100 NIC• 2 two-port V2 Copper
Gigabit Ethernet NICs• 1 two-port Fiber
Gigabit Ethernet NICs
Optional disk No No
Nokia IPSO version 3.9 3.9
Check Point (Enforcement Module support only)
Check Point NGX R60 Check Point NGX R60
Table 4 Specifications for IP300 Series Flash-Based Appliances
Feature Nokia IP355 Nokia IP385
Downloaded from www.Manualslib.com manuals search engine
About the IP300 Series Appliance
Nokia IP300 Series Security Platform Installation Guide 13
For information about how to access the CLI, see the Nokia CLI Reference Guide for the version of Nokia IPSO you are using.Nokia Horizon Manager—a secure GUI-based software image management application. With Horizon Manager, you can securely install and upgrade the Nokia IPSO operating system, plus hardware and third-party applications such as Check Point FireWall-1 for Nokia. Horizon Manager can perform installations and upgrades on up to 2,500 Nokia IP security platforms, offering administrators the most rapid and dependable upgrade to Check Point NG.
About the IP300 Series ApplianceThe following figures show component locations for the Nokia IP300 Series appliance.
Figure 1 Component Locations Front View
Built-in Ethernet ports(10/100 Mbps)
PMC interfaces
Status LEDs Modem (AUX) port
PCMCIA slotsReset switch Console port
Downloaded from www.Manualslib.com manuals search engine
1 Overview
14 Nokia IP300 Series Security Platform Installation Guide
Figure 2 Component Locations Rear View
Ethernet Management PortsThe Ethernet management ports are located on the front of the appliance. Figure 3 shows the layout of the Ethernet management ports and link LEDs.
NoteThe Ethernet management ports are intended for management purposes. These ports do not provide the same performance as Ethernet cards in the PMC slots.
Figure 3 Ethernet Management Ports Details
CautionCables that connect to the Ethernet ports must be IEEE 802.3 compliant to prevent potential data loss.
00249
Power plugPower switch
00120
Activity LED (yellow)Link LED (green)
RJ-45 connectors
Downloaded from www.Manualslib.com manuals search engine
About the IP300 Series Appliance
Nokia IP300 Series Security Platform Installation Guide 15
NoteNokia recommends the use of shielded twisted-pair cables and connectors for best Electromagnetic Interference and Immunity performance.
The IP300 Series appliance includes two PMC (PCI mezzanine card) expansion slots for Nokia supported network interface cards. For more information, see “Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC” on page 46.
The IP300 Series appliance also includes a PCMCIA slot that supports PCMCIA modems. See “Installing a PCMCIA Modem” on page 56.
NoteNokia products only support NICs purchased from Nokia Corporation or Nokia-approved resellers. The Nokia Global Support Services group can only provide support for Nokia products that use Nokia-approved accessories. For sales or reseller information, contact a Nokia service provider listed in the “Nokia Contact Information” on page 3.
Built-in Console PortUse the built-in console port, shown in Figure 1, to supply the information that makes the appliance available on the network. Figure 4 provides pin assignment information for console connections.
Downloaded from www.Manualslib.com manuals search engine
1 Overview
16 Nokia IP300 Series Security Platform Installation Guide
Figure 4 Pin Assignments for Console Connection
7000016 9
51
Pin# Assignment Input/Output
1 DCD Input
2 RXD Input
3 TXD Output
4 DTR Output
5 GND
6 DSR Input
7 RTS Output
8 CTS Input
9 DTR Output
Downloaded from www.Manualslib.com manuals search engine
About the IP300 Series Appliance
Nokia IP300 Series Security Platform Installation Guide 17
Built-in AUX PortYou can use the AUX port, shown in Figure 1, to establish a modem connection for managing the appliance. Figure 5 provides pin assignment information for modem connections.
Figure 5 Pin Assignments for Modem Connection
700001
6 9
51
Pin Input/OutputTo DB25 Cable Out
To DB9 Cable Out
1 (DCD) Input 8 (DCD) 7 (RTS)8 (CTS)
2 (RXD) Input 2 (TXD) 3 (TXD)
3 (TXD) Output 3 (RXD) 2 (RXD
4 (DTR) Output 20 (DTR) 6 (DSR)9 (RI)
5 (GND) 7 (GND) 5 (GND)
6 (DSR) Input 6 (DSR) 4 (DTR)
7 (RTS) Output 4 (RTS) 1 (DCD)
8 (CTS) Input 5 (CTS) 1 (DCD)
9 (RI) Output 22 (RI) 4 (DTR)
Downloaded from www.Manualslib.com manuals search engine
1 Overview
18 Nokia IP300 Series Security Platform Installation Guide
Status LEDsYou can monitor the basic operation of IP300 Series appliance and network interface cards (NICs) by checking their status LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 6 shows.
Figure 6 Appliance Status LEDs
Table 5 Appliance Status LEDs
Status Indication ExplanationLED Front Panel Symbol
Solid Power on
Solid Unit is experiencing an internal Voltage problem
Blinking The unit is experiencing a temperature problem
Solid red One or more fans are not operating properly, or a 5V, 3.3V, or 12V fuse is blown
Power-status
Fan problemVoltage
!
!
Downloaded from www.Manualslib.com manuals search engine
Site Requirements
Nokia IP300 Series Security Platform Installation Guide 19
The location and meaning of the status LEDs for network interface cards are explained in Chapter 5, “Connecting PMC Network Interface Cards.”
For information on the built-in Ethernet interface LEDs, see “Ethernet Management Ports” on page 14.For information on the two-port Ethernet card LEDs, see “Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC” on page 46.
Site RequirementsBefore you install a Nokia IP300 Series appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.”
Product DisposalAt the end of its useful life, your appliance and all peripherals included with it, including power cords and cables, must be disposed of in accordance with all applicable national, state, and local laws and regulations. These devices contain materials and components that must be disposed of properly. Therefore, to help prevent damage to the environment, Nokia encourages you to dispose of these devices in an environmentally-friendly manner.The following resources are available to you to help with equipment-disposal decisions:
Many Nokia products are labeled with information about the materials used in their manufacture that can help those who will process equipment after you have disposed of it.The Nokia web site (http://www.nokia.com) provides information about our environmental programs and practices, which includes details about materials used in manufacturing and end-of-life practices. You can also find your product’s Eco Declaration, which provides basic information on the environmental attributes of the product covering material use, packaging, disassembly, and recycling.
Downloaded from www.Manualslib.com manuals search engine
1 Overview
20 Nokia IP300 Series Security Platform Installation Guide
Contact your local waste management agencies for guidelines specific to your area.
WarningHazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.
WarningAn explosion can occur if the battery is incorrectly placed. Replace only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
WarningTo reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.
CautionDo not place objects over the ventilation holes on the IP350 or IP380 appliance. The components might overheat and become damaged.
The crossed-out wheeled bin means that within the European Union the product must be taken to separate collection at the product end-of-life. This applies to your device but also to any enhancements marked with this symbol. Do not dispose of these products as unsorted municipal waste.
Downloaded from www.Manualslib.com manuals search engine
Software Requirements
Nokia IP300 Series Security Platform Installation Guide 21
CautionFor IP300 Series appliances intended for shipment outside of the United States, the cord might be optional. If a cord is not provided, use a power cord rated at 6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Software RequirementsThe Nokia IP300 Series appliance supports the following operating system and applications:
Operating System Requirements—IPSO v3.5.1, v3.7 and later. Flash-based appliances require IPSO v3.9 or later.Firewall and VPN Software Requirements—Check Point NG VPN-1/FW-1 FP2 or higher.
For information about changes to the software requirements or additional applications that have become available since this guide was published, contact your Nokia service provider, as listed in “Nokia Contact Information” on page 3.
Downloaded from www.Manualslib.com manuals search engine
1 Overview
22 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 23
2 Installing the Appliance
This chapter describes how to install the Nokia IP300 Series appliance. The following topics are covered:
Rack Mounting the ApplianceConnecting Power and Turning the Power onConnecting Network Interfaces
CautionProtect your IP300 Series appliance and other electronic equipment from static discharge by making sure you are properly grounded before you touch any electronic components.
NoteThe operating temperature range for the Nokia IP300 Series appliance is 0° C to 45° C (32° F to 113° F).
Rack Mounting the ApplianceThe IP300 Series appliance mounts in a standard 19-inch rack with four mounting screws as Figure 7 shows.
Downloaded from www.Manualslib.com manuals search engine
2 Installing the Appliance
24 Nokia IP300 Series Security Platform Installation Guide
NoteTo avoid damaging your equipment, Nokia recommends that you use all four rack-mounting bolts when you install your appliance on the rack.
Figure 7 Mounting Screws Location
You can relocate the mounting brackets as Figure 8 shows so that the unit is 2 inches forward of the rack.
Figure 8 Adjustable Mounting Brackets
Two mounting positions are available allowing you to mount the unit either flush with the rack, or two inches forward of the rack.
Mounting Screw Slots
00251a
Downloaded from www.Manualslib.com manuals search engine
Connecting Power and Turning the Power on
Nokia IP300 Series Security Platform Installation Guide 25
CautionBlocking ventilation openings during installation may result in damage to the appliance.
Connecting Power and Turning the Power onThe power plug and power switch for the IP300 Series appliance is located on the back of the appliance, as Figure 9 shows.
NoteThe IP300 Series appliance power supply automatically detects the input voltage (115VAC/60Hz [90 to 132] or 220VAC/50Hz [180 to 264]) and configures itself appropriately.
Figure 9 Back Panel Power Switch
To connect the power supply1. Connect the power cord securely into the power socket on the back of the
appliance. 2. Plug the other end of the cord into a three-wire grounded power strip or
wall outlet.3. Press the power switch to the “on” position to turn on power to the
appliance.
00249
Power plugPower switch
Downloaded from www.Manualslib.com manuals search engine
2 Installing the Appliance
26 Nokia IP300 Series Security Platform Installation Guide
The fan unit on the power supply turns on when you press the power switch. Verify that the fans are running after you press the switch.Check the power LED on the front panel of the appliance (the Nokia logo) to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “Status LEDs” on page 18.If the power supply fans are not running, or if the power LED is not illuminated:
Check the power supply cord to make sure it is properly connected.Make sure the power switch is on.Make sure the chassis assembly is pushed all the way in from the front of the appliance.Make sure that power is turned on to the power strip or wall receptacle you plugged the appliance in to.
If the fans are still not running, or if the power LED does not illuminate, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3 for technical support.
Connecting Network InterfacesConnect at least one network interface to use as the Network Voyager system management interface. This interface is configured during the system startup procedure, as described in Chapter 3, “Performing the Initial Configuration.”You can also connect the remaining LAN interface wires at this point, although you are not required to do so.To connect Ethernet devices:
Use a straight-through RJ-45 cable to connect to a 10-Mbps or 100-Mbps hub.Use a crossover RJ-45 cable to connect directly to a host.
For details, see “Connectors and Cables” on page 47.After you connect the network interfaces, continue with Chapter 3, “Performing the Initial Configuration.”
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 27
3 Performing the Initial Configuration
The first time you turn power on to a Nokia IP300 Series appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways.
You can configure a DHCP server to provide the initial configuration information the first time the appliance is started. You can perform the initial configuration manually by using a console connection.
This chapter describes how to perform the initial configuration manually by using a console connection. It includes the following sections:
Using a Console Connection to Perform the Initial ConfigurationAccessing Nokia Network VoyagerUsing Nokia Horizon Manager
For information about how to use the DHCP client for initial configuration, see the Read Me First document.
Downloaded from www.Manualslib.com manuals search engine
3 Performing the Initial Configuration
28 Nokia IP300 Series Security Platform Installation Guide
Using a Console Connection to Perform the Initial Configuration
If you do not use DHCP to perform the initial configuration of your IP300 Series appliance, you must use a serial console connection (cable included). After you perform the initial configuration, the console connection is no longer required.You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console:
9600 bps8 data bitsNo parity1 stop bit
To connect to the console1. Connect the supplied null-modem cable (console cable) to the console
port on the front panel of the IP300 Series appliance.Use only the DB9 port on the front panel labeled Console; the serial (AUX) port is an auxiliary modem port.If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.
For cable pin assignments for the console connection, see “Built-in Console Port” on page 15.
Console port
Downloaded from www.Manualslib.com manuals search engine
Using a Console Connection to Perform the Initial Configuration
Nokia IP300 Series Security Platform Installation Guide 29
2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program.
To perform the initial configuration1. Turn on the appliance.
At the console a Series of startup messages appears, then the following prompt appears:BOOTMGR[0]>
The prompt remains on the screen for about five seconds. If you type any character during this time, the appliance activates the Nokia IPSO boot manager.
NoteFor information about using the boot manager, see Chapter 8, “Using the Boot Manager.”
After some miscellaneous output, the following prompt appears:Hostname?
If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see either the BOOTMGR> or Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3.
2. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from starting.If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server
Downloaded from www.Manualslib.com manuals search engine
3 Performing the Initial Configuration
30 Nokia IP300 Series Security Platform Installation Guide
on your network is configured to respond to any request). To reset the incorrect host name and IP address:a. Establish a console connection to the appliance.b. Enter the following:
rm /config/active
ormv /config/active /config/active.old
c. Reboot the appliance.d. Respond to the Hostname? prompt within 30 seconds to prevent the
DHCP client from restarting.3. At each subsequent prompt, type the requested configuration information
and then press Enter.For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Nokia software release you are running.
4. After you complete the initial configuration, you can use Network Voyager to configure the remaining network ports.
Accessing Nokia Network VoyagerYou can use Network Voyager to configure the remaining network ports on your IP300 Series appliance.
To open Network Voyager1. Start Netscape Navigator or Microsoft Internet Explorer on the host you
want to use to complete the configuration. 2. In the Location or Address field, enter the IP address of the initial
interface you configured on the appliance. You are prompted to enter the admin username and the password you entered when performing the initial configuration.
Downloaded from www.Manualslib.com manuals search engine
Accessing Nokia Network Voyager
Nokia IP300 Series Security Platform Installation Guide 31
NoteIf the username popup menu does not appear, you might not have a network connection between the host and your IP300 Series appliance. Confirm the information you entered during the initial configuration and check that all cables are firmly connected.
Accessing Network Voyager Reference InformationAs you use Network Voyager, the Nokia Network Voyager Reference Guide and Network Voyager inline help are available for you to use.You can access both information sources from the Network Voyager interface, as Figure 10 shows.
Figure 10 Network Voyager Reference Access Points
Links to Inline Help (Context Sensitive)
Link to Online Help (Voyager Reference
Downloaded from www.Manualslib.com manuals search engine
3 Performing the Initial Configuration
32 Nokia IP300 Series Security Platform Installation Guide
Network Voyager Reference GuideThe Nokia Network Voyager Reference Guide is the reference source for Voyager. To access this source, click Doc.You can also access the Nokia Network Voyager Reference Guide at the Nokia support site (https://support.nokia.com) or on the CD that was delivered with your IP300 Series appliance.
Network Voyager Inline HelpYou can access inline help when you use Network Voyager. Inline help is the context-sensitive information source for Network Voyager.To enable inline help for a specific subject, click the Help icon next to the subject. You can also click Help at the top of the Network Voyager window to get inline help for the entire Network Voyager window. To turn off inline help, click Close.
Using Network Voyager to Monitor an IP300 Series Appliance
After you install and configure your IP300 Series appliance, you can use Network Voyager to monitor its operation. Click Monitor from the Network Voyager home page to access the monitoring functions.After you finish configuring the network interfaces with Network Voyager, the appliance is ready for routing and application configuration.Use Network Voyager to configure the routing performed by the appliance. For information about how to access Network Voyager, see “To open Network Voyager” on page 30.Use the documentation provided with your security application to configure firewall, VPN, and intrusion detection software.
Downloaded from www.Manualslib.com manuals search engine
Using Nokia Horizon Manager
Nokia IP300 Series Security Platform Installation Guide 33
Using Nokia Horizon ManagerYou can use Horizon Manager to install and upgrade the Nokia proprietary IPSO operating system. For information about how to obtain Horizon Manager, see the “Nokia Contact Information” on page 3.
Downloaded from www.Manualslib.com manuals search engine
3 Performing the Initial Configuration
34 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 35
4 Installing and Replacing Network Interface Cards
Your IP300 Series appliance comes with any network interface cards (NICs) you ordered already installed. This chapter describes how to remove, add, or replace NICs later if it becomes necessary. The following topics are covered:
Deactivating Configured InterfacesRemoving, Installing, and Replacing NICsConfiguring and Activating InterfacesMonitoring Network Interface Cards
For detailed information on specific network interface cards, see Chapter 5, “Connecting PMC Network Interface Cards.”
CautionYou should have a working knowledge of networking equipment before attempting to service an IP300 Series appliance. Limit service of the unit to the procedures described in this chapter.
Downloaded from www.Manualslib.com manuals search engine
4 Installing and Replacing Network Interface Cards
36 Nokia IP300 Series Security Platform Installation Guide
CautionProtect your IP300 Series appliance and other electronic equipment from electrostatic discharge (ESD) by making sure you are properly grounded before touching any electronic components.
Deactivating Configured InterfacesIf you are removing or replacing an installed network interface card, use Network Voyager to deactivate any configured ports on the NIC before removing it.
Deactivate all of the logical interfaces on the NIC.Deactivate all of the physical interfaces on the NIC.
If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its logical and physical interfaces in Network Voyager.For information about how to access Network Voyager, see “Accessing Nokia Network Voyager” on page 30.
Removing, Installing, and Replacing NICs
NoteBefore removing a configured network interface card with these instructions, you must deactivate the NIC in Network Voyager. For additional information, see “Deactivating Configured Interfaces” on page 36.
Use these instructions to remove, install, or replace a NIC in the IP300 Series appliance. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure.
Downloaded from www.Manualslib.com manuals search engine
Removing, Installing, and Replacing NICs
Nokia IP300 Series Security Platform Installation Guide 37
Before You StartTo remove, install, or replace a Nokia network interface card, you need the following:
A Phillips-head screwdriverPhysical access to the applianceAccess to the appliance by using Nokia Network Voyager or the CLISuitable, grounded work surface Field replaceable unit kit, including the NIC
To remove, install, or replace a network interface card
NoteBecause power to the IP300 Series appliance is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
1. Use Network Voyager to shut the appliance down.For information about how to access Network Voyager, see “Accessing Nokia Network Voyager” on page 30.
Downloaded from www.Manualslib.com manuals search engine
4 Installing and Replacing Network Interface Cards
38 Nokia IP300 Series Security Platform Installation Guide
2. Use your fingers or a screwdriver to loosen the retaining screws that hold the chassis assembly.
3. Gently pull the chassis assembly forward to expose the NIC connectors. Remove the tray completely to avoid damaging components.
Chassis assembly retaining screws
00252a
Downloaded from www.Manualslib.com manuals search engine
Removing, Installing, and Replacing NICs
Nokia IP300 Series Security Platform Installation Guide 39
4. From underneath the chassis assembly, remove the bezel retaining screws.
If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel, retain it for future use, and proceed to step 7.
5. From above the chassis assembly, remove the NIC retaining screws from the back of the NIC.
00254b
00255a
Downloaded from www.Manualslib.com manuals search engine
4 Installing and Replacing Network Interface Cards
40 Nokia IP300 Series Security Platform Installation Guide
6. Remove the NIC by lifting the back of the NIC away from the chassis assembly and pulling the NIC gently away from the front panel.
7. Insert the new NIC or blank bezel.If you are removing a NIC without installing another NIC:a. Insert a blank bezel into the front panel slot formerly occupied by the
NIC and push it gently into place. Make sure that the bezel is completely seated into the front panel and that the screw holes on the bottom of the bezel align with those in the front panel.
NoteTo reduce electromagnetic interference (EMI), a blank bezel needs to be installed in the place of any NIC you have removed.
b. Proceed to step 9.
00257
Downloaded from www.Manualslib.com manuals search engine
Removing, Installing, and Replacing NICs
Nokia IP300 Series Security Platform Installation Guide 41
If you are installing or replacing a NIC, insert the NIC.a. Insert the NIC bezel into the front panel.
b. Gently push the back of the NIC down toward the chassis assembly.Make sure that the NIC edge is completely seated into the connectors on the chassis assembly.
8. From the top of the chassis assembly, screw the NIC retaining screws into the standoffs on the back of the NIC.
00256a
00255b
Downloaded from www.Manualslib.com manuals search engine
4 Installing and Replacing Network Interface Cards
42 Nokia IP300 Series Security Platform Installation Guide
9. From beneath the chassis assembly, screw in the bezel retaining screws.
10. Insert and close the chassis assembly until it clicks into place.
00254a
00252c
Downloaded from www.Manualslib.com manuals search engine
Configuring and Activating Interfaces
Nokia IP300 Series Security Platform Installation Guide 43
11. Tighten the retaining screws that hold the chassis assembly.
The appliance automatically restarts when the chassis assembly clicks into place.
Configuring and Activating InterfacesThe IP300 Series appliance automatically detects any new NIC when the appliance is restarted. Use Network Voyager to configure and activate the logical and physical interfaces on the NIC.For information about how to access Network Voyager and the related reference materials, see “To open Network Voyager” on page 30.
Monitoring Network Interface CardsYou can asses the general operating condition of the NICs in your appliance by looking at the LED status indicators on the NICs. The status indicators for each NIC are explained in the NIC reference chapter.For the status indicator information for the built-in Ethernet ports or the two-port Ethernet NIC, see “Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC” on page 46.
Use Network Voyager to access detailed port information. For information about accessing Network Voyager, see “Accessing Nokia Network Voyager” on page 30. You can also use the IPSO tcpdump command to examine the track on a specific port.
Chassis assembly retaining screws
Downloaded from www.Manualslib.com manuals search engine
4 Installing and Replacing Network Interface Cards
44 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 45
5 Connecting PMC Network Interface Cards
This chapter describes the PMC NICs available for the IP300 Series appliance and describes how to connect those NICs to your network. The following NICs are covered:
Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMCTwo-Port V2 Gigabit Ethernet Card, PMC, CopperTwo-Port Gigabit Ethernet Card, PMC, Fiber
For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards.”
CautionProtect your IP300 Series appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any electronic component.
Downloaded from www.Manualslib.com manuals search engine
5 Connecting PMC Network Interface Cards
46 Nokia IP300 Series Security Platform Installation Guide
Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC
Every IP300 Series appliance has four built-in dual-mode 10-Mbps and 100-Mbps ports. Additionally, the appliance supports Nokia-approved, two-port UTP5 dual-mode 10-Mbps and 100-Mbps Ethernet NICs.When you purchase an Ethernet NIC with your IP300 Series appliance, the NIC is installed before the appliance is delivered to you. For information on how to add or replace a NIC later, see Chapter 4, “Installing and Replacing Network Interface Cards.”
Ethernet PMC NIC FeaturesThe Ethernet PMC NIC supports tracing through tcpdump.You can configure and monitor Ethernet interfaces with Network Voyager. Specifically, you set the port speed and full-duplex or half-duplex mode by using Network Voyager.
Figure 11 Four-Port Ethernet NIC Front Panel Details
00026.1
3211234
4
Link LEDs (solid green)Activity LEDs (blinking green)
Ports
Downloaded from www.Manualslib.com manuals search engine
Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC
Nokia IP300 Series Security Platform Installation Guide 47
NoteIn the IP300 Series appliance, you cannot use two PMC four-port 10/100 Ethernet NICs in one appliance. However, you can use one PMC four-port 10/100 Ethernet NIC in combination with any other NIC that the IP300 Series appliance supports.
Figure 12 shows the front panel layout of the two-port Ethernet NIC.
Figure 12 Two-Port Ethernet NIC Front Panel Details
After the power is turned on, the Ethernet link LEDs on the appliance and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance light up.
Connectors and CablesThe connectors on the Ethernet NIC are RJ-45 connectors:
To connect to a 10-Mbps or 100-Mbps hub, use a straight-through RJ-45 cable.To connect directly to a host, use an RJ-45 crossover cable.
Use IEEE 802.3 10BASE-T, 100BASE-TX unshielded twisted-pair, full-duplex or half-duplex cable.
00258.1
NO
KIA
10/1
00
RJ-45 connectors
Link LEDs (green)
Activity LEDs (yellow)
Downloaded from www.Manualslib.com manuals search engine
5 Connecting PMC Network Interface Cards
48 Nokia IP300 Series Security Platform Installation Guide
CautionCables that connect to the Ethernet card must be IEEE 802.3 compliant to prevent potential data loss.
You can order appropriate adapter cables separately. You can order additional cables from a cable vendor of your choice.Figure 13 shows the pin assignments for the cable. The RJ-45 cable output connector is numbered from right to left, with the copper tabs facing up and toward you.
Figure 13 Output Connector for the Ethernet Cable
Figure 14 shows the pin assignments for the RJ-45 cross-over cable.
Pin# Assignment
1 TX
2 TX
3 RX
4
5
6 RX
7
8
00270
8 1
Downloaded from www.Manualslib.com manuals search engine
Two-Port V2 Gigabit Ethernet Card, PMC, Copper
Nokia IP300 Series Security Platform Installation Guide 49
Figure 14 Ethernet Crossover-Cable Pin Connections
Two-Port V2 Gigabit Ethernet Card, PMC, Copper
All NICs installed in a Nokia IP300 Series platform are installed into slots on the appliance. Ethernet NICs can occupy any of the slots or subslots in an appliance that other I/O cards do not occupy.
NoteCopper Gigabit Ethernet NICs you use in IP300 Series appliances need to be the Version 2 type, as indicated on the right end of the NIC faceplate. These NICs are sold by Nokia under the order code NIF4425.
The V2 copper Gigabit Ethernet NIC supports packet tracing for analysis using the tcpdump program in the IPSO operating system.
00017.1
12345678
12345678
Downloaded from www.Manualslib.com manuals search engine
5 Connecting PMC Network Interface Cards
50 Nokia IP300 Series Security Platform Installation Guide
Figure 15 shows the front panel details for the two-port V2 copper Gigabit Ethernet NIC you use in the Nokia IP300 Series appliance.
Figure 15 Two-Port V2 Gigabit Ethernet NIC, Copper
Connectors and CablesThe copper Gigabit Ethernet NIC receptacles are RJ45 connectors.To connect to a 1 Gbps hub, switch, or router, use a straight-through RJ-45 cable (Category 5 type cable, or as required by your network configuration).
NoteCertain circumstances might require shielded Category 5 Ethernet cables to meet Class B emissions requirements.
NoteAll Nokia copper Gigabit Ethernet NICs support cable auto-sensing. You can use a straight-through or crossover cable to connect the NIC to a Gigabit Ethernet hub or switch, or to connect directly to a host.
In Figure 16, the RJ-45 cable output connector is numbered from right to left, with the copper pins facing up and toward you.
00386.4
LINK
ACT
V2
LINK
ACT
1000
Base
T
Link LEDs (green or yellow)Activity LEDs (yellow)
Ports
Downloaded from www.Manualslib.com manuals search engine
Two-Port V2 Gigabit Ethernet Card, PMC, Copper
Nokia IP300 Series Security Platform Installation Guide 51
Figure 16 Ethernet Cable Connector Output Pin Assignments
To connect directly to a host, use an RJ-45 crossover cable wired as Figure 18 shows.
00270
Pin#
GigabitEthernetAssignment
10/100 MbpsAssignment
1 BI_DA+ TX
2 BI_DA- TX
3 BI_DB+ RX
4 BI_DC+
5 BI_DC-
6 BI_DB- RX
7 BI_DD+
8 BI_DD-
8 1
Downloaded from www.Manualslib.com manuals search engine
5 Connecting PMC Network Interface Cards
52 Nokia IP300 Series Security Platform Installation Guide
Figure 17 Gigabit Ethernet Crossover Cable Pin Connections
Figure 18 10/100 Ethernet Crossover Cable Pin Connections
To connect the IP300 Series appliance to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.
Two-Port Gigabit Ethernet Card, PMC, FiberAll NICs installed in the IP300 Series appliance are installed into slots on the appliance. Ethernet NICs can occupy any of the slots or subslots in an appliance that other I/O cards do not occupy.
00020
12345678
12345678
00017.1
12345678
12345678
Downloaded from www.Manualslib.com manuals search engine
Two-Port Gigabit Ethernet Card, PMC, Fiber
Nokia IP300 Series Security Platform Installation Guide 53
The two-port Fiber Gigabit Ethernet Card provides the following features:High bandwidthFull-duplex mode operation up to 1 Gbps (no half-duplex support)Link speed auto advertisingTracing through tcpdumpCompliance with PCI Industrial Computer Manufacturers Group (PICMG) cPCI specification v2Compliance with IEEE 802.3z Gigabit Ethernet specification
You can configure and monitor Ethernet interfaces with Nokia Network Voyager, the Web-based element management interface to Nokia IP security platforms. Specifically, you set the port speed and full-duplex mode with Network Voyager. Figure 19 shows the front panel details for the two-port fiber-optic Gigabit Ethernet NIC you use in the IP300 Series appliance.
Figure 19 Two-Port Gigabit Ethernet NIC, Fiber
Connectors and CablesTo connect the two-port Gigabit Ethernet NIC to other network components, use a multimode, fiber-optic cable with an LC connector for each NIC
Link LEDs (green or yellow)Activity LEDs (yellow)
Ports
Downloaded from www.Manualslib.com manuals search engine
5 Connecting PMC Network Interface Cards
54 Nokia IP300 Series Security Platform Installation Guide
interface. The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port.Two LC-to-SC cables are included with two-port fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice.
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 55
6 Installing and Replacing Other Components
This chapter provides information on how to add or replace user serviceable items other than network interface cards in your IP300 Series appliance. The following topics are covered:
Installing a PCMCIA ModemReplacing a Hard-Disk DriveReplacing or Upgrading MemoryInstalling an Encryption Accelerator CardReplacing the Battery
For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards”
CautionYou should have a working knowledge of networking equipment before attempting to service an IP300 Series appliance. Limit service of the appliance to the procedures described in this chapter.
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
56 Nokia IP300 Series Security Platform Installation Guide
CautionProtect your IP300 Series appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any component.
Installing a PCMCIA ModemThe IP300 Series appliance supports a PCMCIA modem card that allows you to set the country code through Network Voyager. For information about the country codes, see the Nokia Network Voyager Reference Guide.
NoteThe IP300 Series appliance supports PCMCIA modems. Nokia supports only Nokia-supplied modems. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
Before You StartTo install the modem in your appliance, you need the following:
Physical access to the applianceA Nokia-approved PCMCIA modemAccess to the appliance using Network Voyager or console access to the applianceA telephone cable appropriate for the phone system where the unit is installedAn analog phone line
Downloaded from www.Manualslib.com manuals search engine
Replacing a Hard-Disk Drive
Nokia IP300 Series Security Platform Installation Guide 57
To use a modem with an IP300 Series appliance1. If the modem is not already installed, insert the PCMCIA modem into
either the top or bottom PCMCIA slot until the modem clicks into place.
The modem and the ejector tab on the left of the slot protrude from the unit. The appliance automatically recognizes the modem.
2. Connect the modem to a phone line.Use the appropriate cable for the modem and telephone system in the country in which the device is used.
To configure IPSO to allow logins through the modem, click Config on the Home page in Network Voyager and then click on the Network Access and Services link in the Security and Access Configuration section.For information about accessing Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Replacing a Hard-Disk DriveThe IP350 and IP380 appliances each include one hard-disk drive, which you can remove and replace. The following figure shows the location of the hard-disk drive on the motherboard.
NoteBack up your files to a remote system on a regular basis. For back up and restore procedures, see the IPSO release notes.
PCMCIA Slots
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
58 Nokia IP300 Series Security Platform Installation Guide
Figure 20 Hard-Disk Drive Location
NoteThe hard-disk drive must contain the IPSO partitions and boot loader before installation. For further information, contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
Before You StartTo install the hard-disk drive in your appliance, you need the following:
Physical access to the applianceA Nokia-approved hard-disk driveAccess to the appliance through Network VoyagerA Phillips-head screwdriverA torque screwdriver capable of a 69.4ozf*in (5kgf*cm) setting
To replace a hard-disk drive1. Use Network Voyager to shut the appliance down.
For information about how to access Network Voyager, see “Accessing Nokia Network Voyager” on page 30.
00253
Hard-disk drive
Downloaded from www.Manualslib.com manuals search engine
Replacing a Hard-Disk Drive
Nokia IP300 Series Security Platform Installation Guide 59
2. Loosen the retaining screws that hold the chassis assembly.
3. Gently slide the chassis assembly forward to remove the tray from the appliance so you can access the hard-disk drive retaining screws from the bottom of the tray.
NoteBecause power to an IP300 Series appliance is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
Chassis assembly retaining screws
00252a
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
60 Nokia IP300 Series Security Platform Installation Guide
4. From the bottom of the chassis assembly, remove the retaining screws that hold the hard-disk drive unit.
5. Gently remove the hard-disk drive from the motherboard, taking care not to damage the connector.
6. Insert the new hard-disk drive unit.
00261
00262
Downloaded from www.Manualslib.com manuals search engine
Replacing a Hard-Disk Drive
Nokia IP300 Series Security Platform Installation Guide 61
NotePush the hard-disk drive gently into place. Take care to align the connectors correctly as the connectors are not keyed.
7. Tighten the retaining screws that holds the hard-disk drive into place.
8. Slide the chassis assembly back into the appliance until it clicks into place.
00261
00252c
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
62 Nokia IP300 Series Security Platform Installation Guide
9. Tighten the retaining screws that hold the chassis assembly.
The appliance automatically restarts when the chassis assembly clicks into place.
Replacing or Upgrading MemoryThe IP350 and IP380 appliances each have two dual inline memory-module (DIMM) sockets. This section explains how to upgrade or replace the memory for either appliance by using a Nokia-approved memory upgrade kit.The IP350 and IP380 come with different memory configurations. Contact Nokia customer support for more information on the supported memory configurations.
NoteNokia recommends that you obtain memory kits only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
The DIMM sockets are located at the right of the motherboard, as you look at the appliance from the front, as Figure 21 shows.
Chassis assembly retaining screws
Downloaded from www.Manualslib.com manuals search engine
Replacing or Upgrading Memory
Nokia IP300 Series Security Platform Installation Guide 63
Figure 21 DIMM Socket Locations
Before You StartTo upgrade or replace the memory in your appliance, you need the following:
Physical access to the applianceNokia memory upgrade kit and accompanying documentationNetwork or console access to the appliance
CautionTo protect the IP300 Series appliance and the memory modules from electrostatic discharge (ESD), make sure you are properly grounded before you touch these components.
NoteBecause power to an IP300 Series appliance is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and
00253
DIMM sockets
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
64 Nokia IP300 Series Security Platform Installation Guide
care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
Adding or Replacing DIMMs
To add or replace DIMMs1. Use Network Voyager, the CLI, or the IPSO shell to halt the IP350 or
IP380 appliance. To use the CLI or IPSO shell, simply enter halt.For information about accessing Network Voyager, see “Accessing Nokia Network Voyager” on page 30.
2. Loosen the two front panel retaining screws.
Chassis assembly retaining screws
Downloaded from www.Manualslib.com manuals search engine
Replacing or Upgrading Memory
Nokia IP300 Series Security Platform Installation Guide 65
3. Slide the chassis assembly forward to expose the DIMM sockets. Remove the tray completely to avoid damaging components.
4. Remove any memory module necessary by pressing the two retaining clips outward and carefully pulling each DIMM upward as the following figure shows.
You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins.
5. The memory DIMMs are keyed to prevent improper insertion. Press the new DIMM into the socket until it clicks into place.
00252a
00263
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
66 Nokia IP300 Series Security Platform Installation Guide
The top of the DIMM is smooth. The bottom edge has three different length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.
The retaining clips move into the lock position as you press the DIMM into place.
6. Slide the chassis assembly back into the appliance until it clicks into place.
00264
00252c
Downloaded from www.Manualslib.com manuals search engine
Installing an Encryption Accelerator Card
Nokia IP300 Series Security Platform Installation Guide 67
7. Resecure the two retaining screws.
The appliance automatically recognizes the new memory configuration. You can verify this from the Network Voyager, the CLI, or the IPSO shell.To verify the memory from the CLI, enter:show asset hardware
To verify the memory from the IPSO shell, enter:dmesg | grep ‘real memory’
Installing an Encryption Accelerator Card
NoteThe IP350 and IP355 do not support the optional encryption accelerator card.
The encryption accelerator card provides high-speed cryptographic processing that enhances VPN performance in the IP380. The IP380 and IP385 appliances also support an optional encryption accelerator card to further enhance VPN performance. No hardware configuration is required for the encryption accelerators. The built-in hardware encryption accelerators are enabled by default on both appliances. Installing the optional encryption accelerator card on the IP380
Chassis assembly retaining screws
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
68 Nokia IP300 Series Security Platform Installation Guide
and IP385 appliances automatically disable the built-in accelerator and enables the card. Removing the card reverses the process. When you order an encryption accelerator card with the appliance, the card is installed before the appliance is delivered. This section provides instructions for installing or replacing the card at a later time.The IP380 and IP385 appliances use a PMC format encryption accelerator card. The accelerator card has no external connections and requires no cables.The accelerator card software package is part of IPSO, so the appliance automatically detects and configures the card.You must use Network Voyager to configure your software applications (IPSec or Checkpoint VPN) to make use of the available hardware accelerator. For details, see “Configuring Software to Use Hardware Acceleration” on page 72.
Before You StartBefore you install the encryption accelerator card, you need:
Physical access to the unitA Phillips-head screwdriverFour screws (included in packaging)A disposable wrist strap (included in packaging)
WarningTo help guard against electrostatic discharge damage, follow the instructions on the wrist strap envelope before you handle the encryption accelerator card or open the appliance.
Downloaded from www.Manualslib.com manuals search engine
Installing an Encryption Accelerator Card
Nokia IP300 Series Security Platform Installation Guide 69
Installing the Card1. Use Nokia Network Voyager, the CLI, or the IPSO shell to halt the
appliance. To use the CLI or IPSO shell, simply enter halt.2. Loosen the two front-panel retaining screws.
3. Slide the chassis assembly forward to expose the motherboard components, as the following figure shows.
4. Locate the PMC connectors on the rear of the motherboard.
CautionMake sure you locate the correct connectors for the VPN acceleration card. Do not use the PMC connectors located at the front of the motherboard, those connectors are for NICs.
Chassis assembly retaining screws
00252a
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
70 Nokia IP300 Series Security Platform Installation Guide
5. Position the male PMC connectors on the card over the female PMC connectors on the motherboard. The two sets of connectors should be aligned with each other. The four screw holes and four standoffs should also be aligned with one another.
6. Push down on the card until it is properly seated on the motherboard.
00267
A B
Standoffs
Insert the VPN card into connectors. Screw card into standoffs.
PMC connectorsfor VPN card
Downloaded from www.Manualslib.com manuals search engine
Installing an Encryption Accelerator Card
Nokia IP300 Series Security Platform Installation Guide 71
7. Place the screws through the standoff holes on the card and into the standoffs on the motherboard.
8. Turn each screw clockwise so that the card is attached to the standoffs. Do not tighten completely.
9. Make sure that all four standoff connections are properly aligned.10. To secure the connections, tighten the screws firmly, but do not
overtighten. 11. Slide the chassis assembly back into the appliance and resecure the two
retaining screws.
Reseating the chassis assembly automatically restores power to the appliance.
12. Configure your software to use hardware acceleration. For more information, see “Configuring Software to Use Hardware Acceleration.”
Screw
Accelerator cardStandoff hole
Motherboard standoff
Chassis assembly retaining screws
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
72 Nokia IP300 Series Security Platform Installation Guide
Configuring Software to Use Hardware Acceleration
Use Network Voyager to configure virtual private network (VPN) tunnels to use hardware acceleration. This step is necessary for both the built-in hardware accelerators and for the optional encryption accelerator card on the IP380 appliance.The way you enable the software depends on whether you create VPN tunnels with Network Voyager or with Check Point software. If you use Network Voyager to create a VPN tunnel, see “To configure IPsec” on page 72. If you use Check Point software to create a VPN tunnel, see “To configure Check Point VPN” on page 72.
To configure IPsec1. Start Nokia Network Voyager for your appliance.2. On the Network Voyager home page, click Config.3. Under Interfaces, click IPSec.4. Scroll down and click IPSec Advanced Configuration.5. At Hardware Device Configuration, click On.6. Click Apply to enable the card.
To configure Check Point VPN1. Start Nokia Network Voyager for your appliance.2. On the Network Voyager home page, click Config.3. Scroll down to Security and Access Configuration and click
Cryptographic Hardware Acceleration.4. At Hardware Device Configuration, click On.5. Click Apply to enable the card.You can also monitor Nokia encryption accelerator card interfaces by using Nokia Network Voyager. For more information about accessing Nokia
Downloaded from www.Manualslib.com manuals search engine
Replacing the Battery
Nokia IP300 Series Security Platform Installation Guide 73
Network Voyager and locating relevant reference materials, see the Nokia Voyager Reference Guide.
Replacing the BatteryThe section provides instructions for replacing the motherboard battery in Nokia IP300 Series appliance.
Before You StartTo replace the battery, you need the following:
The appropriate Nokia battery replacement kit for your appliancePhysical access to the applianceA Phillips-head screwdriverA wrist grounding strap(Optional) Safety glasses
WarningAn explosion might occur if the battery is incorrectly placed. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer’s instructions.
WarningMake certain that you removed the power cord from the appliance before you proceed with any of the following steps. Failure to do so could cause electric shock with burns or death resulting for the user.
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
74 Nokia IP300 Series Security Platform Installation Guide
CautionMake certain that you are properly grounded when you handle components internal to the appliance to protect against electrostatic discharge damage to the appliance. Use the disposable grounding strap included in the battery replacement kit.
To install the battery, perform the following tasks
1. Locate the battery on the motherboard.The battery is in a black battery holder secured with a battery retaining pin.Figure 22 shows the battery location in the IP300 Series appliance.
Downloaded from www.Manualslib.com manuals search engine
Replacing the Battery
Nokia IP300 Series Security Platform Installation Guide 75
Figure 22 Battery Location in the Nokia IP300 Series Appliance
2. Remove the old battery. Use a small nonconductive device, such as a plastic probe, to slide the battery out of the battery holder through the cutout in the holder.
CautionYou must place the new battery into the battery holder observing the correct polarity. The positive terminal of the battery must be facing up.
3. With the positive side facing up, slide the new battery through the cutout in the battery holder.
00459
Downloaded from www.Manualslib.com manuals search engine
6 Installing and Replacing Other Components
76 Nokia IP300 Series Security Platform Installation Guide
4. Make sure that the battery is securely installed in the battery holder with the positive side of the battery facing up.The appliance should start up normally with the new battery installed. If it does not, repeat this procedure. If the appliance does not start up normally after that, contact your Nokia service provider.
5. Reset the appliance date and time information using Network Voyager or the command-line interface You need to do this because the battery is required to maintain the date and time whenever you shut down the appliance.
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 77
7 Installing PC Cards
This chapter includes information about how to install flash-memory PC cards in your IP300 Series appliance. You can use the flash-memory PC card to store local system logs, Nokia IPSO images, and configuration files. The IP300 Series appliance supports storage space of 512 MB or higher. The IP300 Series appliance has two PCMCIA slots that can support a flash-memory PC card having a capacity of 1 GB or higher.
Before You BeginTo install a PC card, you need:
Physical access to the applianceAccess to the appliance by using Nokia Network Voyager or the command-line interface (CLI)Replacement PC card and accompanying documentation
CautionTo avoid potential equipment malfunction, Nokia recommends that you obtain PC cards only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed in Nokia Contact Information on page 3.
Downloaded from www.Manualslib.com manuals search engine
7 Installing PC Cards
78 Nokia IP300 Series Security Platform Installation Guide
Installing a Flash-Memory PC Card
CautionYou risk damage to the appliance or loss of data if you do not use the following procedure when you replace the flash-memory PC card.
NoteThe flash-memory PC card comes formatted from the factory.
To install the flash-memory PC card1. Insert the flash-memory PC card into PC-card slot 1 or slot 2.2. Press gently on the card until it is firmly seated in the slot.
The eject button to the left of the slot should be flush with the card.
Storing System Logs on the Flash-Memory PC CardYou can use the flash-memory PC card to store system log messages. Use Nokia Network Voyager to configure the flash-memory PC card as an optional disk. After you reboot the Nokia IP300 Series appliance, use Network Voyager to configure system logging options. For more information, see the Nokia Network Voyager Reference Guide.You must disable the flash-memory PC card before you remove it. You can disable the flash-memory PC card by using Network Voyager or the CLI.
To use Nokia Network Voyager to disable a flash-memory PC card 1. Click System Logging under System Configuration and check the
Unselect check box.2. Click Apply.3. Click Up.
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 79
4. Click Optional Disks under System Configuration and click the Off radio button under Local Logging.
5. Click Apply.6. Click Save.7. Click Up.8. Click Reboot, Shut Down System to shut down or reboot the appliance.You can now remove the flash-memory PC card.
To use the CLI to disable a flash-memory PC card 1. Enter the following command:
set syslog local-log off
2. Enter the following command, where the number 1 or 2 indicates the PC-card slot:set optional-disk device-id <1 | 2> off
3. Enter the following command:halt or reboot
You can now remove the flash-memory PC card.
CautionWhen you remove the card, hold the flash-memory PC card while you push the eject button to prevent the card from ejecting too quickly.
Transferring Files with the Flash-Memory PC CardYou can copy configuration files between the internal compact flash memory and the flash-memory PC card. If you do not use Nokia Network Voyager to configure the flash-memory PC card as an optional disk, you must mount the flash-memory PC card when you insert it in the PC-card slot, and you must
Downloaded from www.Manualslib.com manuals search engine
7 Installing PC Cards
80 Nokia IP300 Series Security Platform Installation Guide
unmount the flash-memory PC card before you remove it. You do not need to reboot or shut down the system if you manually mount and unmount the flash-memory PC card.
To transfer Nokia IPSO images or configuration files to the flash-memory PC card:1. Insert the flash-memory PC card into the IP300 Series appliance.2. Connect to the IP300 Series appliance by using a console or terminal
connection.3. Mount the flash-memory PC card by using the following command:
mount /dev/wd1 /cdrom
The /cdrom directory is a default directory in IPSO for mounting media.
4. Use the cp command to transfer IPSO images or configuration files to and from the flash-memory PC card.For example, to copy the current IPSO image from the compact flash to the flash-memory PC card, use the following command:cp /image/current/ipso.tgz /cdrom/
5. Use the following command to unmount the flash-memory PC card before you eject it:umount /cdrom
6. To remove the card, slowly push the eject button located to the left of the card.
CautionHold the flash-memory PC card while you push the eject button to prevent the card from ejecting too quickly.
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 81
8 Using the Boot Manager
This chapter describes how to use the IPSO boot manager. The following topics are discussed in this chapter:
VariablesBooting the SystemUsing the Boot Manager to Install IPSOProtecting the Boot Manager with a PasswordInstalling the Boot ManagerUpgrading the Boot Manager
The Nokia IP300 Series appliance incorporates a boot manager on disk to control the boot-up process. The boot manager allows you to perform a number of tasks, including the following:
Booting from alternate kernels, which might reside on nondefault devices or directoriesInstalling new versions of IPSO (the operating system)Obtaining system informationPerforming various housekeeping tasks
When you first receive your IP300 Series appliance, the boot manager uses factory-default parameters (kernel, boot device, and so on) for the boot process. The factory defaults cause the appliance to bypass the boot manager prompt after a five-second wait. You can change these defaults to reflect your own needs, or you can use different parameters in the command line at boot time. The boot manager maintains the default values of these parameters on
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
82 Nokia IP300 Series Security Platform Installation Guide
the hard-disk drive. You can set these values by using boot manager commands.This chapter describes the boot manager commands.
VariablesA number of variables are stored by the boot manager in nonvolatile memory. You can set and view most variables from the boot manager prompt. The following sections describe how to view and set the variables. The variables are:
Table 6 Boot manager variables
Variable Description
boot manager revision
The version number of the boot manager. This variable cannot be set from the command line.
autoboot If autoboot is set to no, the IP300 Series appliance stops at the boot manager command line during the boot process.If autoboot is set to yes, the IP300 Series appliance does not stop at the boot manager command line during a boot up. It does wait for the amount of time specified in bootwait for input from the keyboard. If input is received, the boot manager goes to the command line; otherwise, it proceeds with the boot up.Factory default: yes.
bootwait The amount of time, in seconds, that the boot manager waits for input during a boot up when autoboot is set to yes. Factory default: five seconds.
Downloaded from www.Manualslib.com manuals search engine
Variables
Nokia IP300 Series Security Platform Installation Guide 83
The following table shows possible boot flags.
boot-device: This is the device from which the boot-file loads.Factory default: wd0.Options: wd0 (hard disk).
boot-file The name of the operating system kernel file.Factory default: /image/current/kernel.
boot-flags The string of flags passed to the kernel.Factory default: -x.
Flag Meaning
-d Debug Mode: Enters the kernel debugger as soon as possible in the kernel initialization.
-s Single-User Mode: If the console is marked as insecure, you must enter the root password to access the manager.
-v Verbose Mode: Verbose during device probing and thereafter.
Table 6 Boot manager variables
Variable Description
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
84 Nokia IP300 Series Security Platform Installation Guide
Viewing the Variables and Other System Parameters
printenvUse the printenv command to view the values of variables currently stored in the boot manager nonvolatile memory. The command has the following syntax:
printenv
For example:BOOTMGR[93]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1- 06.12.2002-080000
autoboot: YES
testboot: NO
bootwait: 0
boot-file:
boot-flags:
boot-device:
vendor: Nokia
model: IP
Downloaded from www.Manualslib.com manuals search engine
Variables
Nokia IP300 Series Security Platform Installation Guide 85
sysinfoUse the sysinfo command to view system information such as CPU speed, memory size, and so forth. The command has the following syntax:
sysinfo
For example:CPU 0: 700 MHz Pentium-III w ATC
Memory: 268435456 (256M bytes)
Disk Devices:
IO port 0x1f0 wdc0: unit 0 (wd0): <IBM-DJSA-205> 5000MB (9767520 sectors), 608 cyls, 255 heads, 63 S/T, 512 B/S
Network Interfaces:
loop0: flags=10b<UP,LINK,LOOPBACK,PRESENT>
soverf0: flags=2923<UP,LINK,MULTICAST,PRESENT,IPV6ONLY>
stof0: flags=2903<UP,LINK,PRESENT,IPV6ONLY>
tun0: flags=107<UP,LINK,POINTOPOINT,PRESENT>
eth1: flags=131<LINK,BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:4 speed 10M full duplex
eth2: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:5 speed 10M full duplex
eth3: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:6 speed 10M full duplex
eth4: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:7 speed 10M full duplex
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
86 Nokia IP300 Series Security Platform Installation Guide
lsUse the ls command to view the contents of directories on the devices in your IP300 series appliance. The command has the following syntax:
ls device directory
where device is the device containing the directory you want to look at, and directory is the directory on that device. Both device and directory are optional. The default directory is /image on the wd0 device.For example:BOOTMGR[2]> ls wd0 /image/current
.description bootmgr etc kernel.debug usr
VERSION cdrom ipso.tgz mnt web
bin dev kernel sbin
Setting the Variables
setenvUse the setenv command to set a particular variable. The command has the following syntax:
setenv name value
where name is the name of the variable, and value is the new value you want the variable to assume.For example:
BOOTMGR[2]> setenv autoboot yes
sets the value of autoboot to be yes.
Downloaded from www.Manualslib.com manuals search engine
Variables
Nokia IP300 Series Security Platform Installation Guide 87
unsetenvUse the unsetenv command to clear a particular variable. The command has the following syntax:
unsetenv name
where name is the name of the variable to be cleared.For example, the following command clears the boot-file variable:
BOOTMGR[2]> unsetenv boot-file
NoteThis command sets the autoboot variable to no, and the bootwait variable to zero.
set-defaultsUse the set-defaults command to set variables to their factory-default values. The command has the following syntax:
set-defaults name
where name is the name of the variable to be set to its factory default. If name is not specified, all variables are set to their factory defaults.For example, the following command sets the value of autoboot to be yes, the factory default:
BOOTMGR[2]> set-defaults autoboot
setaliasUse the setalias command to set an alias. The command has the following syntax:
setalias name device
where name is the alias name, and device the device for which name is the alias.
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
88 Nokia IP300 Series Security Platform Installation Guide
For example, the following command sets the alias disk to have the value of wd0:
BOOTMGR[2]> setalias disk wd0
You can have a maximum of eight aliases set at one time.
unsetaliasUse the unsetalias command to clear an alias. The command has the following syntax:
unsetalias name
where name is the name of the alias to be cleared.For example, the following command deletes the disk alias from the list of aliases:
BOOTMGR[2]> unsetalias disk
Other Commands
haltUse the halt command to halt the system. The command has the following syntax:
halt
helpUse the help command to display a list of the available commands. The command has the following syntax:
help or ?
Downloaded from www.Manualslib.com manuals search engine
Booting the System
Nokia IP300 Series Security Platform Installation Guide 89
Booting the SystemThe boot command lets you boot up the operating system (IPSO). It allows you to set the boot device, boot file, and boot flags from the command line.The command has the following syntax:
boot boot-device boot-file boot-flags
where boot-device is the storage device from which the operating system loads at boot up, and boot-file is the operating system kernel. The boot-flags control the operation of the command. Refer to the boot flag table in “Variables” on page 82.For example, at the boot manager command prompt enter the following:
BOOTMGR[0]> boot wd0 /image/current/mykernel -vd
This command boots mykernel from disk wd0 in verbose and debug mode.You can supply all, any, or none of the arguments. If you do not supply an argument, the boot manager uses its default. It first searches its nonvolatile memory to see if the corresponding default argument is specified there. If so, it uses that value; if not, it defaults to the values in the following table:
Using the Boot Manager to Install IPSOUse the install command to install IPSO. The syntax of the command is:
install
For complete installation procedures, refer to the appropriate version of release notes.
Argument Default
boot-device wd0 (the hard-disk drive)
boot-file /image/current/kernel
boot-flags -x
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
90 Nokia IP300 Series Security Platform Installation Guide
NoteA full installation using the install command deletes the existing IPSO image on the IP300 series appliance.
To install a new copy of the IPSO kernel1. At the boot manager command prompt, enter:
BOOTMGR[0]>install
If you used the passwd command to protect this command with a password, the boot manager prompts you for your password before allowing you to execute the install command.
2. Enter the information the install command requests (your system IP address, the server IP address, and other information).
3. Reboot the IP300 Series appliance.
Protecting the Boot Manager with a PasswordTo prevent accidental or unauthorized access to your IP300 Series appliance hard disk, you can require that the user enter a password to access the boot manager install command. Use the password command to set the password.
NoteThe password you enter gives you access to the install command in boot manager, not access to IPSO.
To set a password1. At the boot manager command prompt enter:
BOOTMGR[0]> passwd
The passwd program prompts you for your current password.
Downloaded from www.Manualslib.com manuals search engine
Installing the Boot Manager
Nokia IP300 Series Security Platform Installation Guide 91
2. If the appliance is protected by a password, enter your current password.The program prompts you for the new password.
3. Enter the new password.The program prompts you to reenter the new password for verification.
4. Enter the new password again.
NoteIf you forget your install password, contact the appropriate Nokia Customer Support site as listed in “Nokia Contact Information” on page 3 for information on how to set a new one.
Installing the Boot ManagerThe boot manager is installed at the factory; you should not need to reinstall it. If you should need to reinstall the boot manager, contact the appropriate Nokia customer support site listed in the “Nokia Contact Information” on page 3 for instructions and a new boot manager.The command to install the boot manager has the following syntax:
install_bootmgr boot-device boot-file
where boot-device is the storage device to which you write the new boot manager image and from which boot manager image loads at boot up. Boot-file is the new boot manager. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the install_bootmgr command from IPSO (the operating system), not from the boot manager.
NoteTo install the new boot manager, you must be in single-user mode.
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
92 Nokia IP300 Series Security Platform Installation Guide
To install the new boot manager1. Start the appliance in single-user mode.2. At the IPSO command prompt, enter:
/etc/install_bootmgr wd0 /image/current/bootmgr/nkipflash
The command installs the new boot manager image (nkipflash) into the flash device (wd0). The installation takes some time to complete. Do not interrupt the installation process.
Upgrading the Boot ManagerThe command to upgrade your boot manager has the following syntax:
upgrade_bootmgr boot-device boot-file
where boot-device is the storage device from which the boot manager loads at boot up and boot-file is the new boot manager image. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the upgrade_bootmgr command from IPSO (the operating system), not from the boot manager.For complete upgrade procedures, refer to the appropriate version of release notes.
NoteTo install the new boot manager, you must be in single user mode.
To upgrade the boot manager1. Get the upgraded boot manager image from the appropriate Nokia
customer support site as listed in the Nokia Contact Information section at the front of this guide.
2. Start the IP300 Series appliance in single-user mode.
Downloaded from www.Manualslib.com manuals search engine
Upgrading the Boot Manager
Nokia IP300 Series Security Platform Installation Guide 93
3. At the IPSO command prompt, enter:/etc/upgrade_bootmgr wd0 /etc/nkipflash
The command upgrades the boot manager with the new image (nkipflash), writing it into the hard-disk drive (wd0). The upgrade takes some time to complete. Do not interrupt the upgrade process.
Downloaded from www.Manualslib.com manuals search engine
8 Using the Boot Manager
94 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 95
9 Troubleshooting
This chapter provides troubleshooting tips, problems, and solutions related to IP300 Series appliance installations.
General Troubleshooting InformationThe information in this section relates to non-routing problems. For information about how to troubleshoot routing problems, see “Troubleshooting Routing Problems” on page 105.
Unable to Log in to the Console Port—No Error MessageTwo laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP300 Series appliance. If this is not possible using your laptop computer or terminal, the problem is with the terminal or cable and not the appliance.
Problem You do not have a console connection to the IP300 Series appliance.Solution For information about how to create a console connection, see “Using a Console Connection to Perform the Initial Configuration” on page 28.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
96 Nokia IP300 Series Security Platform Installation Guide
Problem Not connected with a null-modem cable. Solution Verify that you are using a null-modem cable. For pinout information, see “Using a Console Connection to Perform the Initial Configuration” on page 28.
Problem Wrong terminal settings.Solution Verify terminal settings: 8 data, 1 stop, no parity, 9600 bps.
Problem Terminal set for flow control.Solution The IP300 Series appliance does not use flow control. The terminal should be set for no flow control.
Problem Defective IP300 Series appliance or file system.Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Problem Database is corrupt.Solution Return to default settings according to the instructions included in the instructions for resetting the default password, or contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Login Prompt Appears, But Password Not Accepted
Problem Entered wrong password.Solution Obtain a valid password or set the password to a default value.
Downloaded from www.Manualslib.com manuals search engine
General Troubleshooting Information
Nokia IP300 Series Security Platform Installation Guide 97
To reset the admin password to a default value
NoteYou must have local serial access to your appliance console to perform this procedure. With a keyboard and monitor directly connected to the appliance, the boot: prompt does not appear, and you cannot perform this procedure.
1. Boot up the appliance in single-user mode by restarting or power cycling the appliance.When the boot: prompt appears, enter -s before the appliance goes into multiuser mode; you have about 10 seconds to do this.
2. After the appliance boots up, the following text appears:Enter pathname of shell or RETURN for sh:
Press Enter.3. Type /etc/overpw at the # prompt.
When the response asks if you want to continue, type y.4. The admin password defaults to no password for admin.
Continue to boot to multiuser mode.5. Reconfigure the password as you normally would.
NoteBlank passwords are not accepted in Network Voyager. In such cases, enter the following command to reset the password from the command line using a blank password:dbpasswd admin newpassword ""The two double quotation marks at the end of the command properly indicate a blank password.After you execute this command, the system reports that the password was not successfully changed. However, the password is changed and is now newpassword.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
98 Nokia IP300 Series Security Platform Installation Guide
Finally, return the entire database to its default settings and bring up the new system-startup procedure. The new system-startup procedure is described in Chapter 3, “Performing the Initial Configuration”.
To reset the default database settings1. Log in to the IP300 Series appliance as admin by using Network Voyager.
For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
2. Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to create a new factory default configuration.
3. Create the new default configuration.
Do Not Get a Login Prompt—Error Messages Appear
Problem The IP300 Series appliance is defective, or the file system on the IP300 Series appliance is defective.Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
NoteUse the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP300 Series appliance. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Nokia customer support Web site as listed in the “Nokia Contact Information” on page 3.
Downloaded from www.Manualslib.com manuals search engine
General Troubleshooting Information
Nokia IP300 Series Security Platform Installation Guide 99
Unable to Connect to Network Voyager Using the Ethernet Port, But Console Access Works
Problem Using the wrong Ethernet cable.Solution Use a crossover Ethernet cable if you are connecting directly to the computer. Use a straight-through cable if you are connecting to a hub. For cabling information, see “Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC” on page 46.
Problem Port is not configured as active. Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.
Problem Host port configuration is incorrect.Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.
Problem Wrong link speed.Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.
Do Not See Interfaces that Should be Present
Problem Local IP300 Series appliance ports do not appear. Solution Your NIC might be defective. Contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
NoteThe problem could be with the slot on the PMC card carrier. Try installing the NIC in another slot.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
100 Nokia IP300 Series Security Platform Installation Guide
Common Ethernet Problems—Connectivity with Attached Device
Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between an IP300 Series appliance and a host, and a straight-through cable between an appliance and a hub.
Problem Solid data and activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 Mbps or 100Mbps).
Problem Port not enabled.Solution Verify from the Interface page in Network Voyager that the interface port is configured as active.
Problem High collision rate on the hub. Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.
Unable to Ping Through Appliance—No Connectivity Between Ports This section covers connectivity issues that are isolated within an IP300 Series appliance or network.Localize the problem by issuing pings to various network interfaces. Use tcpdump to help isolate the problem. Use tcpdump to verify that a packet is leaving or entering a port.
Problem Interfaces not up. Solution Ensure that all interfaces are up and active, as described in Chapter 3, “Performing the Initial Configuration.”
Downloaded from www.Manualslib.com manuals search engine
General Troubleshooting Information
Nokia IP300 Series Security Platform Installation Guide 101
Problem No route to network. Solution Check the routing table to see if a route exists to the network where the interface is located. If no route exists, see “Troubleshooting Routing Problems” on page 105.
Problem Attached device does not have proper default route or routing information. Solution If a local computer is unable to ping through an attached appliance, the computer might contain either an invalid default route or invalid routing information.If you are using default routes from a computer, ensure that the local interface is the default route for that computer.
Problem The ARP table has old information. Solution If the ARP table has an old or invalid entry for the device associated with the IP address you are attempting to ping, use Network Voyager to delete the invalid entry.For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
To delete the invalid entry1. Click Config.2. Click ARP in the Interfaces section.3. Click Display or Remove Dynamic ARP Entries.4. Click Delete for the entry you want to delete.5. Click Apply.
Problems with MulticastUse tcpdump to view packets. To display packets for a specific interface, use the following command: tcpdump -i interface proto igmp. For more
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
102 Nokia IP300 Series Security Platform Installation Guide
information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide.Under Routing Options in the Routing Configuration section in Network Voyager, you can also enable several types of trace options for DVMRP. These traces are logged into /var/tmp/ipsrd.log.For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Problem No IP connectivity. Solution Verify that you have IP connectivity; ping various hosts on each network.
Problem DVMRP is not enabled on the interfaces.Solution Verify that DVMRP is enabled on the interfaces in use.
Problem Exceeding TTL on clients.Solution Verify that the client is set up for the proper TTL number. Many clients are set to receive local traffic only one hop away.
Problems Interfacing to 1483 Devices (Classical IP)
Problem Remote and local devices are not configured for the same VC and VP value.Solution Set remote and local devices to the same VC and VP values. Consult your 1483 device documentation.
Problem Remote and local devices are not in the supported VC range of the network interface card.Solution Use ipsctl to determine the VC range. Enter the following command:ipsctl ifphys:logical interface:max_rxlabel
Downloaded from www.Manualslib.com manuals search engine
General Troubleshooting Information
Nokia IP300 Series Security Platform Installation Guide 103
Problem Encapsulation is not set to LLC/SNAP.Solution Set encapsulation to LLC/SNAP. Consult your 1483 device documentation.
Problem The MTU size is not 1500.Solution The MTU size must be 1500. Nokia does not support larger MTU sizes.
Appliance Not Receiving Power
Problem Power cord is not properly plugged in.Solution Check cord. Make sure it is properly seated at both ends.
Problem Power supply not providing power.Solution Check power source. If there is no power at the source, take appropriate action such as inserting a new fuse or resetting circuit breaker.
Appliance Does Not Recognize New Memory Configuration
Problem DIMMs are not properly seated in DIMM sockets.Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
104 Nokia IP300 Series Security Platform Installation Guide
Appliance locks up after you upgrade Nokia IPSO with a console connection. No error messages appear, but the appliance stops responding to console and network.
Problem During the upgrade process, some of the environment variables might not have updated correctly.Solution You can verify what the current boot manager settings are by issuing a printenv command at the boot manager prompt, as shown in this example:Loading boot manager ..
BOOTMGR[0]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1
02.12-2001-102644
autoboot: NO
bootwait: 5
boot-file:
boot-flags:
boot-device:
No referenced boot-file or boot-device appears.Setting the boot manager to defaults causes the boot manager to determine that no environment variables are set, and it responds by importing the defaults from the binary file. To set the boot manager to defaults, issue the set-defaults command at the boot manager prompt as shown in this example:BOOTMGR> set-defaults
Downloaded from www.Manualslib.com manuals search engine
Troubleshooting Routing Problems
Nokia IP300 Series Security Platform Installation Guide 105
If you issue the printenv command again, the boot-file and boot-device entries are present, as shown in this example:BOOTMGR[2]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1
02.12.2001-102644
autoboot: YES
bootwait: 5
boot-file: /image/current/kernel
boot-flags:
boot-device: wd0
Issue the halt command to restart your appliance.BOOTMGR> halt
Troubleshooting Routing Problems Several useful tools are available to troubleshoot routing problems. The first tool is available from the Monitor page in Network Voyager, from which you display routing statistics and errors. You can access this information from the command-line interface using the ICLID (IPSRD command-line interface daemon) command. An example use of the ICLID command is shown below. For information about the ICLID command, see the Nokia Network Voyager Reference Guide. For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
106 Nokia IP300 Series Security Platform Installation Guide
NoteAdding a question mark (?) after any command provides additional command options. Typing a question mark (?) at a prompt provides a list of available commands.
hostname[admin]# iclid
hostname | IP address>
hostname | IP address> ?
exit get help quit show
hostname | IP address>
hostname | IP address> show ?
address bgp igmp iphelper mfc ripvrrp bootpgw igrp krt ospf route inbound-filter dvmrp interface memory resource version
hostname | IP address> show route ?
aggregate bgp igrp ospf static
all direct inactive rip summary
hostname | IP address> show route ospf
Codes: C - connected, S - static, I - IGRP, R - RIP,
B - BGP, O - OSPF, E - OSPF external, A - Aggregate,
K - Kernel Remnant, H - Hidden, S - Suppressed
The response to the preceding ICLID command is as follows:0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111
In addition, several trace options are available. You can enable these options under the routing options in Network Voyager. When a trace is enabled the output appears in /var/tmp/ipsrd.log.
Downloaded from www.Manualslib.com manuals search engine
Troubleshooting Routing Problems
Nokia IP300 Series Security Platform Installation Guide 107
Common Problems with OSPF Use tcpdump to view routing information. Use the following command display routing updates for that interface:tcpdump -i interface proto ospf
For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide.Under routing options in Network Voyager, you can also enable several types of trace options for OSPF. These traces are logged in /var/tmp/ipsrd.log.For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Problem OSPF is not configured. Solution Verify that OSPF is properly configured for all interfaces that are involved in OSPF routing. For more information, see Configuring OSPF from the Configuring Routing document page in Network Voyager. You can access the document page by pressing Doc.
Problem OSPF hello and dead timers are not the same on each interface for a given link.Solution Verify that the settings at the end of each link are identical.
Problem Attached devices do not support OSPF.Solution Ensure that the attached IP300 Series appliance supports OSPF. If the attached appliance does not support OSPF, configure it with a protocol that the appliance supports and exchange routes with OSPF, or set a default or static route.
NoteYou can also use ICLID to display OSPF details.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
108 Nokia IP300 Series Security Platform Installation Guide
Common Problems with RIP Use tcpdump to view routing information. Use the following command to display routing updates for a specific interface:tcpdump -i interface proto rip
For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide.Under routing options in Network Voyager, you can also enable several types of trace options for routing information protocol (RIP). These traces are logged in /var/tmp/ipsrd.log.For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Problem Inconsistent subnet mask (netmask does not match the class of IP address for RIP v1).Solution RIP version 1 must use consistent subnet masks; change to RIP version 2 or OSPF to use inconsistent subnet masks.
Problem Number of networks exceeds the RIP limit.Solution RIP can span up to 16 networks. Verify that your network topology does not exceed this limit.
Common Problems Exchanging Routes Always enter a metric value if you are exporting routes from OSPF to RIP.
Problem Exchanging routes are not configured correctly.Solution Exchanging routes involves several configuration steps. Follow the tasks in the Nokia Network Voyager Reference Guide (online documentation) to ensure that you follow all steps. For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 30.
Downloaded from www.Manualslib.com manuals search engine
Troubleshooting Routing Problems
Nokia IP300 Series Security Platform Installation Guide 109
Problem Routing protocol is not functioning properly.Solution to ensure that each routing protocol is functioning properly, see “Common Problems with OSPF” on page 107 and “Common Problems with RIP” on page 108.
Downloaded from www.Manualslib.com manuals search engine
9 Troubleshooting
110 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 111
A Technical Specifications
Physical Dimensions
Space RequirementsThe IP300 Series appliance is designed for front-screw mounting in a 19-inch rack. Each IP300 Series appliance requires the following space in a rack:
1.75 inches (4.45 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the IP300 Series appliance to allow the back exit fan to move air through the appliances
Dimensions Height: 1.75 in. (4.45 cm)
Width: 17 in. (44 cm)19 in. (48 cm) rack mountable
Depth: 16.12 in. (40.94 cm)
Weight 17 lbs. (7.7 kg) base system
Downloaded from www.Manualslib.com manuals search engine
A Technical Specifications
112 Nokia IP300 Series Security Platform Installation Guide
CautionDo not place objects over the ventilation holes on the IP350 or IP380 appliance. The appliance might overheat and become damaged.
NIC Interfaces
Cable TypeCable Output Connector
Four-port and two-port Ethernet
IEEE 802.3 10BASE-T, 100BASE-T, 1000BASE-T unshielded twisted pair, full-duplex or half-duplex
RJ-45
Two-port Fiber Gigabit Ethernet
IEEE 802.32 Gigabit Ethernet Multimode Fiber
LC
Two-port V2 Copper Gigabit Ethernet
Straight-through RJ-45 cable (Category 5 type) or crossover cable; in some cases, shielded Category 5 Ethernet cable to meet Class B emissions standards
RJ-45
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide 113
B Compliance Information
This appendix contains the following compliance information:Declaration of ConformityCompliance StatementsFCC Notice (US)
Declaration of ConformityAccording to ISO/IEC Guide 22 and EN 45014:
Manufacturer’s Name: Nokia Inc.
Manufacturer’s Address: 313 Fairchild DriveMountain View, CA 94043-2215USA
Downloaded from www.Manualslib.com manuals search engine
B Compliance Information
114 Nokia IP300 Series Security Platform Installation Guide
declares that the product:
conforms to the following standards:
Supplementary information:Pursuant to directive 1999/5/EC this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/336/EEC with Amendment 93/68/EEC.
Product Name: IP350, IP355, IP380, IP385, 100i, 100s
Model Number: IP0380
Product Options: All
Serial Number: 1 to 100,000
Date First Applied: 2002
Safety: EN60950-1:2001+A11; IEC60950-1:2001; UL60950, Third Edition:2000; CAN/CSA-C22.2 No.60950:2000.
EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3
Downloaded from www.Manualslib.com manuals search engine
Compliance Statements
Nokia IP300 Series Security Platform Installation Guide 115
Compliance StatementsThis hardware complies with the standards listed in this section.
Emissions Standards
Christopher SaleemCompliance & Reliability Engineering ManagerSecurity & Mobile Connectivity, Enterprise SolutionsMountain View, CaliforniaJanuary 2005
Elie HabibSenior Vice PresidentSecurity & Mobile Connectivity, Enterprise SolutionsMountain View, CA
FCC Part 15 Subpart B Class A US/Canada
EN55022 (CISPR 22 Class A) European Community (CE)
Downloaded from www.Manualslib.com manuals search engine
B Compliance Information
116 Nokia IP300 Series Security Platform Installation Guide
Immunity Standards
Harmonics and Voltage Fluctuation
Safety Standards
FCC Notice (US)This device has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction, may cause harmful interference to radio communications. However, there is no
EN55024 European Community (CE)
EN61000-4-2
EN61000-4-3
EN61000-4-4
EN61000-4-5
EN61000-4-6
EN61000-4-11
EN61000-3-2 European Community (CE)
EN61000-3-3 European Community (CE)
UL60950/EN60950 US/European Community(CE)
CAN/CSA-C22.2 No.60950 Canada
Downloaded from www.Manualslib.com manuals search engine
FCC Notice (US)
Nokia IP300 Series Security Platform Installation Guide 117
guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio or television reception, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.Increase the separation between the computer and receiver.Connect the computer into an outlet on a circuit different from that to which the receiver is connected.Consult the dealer or an experienced radio/TV technician for help.
CautionAny changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.
050324
Downloaded from www.Manualslib.com manuals search engine
B Compliance Information
118 Nokia IP300 Series Security Platform Installation Guide
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide Index - 119
Index
Aaccelerator card 67accessing and removing DIMMs 64appliance components 13appliance status LEDs 18arguments 89attaching accelerator card to motherboard 71autoboot variable 82AUX port 17
Bbattery, replacing 73boot command 89boot manager 81
booting the system 89installing 91password protection for 90upgrading 92using to install IPSO 82, 89variables 82, 89
boot manager revision variable 82boot-device variable 83boot-file variable 83boot-flags variable 83bootwait variable 82built-in console port 15
Ccable output connector 112
cable type 112Check Point 11, 12commands
halt 88help 88ICLID 105install 89ls 86printenv 84setalias 87set-defaults 87setenv 86sysinfo 85unsetalias 88unsetenv 87
compact flash 11compliance information 113component locations 13connections
Ethernet network interface cards 47modem 17power 25
connector pin assignmentsEthernet network interface cards 48
connectors forGigabit Ethernet network interface cards 53
console cable 28copper two-port V2 Gigabit Ethernet network interface card 50
Downloaded from www.Manualslib.com manuals search engine
Index - 120 Nokia IP300 Series Security Platform Installation Guide
Ddata communications equipment device 28deactivating, network interface cards 36depth 111DHCP server 27DIMMs
accessing and removing 64adding 64socket locations 63
disabling flash-memory PC card 78disk-based appliances 10DVMRP 9
EEMC standards 114encryption accelerator card 67encryption accelerator card, optional 10, 11end-of-life information 19equipment disposal 19Ethernet cable output connector 48Ethernet crossover-cable pin connections 49Ethernet management ports 14Ethernet network interface cards
cable pin assignments 48connecting to 47
Ffiber two-port Gigabit Ethernet network inter-face card 53
flash-based appliances 11flash-memory card
disabling 78transferring files 79
flash-memory PC cards 77four-port Ethernet network interface card 46
GGigabit Ethernet network interface cards 50, 53connectors 53
Hhalt command 88hard-disk drive, replacing 57height 111help command 88
IICLID command 105install command 89installing
network interface cards 36PCMCIA modem 56
interfacesspecifications 112
IP routing 9IP300Series appliances, monitoring 18IP355 appliances 11IP385 appliances 11IPsec 72IPSO command-line interface 12IPSO version 11IPSO, booting 89
LLC connector 53LEDs 18
secondary status 19status 18
line cards 10, 12ls command 86
Downloaded from www.Manualslib.com manuals search engine
Nokia IP300 Series Security Platform Installation Guide Index - 121
Mmanagement ports 14memory
capacity 62upgrading 62
memory size 10, 11model number 114modems, PMCIA 15monitoring IP300 Series appliances 18mounting 23mounting bracket 24mounting positions 24mounting screws 24multicast traffic 9multimode, fiber-optic cable 53
Nnetwork interface cards 10, 12
cable output connector 112cable type 112deactivating 36four-port Ethernet 46front panel location 13installing 35, 36two-port Ethernet 47two-port Gigabit Ethernet, fiber 53two-port V2 Gigabit Ethernet, copper 50types supported 15
network interfaces, connecting 26Network Voyager 12
accessing 30configuring VPN tunnels 72
Nokia Horizon Manager 13Nokia IPSO version 11, 12null-modem cable 28
Oopening Network Voyager 30operating temperature range 23optional disk 12optional PC card 11output connector
for the Ethernet cable 48
PPCI mezzanine card 15PCMCIA modem, installing 56PCMCIA modems, slot for 15physical dimensions 111pin assignments for modem connections 16, 17
PMC expansion slots 15power connections 25power supply 25power switch 25printenv command 84
Rrack mounting 23rack unit size 11recycling retired equipment 19replacing battery 73replacing hard-disk drive 57reset switch 13RJ-45 connector 47, 48
Ssafety standards 114secondary status LEDs 19serial number 114setalias command 87set-defaults command 87setenv command 86
Downloaded from www.Manualslib.com manuals search engine
Index - 122 Nokia IP300 Series Security Platform Installation Guide
setting variables 86space requirements 111specifications
interfaces 112specifications for IP300 Series disk-based appliances 10
specifications for IP300 Series flash-based appliances 11
specifications, technical 111static discharge 63status LEDs 18storing system log messages 78sysinfo command 85system log messages, storing 78
Ttcpdump 46technical specifications 111temperature range 23transfer Nokia IPSO images 80transferring files with flash-memory PC card 79
troubleshooting 95two-port Ethernet network interface card 47two-port Gigabit Ethernet network interface card, fiber 53
two-port V2 Gigabit Ethernet network inter-face card, copper 50
Uunsetalias command 88unsetenv command 87upgrading memory 62
Vvariables 82
autoboot 82
boot flag 83boot manager 82boot-device 83boot-file 83bootwait 82setting 86viewing 84
Wweight 111width 111
Downloaded from www.Manualslib.com manuals search engine