Nokia IP40 - Satellite Unlimited - Security... User manual
IP40 Version 1.0 Appliance User’s
Guide
N450916001 Rev A
October 2003
2Nokia IP40 User Guide
COPYRIGHT
©2003 Nokia. All rights reserved.
Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not
limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or
registered trademarks of their respective holders.
Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or
1-650-625-2000
Fax 1-650-691-2170
Mail
Address Nokia Inc.
313 Fairchild Drive
Mountain View, California
94043-2215 USA
Americas Nokia
313 Fairchild Drive
Mountain View, CA 94043-2215
USA
Tel: 1-877-997-9199
Outside USA and Canada: +1 512-437-7089
email: ipsecurity[email protected]
Europe,
Middle East,
and Africa
Nokia House, Summit Avenue
Southwood, Farnborough
Hampshire GU14 ONG UK
Tel: UK: +44 161 601 8908
Tel: France: +33 170 708 166
email: ipsecurity[email protected]
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark
Singapore 119968
Tel: +65 6588 3364
email: ipsecurity.ap[email protected]
Nokia IP40 User Guide 3
Nokia Customer Support
Web Site: https://support.nokia.com/
Email: tac.suppor[email protected]
Americas Europe
Voice: 1-888-361-5030 or
1-613-271-6721 Voice: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
021216
4Nokia IP40 User Guide
Nokia IP40 User Guide 5
Contents
In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Nokia IP40 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Nokia IP40 Satellite 16, Satellite 32, Satellite Unlimited . . . . . . . . . . . . . . . . . . . . 18
Nokia IP40 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Diagnostics and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Nokia IP40 Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Appliance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
IP40 Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
IP40 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2 Installing the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Before You Install the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Setting Up Nokia IP40 with Microsoft Windows 98 or Millennium Operating Systems 27
Setting Up Nokia IP40 with Microsoft Windows XP and 2000 Operating Systems 31
Setting up Nokia IP40 with an Apple Computer . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Connecting the Nokia IP40 to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Installing Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6Nokia IP40 User Guide
3 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
First Time Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring Nokia IP40 for Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Making Initial Nokia IP40 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Setting the Nokia IP40 Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Registering with Nokia Support Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Connecting to a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Logging On to the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Accessing the IP40 securely. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Logging Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Understanding the Web based GUI of IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Using the Nokia IP40 Web User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
GUI Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4 Accessing the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Connection Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Connecting the Nokia IP40 to a computer by Using the Console Port. . . . . . . . . 50
Using Telnet to Connect to the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Enabling and Disabling Telnet Access to the Nokia IP40 . . . . . . . . . . . . . . . . . 53
Using Secure Shell (SSH) to Connect to the Nokia IP40. . . . . . . . . . . . . . . . . . . 53
Accessing the Nokia IP40 using HTTP and HTTPS . . . . . . . . . . . . . . . . . . . . . . 53
Managing large scale deployments of the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . 53
Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
SmartCenter Large Scale Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Sofaware Security Management Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
5 Connecting to the Internet using IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring for Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Direct LAN Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Cable Connection Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
MAC Cloning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
DSL Connection Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Manually Configuring the Internet Setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
LAN Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Cloning a MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Viewing Internet Connection Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Enabling/Disabling the Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Using Quick Internet Connection/Disconnection. . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring a Backup Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Nokia IP40 User Guide 7
6 Managing Your Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Enabling and Disabling the DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Changing IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Enabling/Disabling Hide NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring a DMZ Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Using Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Adding and Editing Static NAT mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Viewing and Deleting Static NAT Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Using Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
7 Setting Up the Security Policy in IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Setting the Firewall Security Level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Customing your security policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Creating Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Allow and Block Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Deleting Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Defining an Exposed Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
8 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Changing Your Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Viewing and Editing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Setting Up Remote VPN Access for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Using RADIUS Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Secure Shell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Secure Shell Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Enabling/Disabling SSH Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
SSH Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Using SSH Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Advanced Secure Shell Server Options. . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Server Authentication of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring and Managing SSH Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Managing Authorized Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Secure Socket Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Enabling HTTPS Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Generating a self-signed Certificate and Private Key. . . . . . . . . . . . . . . . . . . . . . . 101
Installing a Certificate and Private Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
8Nokia IP40 User Guide
9 Configuring and monitoring using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
SNMP Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
SNMP Configuration from the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Setting up SNMP access to the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring the SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring SNMP Parameters from the Command-line Interface . . . . . . . . . . 105
10 Configuring the Nokia IP40 through Out of Band Management . . . . . . . . . . . 107
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configuring for OOB from the Nokia IP40 GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configuring the Nokia IP40 for OOB from the CLI . . . . . . . . . . . . . . . . . . . . . . . . 109
Configuring the modem settings from the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Secure Shell and HTTPS Access through Out of Band Dial-in. . . . . . . . . . . . . . . 109
Upgrading the firmware through Out of Band Dial-in (Failsafe Mode) . . . . . . . . . 110
Booting in to Failsafe Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Special Deployment Mode in the Nokia IP40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
11 Configuring Device Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Host Name Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Date and Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
System Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Managing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Exporting the IP40 Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Importing the IP40 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Firmware Upgrade in Failsafe Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Installing Your Product Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Resetting the IP40 to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
To reset the IP40 to factory defaults using the Reset button. . . . . . . . . . . . . . . 122
12 Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Viewing the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Viewing Active Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Viewing Active Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Viewing VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Viewing Diagnostics Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
13 Working with VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Remote Access VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configuring a Remote Access VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Nokia IP40 User Guide 9
Configuring a Site to Site VPN Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Completing Site Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Setting Up the Nokia IP40 Satellite X as a VPN Server. . . . . . . . . . . . . . . . . . . . . 134
To set up your IP40 as a VPN server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Deleting a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Logging on to a VPN Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Logging On from the Nokia IP40 GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Logging On Through my.vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Logging Off a VPN Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
SecuRemote to Satellite X (VPN Client to Gateway). . . . . . . . . . . . . . . . . . . . . . . 138
Setting up IP40 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Setting up SecuRemote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Setting up the Nokia IP40 Tele 8 as VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Adding VPN Sites by Using the Nokia IP40 Tele 8 . . . . . . . . . . . . . . . . . . . . . . . 139
Adding VPN Sites by Using IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
To add or edit VPN sites by using IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . 142
IP40Tele to IP40 Satellite X (VPN Client to Gateway). . . . . . . . . . . . . . . . . . . . . . 143
Setting up IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Setting up IP40 Satellite X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
IP40 Tele 8 to Check Point v4.1/ NG/ FP1/ FP2/FP3/NG AI . . . . . . . . . . . . . . . . . 144
Setting up IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Setting up Check Point Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
IP40 Tele 8 to Check Point NG AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Setting up IP40 Tele 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Setting up Check Point NG AI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Site-to-Site VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
IP40 Satellite X in NAT and No-NAT Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
No-NAT Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
NAT Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Installing VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Defining Backup VPN Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Satellite X to Satellite X (VPN Gateway to Gateway) . . . . . . . . . . . . . . . . . . . . . 149
Setting up the Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Satellite X to VPN-1 (Site-to-Site VPN). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Setting up the Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
IP40 Satellite X to Check Point FP3/DAIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Setting Up Check Point FP3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Setting up the Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
IP40 Satellite X to Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . . . . . . . 152
Setting Up Check Point SmartCenter FP3/NG AI . . . . . . . . . . . . . . . . . . . . . . 152
Setting up the Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Setting Up Check Point SmartCenter NG AI using Certificates . . . . . . . . . . . . 152
Setting up the Nokia IP40 Satellite X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
10 Nokia IP40 User Guide
IP40 Satellite X to Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
14 Using Managed Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Starting your Subscription Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Viewing Services Information from Account Page. . . . . . . . . . . . . . . . . . . . . . . 158
Refreshing your Service Center Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Configuring your Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Disconnecting from your Service Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Sofaware Security Management Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Web Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Selecting Categories for Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Virus Scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Enabling/Disabling Email Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Selecting Protocols for Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Temporarily Disabling Email Antivirus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Automatic and Manual Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Checking for Software Updates when Locally Managed . . . . . . . . . . . . . . . . . . 165
Checking for Software Updates When Remotely Managed. . . . . . . . . . . . . . . . 166
Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
SmartCenter LSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
15 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Frequently Asked Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Viewing Firmware Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Resetting the IP40 to factory defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
A Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
B Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
C End User License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
D Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Nokia IP40 User Guide 11
About This Guide
This guide provides information and procedures for how to install and configure the Nokia IP40
security platform. This guide provides information about the new features incorporated in to the
Nokia IP40 appliance. This version of Nokia IP40 uses the SofaWare VPN-1 Embedded NG. For
a quick reference on configuring features in Nokia IP40, see the Nokia IP40 Quick Start Guide
and the IP40 Online Help that is part of the graphical user interface (GUI) in the device.
Installation and maintainance should be performed by experienced technicians or Nokia-
approved service providers only.
This preface provides the following information:
!In This Guide
!Conventions This Guide Uses
!Related Documentation
In This Guide
This guide is organized into the following chapters and appendixes:
!Chapter 1, “Introduction,” provides the information you need to know before installing the
Nokia IP40.
!Chapter 2, “Installing the Nokia IP40,” explains how to install the device, lists operating
system requirements, protocols and how to establish a network connection.
!Chapter 3, “Getting Started,” describes how to start using the IP40, provides information on
first-time login and connecting to the Internet.
!Chapter 4, “Accessing the Nokia IP40,” discusses different methods of connecting to your
IP40 and methods of configuring the device.
!Chapter 5, “Configuring the IP40 for Internet Connection,” describes how to configure your
IP40 for connecting to the Internet, and viewing and managing your Internet connection.
!Chapter 6, “Managing Your Local Area Network,” explains how to configure the features
that the IP40 provides.
!Chapter 7, “Setting Up the Security Policy in IP40,” discusses methods to define the firewall
level, configure virtual servers and create firewall rules.
!Chapter 8, “Configuring Network Access,” describes the network access procedures and
usage of SSH and SSL.
3
12 Nokia IP40 User Guide
!Chapter 9, “Configuring and monitoring using SNMP,” explains the procedure to configure
Simple Network Management Protocol, set community strings, and send and enable SNMP
traps.
!“Configuring the Nokia IP40 through Out of Band Management,” explains the method to
configure the Nokia IP40 through Out of Band Management.
!Chapter 11, “Configuring Device Functions,” discusses how to configure device functions
such as setting date and time, loading factory defaults and performing firmware upgrade.
!Chapter 12, “Viewing Reports,” explains how to view reports such as Event Log, Active
Computers, Active Connections, and VPN Tunnels.
!Chapter 13, “Working with VPNs,” explains how to configure a VPN by using the IP40.
!Chapter 14, “Using Managed Services,” describes methods for enabling and using
subscription services such as Web filtering, email antivirus, and automatic and manual
updates.
!Chapter 15, “Troubleshooting,”discusses typical problems users encounter and provides
solutions to these problems.
!Appendix A, “Specifications,” describes the Nokia IP40 specifications
!Appendix B, “Warranty,” contains te warranty for the Nokia IP40
!Appendix C, “End User License Agreement,” contains the End User License Agreement for
the Nokia IP40.
!Appendix D, “Compliance Information,” contains the compliance information for the Nokia
IP40.
Conventions This Guide Uses
The following sections describe the conventions this guide uses, including notices, text
conventions, and command-line conventions.
Notices
Warning
Warnings advise the user that bodily injury might occur because of a physical hazard.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of
performance, loss of data, or interruption of service.
Note
Notes provide information of special interest or recommendations.
Conventions This Guide Uses
Nokia IP40 User Guide 13
Command-Line Conventions
This section defines the elements of commands that are available in Nokia products. You might
encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other short
word that invokes the product or calls the compiler or preprocessor
script for a compiled Nokia product. It might appear alone or
precede one or more options. You must spell a command exactly
as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For
example:
delete interface if_name
Supply an interface name in place of the variable. For example:
delete interface nic1
angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
Vertical bars, also called a
pipe (|) Separates alternative, mutually exclusive elements.
framing <sonet | sdh>
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
-flag A flag is usually an abbreviation for a function, menu, or option
name, or for a compiler or preprocessor argument. You must enter
a flag exactly as shown, including the preceding hyphen.
3
14 Nokia IP40 User Guide
Text Conventions
Table 2 describes the text conventions this guide uses.
Menu Items
Nokia IP40 menu items in procedures are separated by the greater than sign.
.ext A filename extension, such as .ext, might follow a variable that
represents a filename. Type this extension exactly as shown,
immediately after the name of the file. The extension might be
optional in certain products.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that
you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as
shown.
Table 1 Command-Line Conventions (continued)
Convention Description
Table 2 Text Conventions
Convention Description
monospace font
Indicates command syntax, or represents computer or screen
output, for example:
Log error 12453
bold monospace font Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):
Choose File > Open.
The words enter and type Enter indicates you type something and then press the Return or
Enter key.
Do not press the Return or Enter key when an instruction says
type.
Italics •Emphasizes a point or denotes new terms at the place where
they are defined in the text.
•Indicates an external book title reference.
•Indicates a variable in a command:
delete interface
if_name
Related Documentation
Nokia IP40 User Guide 15
For example, Start > Programs > Nokia > Security indicates that you first click Start, then
choose the Programs menu command, then choose Nokia, and finally choose Security
Related Documentation
In addition to this guide, documentation for this product includes the following:
!Nokia IP40 Quick Start Guide—Provides a description of the system features and an
overview of how to get your appliance up and running.
!Nokia IP40 CLI Reference Guide—Provides a description of all IP40 commands that are
used for managing the appliance.
!IP40 Release Notes—Provides important information you should know before installing and
configuring the IP40 appliance.
3
16 Nokia IP40 User Guide
Nokia IP40 User Guide 17
1Introduction
This chapter introduces the Nokia IP40 appliance. It includes the following topics:
!“About the Nokia IP40” on page 17
!“Nokia IP40 Features” on page 18
!“Nokia IP40 Package Contents” on page 23
!“Network Requirements” on page 24
!“IP40 Rear Panel” on page 24
!“IP40 Front Panel” on page 26
About the Nokia IP40
The Nokia IP40 is an advanced Internet security appliance that enables secure high-speed
Internet or corporate access from the home or office. The IP40 uses VPN-1 Embedded NG
software from SofaWare Technologies. The VPN-1 Embedded NG firewall, based on the Check
Point FireWall-1 Stateful Inspection technology, inspects and filters all incoming and outgoing
traffic, blocking all unauthorized traffic.
The IP40 is a hardware appliance and is easy to install. It allows you to share your Internet
connection among several computers, other network devices and enables advanced home and
office networking, besides providing protection for your entire network.
With the IP40, corporate as well as home users can subscribe to security services, such as
firewall security updates, parental control and so on. Business users can securely connect to the
corporate network.
The IP40 is available with the following licenses:
!Nokia IP40 Tele 8
!Nokia IP40 Satellite 16
!Nokia IP40 Satellite 32
!Nokia IP40 Satellite U (Unlimited)
All these versions of IP40 provide a web-based interface that enables you to configure and
manage the IP40.
The IP40 comes pre-installed with the license of your choice. The IP40 can be upgraded to the
more advanced configuration, without replacing the hardware. Contact your local reseller for
details on license upgrade.
1Introduction
18 Nokia IP40 User Guide
Nokia IP40 Tele 8
The IP40 Tele 8 is for home telecommuters and work extenders who also need VPN client
access. The IP40 Tele 8 supports both firewall and VPN client capabilities over an eight-node
network. The appliance supports VPN client capabilities for users to connect to the central office
from their home with firewall protection, extending the enterprise network to the employees’
home offices.
Nokia IP40 Satellite 16, Satellite 32, Satellite Unlimited
The IP40 Satellite 16, IP40 Satellite 32 and IP40 Satellite Unlimited provide full firewall and
VPN connectivity for remote and branch offices or independent, small and medium enterprises
with sixteen, thirty-two and unlimited node networks, respectively. All of the products also
support as many as ten VPN tunnels and operate as a VPN gateway. Using these solutions,
remote and branch offices can securely exchange information between them, with distributed
enterprises and small and medium enterprises, with excellent performance at a low price.
Nokia IP40 Features
Go through the following section for a summary of IP40 features:
Connectivity
Table 3
Feature Nokia IP40 Tele 8 Nokia IP40 Satellite
(16/32/Unlimited)
LAN, WAN, DMZ and
Control Ports (No DMZ Support)
Unnumbered PPP
PPPoE Client
PPTP client
DHCP server
About the Nokia IP40
Nokia IP40 User Guide 19
Firewall
DHCP client
Backup Internet
connection, static NAT,
static routes
Table 4
Feature Nokia IP40 Tele 8 Nokia IP40 Satellite
(16/32/Unlimited)
Based on Check Point
Firewall Stateful
Inspection Technology
Network Address
Translation (NAT)
User defined rules
DoS protection
Anti-spoofing
Attack logging
H.323 support
Exposed host
DMZ network
Table 3
Feature Nokia IP40 Tele 8 Nokia IP40 Satellite
(16/32/Unlimited)
1Introduction
20 Nokia IP40 User Guide
VPN
Table 5
Feature Nokia IP40 Tele8 Nokia IP40 Satellite
(16/32/Unlimited)
IPSEC VPN remote
access server
IPSEC VPN site-to-site
gateway
IPSEC VPN remote
access client
VPN pass through
X.509 certificates
SecuRemote server
RADIUS support
DAIP with VPN
certificates
Backup VPN gateways
SmartCenter Connector
(SSC) NG AI support
Bypass NAT
Route all traffic
Other manuals for IP40 - Satellite Unlimited - Security...
4
Table of contents
Other Nokia Firewall manuals
Nokia
Nokia IP740 - Remote Access Server User manual
Nokia
Nokia Check Point IP2450 User manual
Nokia
Nokia IP530 - Remote Access Server User manual
Nokia
Nokia IP40 - Satellite Unlimited - Security... User manual
Nokia
Nokia IP710 Series User manual
Nokia
Nokia IP45 User manual
Nokia
Nokia IP71 User manual
Nokia
Nokia IP30 - Satellite Plus - Security Appliance User manual
Nokia
Nokia EM7500 User manual
Nokia
Nokia IP40 - Satellite Unlimited - Security... User manual
