Nokia Ip60 - security appliance User manual

Part No. N450000643 Rev 001

Published February 2008

Nokia IP60 Security Appliance

User Guide

2 Nokia IP60 Security Appliance User Guide

Rights reserved under the copyright laws of the United States.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph

(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,

the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the

Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

IMPORTANT NOTE TO USERS

This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not

limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall

Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or

consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or

profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort

(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of

such damage.

Nokia reserves the right to make changes without further notice to any products herein.

TRADEMARKS

Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or

registered trademarks of their respective holders.

080101

Nokia IP60 Security Appliance User Guide 3

Nokia Contact Information

Corporate Headquarters

Regional Contact Information

Nokia Customer Support

Web Site http://www.nokia.com

Telephone 1-888-477-4566 or

1-650-625-2000

Fax 1-650-691-2170

Mail

Address Nokia Inc.

313 Fairchild Drive

Mountain View, California

94043-2215 USA

Americas Nokia Inc.

313 Fairchild Drive

Mountain View, CA 94043-2215

USA

Tel: 1-877-997-9199

Outside USA and Canada: +1 512-437-7089

email: info.ipnetworking_america[email protected]

Europe,

Middle East,

and Africa

Nokia House, Summit Avenue

Southwood, Farnborough

Hampshire GU14 ONG UK

Tel: UK: +44 161 601 8908

Tel: France: +33 170 708 166

email: info.ipnetworking_emea@nokia.com

Asia-Pacific 438B Alexandra Road

#07-00 Alexandra Technopark

Singapore 119968

Tel: +65 6588 3364

email: [email protected]

Web Site: https://support.nokia.com/

Email: tac.suppor[email protected]

Americas Europe

Voice: 1-888-361-5030 or

1-613-271-6721 Voice: +44 (0) 125-286-8900

Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666

Asia-Pacific

Voice: +65-67232999

Fax: +65-67232897

050602

4 Nokia IP60 Security Appliance User Guide

Contents

Contents 5

Contents

About This Guide................................................................................................................................11

Introduction.........................................................................................................................................13

About Your Nokia IP60 Appliance...................................................................................................13

Nokia IP60 Products .........................................................................................................................13

Security ................................................................................................................................................29

Introduction to Information Security.................................................................................................29

The Nokia IP60 Firewall...................................................................................................................32

Installing and Setting Up the Nokia IP60 Appliance .......................................................................39

Before You Install the Nokia IP60 Appliance...................................................................................39

Nokia IP60 and Nokia IP60 Wireless Installation.............................................................................50

Cascading Your Appliance ...............................................................................................................54

Connecting the Appliance to Network Printers.................................................................................55

Setting Up the IP60 Appliance..........................................................................................................55

Getting Started....................................................................................................................................59

Initial Login to the Nokia IP60 Portal...............................................................................................59

Logging on to the Nokia IP60 Portal ................................................................................................60

Accessing the Nokia IP60 Portal Remotely Using HTTPS...............................................................61

Using the Nokia IP60 Portal..............................................................................................................63

Logging off .......................................................................................................................................65

Configuring the Internet Connection................................................................................................67

Overview...........................................................................................................................................67

Using the Internet Wizard .................................................................................................................68

Using Internet Setup..........................................................................................................................76

Setting Up Dialup Modems...............................................................................................................96

Viewing Internet Connection Information ......................................................................................102

Enabling/Disabling the Internet Connection ...................................................................................105

Using Quick Internet Connection/Disconnection............................................................................105

Configuring a Backup Internet Connection.....................................................................................105

Configuring WAN Load Balancing ................................................................................................106

Managing Your Network..................................................................................................................109

Configuring Network Settings ........................................................................................................109

Using Network Objects...................................................................................................................134

Configuring Network Service Objects ............................................................................................142

Contents

6 Nokia IP60 Security Appliance User Guide

Using Static Routes.........................................................................................................................144

Managing Ports ...............................................................................................................................148

Using Bridges.....................................................................................................................................157

Overview.........................................................................................................................................157

Workflow........................................................................................................................................162

Adding and Editing Bridges............................................................................................................162

Adding Internal Networks to Bridges .............................................................................................165

Adding Internet Connections to Bridges.........................................................................................168

Deleting Bridges .............................................................................................................................172

Configuring High Availability .........................................................................................................173

Overview.........................................................................................................................................173

Configuring High Availability on a Gateway .................................................................................175

Sample Implementation on Two Gateways.....................................................................................178

Using Traffic Shaper.........................................................................................................................181

Overview.........................................................................................................................................181

Setting Up Traffic Shaper ...............................................................................................................182

Predefined QoS Classes ..................................................................................................................182

Adding and Editing Classes ............................................................................................................184

Viewing and Deleting Classes.........................................................................................................187

Restoring Traffic Shaper Defaults...................................................................................................187

Working with Wireless Networks....................................................................................................189

Overview.........................................................................................................................................189

Configuring Wireless Networks......................................................................................................194

Troubleshooting Wireless Connectivity..........................................................................................215

Viewing Reports................................................................................................................................217

Viewing the Event Log ...................................................................................................................217

Using the Traffic Monitor ...............................................................................................................219

Viewing Computers ........................................................................................................................222

Viewing Connections......................................................................................................................224

Viewing Wireless Statistics.............................................................................................................226

Viewing the Routing Table .............................................................................................................229

Setting Your Security Policy............................................................................................................231

The Nokia IP60 Firewall Security Policy........................................................................................232

Default Security Policy ...................................................................................................................233

Setting the Firewall Security Level.................................................................................................233

Contents

Contents 7

Configuring Servers ........................................................................................................................236

Using Rules.....................................................................................................................................238

Using Port-Based Security..............................................................................................................247

Using Secure HotSpot.....................................................................................................................251

Using NAT Rules............................................................................................................................255

Using Web Rules ............................................................................................................................261

Using SmartDefense..........................................................................................................................269

Overview.........................................................................................................................................269

Configuring SmartDefense..............................................................................................................269

SmartDefense Categories................................................................................................................274

Resetting SmartDefense to its Defaults...........................................................................................308

Using VStream Antivirus .................................................................................................................309

Overview.........................................................................................................................................309

Enabling/Disabling VStream Antivirus...........................................................................................311

Viewing VStream Antivirus Signature Database Information........................................................311

Configuring VStream Antivirus......................................................................................................312

Updating VStream Antivirus...........................................................................................................324

SMART Management and Subscription Services..........................................................................325

Connecting to a Service Center.......................................................................................................325

Viewing Services Information ........................................................................................................330

Refreshing Your Service Center Connection ..................................................................................330

Configuring Your Account .............................................................................................................332

Disconnecting from Your Service Center .......................................................................................332

Web Filtering ..................................................................................................................................333

Email Filtering ................................................................................................................................337

Automatic and Manual Updates......................................................................................................340

Working with VPNs..........................................................................................................................343

Overview.........................................................................................................................................343

Setting Up Your Nokia IP60 Appliance as a VPN Server ..............................................................347

Adding and Editing VPN Sites........................................................................................................359

Viewing and Deleting VPN Sites....................................................................................................383

Enabling/Disabling a VPN Site.......................................................................................................383

Logging on to a Remote Access VPN Site......................................................................................384

Logging off a Remote Access VPN Site.........................................................................................385

Installing a Certificate.....................................................................................................................386

Contents

8 Nokia IP60 Security Appliance User Guide

Uninstalling a Certificate ................................................................................................................392

Viewing VPN Tunnels....................................................................................................................392

Viewing IKE Traces for VPN Connections ....................................................................................395

Viewing VPN Topology .................................................................................................................396

Managing Users.................................................................................................................................397

Changing Your Login Credentials ..................................................................................................397

Adding and Editing Users ...............................................................................................................399

Adding Quick Guest HotSpot Users ...............................................................................................402

Viewing and Deleting Users ...........................................................................................................403

Setting Up Remote VPN Access for Users .....................................................................................404

Using RADIUS Authentication.......................................................................................................404

Configuring RADIUS Attributes ....................................................................................................408

Using Remote Desktop......................................................................................................................411

Overview.........................................................................................................................................411

Workflow........................................................................................................................................411

Configuring Remote Desktop..........................................................................................................412

Configuring the Host Computer......................................................................................................415

Accessing a Remote Computer's Desktop.......................................................................................417

Maintenance ......................................................................................................................................419

Viewing Firmware Status................................................................................................................420

Updating the Firmware ...................................................................................................................421

Upgrading Your License.................................................................................................................423

Configuring Syslog Logging...........................................................................................................424

Controlling the Appliance via the Command Line..........................................................................425

Configuring HTTPS........................................................................................................................429

Configuring SSH.............................................................................................................................431

Configuring SNMP .........................................................................................................................432

Setting the Time on the Appliance..................................................................................................436

Using Diagnostic Tools...................................................................................................................439

Backing Up the Nokia IP60 Appliance Configuration....................................................................451

Resetting the Nokia IP60 Appliance to Defaults.............................................................................453

Running Diagnostics.......................................................................................................................455

Rebooting the Nokia IP60 Appliance..............................................................................................456

Using Network Printers....................................................................................................................457

Overview.........................................................................................................................................457

Contents

Contents 9

Setting Up Network Printers ...........................................................................................................457

Configuring Computers to Use Network Printers ...........................................................................459

Viewing Network Printers...............................................................................................................470

Changing Network Printer Ports .....................................................................................................471

Resetting Network Printers .............................................................................................................472

Troubleshooting ................................................................................................................................473

Connectivity....................................................................................................................................473

Service Center and Upgrades..........................................................................................................475

Other Problems ...............................................................................................................................476

Specifications.....................................................................................................................................477

Technical Specifications .................................................................................................................477

CE Declaration of Conformity........................................................................................................479

Federal Communications Commission Radio Frequency Interference Statement ..........................481

Glossary of Terms.............................................................................................................................483

Index...................................................................................................................................................487

About Your Nokia IP60 Appliance

Chapter 1: About This Guide 11

To make finding information in this manual easier, some types of information are marked with special

symbols or formatting.

Boldface type is used for command and button names.

Note: Notes are denoted by indented text and preceded by the Note icon.

Warning: Warnings are denoted by indented text and preceded by the Warning icon.

Each task is marked with an icon indicating the Nokia IP60 product required to perform the task, as

follows:

If this icon appears...

You can perform the task using these products...

Nokia IP60

Nokia IP60 Wireless

All products with USB ports, specifically, Nokia IP60 Wireless

Only products without ADSL. Note: Nokia IP60 appliances do not

provide ADSL.

About This Guide

About Your Nokia IP60 Appliance

Chapter 1: Introduction 13

Chapter 1

This chapter introduces the Nokia IP60 appliance and this guide.

This chapter includes the following topics:

About Your Check Point Nokia IP60 Nokia IP60 Appliance.....................13

The Nokia IP60 Series and Nokia IP60 Wireless Series ............................13

Contacting Technical Support ....................................................................28

About Your Nokia IP60 Appliance

The Nokia IP60 appliance is a Unified Threat Management (UTM) appliance that delivers proven, tightly

integrated security features to provide the perfect blend of simplicity and security. Based on the same

Check Point technologies that secure the Fortune 100, IP60 appliances deliver uncompromising security,

while streamlining deployment and administration.

IP60 appliances integrate a complete set of security features into a single, easy-to-install unit, including

firewall, VPN, intrusion prevention, antivirus, antispam, Web filtering, reporting & monitoring, and

Network Access Control (NAC). In addition, IP60 appliances offer powerful networking capabilities,

including advanced routing, traffic shaping, high availability, redundant Internet connections, and extensive

VLAN support.

All IP60 appliances can be integrated into an overall enterprise security policy for maximum security.

Check Point's Security Management Architecture (SMART) delivers a single enterprise-wide security

policy that you can centrally manage and automatically deploy to an unlimited number of Nokia IP60

gateways.

Nokia IP60 Products

The Nokia IP60 appliance incorporates the following product families.

Nokia IP60 Internet Security Appliance, which corresponds with the Nokia IP60.

Nokia IP60 Wireless Security Appliance, which corresponds with the Nokia IP60 Wireless.

Nokia IP60 Features

Table 1: Nokia IP60 Features

Feature

Nokia IP60

Concurrent Users

8 / 16 / 32 / Unrestricted

Introduction

Nokia IP60 Products

14 Nokia IP60 Security Appliance User Guide

Capacity

Firewall Throughput

(Mbps)

190Mbps

VPN Throughput (Mbps)

35Mbps

Concurrent Firewall

Connections

8,000

Hardware Features

4-Port LAN Switch

10/100 Mbps

WAN Port

Ethernet, 10/100 Mbps

ADSL Standards

—

DMZ/WAN2 Port

10/100 Mbps

Dialup Backup

With external serial / USB modem

Console Port (Serial)

Print Server

USB 2.0 Ports

—

Firewall & Security Features

Check Point Stateful

Inspection Firewall

Application Intelligence

SmartDefense™ (IPS)

Network Address

Translation (NAT)

Four Preset Security

Policies

Anti-spoofing

Voice over IP (H.323)

Support

Nokia IP60 Products

Chapter 1: Introduction 15

Unlimited INSPECT Policy

Rules

Instant Messenger

Blocking / Monitoring

P2P File Sharing Blocking

/ Monitoring

Port-based and Tag-based

VLAN

32 (XU) / 10 (Other Models)

Port-based Security

(802.1x)

Web Rules

Secure HotSpot (Guest

Access)

VPN

Remote Access Users

1/10/15/25

VPN Server with

OfficeMode and RADIUS

Support

SecuRemote, L2TP

Site-to-Site VPN Gateway

Route-based VPN

Backup VPN Gateways

Remote Access VPN

Client

SecuRemote (Included)

Site-to-Site VPN Tunnels

(Managed)

100

IPSEC Features

Hardware-accelerated DES, 3DES, AES, MD5, SHA-1, Hardware

Random Number Generator (RNG), Internet Key Exchange (IKE),

Perfect Forward Secrecy (PFS), IPSEC Compression, IPSEC

NAT Traversal (NAT-T), IPSEC VPN Pass-through

Nokia IP60 Products

16 Nokia IP60 Security Appliance User Guide

Networking

Supported Internet

Connection Methods

Static IP, DHCP, PPPoE, PPTP, Telstra, Cable, Dialup

Transparent Bridge Mode

Spanning Tree Protocol

(STP)

Traffic Shaper (QoS)

Traffic Monitoring

Dead Internet Connection

Detection (DCD)

WAN Load Balancing

Backup Internet

Connection

DHCP Server, Client, and

Relay

MAC Cloning

Network Address

Translation (NAT) Rules

Static Routes, Source

Routes, and Service-

Based Routes

Ethernet Cable Type

Recognition

DiffServ Tagging

Automatic Gateway

Failover (HA)

Dynamic Routing

Nokia IP60 Products

Chapter 1: Introduction 17

Management

Central Management

Check Point SmartCenter, Check Point SmartLSM, Check Point

SmartUpdate, CheckPoint Provider-1, SofaWare SMP

Local Management

HTTP / HTTPS / SSH / SNMP / Serial CLI

Remote Desktop

Integrated Microsoft Terminal Services Client

Local Diagnostics Tools

Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection

Table Monitor, My Computers Display, Routing Table Display,

Local Logs

NTP Automatic Time

Setting

TFTP Rapid Deployment

Hardware Specifications

Power

100/110/120/210/220/230VAC (Linear Power Adapter) or

100~240VAC (Switched Power Adapter)

Mounting Options

Desktop, Wall, or Rack Mounting*

Warranty

1 Year Hardware

* Rack mounting requires the optional rack mounting kit (sold separately).

Nokia IP60 Wireless Features

Table 2: Nokia IP60 Wireless Series Features

Feature

Nokia IP60 Wireless

Concurrent Users

8 / 16 / 32 / Unrestricted

Capacity

Firewall Throughput (Mbps)

190 Mbps

VPN Throughput (Mbps)

35Mbps

Concurrent Firewall Connections

8,000

Hardware Features

4-Port LAN Switch

10/100 Mbps

Nokia IP60 Products

18 Nokia IP60 Security Appliance User Guide

WAN Port

10/100 Mbps

ADSL Standards

—

DMZ/WAN2 Port

10/100 Mbps

Dialup Backup (Req. Ext.

Modem)

Console Port (Serial)

Print Server

USB 2.0 Ports

Firewall & Security Features

Check Point Stateful Inspection

Firewall

Application Intelligence (IPS)

Intrusion Detection and

Prevention using Check Point

SmartDefense

Network Address Translation

(NAT)

Four Preset Security Policies

Anti-spoofing

Voice over IP (H.323) Support

Unlimited INSPECT Policy Rules

Instant Messenger Blocking /

Monitoring

P2P File Sharing Blocking /

Monitoring

Port-based, Tag-based, and

Other VLAN

32 (WU) / 10 (Other Models)

Port-based Security (802.1x)

Nokia IP60 Products

Chapter 1: Introduction 19

Web Rules

Secure HotSpot (Guest Access)

VPN

Remote Access Users

1/10/15/25

VPN Server with OfficeMode and

RADIUS Support

SecuRemote, L2TP

Site-to-Site VPN Gateway

Route-based VPN

Backup VPN Gateways

Remote Access VPN Client

SecuRemote (Included)

Site-to-Site VPN Tunnels

(Managed)

100

IPSEC Features

Hardware-accelerated DES, 3DES, AES, MD5, SHA-1,

Hardware Random Number Generator (RNG), Internet

Key Exchange (IKE), Perfect Forward Secrecy (PFS),

IPSEC Compression, IPSEC NAT Traversal (NAT-T),

IPSEC VPN Pass-through

Networking

Supported Internet Connection

Methods

Static IP, DHCP, PPPoE, PPTP, Telstra, Cable, Dialup

Transparent Bridge Mode

Spanning Tree Protocol (STP)

Traffic Shaper (QoS)

Traffic Monitoring

Dead Internet Connection

Detection (DCD)

WAN Load Balancing

Backup Internet Connection

Nokia IP60 Products

20 Nokia IP60 Security Appliance User Guide

DHCP Server, Client, and Relay

MAC Cloning

Network Address Translation

(NAT) Rules

Static Routes, Source Routes,

and Service-Based Routes

Ethernet Cable Type Recognition

DiffServ Tagging

Automatic Gateway Failover (HA)

Dynamic Routing

Wireless

Wireless Protocols

802.11b (11 Mbps), 802.11g (54 Mbps), Super G* (108

Mbps)

Wireless Security

VPN over Wireless, WEP, WPA2 (802.11i), WPA-

Personal, WPA-Enterprise, 802.1x

Wireless QoS (WMM)

Dual Diversity Antennas

Virtual Access Points (VAP)

Wireless Distribution System

(WDS) Links

Wireless Range (Standard Mode)

Up to 100 m Indoors and 300 m Outdoors

Wireless Range (XR Mode)*

Up to 300 m Indoors and 1 km Outdoors

Management

Central Management

Check Point SmartCenter, Check Point SmartLSM, Check

Point SmartUpdate, CheckPoint Provider-1, SofaWare

SMP

Local Management

HTTP / HTTPS / SSH / SNMP / Serial CLI

Remote Desktop

Integrated Microsoft Terminal Services Client

Other manuals for IP60 - Security Appliance

Table of contents

Other Nokia Security System manuals

Nokia

Nokia IP1200 Series User manual

Nokia

Nokia IPSO IP350 User manual

Nokia

Nokia IP561 User manual

Nokia

Nokia IP300 Series User manual

Nokia

Nokia IP150 User manual

Nokia

Nokia IP560 - Hard Disk Drive Based User manual

Nokia

Nokia IP40 - Satellite Unlimited - Security... User manual

Nokia

Nokia 6 User manual

Nokia

Nokia IP200 Series User manual

Nokia

Nokia EM5400 User manual

Nokia

Nokia IP1220 - Security Appliance User manual

Popular Security System manuals by other brands

Risco

Risco Agility user manual

Pima

Pima VISION quick start guide

AAS

AAS AAS user manual

Axis

Axis S9001 installation guide

HST

HST HS101B Installation and maintenance instructions

SmartCell

SmartCell SC-51-0100-0001-99 installation guide

Samsung

Samsung SMT-190DN - Monitor + DVR Specifications

Rohde & Schwarz

Rohde & Schwarz CLIPSTER 6 Mk2 user manual

Sennco Solutions

Sennco Solutions 150001 instructions

Sebury

Sebury W3-H user manual

resideo

resideo PROA7PLUSC Series Quick user guide

SkyLink

SkyLink HA-300 manual

Kason

Kason K1967-57 instruction manual

Bosch

Bosch ISC-BDL2-WP12 installation guide

ADEMCO

ADEMCO via30+ user manual

Pima

Pima FORCE Series quick start guide

urmet domus

urmet domus Bitron Home 902010/29 Quick start manual

Geemarc

Geemarc Amplicall 1 user guide

Nokia IP60 - Security Appliance User manual

Popular Security System manuals by other brands