Nokia IPSO IP350 User manual
IP350 and IP380
Appliance Installation
Guide
Part No. N450709003 Rev A
Published September 2004
All manuals and user guides at all-guides.com
all-guides.com
2 IP350 and IP380 Appliance Installation Guide
COPYRIGHT
©2003 Nokia Corporation. All rights reserved.
Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set
forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or
accompany the delivery of, this computer software, the rights of the United States Government
regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer
Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Corporation as is and any express or implied
warranties, including, but not limited to, implied warranties of merchantability and fitness for a
particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or
suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential
damages (including, but not limited to, procurement of substitute goods or services; loss of use,
data, or profits; or business interruption) however caused and on any theory of liability, whether in
contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use
of this software, even if advised of the possibility of such damage. Nokia reserves the right to
make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation.Other products mentioned in thisdocument
are trademarks or registered trademarks of their respective holders.
All manuals and user guides at all-guides.com
IP350 and IP380 Appliance Installation Guide 3
Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Nokia Customer Support
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or
1-650-625-2000
Fax 1-650-691-2170
Mail
Address Nokia Inc.
313 Fairchild Drive
Mountain View, California
94043-2215 USA
Americas Nokia Internet Communications
313 Fairchild Drive
Mountain View, CA 94043-2215
USA
Tel: 1-877-997-9199
Outside USA and Canada: +1 512-437-7089
email: ipsecurity.na@nokia.com
Europe,
Middle East,
and Africa
Nokia House, Summit Avenue
Southwood, Farnborough
Hampshire GU14 ONG UK
Tel: UK: +44 161 601 8908
Tel: France: +33 170 708 166
email: ipsecurity.emea@nokia.com
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark
Singapore 119968
Tel: +65 6588 3364
email: ipsecurity.apac@nokia.com
Web Site: https://support.nokia.com/
Email: tac.support@nokia.com
Americas Europe
Voice: 1-888-361-5030 or
1-613-271-6721 Voice: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
021216
All manuals and user guides at all-guides.com
4 IP350 and IP380 Appliance Installation Guide
All manuals and user guides at all-guides.com
IP350 and IP380 Appliance Installation Guide 5
Contents
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About the Nokia IP350 and IP380 IP Security Appliances. . . . . . . 17
Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Encryption Acceleration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Managing the IP350 and IP380 Appliance. . . . . . . . . . . . . . . . . . . 18
Appliance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Ethernet Management Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Built-in Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Built-in AUX Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Site Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2 Installing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Connecting Power and Turning the Power On. . . . . . . . . . . . . . . . 29
Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
All manuals and user guides at all-guides.com
6 IP350 and IP380 Appliance Installation Guide
3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . 33
Using a Console Connection to Perform the Initial Configuration . 34
Accessing Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . 36
Accessing Voyager Reference Information. . . . . . . . . . . . . . . . . 37
Using Voyager to Monitor an IP350 or 380 Appliance . . . . . . . . 38
Using Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4 Installing and Replacing Network Interface Cards . . . . . . . . . 39
Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 40
Removing, Installing, and Replacing NICs. . . . . . . . . . . . . . . . . . . 40
Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . 46
Monitoring Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . 47
5 Connecting PMC Network Interface Cards . . . . . . . . . . . . . . . . 49
Dual-Port 10/100 Ethernet Interface, PMC . . . . . . . . . . . . . . . . . . 49
Ethernet PMC NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . . . . 50
6 Installing and Replacing Other Components . . . . . . . . . . . . . . 53
Installing a PCMCIA Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Adding or Replacing DIMMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Installing an Encryption Accelerator Card . . . . . . . . . . . . . . . . . . . 66
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Installing the Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring Software to Use Hardware Acceleration . . . . . . . . . 71
7 Using the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Viewing the Variables and Other System Parameters . . . . . . . . 76
All manuals and user guides at all-guides.com
all-guides.com
IP350 and IP380 Appliance Installation Guide 7
Setting the Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Other commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Booting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Using the Boot Manager to Install IPSO. . . . . . . . . . . . . . . . . . . . . 82
Protecting the Boot Manager with a Password . . . . . . . . . . . . . . . 83
Installing the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Upgrading the Boot Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
General Troubleshooting Information. . . . . . . . . . . . . . . . . . . . . . . 87
Troubleshooting Routing Problems . . . . . . . . . . . . . . . . . . . . . . . . 97
A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
NIC Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Compliance Statements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
All manuals and user guides at all-guides.com
8 IP350 and IP380 Appliance Installation Guide
All manuals and user guides at all-guides.com
IP350 and IP380 Appliance Installation Guide 9
Figures
Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . 19
Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . 20
Figure 3 Ethernet Management Ports Details . . . . . . . . . . . . . . . 20
Figure 4 Pin Assignments for Console Connection . . . . . . . . . . . 22
Figure 5 Pin Assignments for Modem Connection . . . . . . . . . . . 23
Figure 6 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 7 Mounting Screws Location . . . . . . . . . . . . . . . . . . . . . . 28
Figure 8 Adjustable Mounting Brackets . . . . . . . . . . . . . . . . . . . . 28
Figure 9 Back Panel Power Switch . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 10 Voyager Reference Access Points . . . . . . . . . . . . . . . 37
Figure 11 Dual-Port Ethernet NIC Front Panel Details . . . . . . . . 50
Figure 12 Output Connector for the Ethernet Cable . . . . . . . . . . 51
Figure 13 Ethernet Crossover-Cable Pin Connections . . . . . . . . 52
Figure 14 Hard-Disk Drive Location . . . . . . . . . . . . . . . . . . . . . . 55
Figure 15 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . 60
All manuals and user guides at all-guides.com
10 IP350 and IP380 Appliance Installation Guide
All manuals and user guides at all-guides.com
IP350 and IP380 Appliance Installation Guide 11
About this Guide
This manual provides information for the installation and use of the Nokia
IP350 and IP380 appliance. Installation and maintenance should be performed
by experienced technicians or Nokia-approved service providers only.
This preface provides the following information:
In This Guide
Conventions This Guide Uses
Related Documentation
In This Guide
This guide is organized into the following chapters and appendixes:
Chapter 1, “Overview” presents a general overview of the IP350 and
IP380 appliances.
Chapter 2, “Installing the Appliance” explains how to rack-mount the
appliance and how to physically connect it to a network and power.
Chapter 3, “Performing the Initial Configuration” explains how to make
the appliance available on the network.
Chapter 4, “Installing and Replacing Network Interface Cards” explains
how to install, monitor, and replace network interface cards (NICs).
Chapter 5, “Connecting PMC Network Interface Cards” explains how to
connect to and use each of the supported NICs.
All manuals and user guides at all-guides.com
all-guides.com
12 IP350 and IP380 Appliance Installation Guide
Chapter 6, “Installing and Replacing Other Components” explains how to
install or replace PCMCIA modems, memory, the hard-disk drive, and an
encryption accelerator card (IP380 only).
Chapter 7, “Using the Boot Manager” explains how to use the boot
manager, which is part of the IPSO software.
Chapter 8, “Troubleshooting” discusses problems you might encounter
and proposes solutions to these problems.
Appendix A, “Technical Specifications” gives technical specifications
such as interface characteristics.
Appendix B, “Warranty and Software License” contains Nokia warranty
and software license information.
Appendix C, “General Public Licensed Software” provides information
about publicly licensed software that comes with the appliance.
Appendix B, “Compliance Information” includes compliance and
regulatory information.
Appendix E, “Glossary” provides a glossary of acronyms used in this
document.
Conventions This Guide Uses
The following sections describe the conventions this guide uses, including
notices, text conventions, and command-line conventions.
Notices
Warning
Warnings advise the user that bodily injury might occur because of a
physical hazard.
All manuals and user guides at all-guides.com
Conventions This Guide Uses
IP350 and IP380 Appliance Installation Guide 13
Caution
Cautions indicate potential equipment damage, equipment
malfunction, loss of performance, loss of data, or interruption of
service.
Note
Notes provide information of special interest or recommendations.
Command-Line Conventions
This section defines the elements of commands that are available in Nokia
Internet Communications products. You might encounter one or more of the
following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other
short word that invokes the product or calls the compiler or
preprocessor script for a compiled Nokia product. It might
appear alone or precede one or more options. You must
spell a command exactly as shown and use lowercase
letters.
Italics Indicates avariable in a command that you must supply. For
example:
delete interface if_name
Supply an interface name in place of the variable. For
example:
delete interface nic1
All manuals and user guides at all-guides.com
14 IP350 and IP380 Appliance Installation Guide
angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
Vertical bars, also
called a pipe (|) Separates alternative, mutually exclusive elements.
framing <sonet | sdh>
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
-flag A flag is usually an abbreviation for a function, menu, or
option name, or for a compiler or preprocessor argument.
You must enter a flag exactly as shown, including the
preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable
that represents a filename. Type this extension exactly as
shown, immediatelyafter the name of the file. The extension
might be optional in certain products.
Table 1 Command-Line Conventions (continued)
Convention Description
All manuals and user guides at all-guides.com
Conventions This Guide Uses
IP350 and IP380 Appliance Installation Guide 15
Text Conventions
Table 2 describes the text conventions this guide uses.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols
that you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must
enter as shown.
Table 1 Command-Line Conventions (continued)
Convention Description
Table 2 Text Conventions
Convention Description
monospace font
Indicates command syntax, or represents computer or
screen output, for example:
Log error 12453
bold monospace font Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a
plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than
sign (>):
Choose File > Open.
All manuals and user guides at all-guides.com
16 IP350 and IP380 Appliance Installation Guide
Related Documentation
The IP350 and IP380 documentation set consists of Release Notes for the
Nokia software release you are running, the IP350 and IP380 Appliance
Installation Guide (this document), a Voyager inline help feature, and the
Voyager Reference Guide (online).
You can find the IP350 and IP380 Appliance Installation Guide in PDF on the
World Wide Web support site (https://support.nokia.com/).
You can access inline help and the Voyager Reference Guide from Voyager.
To access inline help for a specific subject, click the Help button next to the
subject.
Access the Voyager Reference Guide for tasks, examples, and more
information by clicking the Doc button.
You can order Check Point documentation from Nokia or download it from
the Nokia support site at https://support.nokia.com/.
The words enter and type Enter indicates you type something and then press
the Return or Enter key.
Do not press the Return or Enter key when an
instruction says type.
Italics •Emphasizes a point or denotes new terms at the
place where they are defined in the text.
•Indicates an external book title reference.
•Indicates a variable in a command:
delete interface
if_name
Table 2 Text Conventions (continued)
Convention Description
All manuals and user guides at all-guides.com
all-guides.com
IP350 and IP380 Appliance Installation Guide 17
1Overview
This chapter provides an overview of the IP350 and IP380 appliances and the
requirements for using those appliances. The following topics are covered:
About the Nokia IP350 and IP380 IP Security Appliances
Managing the IP350 and IP380 Appliance
Site Requirements
Software Requirements
Managing the IP350 and IP380 Appliance
About the Nokia IP350 and IP380 IP Security
Appliances
The Nokia IP350 and IP380 IP security appliances combine the power of
Nokia IPSO software with your choice of firewall, VPN, and intrusion
detection security applications. Both platforms share the same one-rack unit
(1 RU) size and support the same selection of network interface cards.
Memory
The IP350 appliance supports from 256 MB to 512 MB of memory.
The IP380 appliance supports from 256 MB to 1 GB of memory and provides
approximately twice the throughput of the IP350.
All manuals and user guides at all-guides.com
1Overview
18 IP350 and IP380 Appliance Installation Guide
Encryption Acceleration
Both the IP350 and IP380 appliances provide built-in hardware-based
encryption acceleration. The IP380 appliance also supports an optional
encryption accelerator card to further enhance VPN performance.
This guide provides documentation for both the IP350 and IP380 appliances.
Most of the information for how to use these two appliances is the same.
Where differences exist, they are noted in the documentation.
The Nokia IP350 and IP380 appliances are ideally suited for growing
companies and satellite offices that want high-performance IP routing
combined with the industry-leading Check Point VPN-1/FireWall-1 enterprise
security suite. The small size of the IP350 and IP380 appliance makes them
ideal for installations that need to conserve space.
As network devices, the IP350 and IP380 appliances support a comprehensive
suite of IP-routing functions and protocols, including RIPv1/RIPv2, IGRP,
OSPF and BGP4 for unicast traffic, and DVMRP for multicast traffic. The
integrated router functionality eliminates the need for separate intranet and
access routers in security applications.
Managing the IP350 and IP380 Appliance
You can manage the IP350 and IP380 appliances by using one of the
following interfaces:
Nokia Network Voyager—an SSL-secured, Web-based element
management interface to Nokia IP security platforms. Voyager is
preinstalled on the IP350 and IP380 appliance and enabled through the
IPSO operating system. With Voyager, you can manage, monitor, and
configure the IP350 and IP380 appliance from any authorized location
within the network by using a standard Web browser.
For information about how to access Voyager and the related reference
materials, see “Accessing Nokia Network Voyager” on page 36.
The IPSO command-line interface (CLI)—an SSHv2-secured interface
that enables you to easily configure Nokia IP security platforms
All manuals and user guides at all-guides.com
Appliance Overview
IP350 and IP380 Appliance Installation Guide 19
from the command line. Everything that you can accomplish with
Voyager—manage, monitor, and configure the IP350 and IP380
appliance—you can also do with the CLI.
For information about how to access the CLI, see the Nokia CLI
Reference Guide for IPSO v3.6 or later.
Nokia Horizon Manager—a secure GUI-based software image
management application. With Horizon Manager, you can securely install
and upgrade the Nokia proprietary IPSO operating system, plus hardware
and third-party applications such as Check Point FireWall-1 and
RealSecure for Nokia. Horizon Manager can perform installations and
upgrades on up to 2,500 Nokia IP security platforms, offering
administrators the most rapid and dependable upgrade to Check Point NG.
For information about how to obtain Horizon Manager, see “Nokia
Contact Information” on page 3.
Appliance Overview
The following figures show component locations for the IP350 and IP380.
Figure 1 Component Locations Front View
00248a
Built-in Ethernet ports
(10/100 Mbps)
PMC interfaces
Status LEDs Modem (AUX) port
PCMCIA slotsReset switch Console port
All manuals and user guides at all-guides.com
1Overview
20 IP350 and IP380 Appliance Installation Guide
Figure 2 Component Locations Rear View
Ethernet Management Ports
The Ethernet management ports are located on the front of the appliance.
Figure 3 shows the layout of the Ethernet management ports and link LEDs.
Note
The Ethernet management ports are intended for management purposes.
These ports do not provide the same performance as Ethernet cards in
the PMC slots.
Figure 3 Ethernet Management Ports Details
Caution
Cables that connect to the Ethernet ports must be IEEE 802.3
compliant to prevent potential data loss.
00249
Power plugPower switch
00120
Activity LED (yellow)
Link LED (green)
RJ-45 connector
s
All manuals and user guides at all-guides.com
Other manuals for IPSO IP350
1
This manual suits for next models
1
Table of contents
Other Nokia Security System manuals
Nokia
Nokia IP561 User manual
Nokia
Nokia IP1220 - Security Appliance User manual
Nokia
Nokia IP1200 Series User manual
Nokia
Nokia IP300 Series User manual
Nokia
Nokia IP150 User manual
Nokia
Nokia EM5400 User manual
Nokia
Nokia IP560 - Hard Disk Drive Based User manual
Nokia
Nokia IP40 - Satellite Unlimited - Security... User manual
Nokia
Nokia IP200 Series User manual
Nokia
Nokia 6 User manual
