Nortel Alteon How to use
Part No. 217017-D
December 2005
4655 Great America Parkway
Santa Clara, CA 95054
*217017-D*
Release Notes for Alteon
Switched Firewall,
Release 4.0.4
2
217017-D
Copyright © 2005 Nortel Networks Limited. All rights reserved.
This document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this document may be reproduced in any form by any
means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is”
without warranty of any kind, either express or implied, including any kind of implied or express
warranty of non-infringement or the implied warranties of merchantability or fitness for a particular
purpose.
U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR
2.101 (Oct. 1995) and contains “commercial technical data” and “commercial software
documentation” as those terms are used in FAR 12.211-12.212 (Oct. 1995). Government End Users
are authorized to use this documentation only in accordance with those rights and restrictions set forth
herein, consistent with FAR 12.211- 12.212 (Oct. 1995), DFARS 227.7202 (JUN 1995) and DFARS
252.227-7015 (Nov. 1995).
Nortel Networks, Inc. reserves the right to change any products described herein at any time, and
without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of
products described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use
and purchase of this product does not convey a license under any patent rights, trademark rights, or
any other intellectual property rights of Nortel Networks, Inc.
Alteon, Alteon WebSystems, Alteon Switched Firewall, ASF 5308, ASF 5408, ASF 5610,
ASF 5710, ASF 5409, Firewall OS, Firewall Director, ASF 5008, ASF 5009, ASF 5010, ASF 5014,
Accelerator OS, Firewall Accelerator, ASF 5300, ASF 5400, ASF 5600, and ASF 5700 are
trademarks of Nortel Networks, Inc. in the United States and certain other countries.
Check Point, SecureXL, and SmartCenter, are trademarks of Check Point Software Technologies Ltd.
FireWall-1 and VPN-1 are registered trademarks of Check Point Software Technologies Ltd. Any
other trademarks appearing in this manual are owned by their respective companies.
Originated in the USA.
Export
This product, software and related technology is subject to U.S. export control and may be subject to
export or import regulations in other countries. Purchaser must strictly comply with all such laws and
regulations. A license to export or reexport may be required by the U.S. Department of Commerce.
Licensing
This product includes software developed by Check Point Software Technologies (http://
www.checkpoint.com). This product also contains software developed by other parties.
For more information, see the BayStack 5500 Switch 3.5.4 User’s Guide and Command Reference.
Common Criteria Certified Software
For more details, see the BayStack 5500 Switch 3.5.4 User’s Guide and Command Reference.
3
Release Notes for Alteon Switched Firewall, Release 4.0.4
Regulatory Compliance
International regulatory statements of conformity
This is to certify that the Nortel Networks 8000 Series chassis and components installed within the
chassis were evaluated to the international regulatory standards for electromagnetic compliance
(EMC) and safety and were found to have met the requirements for the following international
standards:
n EMC - Electromagnetic Emissions – CISPR 22, Class A
n EMC - Electromagnetic Immunity – CISPR 24
n Electrical Safety – IEC 60950, with CB member national deviations
Further, the equipment has been certified as compliant with the national standards as detailed below.
National electromagnetic compliance (EMC) statements of
compliance
FCC statement (USA only)
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the Federal Communications Commission (FCC) rules. These limits are
designed to provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This equipment generates, uses, and can radiate radio
frequency energy. If it is not installed and used in accordance with the instruction manual, it may
cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case users will be required to take whatever measures
may be necessary to correct the interference at their own expense.
ICES statement (Canada only)
Canadian Department of Communications Radio Interference Regulations
This digital apparatus does not exceed the Class A limits for radio-noise emissions from digital
apparatus as set out in the Radio Interference Regulations of the Canadian Department of
Communications.
Règlement sur le brouillage radioélectrique du ministère des
Communications
Cet appareil numérique respecte les limites de bruits radioélectriques visant les appareils numériques
de classe A prescrites dans le Règlement sur le brouillage radioélectrique du ministère des
Communications du Canada.
4
217017-D
CE marking statement (Europe only)
EN 55 022 statements
This is to certify that Nortel equipment is shielded against the generation of radio interference in
accordance with the application of Council Directive 89/336/EEC. Conformity is declared by the
application of EN 55 022 Class A (CISPR 22).
Warning: This is a Class A product. In a domestic environment, this product may cause radio
interference, in which case, the user may be required to take appropriate measures.
Achtung: Dieses ist ein Gerät der Funkstörgrenzwertklasse A. In Wohnbereichen können bei Betrieb
dieses Gerätes Rundfunkstörungen auftreten, in welchen Fällen der Benutzer für entsprechende
Gegenmaßnahmen verantwortlich ist.
Attention: Ceci est un produit de Classe A. Dans un environnement domestique, ce produit risque de
créer des interférences radioélectriques, il appartiendra alors à l’utilisateur de prendre les mesures
spécifiques appropriées.
EN 55 024 statement
This is to certify that the Nortel equipment is shielded against the susceptibility to radio interference
in accordance with the application of Council Directive 89/336/EEC. Conformity is declared by the
application of EN 55 024 (CISPR 24).
EC Declaration of Conformity
This product conforms to the provisions of the R&TTE Directive 1999/5/EC.
VCCI statement (Japan/Nippon only)
This is a Class A product based on the standard of the Voluntary Control Council for Interference
(VCCI) for information technology equipment. If this equipment is used in a domestic environment,
radio disturbance may arise. When such trouble occurs, the user may be required to take corrective
actions.
5
Release Notes for Alteon Switched Firewall, Release 4.0.4
BSMI statement (Taiwan only)
This is a Class A product based on the standard of the Bureau of Standards, Metrology and Inspection
(BSMI) CNS 13438, Class A.
MIC notice (Republic of Korea only)
This device has been approved for use in Business applications only per the Class A requirements of
the Republic of Korea Ministry of Information and Communications (MIC). This device may not be
sold for use in a non-business application. Reference Regulatory label on the base of the equipment
for specific Korean approval information.
National Safety Statements of Compliance
CE marking statement (Europe only)
EN 60 950 statement
This is to certify that Nortel equipment is in compliance with the requirements of EN 60 950 in
accordance with the Low Voltage Directive. Additional national differences for all European Union
countries have been evaluated for compliance. Some components installed within the 8000 Series
chassis may use a nickel-metal hydride (NiMH) and/or lithium-ion battery. The NiMH and
lithium-ion batteries are long-life batteries, and it is very possible that you will never need to replace
them. However, should you need to replace them, refer to the individual component manual for
directions on replacement and disposal of the battery.
Lithium Battery Cautions
Caution—This product contains a lithium battery. Batteries are not customer replaceable parts. They
may explode if mishandled. Do not dispose of the battery in fire. Do not disassemble or recharge.
(Norge) ADVARSEL—Litiumbatteri - Eksplosjonsfare. Ved utskifting benyttes kun batteri som
anbefalt av apparatfabrikanten. Brukt batteri returneres apparatleverandøren.
(Sverige) VARNING—Explosionsfara vid felaktigt batteribyte. Använd samma batterityp eller en
ekvivalent typ som rekommenderas av apparattillverkaren. Kassera använt batteri enligt fabrikantens
instruktion.
(Danmark) ADVARSEL! Litiumbatteri - Eksplosionsfare ved fejlagtig håndtering. Udskiftning må
kun ske med batteri af samme fabrikat og type. Levér det brugte batteri tilbage til leverandøren.
(Suomi)VAROITUS—Paristo voi räjähtää, jos se on virheellisesti asennettu. Vaihda paristo
ainoastaan laitevalmistajan suosittelemaan tyyppiin. Hävitä käytetty paristo valmistajan ohjeiden
mukaisesti.
6
217017-D
Safety Information
Caution—Nortel products are designed to work with single-phase power systems having a grounded
neutral conductor. To reduce the risk of electric shock, do not plug Nortel products into any other type
of power system. Contact your facilities manager or a qualified electrician if you are not sure what
type of power is supplied to your building.
Caution—Not all power cords have the same ratings. Household extension cords do not have
overload protection and are not meant for use with computer systems. Do not use household extension
cords with your Nortel product.
Caution—Your Nortel product is shipped with a grounding type (three-wire) power cord. To reduce
the risk of electric shock, always plug the cord into a grounded power outlet.
7
Release Notes for Alteon Switched Firewall, Release 4.0.4
NOM statement (Mexico only)
The following information is provided on the devices described in this document in compliance with
the safety requirements of the Norma Oficial Méxicana (NOM):
Exporter:Nortel Networks, Inc.
4655 Great America Parkway
Santa Clara CA 95054 USA
Importer:Nortel Networks de México, S.A. de C.V.
Avenida Insurgentes Sur #1605
Piso 30, Oficina
Col. San Jose Insurgentes
Deleg-Benito Juarez
México D.F. 03900
Tel:52 5 480 2100
Fax: 52 5 480 2199
Input:100 to 240 VAC, 50 to 60 Hz, 9 A max. per power supply
single supply, or + one redundant supply configurations
Información NOM (unicamente para México)
La información siguiente se proporciona en el dispositivo o en los dispositivos descritos en este
documento, en cumplimiento con los requisitos de la Norma Oficial Méxicana (NOM):
Exportador: Nortel Networks, Inc.
4655 Great America Parkway
Santa Clara, CA 95054 USA
Importador: Nortel Networks de México, S.A. de C.V.
Avenida Insurgentes Sur #1605
Piso 30, Oficina
Col. San Jose Insurgentes
Deleg-Benito Juarez
México D.F. 03900
Tel: 52 5 480 2100
Fax:52 5 480 2199
Embarcar a:100 to 240 V CA, 50 to 60 Hz, 9 A max. por fuente de poder
una fuente o una + configuraciones de una fuente redundante
8
217017-D
Revision History
Date Revised Version Reason for revision
December 2005 1.00 New document for Release 4.0.4.
9
Release Notes for Alteon Switched Firewall, Release 4.0.4
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Release 4.0.4 software support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Release 4.0.4 hardware support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
New features in Release 4.0.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Configuring the Gateway Cluster Object for R60 . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Getting help from the Nortel web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Getting help over the telephone from a Nortel Solutions Center . . . . . . . . . . . . . . 14
Using an Express Routing Code to get help from a specialist . . . . . . . . . . . . 14
Getting help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . 14
10
217017-D
11
Release Notes for Alteon Switched Firewall, Release 4.0.4
Introduction
These Release Notes provide the latest information about the Alteon
Switched Firewall (ASF), Release 4.0.4, and issues not included in the
documentation suite. For a list of documentation in the Alteon Switched
Firewall suite, consult “Related publications” on page 13.
Release 4.0.4 software support
Alteon Switched Firewall, Release 4.0.4, supports Check Point™
FireWall-1® NG with the following software:
• Application Intelligence NG R54 and Hotfix Accumulator 417
(HFA_417)
• Application Intelligence NG R55 and Hotfix Accumulator 16 (HFA_16)
• Application Intelligence NGX R60
Release 4.0.4 hardware support
Ta b le 1 lists the supported hardware platforms for Alteon Switched
Firewall, Release 4.0.4.
Table 1 Supported hardware
ASF platform Firewall Accelerator models Firewall Director models
6414 6400 5014
6614 6600 5014
12
217017-D
New features in Release 4.0.4
Configuring the Gateway Cluster Object for R60
To configure the Gateway Cluster Object for R60 SmartDashboard for
ASF, use the guidelines in Ta bl e 2 .
Table 2 ASF R60 SmartDashboard configuration guidelines
For a detailed description of the R60 SmartDashboard configuration, refer
to the Check Point User Guide.
Configuration Action
Create cluster object On the Gateway Cluster Properties page, in the Check Point products
list, do the following:
1. Deselect ClusterXL.
2. Deselect VPN, if applicable.
TIP: In the Check Point products list, VPN and ClusterXL are selected
by default .
Define gateway cluster On the Gateway Cluster Properties page, configure the 3rd Party
Configuration as follows:
1. Mandatory–Set Cluster Operation Mode to Load Sharing.
2. Mandatory–Define 3rd Party Solution as OPSEC.
3. Mandatory–Set support non-sticky connections to Yes.
4. Set Hide Cluster members’ outgoing traffic behind Cluster IP
Address to No.
5. Set Forward Cluster incoming traffic to Cluster member IP
Address to No.
Configure Check Point
synchronization interface
To configure the synchronization interface, use the Topology page.
TIP: In R54 and R55, Check Point synchronization is on the
Synchronization tab in the Gateway Cluster Properties page.
13
Release Notes for Alteon Switched Firewall, Release 4.0.4
Related publications
For more information about the Alteon Switched Firewall, refer to the
publications listed in Ta b l e 3 .
How to get help
This section explains how to get help for Nortel products and services.
Getting help from the Nortel web site
Technical support for Nortel products is available on the Nortel Technical
Support web site at www.nortel.com/support.
The Nortel Technical Support web site delivers quick access to software,
documentation, bulletins, and tools to provide technical support for Nortel
products.
You can use the Nortel Technical Support web site to do the following:
• download technical information, including the following items:
• software
• documentation
• product bulletins
• search the Technical Support web site and the Nortel Knowledge Base
for answers to technical questions
Table 3 Nortel Switched Firewall Release 4.0.4 Documentation
Document Type Document Title Part Number
Installation Guide Alteon Switched Firewall 4.0 Hardware
Installation Guide
217016-A
User Guide Alteon Switched Firewall 4.0
Browser-Based Interface Quick Access
Guide
217015-A
User Guide Alteon Switched Firewall 4.0 User’s Guide
and Command Reference
217014-A
14
217017-D
• sign up for automatic notification of new software and documentation
for Nortel equipment
• open and manage technical support cases
Getting help over the telephone from a Nortel Solutions
Center
If you do not find the information you require on the Nortel Technical
Support web site, you can get help over the telephone from a Nortel
Solutions Center. You must have a Nortel support contract to use the
Nortel Solutions Center.
To reach a Nortel Solutions Center, do one of the following;
• In North America, call 1–800–4NORTEL (1–800–466–7835).
• Outside North America, go to the following web site to obtain the
telephone number for your region: www.nortel.com/callus.
Using an Express Routing Code to get help from a specialist
You can find Express Routing Codes (ERC) for many Nortel products and
services on the Nortel Technical Support web site. ERCs allow you to
connect directly to service and support organizations based on specific
products or services.
To locate the ERC for your product or service, go to www.nortel.com/erc.
Getting help through a Nortel distributor or reseller
If you purchased a service contract for your Nortel product from a
distributor or authorized reseller, contact the technical support staff for that
distributor or reseller.
Table of contents
Other Nortel Firewall manuals
Popular Firewall manuals by other brands
Cisco
Cisco ASA 5506-X Configuration guide
Ruijie
Ruijie RG-WALL1600-M5100 Hardware installation and reference guide
PaloAlto Networks
PaloAlto Networks PA-220R quick start guide
Elastix
Elastix SIP Firewall Quick installation guide
D-Link
D-Link NetDefend DFL-260E datasheet
Cisco
Cisco ASA 5580 quick start guide
Stonesoft
Stonesoft StoneGate FW-5000 Series Appliance installation guide
ZyXEL Communications
ZyXEL Communications USG40 user guide
Fortinet
Fortinet FortiGate-200 quick start guide
Cisco
Cisco RV110W quick start guide
Draytek
Draytek Vigor2865 Series quick start guide
Fortinet
Fortinet FortiWiFi 60CM quick start guide