1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Software
  5. 5100 Series Release 2.3.3
  6. User manual

Nortel 5100 Series Release 2.3.3 User Manual

Browser-based interface switched firewall
Hide thumbs Also See for 5100 Series Release 2.3.3:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Nortel Switched Firewall 5100 Series
Release 2.3.3
Browser-Based Interface User's Guide
part number: 216383-D, October 2005
4655 Great America Parkway
Santa Clara, CA 95054
Phone 1-800-4Nortel
http://www.nortel.com

Advertisement

Table of Contents
loading

Related Manuals for Nortel 5100 Series Release 2.3.3

Summary of Contents for Nortel 5100 Series Release 2.3.3

  • Page 1 Nortel Switched Firewall 5100 Series Release 2.3.3 Browser-Based Interface User’s Guide part number: 216383-D, October 2005 4655 Great America Parkway Santa Clara, CA 95054 Phone 1-800-4Nortel http://www.nortel.com...
  • Page 2 FAR 12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc.

  • Page 3: Table Of Contents

    Contents Preface 7 Who should use this book 7 How this book is organized 7 Typographic conventions 8 How to get help 9 Getting help from the Nortel web site 9 Getting help over the telephone from a Nortel Solutions Center 9 Using an Express Routing Code to get help from a specialist 10 Getting help through a Nortel distributor or reseller 10 Chapter 1: Introduction 11...
  • Page 4 Context-sensitive Help 29 Task-based Help 30 Chapter 3: Browser-Based Interface forms reference 33 BBI main menu selections 33 System form 34 NSF 5100 Ticker form 34 Cluster forms 38 Director(s) form 38 Time forms 40 Logs forms 42 Warnings form 49...
  • Page 5 License Management form 91 Installed License(s) form 93 Synchronization form 94 SMART Clients form 95 SecurID form 96 Operation forms 97 Director(s) form 97 Configuration form 98 Image Update forms 99 Administration forms 102 Monitor forms 102 Users forms 110 Access List form 115 Telnet-SSH form 117 Web forms 118...
  • Page 6 Nortel Switched Firewall Browser-Based Interface Users Guide Contents 216383-D October 2005...

  • Page 7: Preface

    Preface This Quick Guide describes the Nortel Switched Firewall Browser-Based Interface (BBI). The components and features of the BBI can be used as an alternative to the Nortel Switched Firewall Command Line Interface (CLI) documented in the Nortel Switched Firewall 2.3.3 User’s Guide and Command Reference, (213455-L).

  • Page 8: Typographic Conventions

    Typographic conventions The following table describes the typographic styles used in this book. Table 1 Typographic conventions Typeface or Symbol AaBbCc123 AaBbCc123 AaBbCc123 <AaBbCc123> Italicized type within angle brackets appears <Key> Preface Meaning This fixed-width type is used for names of commands, files, and directories used within the text.

  • Page 9: How To Get Help

    How to get help This section explains how to get help for Nortel products and services. Getting help from the Nortel web site The best way to get technical support for Nortel products is from the Nortel Technical Support web site at: www.nortel.com/support.

  • Page 10: Using An Express Routing Code To Get Help From A Specialist

    Nortel Switched Firewall Browser-Based Interface Users Guide Using an Express Routing Code to get help from a specialist You can find Express Routing Codes (ERC) for many Nortel products and services on the Nortel Technical Support web site. ERCs allow you to connect directly to service and support organizations based on specific products or services.

  • Page 11: Chapter 1: Introduction

    HAPTER Introduction This chapter explains how to enable the Browser-Based Interface (BBI), set up your web browser, and launch the BBI to access the Nortel Switched Firewall (NSF) system- management features from your web browser. Characteristics of the BBI Following are the characteristics of the BBI: Intuitive interface structure.

  • Page 12: Getting Started

    Getting started Requirements Following are the requirements to enable the BBI: An installed Nortel Switched Firewall A Check Point policy to allow management station access for HTTP or HTTPS traffic A PC or workstation with network access to the Firewall host IP address A Frame-capable web browser software, such as the following: Netscape Navigator 4.6 or higher Internet Explorer 5.5 or higher...
  • Page 13 Enabling the BBI You can enable the BBI for HTTP, HTTP and HTTPS, or you can fully disable the BBI. TIP: The default setting for the BBI is enabled for HTTP access and disabled for HTTPS access. – HTTP is not a secure protocol. All data (including passwords) between an HTTP client and the Nortel Switched Firewall is not encrypted and is subject only to weak authentication.

  • Page 14: Setting Up The Web Browser

    Applying the changes. >> SSL configuration# apply Using the access list to permit remote access to trusted clients If you already configured the access list for Telnet or SSH, you need not repeat the process. Otherwise, to permit access to only trusted clients, see the Nortel Switched Firewall 2.3.3 User’s Guide and Command Reference, Part No.

  • Page 15: Using The Vrrp Virtual Ip Address To Access The Nsf Bbi

    c) MIP address d) virtual IP address (see The NSF login window opens. Log in (see Logging Allow the main page to load (see Using the VRRP virtual IP address to access the NSF BBI To use the VRRP virtual IP address for firewall access by web browser, enable management support for the VRRP interface.

  • Page 16: Loading The Main

    Nortel Switched Firewall Browser-Based Interface Users Guide Figure 1 NSF Login window Loading the main page When the valid account name and password combination is entered on the login window, the BBI default page appears in your browser viewing window (see Figure Figure 2 NSF BBI main page –...

  • Page 17: Chapter 2: Basics Of The Browser-Based Interface

    HAPTER Basics of the Browser-Based Interface Interface components The Nortel Switched Firewall (NSF) Browser-Based Interface (BBI) main page has eight component areas (see Figure 3 NSF BBI main page Warning display area Main page tabs NSF Configuration main menu Director status Current alarms 216383-D October 2005 Figure...
  • Page 18 Main page tabs The two main page tabs are Wizards and Config (see Wizards provides access to wizards that guide users through the processes of initial configuration, interface and bridge addition, Check Point Firewall configuration, routes and gateway configuration, DHCP Relay configuration, and OSPF configura- tion (see Add, or Configure, and follow the instructions on the page.
  • Page 19 Nortel Switched Firewall Browser-Based Interface Users Guide Wizards menu shows the selections available on the Wizards menu tree. Figure 5 Wizards menu Basics of the Browser-Based Interface 216383-D October 2005...
  • Page 20 Nortel Switched Firewall Browser-Based Interface Users Guide NSF Config main menu tree Each of the selections on the Config main menu tree represents a page, called a form, which provides a method to monitor or configure the NSF (see Figure 3 on page 17 Figure Figure 6 NSF Config main menu Each main menu category offers subcategories, providing a further level of control or...
  • Page 21 History list The History list displays the path to the current page. Up to nine of the most recently visited pages are listed, most recent first. TIP: Click a list item to go directly to that page. Forms display area The Forms display area contains fields that display information or allow you to specify information for configuring the system.

  • Page 22: Basic Operation

    Basic operation The Browser-Based Interface for the Nortel Switched Firewall provides a variety of levels of control. TIP: To access the full functionality of the BBI, you must log in as administrator (username admin). The BBI allows you to administer the NSF in the following manner (see Table 1 NSF administration NSF function Create a configuration...

  • Page 23: Creating A Configuration

    Pending changes are also discarded if you do not submit them before the inactivity timeout value on BBI sessions elapses. The BBI inactivity timeout value is five minutes and cannot be changed. Creating a configuration To create a configuration, do the following: 1) Select the appropriate menu item and subpage.

  • Page 24: Global Command Forms

    2) Click Submit. Global command forms Global command forms The global command buttons are always available at the top of each form. These buttons summon forms used to save, examine, or cancel configuration changes, log out, and to display Help information. Each global command form provides options to verify or cancel the command.
  • Page 25 When selected, this command updates the Nortel Switched Firewall with any pending configuration changes. Pending changes are first validated for correctness (see Validate Configuration on page and put into effect. If problems are found, applicable warning and error messages are displayed.

  • Page 26: Diff

    Diff The global Diff command displays the Pending Updates form. Pending Updates provides a list of the pending configuration changes for the current session (see Figure 9 Diff form The list displays a change record for each submitted update. Each record can consist of many modifications, depending upon the complexity of the form and changes submitted.

  • Page 27: Revert

    Revert The global Revert command displays the Revert Changes form. Use Revert to cancel pending configuration changes (see Figure 10 Revert form The global Revert form includes the following items: Revert button: Click Revert to cancel the pending configuration changes for the current session.

  • Page 28: Logout

    Logout Use the global Logout form to terminate the current user session (see Figure 11 Logout form The global Logout form includes the following items: Logout button: Click Logout to terminate the current user session. TIP: Any configuration changes made during this session that have not been applied are lost. This command has no effect on pending changes in other open CLI or BBI sessions.

  • Page 29: Help

    Help The global Help form provides assistance with forms and tasks in the BBI. Two kinds of Help are available: context-sensitive Help and task-based Help. Context-sensitive Help Context-sensitive Help displays detailed information about the currently displayed form in the BBI forms area. Click global Help to view a new window showing Help information appropriate to your current options (see Figure 12 Context-sensitive Help form Help topic...

  • Page 30: Task-Based Help

    Forms area: This area displays detailed information about the selected topic. Close button: Click Close to close the context-sensitive Help window. Task-based Help Task-based Help directs the administrator through the steps of various common procedures. To access task-based Help, click global Help and then click the Tasks bar. The task Help menu appears in a new window with information appropriate for the current BBI form (see 13): Figure 13 Task-based Help form...
  • Page 31 Load Page link: Click Load Page to display the form referenced on the task topic menu. If the subtask has more than one step, the steps are listed on the form. Click Click Close button: Click Close to close the task-based Help window. 216383-D October 2005 to display the information for the next subtask.
  • Page 32 Nortel Switched Firewall Browser-Based Interface Users Guide Basics of the Browser-Based Interface 216383-D October 2005...

  • Page 33: Chapter 3: Browser-Based Interface Forms Reference

    The following eight selections are available on the Nortel Switched Firewall (NSF) Browser- Based Interface (BBI) Config tab main menu: System form on page 34 NSF 5100 Ticker form on page 34 Cluster forms on page 38 Network forms on page 50...

  • Page 34: System Form

    Monitor System form. For more information about the System form, see components on page Figure 14 Monitor System form NSF 5100 Ticker form NSF 5100 Ticker provides a real-time view of the following Firewall status and statistic information: status of firewall directors and accelerators alarms, color coded for status...
  • Page 35 HTTPS Telnet SNMP Use the NSF 5100 Ticker launch form to launch the Ticker. TIP: The Ticker cannot launch if pop-up blockers are enabled (see NSF 5100 Ticker launch form). – Java 2 Runtime Environment SE plug-in, version 1.2.4-01 or higher, is required.
  • Page 36 The NSF 5100 Ticker report form displays three tabs (see NSF 5100 Ticker results form). Figure 16 NSF 5100 Ticker results form Tabs on the NSF 5100 Ticker results form are as follows: Cluster information Properties About The Cluster Information page displays the statistics and graphs for the Firewall (see NSF 5100 Ticker results form).
  • Page 37 Nortel Switched Firewall Browser-Based Interface Users Guide The Properties page displays properties for NSF 5100 Ticker parameters (see NSF 5100 Ticker/Properties form). Figure 17 NSF 5100 Ticker/Properties form The About page displays the NSF version and license information (see NSF 5100 Ticker/About form).

  • Page 38: Cluster Forms

    Cluster forms The Cluster menu includes the following categories of forms: Director(s) form Time forms Current Time (see NTP servers (see Logs Syslog (see ELA (see Archive (see Warnings (see Director(s) form Use the Cluster/Director(s) form to view and change the Firewall Director Settings (see Cluster/Director(s) form).
  • Page 39 The Cluster/Director(s) form is divided into the following two sections: Management IP Address General Settings Fields and buttons on the Cluster/Director(s) form are as follows: Management IP Address MIP is the Management IP for the host. MIP address identifies the cluster and must be unique on the network.

  • Page 40: Time Forms

    Time forms The two Cluster/Time forms are as follows: Cluster/Time/Current Time (see Cluster/Time/NTP Servers (see Cluster/Time/Current Time form Use the Cluster/Time/Current Time form to set the date and time for the cluster (see Cluster/Time/Current Time form). Figure 20 Cluster/Time/Current Time form The Cluster/Time/Current Time form is divided into the following two sections: Date Timezone...
  • Page 41 Hour provides a list to select the current hour. Minute provides a list to select the current minute. Click Save to submit the date and time changes and to put the changes into immediate effect. Note that changes to the date and time zone are unlike most changes; they are not considered pending after submission.

  • Page 42: Logs Forms

    Fields and buttons on the Cluster/Time/NTP Servers form are as follows: IP Address displays the IP address of an NTP server. Action—if an NTP server is present, a Delete button appears. Click Delete to delete the server. New NTP IP provides a field to configure a new NTP server. TIP: Use dotted decimal notation.
  • Page 43 Fields and buttons on the Cluster/Logs/Syslog form are as follows: System Log Debug Messages displays a list with two choices. Disabled disables transmission of debug messages to the local system log. Enabled enables transmission of debug messages to the local system log. Source IP Mode displays a list with three choices.
  • Page 44 crit warning notice info debug New Server Facility provides a list with the following local facility numbers used to uniquely identify syslog entries: auto local0 local1 local2 local3 local4 local5 local6 local7 Click Update to submit the Remote Syslog Server changes to the pending configuration. Browser-Based Interface forms reference 216383-D October 2005...
  • Page 45 Cluster/Logs/ELA form Use the Cluster/Logs/ELA form to configure Event Logging API (ELA) (see Cluster/Logs/ELA form). ELA allows Firewall log messages to be sent to a Check Point SmartCenter Server for display through the Check Point SmartView Tracker. Figure 23 Cluster/Logs/ELA form –...
  • Page 46 Management Station IP provides an entry field to specify the IP address of the Check Point SmartCenter Server where the Firewall log messages are sent. Minimum Severity provides a list that specifies the severity of messages logged and sent to the ELA service. emerg alert crit...
  • Page 47 Cluster/Logs/Archive form Use the Cluster/Logs/Archive form to specify system log rotation and system log archiving parameters (see Cluster/Logs/Archive form). Figure 24 Cluster/Logs/Archive form Fields and buttons on the Cluster/Logs/Archive form are as follows: Email specifies an e-mail address for the administrator receiving the log. SMTP Server IP specifies the IP address of the SMTP server in dotted decimal notation.
  • Page 48 If the log file rotate size is set to >0, log rotation occurs when one of the following conditions is met: The log file surpasses the rotate size. The log file rotation interval is reached. Rotated log files are managed in one of the following ways when rotation occurs: The rotated log file is set aside.

  • Page 49: Warnings Form

    Warnings form Use the Cluster/Warnings form to enable or disable configuration warning messages (see Cluster/Warnings form). Figure 25 Cluster/Warnings form Fields and buttons on the Cluster/Warnings form are as follows: Warnings displays a list with two selections. Disabled disables the display of warning messages about the state of pending configuration changes when the global Apply command is issued.

  • Page 50: Network Forms

    Network forms The Network menu includes the following categories of forms: DNS (see Network/DNS form on page Ports (see Network/Ports form on page Routes Static (see Proxy ARP (see Gateway (see OSPF General (see Area Indexes (see Interfaces (see GRE Tunnels (see Redistribute (see DHCP Relay General (see...

  • Page 51: Dns Form

    – The NSF provides administrators with the option to configure Layer 2 and Layer 3 firewalls. The Layer 2 and Layer 3 firewall configuration procedures differ only in the configuration of the IP addresses. A Layer 3 firewall requires valid IP addresses for address 1 and address 2.

  • Page 52: Ports Form

    Ports form Use the Network/Ports form to configure network port settings (see Network/Ports form). Figure 27 Network/Ports form Fields and buttons on the Network/Ports form are as follows: Port# specifies the port number on the Firewall. Name provides the name of the port. Autonegotiation provides two choices: Yes indicates that autonegotiation is enabled.
  • Page 53 Network/Ports Modify Port form Use the Network/Ports Modify Port form to modify the settings for a selected port. Figure 28 Network/Ports Modify Port form The following fields can be modified on the Network/Ports Modify Port form: Identifier provides an entry field for a port number. TIP: Select a number between 1 and 6.

  • Page 54: Routes Forms

    Mode provides for following two selections: Half (duplex) Full (duplex) Update submits the port changes to the pending configuration. Back returns to the Network/Ports form without submitting changes to the pending configuration. Routes forms Following are the four main categories of forms in the Network/Routes menu: Static (see Proxy ARP (see Gateway (see...
  • Page 55 Fields and buttons on the Network/Routes/Static form are as follows: Destination IP specifies the IP address of the route destination. TIP: Use dotted decimal notation. Destination Mask specifies the subnet mask for the route destination. TIP: Use dotted decimal notation. Gateway IP specifies the IP address of the gateway.
  • Page 56 Back returns to the Network/Routes/Static form without submitting changes to the pending configuration. Network/Routes/Static Add Route form Use the Network/Routes/Static Add Route form to add a new static route to the configuration. Figure 31 Network/Routes/Static Add Route form Fields and buttons on the Network/Routes/Static Add Route form are as follows: Destination IP specifies the IP address of the route destination.
  • Page 57 Network/Routes/Proxy ARP form Use the Network/Routes/Proxy ARP (Address Resolution Protocol) form to view and configure the Proxy ARP status and addresses that allow the Firewall to respond to Proxy ARP requests (see Network/Routes/Proxy ARP form). Figure 32 Network/Routes/Proxy ARP form The Network/Routes/Proxy ARP form is divided into the following two sections: General Proxy ARP Addresses...
  • Page 58 New Proxy ARP IP provides an entry field to specify an IP address. TIP: Use dotted decimal format. VRRP Group provides a list for VRRP group 1 or 2 selection. Update submits the IP address changes to the pending configuration. Network/Routes/Gateway form Use the Network/Routes/Gateway form to specify the default gateway for the Firewall (see Network/Routes/Gateway form).

  • Page 59: Network/Routes/Ospf Forms

    Network/Routes/OSPF forms Following are the categories of Network/Routes/OSPF forms: General (see Area Indexes (see Interfaces (see GRE Tunnels (see Redistribute (see Network/Routes/OSPF/General form Use the Network/Routes/OSPF/General form to view and change the dynamic routing settings for OSPF (see Network/Routes/OSPF/General form). Figure 34 Network/Routes/OSPF/General form Fields and buttons on the Network/Route/OSPF/General form are as follows: Status displays a list with the following selections:...
  • Page 60 Router Id 1 provides an entry field to set the OSPF Router ID for the first Firewall host. TIP: OSPF uses the router ID to identify the routing device. If no router ID is specified, or if the router ID is set to 0.0.0.0, the Firewall host is automatically selected as the router ID. Router Id 2 provides an entry field to set the OSPF Router ID for the second Firewall host.
  • Page 61 Network/Routes/OSPF/Area Indexes Add New form Use the Network/Routes/OSPF/Area Indexes Add New form to configure a new Area Index. Figure 36 Network/Routes/OSPF/Area Indexes Add Area Index form Fields and buttons on the Network/Routes/OSPF/Area Indexes Add Area Index form are as follows: Identifier provides a list with a numbers in a range from 1 to 16.
  • Page 62 Network/Routes/OSPF/Interfaces form Use the Network/Routes/OSPF/Interfaces form to display and change the OSPF Interfaces settings that are required to attach an IP network to an OSPF area (see Network/Routes/OSPF/Interfaces form). Figure 37 Network/Routes/OSPF/Interfaces form Fields and buttons on the Network/Routes/OSPF/Interfaces form are as follows: Id provides a numerical ID, between 1 and 255, for the interface.
  • Page 63 Network/Routes/OSPF/Interfaces Modify form Use the Network/Routes/OSPF/Interfaces Modify form to modify a selected interface. Figure 38 Network/Routes/OSPF/Interfaces Modify form Fields and buttons on the Network/Routes/OSPF/Interfaces Modify form are as follows: Identifier sets the numerical ID for the interface between 1 and 255. Status provides a list with the following two options: enabled enables the interface operational status.
  • Page 64 Authentication provides a list to set the authentication type for the interface, with the following selections: None Password Key provides an entry field to set the password used for OSPF authentication when the authentication options is set to password. MD5 Auth Key provides an entry field to set the password used for OSPF authentication when the authentication options is set to MD5.
  • Page 65 Area Index sets the OSPF area index to attach to the network for the current GRE Tunnel. Action provides the following two options: Delete deletes a selected GRE tunnel. Modify provides a form to modify a selected GRE tunnel (see Network/Routes/OSPF/GRE Tunnels Modify form).
  • Page 66 Nortel Switched Firewall Browser-Based Interface Users Guide Priority provides a list to set the GRE Tunnel priority used to elect a Designated Router (DR) and Backup Designated Router (BDR) for the area. TIP: A value of 0 specifies that the elected GRE Tunnel is DROTHER and cannot be used as a DR or BDR. Cost1 provides an entry field to set the cost of output routes for the first Firewall host.
  • Page 67 Network/Routes/OSPF/Redistribute form Use the Network/Routes/OSPF/Redistribute form to display and modify the OSPF Redistribution settings (see Network/Routes/OSPF/Redistribute form). Figure 41 Network/Routes/OSPF/Redistribute form Fields and buttons on the Network/Routes OSPF/Redistribute form are as follows: OSPF Redistribution displays the following three settings: Connected Static Default Gateway Enabled...
  • Page 68 Network/Routes/OSPF/Redistribute Modify form Use the Network/Routes/OSPF/Redistribute Modify form to modify the connected route redistribution. Figure 42 Network/Routes/OSPF/Redistribute Modify form Fields and buttons on the Network/Routes/OSPF/Redistribute Modify form are as follows: Status provides a list with two selections: enabled enables the connected route redistribution disabled disables the connected route redistribution Metric provides an entry field for the metric used by all redistributed connected routes.

  • Page 69: Dhcp Relay Forms

    DHCP Relay forms The three DHCP Relay forms are: General Interfaces Servers Network/DHCP Relay/General form Use the Network/DHCP Relay/General form to display DHCP Relay settings and statistics (see Network/DHCP Relay/General form). Figure 43 Network/DHCP Relay/General form The Network/DHCP Relay/General form is presented in the following two sections: DHCP Relay Settings DHCP Relay Statistics Fields and buttons on the form are as follows:...
  • Page 70 DHCP Relay Statistics DHCP Relay Statistics provides a list containing the following two selections: Show DHCP Relay statistics Clear DHCP Relay statistics Submit submits changes to the pending configuration. Network/DHCP Relay/Interfaces form Use the Network/DHCP Relay/Interfaces form to configure the DHCP relay requests into the network (see Network/DHCP Relay/Interfaces form).
  • Page 71 Network/DHCP Relay/Interfaces Modify form Use the Network/DHCP Relay/Interfaces Modify form to modify a selected DHCP Relay Interface. Figure 45 Network/DHCP Relay/Interfaces Modify form Fields and buttons on the Network/DHCP Relay/Interfaces Modify form are as follows: Identifier is the interface identifier. IP Address is the interface IP address.
  • Page 72 Network/DHCP Relay/Servers form Use the Network/DHCP Relay/Servers form to display and modify the information about the DHCP Relay Servers (see Network/DHCP Relay/Servers form). Figure 46 Network/DHCP Relay/Servers form Fields and buttons on the Network/DHCP Relay/Servers form, when DHCP servers are configured, are as follows: Id provides the internal ID of the DHCP server.
  • Page 73 Network/DHCP Relay/Servers Add New Server form Use the Network/DHCP Relay/Servers Add New Server form to add a new DHCP server. Figure 47 Network/DHCP Relay/Servers Add New Server form Fields and buttons on the Network/DHCP Relay/Servers Add New Server form are as follows: Identifier provides a numerical list with a range from 1 to 8 to specify the internal ID of the DHCP server.

  • Page 74: Interfaces Form

    Interfaces form Use the Network/Interfaces form to view and configure the settings for individual interfaces (see Network/Interfaces form). Figure 48 Network/Interfaces form The Firewall can be configured with up to 255 IP interfaces, each representing the Firewall on the IP subnet. Fields and buttons on the Network/Interfaces form are as follows: Id specifies the numerical ID, between 1 and 255, for the interface and can be used to specify the interface when configuring a new route.
  • Page 75 Modify (only visible if interfaces are present) is used to modify a displayed interface (see Network/Interfaces Modify form on page Delete (only visible if interfaces are present) is used to delete an interface from the system. Add New Interface adds a new interface to the configuration (see New Interface form on page Network/Interfaces Modify form Use the Network/Interfaces Modify form to modify interfaces.
  • Page 76 Subnet Mask provides an entry field to specify the subnet mask of the interface. Vlan Id provides a list to select the numerical ID, between 0 and 4094, for the VLAN. Port provides a list to select a port number, between 1 and 6 for the 5109 and 5111- NE1 hardware platforms, or 1 and 4 for other hardware platforms, to associate with the interface ID number.
  • Page 77 Network/Interfaces Add Interface form Use the Network/Interfaces Add Interface form to add a new interface. Figure 50 Network/Interfaces Add New Interface form Fields and buttons on the Network/Interfaces Add New Interface form are as follows: General Settings Identifier provides a list to select a numerical ID, between 1 and 255, for the interface. Status provides a list to enable or disable the interface operation.

  • Page 78: Bridges Form

    Ip2 provides an entry field to specify the second virtual IP address for the interface (applied for VRRP Active-Active). Vrid provides a list to select a numerical ID, between 1 and 255, for the virtual router. Update submits the changes to the pending configuration. Back returns to the Network/Interfaces form without submitting changes to the pending configuration.
  • Page 79 VRRP specifies the virtual router ID and IP address of the IP interface configured for high availability or active–active. Actions provides the following two options: Delete deletes the selected bridge. Modify provides a form to modify the selected bridge. Add New Bridge (see Network/Bridges Add New Bridge form Use the Network/Bridges Add New Bridge form to add a new bridge to the configuration.

  • Page 80: Vrrp Form

    Ports specifies the port number associated with the bridge ID. VRRP Settings Vrid provides a list to select the numerical ID, between 1 and 255, for the virtual router on the bridge. Ip1 provides an entry field to specify virtual IP address #1 for the interface. Ip2 provides an entry field to specify virtual IP address #2 for the interface (applied for VRRP Active-Active).
  • Page 81 Enabled indicates that high availability VRRP is enabled. TIP: Two Firewall hosts must be in the cluster to apply high availability VRRP. High availability VRRP cannot be enabled when active-active VRRP or ClusterXL is enabled. Active-Active provides a list with the following two selections: Disabled indicates that active-active VRRP is disabled.

  • Page 82: Gre Tunnels Form

    GRE Tunnels form Use the Network/GRE Tunnels form to view and modify GRE Tunnels settings (see Network/GRE Tunnels form). Figure 54 Network/GRE Tunnels form Fields and buttons on the Network/GRE Tunnels form are as follows: Id specifies the numerical ID for the GRE tunnel in a range between 1 and 5. Name specifies the name given to the GRE tunnel.
  • Page 83 Actions provides the following two options: Delete deletes the selected GRE tunnel. Modify provides a form to modify the settings for the selected GRE tunnel. Add New GRE Tunnel (see Network/GRE Tunnels Add New GRE Tunnel form). Network/GRE Tunnels Add new GRE Tunnel form Use the Network/GRE Tunnels Add New GRE Tunnel form to add a new GRE tunnel to the configuration.
  • Page 84 Host 1 Tunnel Source IP provides an entry field for the tunnel source IP address for host 1. Destination IP provides an entry field for the tunnel destination IP address for host 1. Mask provides an entry field for the tunnel subnet mask. Host 2 Tunnel Source IP provides an entry field for the tunnel source IP address for host 2.

  • Page 85: Status Forms

    Status forms Following are four Network/Status forms: Interface (see Link (see Network/Status/Link form on page Bridge Statistics (see Bridge Mac Entries (see Network/Status/Interface form The Network/Status/Interface form provides runtime information for all Ethernet ports on the Firewall. Information includes errors, dropped packets, overruns, and frames for all transmitted and received packets, in addition to number of carriers and overruns for all transmitted (TX) packets (see Network/Status/Interface form).
  • Page 86 Network/Status/Link form Use the Network/Status/Link form to obtain information about all network interface ports (see Network/Status/Link form). Figure 57 Network/Status/Link form Fields and buttons on the Network/Status/Link form are as follows: Firewall Director provides a list of all hosts on the system. You can select ALL or individual hosts.
  • Page 87 Network/Status/Bridge Statistics form Use the Network/Status/Bridge Statistics form to view the bridge statistics for the selected firewall (see Network/Status/Bridge Statistics form). Figure 58 Network/Status/Bridge Statistics form Fields and buttons on the Network/Status/Bridge Statistics form are as follows: Firewall Director provides a list of hosts in the system. Refresh provides the statistics for the selected host.
  • Page 88 Network/Status/Bridge Mac Entries form Use the Network/Status/Bridge Mac Entries form to display the bridge MAC entries for the selected Firewall Director (see Network/Status/Bridge Mac Entries form). Figure 59 Network/Status/Bridge Mac Entries form Fields and buttons on the Network/Status/Bridge Mac Entries form are as follows: Firewall Director provides a list to select the Firewall Director for bridge MAC entry display.

  • Page 89: Firewall Forms

    Firewall forms The Firewall menu includes the following five categories of forms: Settings (see License Management (see Installed Licenses (see Synchronization (see SMART Clients (see SecurID (see Settings form Use the Firewall/Settings form to change the Firewall status and reset Secure Internal Communications (see Firewall/Settings form).
  • Page 90 Fields and buttons on the form are as follows: General Status provides a list with these selections: Enabled indicates that Check Point FireWall-1 NGX is processing on the Firewall. Disabled indicates that Check Point FireWall-1 NGX is not processing on the Firewall.

  • Page 91: License Management Form

    License Management form Use the Firewall/Licenses form to modify or install additional Check Point licenses on the Firewall (see Firewall/License Management form). Figure 61 Firewall/License Management form Fields and buttons on the Firewall/License Management form are as follows: IP Address is the address for the Firewall. In Use Yes indicates that the IP address is currently assigned to a Firewall.
  • Page 92 Firewall/License Management/Add New License Entry form Use the Firewall/License Management/Add New License Entry form to add Check Point licenses. Figure 62 Firewall/License Management/Add New License Entry form The Firewall/License Management/Add New License Entry form is divided into three sections: General Settings Current Licenses Add New License Fields and buttons on the form are as follows:...

  • Page 93: Installed License(S) Form

    Add New Licenses Expiration Date provides an entry field to specify the Check Point License expiration date. Feature String provides an entry field to specify the Check point License feature string. License String provides an entry field to specify the Check Point License string. Save Page submits the changes to the pending configuration.

  • Page 94: Synchronization Form

    Features provides the Check Point license features. Synchronization form Use the Firewall/Synchronization form to display the cluster synchronization status and enable or disable cluster synchronization (see Firewall/Synchronization form). Figure 64 Firewall/Synchronization form – Firewall synchronization provides for stateful failover of open sessions when a master is backed up by the backup master.

  • Page 95: Smart Clients Form

    SMART Clients form The Firewall/SMART Clients form displays, and allows modification to, SMART Clients addresses. This form also provides a field to add a new SMART Client (see Firewall/SMART Clients form). Figure 65 Firewall/SMART Clients form Fields and buttons on the Firewall/SMART Clients form are as follows: IP Address provides the IP Address of any configured SMART Clients.

  • Page 96: Securid Form

    The SecurID form provides access to a two-factor form method for centralized authentication and management (see Firewall/SecurID form). For more information about SecurID, see the Nortel Switched Firewall 5100 Series User’s Guide and Command Reference (213455-L). Figure 66 Firewall/SecurID form The SecurID form is divided into two sections.

  • Page 97: Operation Forms

    Operation forms The Operation menu includes the following three categories of forms: Director(s) (see Configuration (see Image Update (see Director(s) form Use the Operation/Director(s) form to control the Firewall (see Operation/Director(s) form). Figure 67 Operation/Director(s) form Fields and buttons on the Operation/Director(s) form are as follows: ID specifies the ID of any configured Firewall.

  • Page 98: Configuration Form

    Configuration form Use the Operation/Configuration form to export or import configuration files (see Operation/Configuration form). Figure 68 Operation/Configuration form The Operation/Configuration form is divided into two sections: Export Cluster Configuration Import Cluster Configuration Fields and buttons on the form are: Export Cluster Configuration Secret key provides a case-sensitive entry field to create a secret key used to encrypt the settings.

  • Page 99: Image Update Forms

    Import causes the BBI to restart immediately, using the replacement configuration. TIP: No Apply command is required in conjunction with Import. – I ARNING MPORT CAUSES REPLACEMENT OF THE CURRENT CONFIGURATION PREVIOUS CONFIGURATION SETTINGS PENDING AT THE TIME OF THE IMPORT ARE LOST TO RECOVER THE PREVIOUS CONFIGURATION Image Update forms Operation/Image Update provides two forms:...
  • Page 100 Fields and buttons on the Operation/Image Update/Packages form are as follows: Installed Packages Version provides the NSF software version running on the cluster. Name provides the name of the software package. Status indicates software package status as follows: permanent—the version that is currently running old—the previous version is displayed if at least one version has been uploaded and activated unpacked—a version downloaded, but not activated TIP: The code must be...
  • Page 101 – Activating the software using the browser disables remote access to the Firewall. Use the local console to re-enter the Check Point License and reload the remote access policy to restore remote, or browser, access. Operation/Image Update/Patches form Use the Operation/Image Update/Patches form to obtain information about existing patches and to install or uninstall patches (see Operation/Image Update/Patches form).

  • Page 102: Administration Forms

    Administration forms The Administration forms provide access to administering and monitoring aspects of the Firewall, such as user information, web settings, and SNMP activity. The Administration forms menu includes the following categories of forms: Monitor (see Users (see Access List (see Telnet-SSH (see Web (see Web forms on page...
  • Page 103 Administration/Monitor/Director(s) form The Administration/Monitor/Director(s) form displays Firewall director details and application status (see Administration/Monitor/Director(s) form). Figure 71 Administration/Monitor/Director(s) form Fields and buttons on the Administration/Monitor/Director(s) form are as follows: List of iSDs provides a list containing individual iSD selections or ALL. Refresh updates the display with the details for the selection from the list of iSDs.
  • Page 104 Uptime provides the time, in Hours:Minutes:Seconds, since the applications started. To help determine which physical host is using a particular IP Address, click Beep Firewall Director to cause multiple beeps to be emitted at the host. Administration/Monitor/Alarms form The Administration/Monitor/Alarms form provides information about alarm status (see Administration/Monitor/Alarms form).
  • Page 105 Administration/Monitor/Syslog form The Administration/Monitor/Syslog form displays the system logs for the Firewall based on selected search criteria (see Administration/Monitor/Syslog form). Figure 73 Administration/Monitor/Syslog form The Administration/Monitor/Syslog form is divided into the following two sections: Log Details Syslog Details Fields and buttons on the form are as follows: Log Details Log ID provides a list containing names of existing log IDs.
  • Page 106 All info messages (INFO) All notice messages (NOTICE) All warning messages (WARNING) Messages Per Page provides the maximum number of messages displayed for each request. Case Sensitive provides a check box to select or deselect case sensitivity in the search. Search executes the log search using the defined parameters.
  • Page 107 Administration/Monitor/GUI Lock form The Administration/Monitor/GUI Lock form allows an administrator to take control of the GUI lock and provide an alert message to other users (see Administration/Monitor/GUI Lock form). Taking control of the GUI lock prevents firewall configuration conflicts between concurrent user sessions.
  • Page 108 Administration/Monitor/CLI Logins form The Administration/Monitor/CLI Logins form provides information about CLI Login sessions on the Firewall (see Administration/Monitor/CLI Logins form). Figure 76 Administration/Monitor/CLI Logins form Fields and buttons on the Administration/Monitor/CLI Logins form are as follows: Logged In On specifies the time the user logged in to the CLI. From specifies the IP address of the remote user.
  • Page 109 Administration/Monitor/About form The Administration/Monitor/About form displays general product information about the Firewall (see Administration/Monitor/About form). Figure 77 Administration/Monitor/About form Fields and buttons on the Administration/Monitor/About form are as follows: Product provides the model number of the cluster that is connected to the BBI. Version provides the software version running on the cluster.

  • Page 110: Users Forms

    Users forms Administration/Users provides the following two categories of forms: General (see Administration/Users/General form) SSH Users (see Administration/Users/General form Use the Administration/Users/General form to add, modify, delete, or list Firewall user accounts, and change passwords (see Administration/Users/General form). Figure 78 Administration/Users/General form The Administration/Users/General form is divided into the following two sections: Administration Users Password Expire Time...
  • Page 111 Group(s) displays the group to which the user belongs. Actions provides a Modify button used to modify passwords for the default user names or modify information for user names other than the defaults (see Administration/Users/General Modify User Add New User provides access to the Add New User form used to add a new user name to a specified group and set the password (see Add New User form on page Password Expire Time...
  • Page 112 Current Login Password provides an entry field to record the current active password for the named user (for example, oper user or admin user). Password provides an entry field to record the new password. Password (again) provides an entry field to confirm the new password. Click Change Password to submit the new password to the pending configuration.
  • Page 113 Password (again) provides an entry field to confirm the new password. Save User saves the user information and returns to the Administration/users/General form. TIP: Save User applies the change. Do not use the Apply command. Back returns to the Administration/Users/General form with saving the user information. Administration/Users/SSH form Use the Administration/Users/SSH Users form to obtain and modify information about SSH users and to add new SSH Users (see Administration/Users/SSH Users form).
  • Page 114 Administration/Users/SSH Users Add New SSH User form Use the Administration/Users/SSH Users Add New SSH User form to add a new SSH user to the configuration. Figure 82 Administration/Users/SSH Users Add New SSH User form Fields and buttons on the Administration/Users/SSH Users Add New SSH User form are as follows: Status provides a list with the following two selections: Enabled enables the SSH user.

  • Page 115: Access List Form

    Access List form Use the Administration Access List form to specify which clients are permitted to administer the system (see Administration/Access List form). Web access must also be specified (see Administration/Web/General form on page Figure 83 Administration/Access List form Fields and buttons on the Administration/Access List form are as follows: Network Address provides the IP address of the client.
  • Page 116 Administration/Access List Add New Client Access form Use the Administration/Access List Add New Client Access form to add a new client access to the configuration. Figure 84 Administration/Access List Add New Client Access form Fields and buttons on the Administration/Access List Add New Client Access form are as follows: Client Network Address provides an entry field to record the new client address.

  • Page 117: Telnet-Ssh Form

    Telnet-SSH form Use the Administration/Telnet-SSH form to enable or disable Telnet/SSH administration (see Administration/Telnet-SSH form). Figure 85 Administration/Telnet-SSH form The Administration/Telnet-SSH form is divided into the following two sections: Telnet/SSH Settings SSH Key Generation Fields and buttons on the form are as follows: Telnet/SSH Settings Telnet enables or disables administration through Telnet.

  • Page 118: Web Forms

    Web forms The Administration/Web forms provide the following: Web (HTTP) administration Creation and administration of self-signed server certificates that allow the BBI to run under SSL Administration of server certificates on the host Administration of Certificate Authority (CA) certificates The four main categories of Administration/Web forms are: General (see Administration/Web/General form) Create Cert (see Server Certs (see...
  • Page 119 The Administration/Web/General form is divided into the following two sections for web settings: HTTP Settings HTTP/SSL Settings Fields and buttons on the form are as follows: HTTP Settings Port provides an entry field to specify the port number for non-secure HTTP access to the BBI.
  • Page 120 Administration/Web/Create Cert form The Administration/Web/Create Cert form provides a quick method to create a self-signed certificate that allows the BBI to run under SSL (see Administration/Web/Create Cert form). TIP: When the BBI is launched with HTTPS using this method, users can expect warnings from the web browser that the Certificate Authority (CA) root certificate is not trusted.
  • Page 121 Administration/Web/Server Certs form Use the Administration/Web/Server Certs form to administer server certificates on the Firewall (see Administration/Web/Server Certs form). Figure 88 Administration/Web/Server Certs form The Administration/Web/Server Certs form is divided into the following two sections: Server Certificates Server Certificate Management Fields and buttons on the form are as follows: Server Certificates Id provides the identifier for the certificate.
  • Page 122 Add New Server Certificate opens a form to add a new server certificate (see Administration/Web/Server Certs Add Server Certificate form). Server Certificate Management Generate Certificate Request opens the request form (see Certs/Generate Certificate Request form on page Export Certificate Request exports the certificate request. Administration/Web/Server Certs Add Server Certificate form Use the Administration/Web/Server Certs Add Server Certificate form to add a server certificate.
  • Page 123 Administration/Web/Server Certs/Generate Certificate Request form Use the Administration/Web/Server Certs/Generate Certificate Request form to generate a certificate request (see Administration/Web/Server Certs/Generate Certificate Request form). Figure 90 Administration/Web/Server Certs/Generate Certificate Request form Fields and buttons on the Administration/Web/Server Certs Generate Certificate Request form are as follows: Common Name provides an entry field to specify the common name to be used with the certificate.
  • Page 124 Administration/Web/CA Certs form Use the Administration/Web/CA Certs form to administer Certificate Authority (CA) certificates on the Firewall (see Administration/Web/CA Certs form). CA certificates are required if server certificates from an external CA are used. Figure 91 Administration/Web/CA Certs form Fields and buttons on the Administration/Web/CA Certs form are as follows: Id provides an identifier for the certificate.
  • Page 125 Administration/Web/CA Certs Add Server Certificate form Use the Administration/Web/CA Certs Add Server Certificate form to add a server certificate. Figure 92 Administration/Web/CA Certs Add Server Certificate form Fields and buttons on the Administration/Web/CA Certs Add Server Certificate form are as follows: Identifier provides the assigned number of the certificate issuer.

  • Page 126: Snmp Forms

    SNMP forms Use the Administration/SNMP forms to enable or disable SNMP event and alarm messages, enter administrative information for the SNMP system, list configured trap hosts, administer USM users, and configure the source IP address used with SNMP traps. Administration/SNMP provides the following forms: General (see Administration/SNMP/General form) System (see Trap Hosts (see...
  • Page 127 SNMPv3 (USM) Options Fields and buttons on the form are as follows: SNMP Settings Status provides a list with the following selections: Enabled enables the SNMP agent. Disabled disables the SNMP agent. Security Model provides a list, used to specify the form of SNMP security, with the following selections: v1 specifies the SNMPv1 security model.
  • Page 128 Update submits the form changes to the pending configuration. Administration/SNMP/System form Use the Administration/SNMP/System form to enter administrative information on behalf of the SNMP system (see Administration/SNMP/System form). Figure 94 Administration/SNMP/System form Fields and buttons on the Administration/SNMP/System form are as follows: Email Contact provides an entry field to specify the e-mail address of the SNMP administrator.
  • Page 129 Administration/SNMP/Trap Hosts form The Administration/SNMP/Trap Hosts form lists configured trap hosts receiving SNMP event or alarm messages from the Firewall (see Administration/SNMP/Trap Hosts form). Figure 95 Administration/SNMP/Trap Hosts form Fields and buttons on the Administration/SNMP/Trap Hosts form are as follows: IP Address specifies the IP address of the trap host.
  • Page 130 Administration/SNMP/Trap Hosts Add Trap Host form Use the Administration/SNMP/Trap Hosts Add Trap Host form to add a trap host. Figure 96 Administration/SNMP/Trap Hosts Add Trap Host form Fields and buttons on the Administration/SNMP/Trap Hosts Add Trap Host form are as follows: IP Address provides an entry field to specify the IP address of the trap host.
  • Page 131 Administration/SNMP/USM Users form Use the Administration/SNMP/USM Users form to administer USM users employed in SNMP v3 (usm) authentication and encryption (see Administration/SNMP/USM Users form). Figure 97 Administration/SNMP/USM Users form Fields and buttons on the Administration/SNMP/USM Users form are as follows: Username specifies the name of the user for SNMP v3 (usm) authentication and encryption.
  • Page 132 Administration/SNMP/USM Users Add SNMP User form Use the Administration/SNMP/USM Users Add SNMP User form to add a new SNMP user. Figure 98 Administration/SNMP/USM Users Add SNMP User form Fields and buttons on the Administration/SNMP/USM Users Add SNMP User form are as follows: Username provides an entry field to specify the name of the user for SNMP v3 (usm) authentication/encryption.
  • Page 133 Back returns to the Administration/SNMP/USM/Users form without submitting changes to the pending configuration. Administration/SNMP/MIBs form The Administration/SNMP/MIBs form displays all of the SNMP MIB files available on the Firewall (see Administration/SNMP/MIBs form). Figure 99 Administration/SNMP/MIBs form Fields and buttons on the Administration/SNMP/MIBs form are as follows: File Name lists the SNMP MIB files existing on the Firewall.
  • Page 134 Administration/SNMP/Advanced form Use the Administration/SNMP/Advanced form to configure the source IP address used with SNMP traps generated from the Firewall (see Administration/SNMP/Advanced form). Figure 100 Administration/SNMP/Advanced form Fields and buttons on the Administration/SNMP/Advanced form are as follows: Source IP provides a list with the following selections: auto is the default and uses the IP address of the outgoing interface.

  • Page 135: Ssh Keys Form

    SSH Keys form Use the Administration/SSH keys form to display the current Host Keys and generate new SSH keys for the cluster (see Administration/SSH keys form). Figure 101 Administration/SSH keys form The Administration/SSH keys form is divided into the following two sections: SSH Known Host Keys SSH Key Generation Fields and buttons on the Administration/SSH keys form are as follows:...
  • Page 136 Import SSH Key imports an SSH key from a remote host (see Keys Import SSH Key form on page SSH Key Generation includes the following fields and buttons: Generate new Keys generates new SSH keys. Show SSH Keys shows the current SSH host keys for the cluster (see Administration/SSH Keys Show SSH keys form on page Administration/SSH keys Add New SSH key form Use the Administration/SSH keys Add New SSH key form to add SSH keys to the...
  • Page 137 Administration/SSH Keys Import SSH key form Use the Administration/SSH Keys Import SSH Key form to import SSH keys (see Administration/SSH Keys Import SSH Key form). Figure 103 Administration/SSH Keys Import SSH Key form Fields and buttons on the Administration/SSH Keys Import SSH Key form are as follows: IP Address provides an entry field to specify the IP address of the Firewall.

  • Page 138: Radius Form

    Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SSH Keys Show SSH keys form Use the Administration/SSH Keys Show SSH keys form to view resident SSH key information (see Administration/SSH Keys Show SSH keys form). Figure 104 Administration/SSH Keys Show SSH keys form Click Back to return to the Administration/SSH keys form.
  • Page 139 The Administration/RADIUS form is divided into the following two sections: General RADIUS Servers Fields and buttons on the form are as follows: General Status provides a list with the following two selections: Enabled enables RADIUS authentication of system users. Disabled disables RADIUS authentication of system users. TIP: Disabled is the default setting.
  • Page 140 Administration/RADIUS Add RADIUS Authentication Server form Use the Administration/RADIUS Add RADIUS Authentication Server form to add a RADIUS Authentication server. Figure 106 Administration/RADIUS Add RADIUS Authentication Server form Fields and buttons on the Administration/RADIUS Add RADIUS Authentication Server form are as follows: IP Address provides an entry field to specify the IP address of the RADIUS server.

  • Page 141: Apc Ups Form

    APC UPS form Use the Administration/APC UPS form to configure settings for American Power Corporation Uninterrupted Power Supply (APC UPS) (see Administration/APC UPS form). Figure 107 Administration/APC UPS form Fields and buttons on the Administration/APC/UPS form are as follows: Status provides a list with the following two selections: Enabled enables the UPS monitor.

  • Page 142: Audit Form

    Update submits the UPS Monitor changes to the pending configuration. Audit form Use the Administration/Audit form to configure a RADIUS server to receive log messages about commands executed in the CLI (see Administration/Audit form). Figure 108 Administration/Audit form The Administration/Audit form is divided into the following two sections: General RADIUS Servers Fields and buttons on the form are as follows:...
  • Page 143 RADIUS Servers IP Address provides the address of a configured RADIUS server or an entry field to change or specify the IP Address of a RADIUS server. Port provides the TCP port number or an entry field to change or specify the TCP port number.
  • Page 144 Nortel Switched Firewall Browser-Based Interface Users Guide Update submits the changes to the pending configuration. Back returns to the Administration/Audit form without submitting changes to the pending configuration. Browser-Based Interface forms reference 216383-D October 2005...

  • Page 145: Diagnostics Forms

    Diagnostics forms The Diagnostics forms provide information about logs, forms to check configuration and Check Point Logs, system commands, and OSPF Debug settings. The Diagnostic forms menu includes the following categories of forms: Logs (see Logs Events (see Audit Log (see Maintenance (see System Commands (see Debug (see...
  • Page 146 The Diagnostics/Logs form is divided into the following two sections: Log Information Log Files Fields and buttons on the form are as follows: Log Information Firewall Director provides a list containing the IP addresses of the Firewall Directors. Refresh displays the details of the selected Firewall Director. Log Files lists all of the log files on the selected Firewall.

  • Page 147: Events Form

    Events form The Diagnostics/Events form displays the contents of the event log file (see Diagnostics/Events form). Figure 111 Diagnostics/Events form Fields and buttons on the Diagnostics/Events form are as follows: Firewall Director provides a list containing the IP addresses of the Firewall Directors. Refresh displays the details of the selected Firewall Director.

  • Page 148: Audit Log Form

    Audit Log form Use the Diagnostics/Audit Log form to display the latest 64 K of the device audit log (see Diagnostics/Audit Log form). Figure 112 Diagnostics/Audit Log form Fields and buttons on the Diagnostic/Audit Log form are as follows: Firewall Director provides a drop down list containing the IP addresses of the Firewall Directors.

  • Page 149: Maintenance Forms

    Maintenance forms Use the Diagnostics/Maintenance/Check Configuration form to check the applied configuration (see Diagnostics/Maintenance/Check Configuration form). Diagnostics/Maintenance/Check Configuration form Figure 113 Diagnostics/Maintenance/Check Configuration form The Diagnostics/Maintenance/Check Configuration form is divided into the following two sections: Check Applied Configuration Applied Configuration Fields and buttons on the form are as follows: Check Applied Configuration determines whether the NSF can contact configured gateways, routes, DNS servers, and authentication servers.
  • Page 150 Applied Configuration displays configuration information. Diagnostics/Maintenance/Check Point Logs form Use the Diagnostics/Maintenance/Check Point Logs form to provide Check Point Log file information, collected from NSF devices, to the local system for technical support purposes (see Diagnostics/Maintenance/Check Point Logs form). Figure 114 Diagnostics/Maintenance/Check Point Logs form Fields and buttons on the Diagnostics/Maintenance/Check Point Logs form are as follows: File Name provides an entry field for the file name used to store the uploaded information.

  • Page 151: System Commands Form

    System Commands form Use the Diagnostics/System Commands/System Commands form to execute Check Point system commands normally entered in a command window (see Diagnostics/System Commands/System Commands form). Figure 115 Diagnostics/System Commands/System Commands form Fields and buttons on the Diagnostics/System Commands/System Commands form are as follows: Host IP provides a list of host IP addresses.

  • Page 152: Debug Forms

    Unload Check Point Policy (fw unloadlocal) Current interfaces (ifconfig) Current running processes (ps -aefH) Iptables information (iptables -L) ARP Table Entries/info/net/arp (arp -n) Click Submit to execute the selected Check Point command. Result displays the result of the selected command execution. Debug forms Diagnostics/Debug/OSPF form Use the Diagnostics/Debug/OSPF form to configure OSPF debug settings (see...
  • Page 153 Packets turns on debugging for OSPF packets. Enabled displays the following OSPF Debug operational settings: Yes indicates OSPF Debug is enabled. No indicates OSPF Debug is disabled. Action displays a form used to modify a displayed OSPF Debug option. Modify displays a form to modify an OSPF debug option (see Diagnostics/Debug/OSPF Modify form).

  • Page 154: Wizards Forms

    Wizards forms The Wizards guide the user through configuration processes. The Wizards tab on the NSF BBI main page provides the following selections (see Wizards main menu): Initial Configuration (see Add (see Add Wizard forms on page Interface Bridge GRE Tunnel Configure (see Check Point Firewall Routes/Gateways...

  • Page 155: Initial Configuration Wizard

    Nortel Switched Firewall Browser-Based Interface Users Guide The figures in this section represent the first page of each NSF BBI Wizard. Initial Configuration Wizard Use the Initial Configuration wizard to configure a working NSF environment (see Initial Configuration Wizard form). Figure 119 Initial Configuration Wizard form Browser-Based Interface forms reference 216383-D October 2005...

  • Page 156: Add Wizard Forms

    Nortel Switched Firewall Browser-Based Interface Users Guide Add Wizard forms Use the Add forms to add or modify interfaces and bridges. Add Interface Use the Add Interface wizard to add a new interface or modify an existing interface (see Add Interface Wizard form).

  • Page 157: Configure Wizard Forms

    Nortel Switched Firewall Browser-Based Interface Users Guide Add GRE Tunnel Use the Add GRE Tunnel wizard to add a GRE tunnel to the configuration (see Add GRE Tunnel Wizard form). Figure 122 Add GRE Tunnel Wizard form Configure Wizard forms Use the Configure forms to perform system configurations.
  • Page 158 Nortel Switched Firewall Browser-Based Interface Users Guide Routes/Gateways Use the Routes/Gateways form to configure static routes and default gateways (Configure Routes/Gateways Wizard form). Figure 124 Configure Routes/Gateways Wizard form DHCP Relay Use the DHCP Relay form to configure DHCP relay (see Configure DHCP Relay Wizard form).
  • Page 159 Nortel Switched Firewall Browser-Based Interface Users Guide OSPF Use the OSPF form to configure use of the Open Shortest Path First (OSPF) protocol (see Configure OSPF Wizard form). Figure 126 Configure OSPF Wizard form Remote Access Use the Remote Access wizard form to perform functions associated with remote access configuration, such as add or delete client access lists (see Remote Access Wizard form).
  • Page 160 Nortel Switched Firewall Browser-Based Interface Users Guide Users Use the User Administration Wizard to perform user administration tasks and configuration, such as add, modify, or delete a user (see User Administration Wizard form). Figure 128 User Administration Wizard form Browser-Based Interface forms reference 216383-D October 2005...

Table of Contents