Download
Share
Print this page

Advertisement

Check Point NG FP3 step-by-step Install guide on NOKIA IPSO
By Brandon E. Robrahn
INTRO
This document is to be used as a reference on how to install a NOKIA IP350 with Check Point NG FP3. In this
document I have provided a step-by-step reference guide on loading a NOKIA IP350 with IPSO version
3.7.1Build010, and Check Point version NG FP3. Voyager and command line were both used in this guide; this is
just one way that a NOKIA device can be configured as a Check Point Firewall. Not all of the patches and hot fixes
for these versions are shown in this document. There was only one patch applied to this device, this was simply to
show how to apply it to the NOKIA. The two vulnerabilities that have to be addressed when using this version of
Check Point and IPSO are:
1. Hot fix Accumulator 325
2. Open SSL vulnerability
After using this document as a reference guide (not a configuration guide), you should be able to put the device in
line and connect it to a management server with out any issues. This document guides you from entering in the
hostname of the firewall, and ends with applying the default filter and running CPCONFIG. Good luck with your
install and thanks for using this guide as a reference on how to configure a Check Point firewall.
After the start up script runs you will be prompt to enter a hostname, if you hit enter it will get rid of the text
so that you can type the hostname that you choose. Listed below is an actual screen shot taken from
Secure CRT of how an install is performed. I used
commands to configure this Firewall.
Please choose the host name for this system. This name will be used
in messages and usually corresponds with one of the network hostnames
for the system. Note that only letters, numbers, dashes, and dots (.)
are permitted in a hostname.
Hostname?
fw-test
Hostname set to "fw-test", OK? [ y ] ?
Please enter password for user admin:
Please re-enter password for confirmation:
You can configure your system in two ways:
1) configure an interface and use our Web-based Voyager via a remote
browser
2) VT100-based Lynx browser
Please enter a choice [ 1-2, q ]:
Select an interface from the following for configuration:
1) eth1
2) eth2
3) eth3
4) eth4
5) quit this menu
Enter choice [1-5]:
1
Enter the IP address to be used for eth1:
red
y
password
password
1
10.0.0.1
text in the areas where you need to type in

Advertisement

COMING SOON

   Also See for Nokia IPSO IP350

Nokia IP350 Appliance Installation Manual
Nokia IP350 Appliance Installation Manual 115 pages
Nokia IP350 Installation Manual
Nokia IP350 Installation Manual 22 pages

   Related Manuals for Nokia IPSO IP350

   Summary of Contents for Nokia IPSO IP350

  • Page 1

    INTRO This document is to be used as a reference on how to install a NOKIA IP350 with Check Point NG FP3. In this document I have provided a step-by-step reference guide on loading a NOKIA IP350 with IPSO version 3.7.1Build010, and Check Point version NG FP3.

  • Page 2

    Enter the masklength: Do you wish to set the default route [ y ] ? Enter the default router to use with eth1: This interface is configured as 10 mbs by default. Do you wish to configure this interface for 100 mbs [ n ] ? This interface is configured as half duplex by default.

  • Page 3

    By typing cd /var/tmp and then typing ls -ls you are changing the directory /var/tmp and listing what is in that directory. This allows you to see what IPSO version you are currently running on your NOKIA device. Since the IPSO version that is shown is not the current version or the version that we want to use, we are going to change it to the correct version by installing a new IPSO image from an FTP server using Voyager.

  • Page 4

    IP Address of your FTP Server. Since you will have a cross over cable hooked to your PC and the other end hooked to the port on the NOKIA that reads ETH-1, you will use the IP Address of your PC.

  • Page 5

    The install is now complete and you need to reboot your NOKIA device. Before you reboot click on Manage IPSO images (including REBOOT and Next Boot Image Selection) located at the...

  • Page 6

    Select the radio button that reads Last Image Downloaded This is the IPSO version that you just loaded. At the bottom of the page, click on Test Boot. NOTE: Test boot is used incase something happens when you’re rebooting, this way you can revert back to the old version and no harm was done.

  • Page 7

    Shown below are the steps to install Check Point NG FP3 on this NOKIA device. Follow the steps by typing in the commands shown in listed below.

  • Page 8

    IPSO (fw-test) (ttyd0) login: admin Password: xxxxxxxxxxx Last login: Thu May 6 19:28:42 on ttyd0 May 6 20:03:18 fw-test [LOG_INFO] login: DIALUP ttyd0, admin May 6 20:03:18 fw-test [LOG_NOTICE] login: ROOT LOGIN (admin) ON ttyd0 May 6 20:03:18 fw-test [LOG_NOTICE] login: ROOT LOGIN (admin) ON ttyd0 May 6 20:03:18 fw-test [LOG_INFO] login: login on ttyd0 as admin IPSO 3.7.1-BUILD010 #1253: 04.05.2004 185427 Terminal type? [vt100]...

  • Page 9

    May 6 21:31:26 fw-test [LOG_CRIT] PKG_INSTALL: INSTALL STARTED at Thu May 6 21:31:26 GMT 2004 May 6 21:31:29 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPshrd-50/cpshared_ipso.tgz May 6 21:31:29 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPshrd-50/cpshared_ipso.tgz May 6 21:31:53 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPfw1-50/fw1_ipso.tgz May 6 21:31:53 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPfw1-50/fw1_ipso.tgz May 6 21:32:42 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPfw1- 50/POST_INSTALL...

  • Page 10

    May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: /etc/newpkg -S -m LOCAL -i -n CPuag-50/uag_ipso.tgz May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: ******************************************************* May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: ******************************************************* May 6 21:33:16 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPdtps- 50/POST_INSTALL May 6 21:33:16 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPdtps- 50/POST_INSTALL May 6 21:33:21 fw-test [LOG_CRIT] PKG_INSTALL: *************************************************************************...

  • Page 11

    Do you want to download ipso_3_7_1_Build007.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package ipso_3_7_1_Build007.tgz ... Do you want to download ipso_3_7_1_Build010.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package ipso_3_7_1_Build010.tgz ... Do you want to download RSNS_NokiaRelease_7_0_2003_62.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package RSNS_NokiaRelease_7_0_2003_62.tgz ...

  • Page 12

    The 2 applications (packages) turned on by default are the only ones that need to be turned on. Nothing needs to be done, you’re just checking to make sure they’re turned on. If you click on UP it will take you back to the Configuration screen.

  • Page 13

    If you click on UP it will take you back to the Configuration screen. NOTE: This is important that this is turned on so that you can manage your NOKIA box via SSH. Under Security and Access Configuration click on SSL Certificate Tool, here is where you configure your SSL certificate.

  • Page 14

    After all of the information has been added click on Apply. This will bring up a screen that has a certificate and a private key in it; you need to copy the entire text that is listed. After highlighting the entire certificate right click and select “copy”.

  • Page 15

    When the Voyager SSL Certificate page comes up, Paste the copied certificate into the box that is labeled “New server certificate”. Now click on the BACK button of the IE page that you are on, I have noticed that if you click on up rather then back your certificate will disappear. It is a lot easier to just click on back, this way you don’t get lost as to what you are doing.

  • Page 16

    If you click on UP it will take you to the screen shown below. This is where you will choose the required encryption for the using SSL. Choose the radio button that reads 128-bit key or stronger. After selecting the radio button click on Apply and Save. You should still see that same screen shown above, if you click on UP you will get the error message “The page cannot be displayed”.

  • Page 17

    SSH connections to the NOKIA device. Shown below are the steps that need to be taken to apply the default filter. NOTE: The default filter is really a default policy on the NOKIA device. A policy will be applied to the device when it is pushed via the management server.

  • Page 18

    ---------- 1 owner group 21039771 Apr 28 14:10 SHF_HFA_325.ipso.tgz 226 Closing data connection ftp> get SHF_HFA_325.ipso.tgz local: SHF_HFA_325.ipso.tgz remote: SHF_HFA_325.ipso.tgz 200 PORT command successful. 150 File status OK ; about to open data connection 100% |**************************************************| 20546 KB 00:00 ETA 226 File transfer successful.

  • Page 19

    This End-user License Agreement (the "Agreement") is an agreement between you (b oth the individual installing the Product and any legal entity on whose behalf s uch individual is acting) (hereinafter "You" or " Your") and Check Point Softwar e Technologies Ltd. (hereinafter "Check Point"). TAKING ANY STEP TO SET-UP OR INSTALL THE PRODUCT CONSTITUTES YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT.

  • Page 20

    keystrokes will be ignored. Please keep typing until you hear the beep and the bar is full. [...] Thank you. Configuring Secure Internal Communication... ============================================ The Secure Internal Communication is used for authentication between Check Point components Trust State: Uninitialized Enter Activation Key: xxxxxxxxxx Again Activation Key:...

Comments to this Manuals

Symbols: 0
Latest comments: