Advertisement
Advertisement
INTRO This document is to be used as a reference on how to install a NOKIA IP350 with Check Point NG FP3. In this document I have provided a step-by-step reference guide on loading a NOKIA IP350 with IPSO version 3.7.1Build010, and Check Point version NG FP3.
Enter the masklength: Do you wish to set the default route [ y ] ? Enter the default router to use with eth1: This interface is configured as 10 mbs by default. Do you wish to configure this interface for 100 mbs [ n ] ? This interface is configured as half duplex by default.
By typing cd /var/tmp and then typing ls -ls you are changing the directory /var/tmp and listing what is in that directory. This allows you to see what IPSO version you are currently running on your NOKIA device. Since the IPSO version that is shown is not the current version or the version that we want to use, we are going to change it to the correct version by installing a new IPSO image from an FTP server using Voyager.
IP Address of your FTP Server. Since you will have a cross over cable hooked to your PC and the other end hooked to the port on the NOKIA that reads ETH-1, you will use the IP Address of your PC.
The install is now complete and you need to reboot your NOKIA device. Before you reboot click on Manage IPSO images (including REBOOT and Next Boot Image Selection) located at the...
Select the radio button that reads Last Image Downloaded This is the IPSO version that you just loaded. At the bottom of the page, click on Test Boot. NOTE: Test boot is used incase something happens when you’re rebooting, this way you can revert back to the old version and no harm was done.
Shown below are the steps to install Check Point NG FP3 on this NOKIA device. Follow the steps by typing in the commands shown in listed below.
IPSO (fw-test) (ttyd0) login: admin Password: xxxxxxxxxxx Last login: Thu May 6 19:28:42 on ttyd0 May 6 20:03:18 fw-test [LOG_INFO] login: DIALUP ttyd0, admin May 6 20:03:18 fw-test [LOG_NOTICE] login: ROOT LOGIN (admin) ON ttyd0 May 6 20:03:18 fw-test [LOG_NOTICE] login: ROOT LOGIN (admin) ON ttyd0 May 6 20:03:18 fw-test [LOG_INFO] login: login on ttyd0 as admin IPSO 3.7.1-BUILD010 #1253: 04.05.2004 185427 Terminal type? [vt100]...
May 6 21:31:26 fw-test [LOG_CRIT] PKG_INSTALL: INSTALL STARTED at Thu May 6 21:31:26 GMT 2004 May 6 21:31:29 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPshrd-50/cpshared_ipso.tgz May 6 21:31:29 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPshrd-50/cpshared_ipso.tgz May 6 21:31:53 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPfw1-50/fw1_ipso.tgz May 6 21:31:53 fw-test [LOG_CRIT] PKG_INSTALL: Trying to install CPfw1-50/fw1_ipso.tgz May 6 21:32:42 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPfw1- 50/POST_INSTALL...
May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: /etc/newpkg -S -m LOCAL -i -n CPuag-50/uag_ipso.tgz May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: ******************************************************* May 6 21:33:08 fw-test [LOG_CRIT] PKG_INSTALL: ******************************************************* May 6 21:33:16 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPdtps- 50/POST_INSTALL May 6 21:33:16 fw-test [LOG_CRIT] PKG_INSTALL: Running /tmp/pkg/CP_FP3_IPSO/CPdtps- 50/POST_INSTALL May 6 21:33:21 fw-test [LOG_CRIT] PKG_INSTALL: *************************************************************************...
Do you want to download ipso_3_7_1_Build007.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package ipso_3_7_1_Build007.tgz ... Do you want to download ipso_3_7_1_Build010.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package ipso_3_7_1_Build010.tgz ... Do you want to download RSNS_NokiaRelease_7_0_2003_62.tgz ? ['yes (default)' or 'no' or 'exit']: Skipping package RSNS_NokiaRelease_7_0_2003_62.tgz ...
The 2 applications (packages) turned on by default are the only ones that need to be turned on. Nothing needs to be done, you’re just checking to make sure they’re turned on. If you click on UP it will take you back to the Configuration screen.
If you click on UP it will take you back to the Configuration screen. NOTE: This is important that this is turned on so that you can manage your NOKIA box via SSH. Under Security and Access Configuration click on SSL Certificate Tool, here is where you configure your SSL certificate.
After all of the information has been added click on Apply. This will bring up a screen that has a certificate and a private key in it; you need to copy the entire text that is listed. After highlighting the entire certificate right click and select “copy”.
When the Voyager SSL Certificate page comes up, Paste the copied certificate into the box that is labeled “New server certificate”. Now click on the BACK button of the IE page that you are on, I have noticed that if you click on up rather then back your certificate will disappear. It is a lot easier to just click on back, this way you don’t get lost as to what you are doing.
If you click on UP it will take you to the screen shown below. This is where you will choose the required encryption for the using SSL. Choose the radio button that reads 128-bit key or stronger. After selecting the radio button click on Apply and Save. You should still see that same screen shown above, if you click on UP you will get the error message “The page cannot be displayed”.
SSH connections to the NOKIA device. Shown below are the steps that need to be taken to apply the default filter. NOTE: The default filter is really a default policy on the NOKIA device. A policy will be applied to the device when it is pushed via the management server.
---------- 1 owner group 21039771 Apr 28 14:10 SHF_HFA_325.ipso.tgz 226 Closing data connection ftp> get SHF_HFA_325.ipso.tgz local: SHF_HFA_325.ipso.tgz remote: SHF_HFA_325.ipso.tgz 200 PORT command successful. 150 File status OK ; about to open data connection 100% |**************************************************| 20546 KB 00:00 ETA 226 File transfer successful.
This End-user License Agreement (the "Agreement") is an agreement between you (b oth the individual installing the Product and any legal entity on whose behalf s uch individual is acting) (hereinafter "You" or " Your") and Check Point Softwar e Technologies Ltd. (hereinafter "Check Point"). TAKING ANY STEP TO SET-UP OR INSTALL THE PRODUCT CONSTITUTES YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT.
keystrokes will be ignored. Please keep typing until you hear the beep and the bar is full. [...] Thank you. Configuring Secure Internal Communication... ============================================ The Secure Internal Communication is used for authentication between Check Point components Trust State: Uninitialized Enter Activation Key: xxxxxxxxxx Again Activation Key:...
Comments to this Manuals
Latest comments: