Download Print this page

Advertisement

IP40 Security Platform
User's Guide
Version 2.0
Rev A
N450916004
May 2005

Advertisement

   Also See for Nokia IP40

   Summary of Contents for Nokia IP40

  • Page 1

    IP40 Security Platform User’s Guide Version 2.0 Rev A N450916004 May 2005...

  • Page 2

    IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services;...

  • Page 3

    Singapore 119968 Nokia Customer Support Web Site: https://support.nokia.com/ Email: tac.support@nokia.com Americas Europe Voice: 1-888-361-5030 or Voice: +44 (0) 125-286-8900 1-613-271-6721 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 050113 Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 4

    Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 5: Table Of Contents

    Nokia IP40 Satellite 16, Satellite 32, Satellite Unlimited ....22 Nokia IP40 Security Platform Features ....... . . 22 Connectivity .

  • Page 6

    Logging Off from Nokia IP40 Security Platform ......57 Understanding the Nokia IP40 Web GUI ....... . 58 Using the Nokia IP40 Security Platform Web-based User Interface .

  • Page 7

    Editing and Deleting QoS Classes ........123 Setting Up the Nokia IP40 Security Platform Security Policy ... . . 125 Setting the Firewall Security Level .

  • Page 8

    SNMP Description..........153 SNMP Configuration from Nokia IP40 Security Platform ....153 Setting Up SNMP Access to Nokia IP40 Security Platform .

  • Page 9

    Using the Reset Button ........190 Restarting Nokia IP40 Security Platform by Using GUI ..... 190...

  • Page 10

    Setting Up Nokia IP40 Satellite X ........

  • Page 11

    Nokia IP40 Tele 8 to Check Point NG AI ....... .

  • Page 12

    Checking for Software Updates When Remotely Managed ....253 Managing with Nokia Horizon Manager ....... . 253 Check Point SmartCenter LSM .

  • Page 13: About This Guide

    IP40 Security Platform. This guide provides information about the new features incorporated in the Nokia IP40. This version of Nokia IP40 uses the SofaWare VPN-1 Embedded NG. For a quick reference on how to configure features in Nokia IP40, see the Nokia IP40 Security Platform Quick Start Guide and Nokia IP40 Security Platform Online Help, part of the graphical user interface (GUI) in the device.

  • Page 14: Conventions This Guide Uses

    Chapter 8, “Setting Up the Nokia IP40 Security Platform Security Policy” explains methods to define the firewall level, configure virtual servers, and create firewall rules. Chapter 9, “Configuring Network Access,” describes the network access procedures and usage of SSH and SSL.

  • Page 15: Command-line Conventions

    Notes provide information of special interest or recommendations. Command-Line Conventions This section defines the elements of commands that are available in Nokia products. You might encounter one or more of the following elements on a command-line path. Table 1 Command-Line Conventions...

  • Page 16: Text Conventions

    Keys that you press simultaneously are linked by a plus sign (+): Press Ctrl + Alt + Del. Menu commands Menu commands are separated by a greater than sign (>): Choose File > Open. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 17: Menu Items

    Nokia IP40 menu items in procedures are separated by the greater than sign (>). For example, Start > Programs > Nokia > Security indicates that you first click Start, then choose the Programs menu command, then choose Nokia, and finally choose Security.

  • Page 18

    Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 19: Introduction

    WAN connection to headquarters, and dual homing with BGP to route return traffic securely, over VPN. The Nokia IP40 Security Platform can be integrated with an overall enterprise security policy for maximum security. The IP40 facilitates centralized management and automatic deployment with the security management architecture of Check Point, and Nokia Horizon Manager.

  • Page 20: Nokia Ip40 Tele 8

    IP40 Tele 8 can act as a VPN server, which allows a single user to securely access resources protected by the device from home or while travelling.

  • Page 21

    About Nokia IP40 Security Platform Table 3 Nokia IP40 Security Platform Connectivity Nokia IP40 Satellite Feature Nokia IP40 Tele 8 16/32/Unlimited Users (nodes) 16, 32, unlimited PPPoE client PPTP client DHCP client DHCP server DHCP relay DHCP reservation Static IP...

  • Page 22: Firewall

    Feature Nokia IP40 Tele 8 16/32/Unlimited High-Availability Traffic Shaper Firewall Table 4 “Firewall Connectivity” provides details about the IP40 Security Platform v2.0 firewall connectivity. Table 4 Firewall Connectivity Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) Firewall Type Check Point Firewall-1...

  • Page 23

    Voice over IP (H.323) support Exposed host DMZ network VLAN support VPN Connectivity Table 5 “VPN Connectivity” provides details about IP40 Security Platform v2.0 VPN connectivity. Table 5 VPN Connectivity Nokia IP40 Satellite Feature Nokia IP40 Tele8 16/32/Unlimited IPSEC VPN remote...

  • Page 24

    RSA secure ID VPN pass through Enhanced MEP support Encryption AES/3DES/DES AES/3DES/DES Authentication SHA1/MD5 SHA1/MD5 SecuRemote server RADIUS Client DAIP with VPN certificates Back up VPN gateways SmartCenter Connector (SSC) NG AI support Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 25

    About Nokia IP40 Security Platform Table 5 VPN Connectivity Nokia IP40 Satellite Feature Nokia IP40 Tele8 16/32/Unlimited Bypass NAT Bypass Firewall NAT Traversal Route all traffic Route Based VPN and failover Multiple PPP connections Active tunnels Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 26: Management

    Introduction Management Table 6 “Management” provides details about the IP40 Security Platform v2.0 management: Table 6 Management Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) Web-based management Access to IP40 through OOB, SSH and SNMP Telnet access HTTPS access...

  • Page 27: Security Services

    Point Smart Update) Check Point Smart LSM Check Point Provider-1 Security Services Table 7 “Security Services” provides details about IP40 Security Platform v2.0 security services: Table 7 Security Services Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) Firewall security...

  • Page 28: Diagnostics And Maintenance

    Protocol support for TCP/IP, ICMP, GRE, ESP and UDP Diagnostics and Maintenance Table 8 “Diagnostics and Maintenance” provides details about IP40 v2.0 diagnostics and maintenance: Table 8 Diagnostics and Maintenance Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited)

  • Page 29: Nokia Ip40 Security Platform Package Contents

    A country-specific power cord for universal power supply An Ethernet-crossover cable, labeled Crossover An RS-232 console (null modem) cable The IP40 CD. The IP40 CD includes the following documents needed to set up and use the device: Nokia IP40 Security Platform Quick Start Guide Version 2.0 Nokia IP40 Security Platform User’s Guide Version 2.0 (this document)

  • Page 30: Network Requirements

    Introduction Network Requirements To set up the Nokia IP40 Security Platform to connect to the Internet, you need the following: A broadband Internet connection by cable or DSL modem with Ethernet interface (RJ-45) or a dial-up connection with a serial modem (V90 or ISDN T/A)

  • Page 31

    Connect the power adapter to this jack. The device connects to the power source. The auxiliary port or dial-in port is a 9-pin male connector. This port is used to dial in to IP40 through a modem when the IP40 is unreachable through other ports.

  • Page 32: Nokia Ip40 Security Platform Front Panel

    You can monitor the IP40 operations by viewing the LEDs on the front panel. Figure 2 Front Panel of Nokia IP40 Security platform. The items on the front panel of the Nokia IP40 Security Platform are explained in Table 10 page 35.

  • Page 33

    Overview Table 10 Front Panel of Nokia IP40 Label Description Off: device not powered on Green Solid: device is on STAT Off: device off Green solid: device passed hardware test and finished booting. Red solid: hardware error Amber solid: booting Green blinking: device passed hardware and is fully booted.device...

  • Page 34

    Introduction Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 35: Installing Nokia Ip40 Security Platform

    Installing Nokia IP40 Security Platform This chapter describes how to set up and install the Nokia IP40 Security Platform in a networking environment. The chapter includes the following topics: Before You Install Nokia IP40 Security Platform Setting Up Nokia IP40 Security Platform with Microsoft Windows 98 or Millennium...

  • Page 36

    In the Network window, check if TCP/IP appears in the network components list and if it is already configured with the Ethernet card installed on your computer. If TCP/IP is already installed and configured on your computer, skip the following procedure about how to install TCP/IP. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 37

    If you are prompted for original Windows installation files, provide the installation CD and relevant path, D:\win98, D:\win95, and so on. 5. Restart your computer if prompted. If you are connecting the IP40 to an existing LAN, consult your network manager/system administrator for the correct configuration. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 38

    (TCP/ IP > PCI Fast Ethernet DEC 21143 Based Adapter). The TCP/IP Properties window opens. 2. Click the Gateway tab and delete any installed gateways. 3. Click the DNS Configuration tab and click Disable DNS. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 39

    Before You Install Nokia IP40 Security Platform 4. Click the IP Address tab, and click Obtain an IP address automatically. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 40: Setting Up Nokia Ip40 Security Platform With Microsoft Windows Xp And 2000 Operating Systems

    Installing Nokia IP40 Security Platform Note Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static IP address to your computer. To assign a static IP address, click Specify an IP address and enter an IP address in the range of 192.168.10.129 to 254. Enter 255.255.255.0 as the Subnet Mask.

  • Page 41

    Before You Install Nokia IP40 Security Platform 3. Right-click the Local Area Connection icon and select Properties from the drop-down list. The Local Area Connection Properties window opens. 4. Check for TCP/IP in the Component list and whether it is configured with the Ethernet card installed on your computer.

  • Page 42

    2. Choose Protocol and click Add. The Select Network Protocol window opens. 3. In the Select Network Protocol window, choose Internet Protocol (TCP/IP) and click OK. TCP/IP protocol is installed on your computer. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 43

    2. Click Obtain an IP address automatically. Note Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static IP address to your computer. To assign a static IP address, select Specify an IP address and enter an IP address in the range of 192.168.10.129 to 254. Enter 255.255.255.0 as the subnet mask.

  • Page 44: Setting Up Nokia Ip40 Security Platform With An Apple Computer

    The following topology examples illustrate proper network cabling. Figure 3 IP40 Topologies Installing Your Network Plan your network and the location of the IP40, then install your network. To install the network 1. Connect the LAN cable a. Connect one end of the Ethernet cable to the LAN port at the rear end of the device.

  • Page 45

    Before You Install Nokia IP40 Security Platform 2. Connect the DMZ cable a. Connect one end of the Ethernet cable to the DMZ port at the rear end of the device. b. Connect the other end of the Ethernet cable to the computer, hubs, or another network device.

  • Page 46

    Installing Nokia IP40 Security Platform Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 47: Getting Started

    255 in this document. Note The IP40 ships without a password defined. If you are logging in for the first time, you are prompted to define the password by entering it twice. If you logged in before, enter the username and password you previously defined.

  • Page 48: Configuring Nokia Ip40 Security Platform For Internet Connection

    Configuring Nokia IP40 Security Platform for Internet Connection This section provides information about how to make the initial settings for your Nokia IP40 Security Platform by using the Setup wizard and connecting to the Internet. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 49: Making Initial Nokia Ip40 Security Platform Settings

    Making Initial Nokia IP40 Security Platform Settings To connect to the Internet from Nokia IP40 Security Platform 1. After you set the administrator password, you are prompted to make the initial settings from the Setup wizard. The wizard guides you through making an Internet connection, setting the device time, registering for support services, and performing other basic configurations.

  • Page 50: Setting Nokia Ip40 Security Platform Time

    Use the following procedure to set the time of Nokia IP40 Security Platform. To set the IP40 Security Platform time 1. When the IP40 Set Time wizard dialog box appears, click the appropriate setting, to define. If you click Your computer’s clock, IP40 automatically updates with the time settings of your computer.

  • Page 51

    Select time zone from the Time Zone drop down list. 4. Click Next. The IP40 Set Time Wizard Date and Time Updated dialog box appears, indicating that time settings are changed successfully. 5. Click Finish to exit the Set Time wizard.

  • Page 52: Registering With The Nokia Support Site

    Web resources and software updates. Connecting to a Central Management Server When you are registered for support, the Subscription Services window opens. This page allows you to define the central management server that the IP40 connects to. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 53: Logging On To Nokia Ip40 Security Platform

    Point Smart Center, Smart Center Pro, or Sofaware Management Portal. If your IP40 is centrally managed by any of these servers, check I wish to connect to a service center and enter the IP address of the central management server in the Specified IP text box, then click Next.

  • Page 54: Accessing Nokia Ip40 Securely

    Getting Started Note The default user name for all Nokia IP40 licenses is admin. For the IP40 Satellite X licenses, you can define additional users. These additional users have separate usernames and passwords. For the IP40 Tele 8 license, you can only log on with the username admin.

  • Page 55: Logging Off From Nokia Ip40 Security Platform

    IP40 is not yet known to the browser, so a security alert appears. 2. Click Yes to install the security certificate of the IP40 that you are trying to access. If you are using Internet Explorer 5.0 or later, do the following: a.

  • Page 56: Understanding The Nokia Ip40 Web Gui

    58. Understanding the Nokia IP40 Web GUI When you log on to Nokia IP40 security platform by using HTTP or HTTPS, you can configure the device by using the following methods: Quick Setup Wizard—configures the most common settings required for the IP40 to be up and running.

  • Page 57: Using The Nokia Ip40 Security Platform Web-based User Interface

    Understanding the Nokia IP40 Web GUI Using the Nokia IP40 Security Platform Web-based User Interface Table 11 provides summary of Nokia IP40 Security Platform graphical user interface. Summary of the main Table 11 components of the Nokia IP40 GUI Component...

  • Page 58: Graphical User Interface Details

    Figure 4 Main Components of the Nokia IP40 Security Platform GUI Note The Nokia IP40 Tele 8 license does not support all of the features mentioned in the table 12 below. For information on features supported by the Tele configuration, see “Nokia IP40...

  • Page 59

    Understanding the Nokia IP40 Web GUI Table 12 gives the name and functionality of each element in the Nokia IP40 GUI. Table 12 Names and Functions of the Nokia IP40 GUI Elements Main Tab Secondary Tabs Description Welcome Displays Welcome and configuration information.

  • Page 60

    Getting Started Table 12 Names and Functions of the Nokia IP40 GUI Elements Main Tab Secondary Tabs Description Tools Comprises several tools to effectively manage your IP40. Users Internal Users Allows you to view, add, edit, and delete list of IP40 users.

  • Page 61

    IP40 GUI screens. The Help icon is visible only for those fields that have further information available. information about other fields, please see related sections in IP40 Security Platform User’s Guide Version 2.0 or choose Help from the main menu.

  • Page 62

    Getting Started Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 63: Accessing Nokia Ip40 Security Platform

    Typically the WAN port for your device is connected to your Internet service provider (ISP), while the LAN port is connected to your computer, or to a hub, if you are using IP40 between your computer network and the outside world. You can connect your computer to the console port of your IP40 to manage the device by using the command-line interface (CLI).

  • Page 64: Configuration Methods

    Your Nokia IP40 Security Platform has a console serial port. Connect the RS-232 cable (that is shipped along with the device) from the serial port of your computer to the console port of IP40. You can then manage the device by using a terminal emulation program such as Hyper Terminal.

  • Page 65

    Select the following port settings: Bits per second: 9600 Data bits: 8 Parity: None Stop bits: 1 Flow control: None 5. Click Ok to continue. 6. The login prompt is displayed by default. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 66: Using Telnet To Connect To Nokia Ip40 Security Platform

    Accessing Nokia IP40 Security Platform The IP40 ships without a password defined. If you are logging in for the first time, you are prompted to define the password by entering it twice. If you logged in before, enter the username and password you previously defined.

  • Page 67: Enabling And Disabling Telnet Access To Nokia Ip40

    4. Enter your username and password.You can now, manage your IP40 Security Platform by using simple commands. 5. Press the tab key to view a list of useful, simple commands to start managing your IP40. For more information, see Nokia IP40 Security Platform CLI Reference Guide Version 2.0.

  • Page 68: Using Secure Shell To Connect To Nokia Ip40 Security Platform

    Accessing Nokia IP40 Security Platform Using Secure Shell to Connect to Nokia IP40 Security Platform You can use Secure Shell (SSH) to access your IP40 Security Platform, securely. SSH is an application protocol and software suite that allows secure network services over an insecure network such as the Internet.

  • Page 69: Deploying Nokia Ip40 Security Platform With Check Point Smartcenter Large Scale Manager

    You can use Nokia Horizon Manager to perform software inventory, configuration, and image management operations. Note You can manage the IP40 Security Platform by using Nokia Horizon Manager v1.3.1 and later. Deploying Nokia IP40 Security Platform with Check Point SmartCenter Large Scale Manager The Check Point SmartCenter Large Scale Manager (LSM) allows you to manage many Check Point Remote Office/Branch Office (ROBO) gateways from a single SmartCenter Server.

  • Page 70

    Accessing Nokia IP40 Security Platform Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 71: Connecting To The Internet With Nokia Ip40 Security Platform

    You must configure the Internet connection on initial operation, and reset to defaults operations. Using the Setup Wizard You can use the Setup Wizard to configure the Internet connection for Nokia IP40 Security Platform through the graphical user interface (GUI). The Setup Wizard guides you through the configuration process, step by step.

  • Page 72

    Dial-up Internet access by using V90 or ISDN T/A modems Note The IP40 Setup wizard, which you can use for basic configuration of the device, is always accessible from Setup > Firmware. You can also configure Internet connection by using this wizard.

  • Page 73

    Note If you select PPTP or PPPoE dialer, do not use dial-up software to connect to the Internet. The IP40 does the PPPoE negotiation. To use a direct LAN connection 1. Select Direct LAN from the list of Internet connection methods, and click Next.

  • Page 74: Cable Modem Connection Settings

    When you are connected, the wizard prompts you to register your details and set up your subscription options, which vary from product to product. For information about configuring device time, registering with Nokia Support Center and subscribing to additional services with the Setup wizard, see Chapter 3, “Getting Started”...

  • Page 75: Mac Cloning

    Internet connection. The Nokia IP40 takes the place of the computer behind the cable modem and you can use MAC cloning to enter the original computer MAC address without contacting the ISP to change that information.

  • Page 76: Dsl Connection Settings

    Connecting to the Internet with Nokia IP40 Security Platform 3. Do one of the following: a. Click This Computer to automatically clone the MAC address of your computer to the IP40. b. If the ISP requires authentication by using the MAC address of a different computer, enter the MAC address in the MAC cloning field.

  • Page 77

    Connected message appears. Once connected, the wizard prompts you to register your details and set up your subscription options, which vary from product to product. 4. Follow the instructions until the wizard is done, and then click Finish. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 78: Manually Configuring The Internet Setting

    DSL connection. At the end of the connection process, the Connected message appears. Manually Configuring the Internet Setting You can configure the Internet settings for your IP40 manually also. To configure the Internet connection 1. Proceed as per steps 1 and 2 in “Using the Setup Wizard”...

  • Page 79

    The Internet Setup window with a list of connection type options appears. 5. Select the Connection Type. The display changes according to the connection type you select. Perform the following procedures in accordance with the connection type you choose. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 80

    2. Enter the Host name. This field is optional. If a service center requires it, the Host Name is provided by them. 3. If you do not want the IP40 to obtain an IP address automatically by using DHCP, do the following: a.

  • Page 81

    This field is optional: some ISPs might require it, and they provide the host name. 3. Complete the remaining fields as per the information provided in the procedure “To use a direct LAN connection” on page 75. 4. Click Apply. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 82

    If your service center did not provide you with a service name, leave this text box empty. You can set the maximum transmission unit size (MTU). Nokia recommends that you leave this field empty. However, to modify the default MTU, consult with your service provider.

  • Page 83

    Manually Configuring the Internet Setting Enter the Preferred (primary) DNS server IP address. Enter the Alternate (secondary) DNS server IP address. 3. Click Apply. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 84

    The IP address of the PPTP client as given by your service provider. e. Select the PPTP client subnet as given by your service provider. You can configure the MTU size. Nokia recommends that you leave this field empty. Consult your service provider to modify the default MTU.

  • Page 85

    Server IP If you selected PPTP, type the IP address of the PPTP server as given by your ISP. Obtain IP Clear this option if you do not want the Nokia IP40 address device to obtain an IP address automatically.

  • Page 86

    Connecting to the Internet with Nokia IP40 Security Platform Table 14 Internet Connection Fields Field Action Shape Select this option to enable traffic shaper for outgoing traffic. Type lower than the Upstream a rate (in kilobits/second) slightly lower than maximum measured upstream speed of your Internet...

  • Page 87: Dial-up Ppp

    Dial-Up PPP Dial-Up PPP You can connect the Nokia IP40 Security Platform to the Internet by using a dial-up connection. The device can establish a PPP connection to an ISP by using an external modem connected to an auxiliary port. The modem can be an analog modem or an ISDN terminal adapter.

  • Page 88: Using Cli

    Connecting to the Internet with Nokia IP40 Security Platform 4. Click Apply. Dialup is configured. Using CLI To configure the dial-up by using the command line interface, log in through the console port. Dial-up mode can be enabled by using the following options available in CLI: disable—WAN connection is established regardless of any interesting traffic.

  • Page 89: Multiple Dial-up Profiles

    CLI Wizard Use the following command to configure dial-up by using the CLI wizard: wizard dialup For more information about how to use other dialup commands, see the Nokia IP40 Security Platform CLI Reference Guide, Version 2.0. Multiple Dial-up Profiles Nokia IP40 Security Platform supports 10 dial-up profiles.

  • Page 90: Using Quick Internet Connect Or Disconnect

    The Internet connection retains its connected or not connected status until Nokia IP40 is rebooted. The IP40 then connects to the Internet if the connection is enabled. For information on how to enable the Internet connection, see “Enabling or Disabling the Internet Connection”...

  • Page 91

    MAC address of IP40. Address Cloned MAC Cloned MAC address. Address Received Number of data packets received in the active connection. Packets Sent Packets Number of data packets sent in the active connection. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 92

    Connecting to the Internet with Nokia IP40 Security Platform Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 93: Managing Your Local Area Network

    IP40 to its factory settings. To reset the Nokia IP40 Security Platform to its factory default settings, choose Setup > Firmware > Tools > Factory Settings. You can also press the Reset button at the rear panel of the device.

  • Page 94: Enabling And Disabling The Dhcp Server

    Enabling and Disabling the DHCP Server Nokia IP40 Security Platform has a built-in Dynamic Host Configuration Protocol (DHCP) server that is enabled by default. This allows the IP40 to configure all the devices on your network automatically. If you have another DHCP server configured in your network, you must disable the DHCP server in your IP40 before you connect the IP40 to the network.

  • Page 95

    Enabled: enables hide NAT. Disabled: disables hide NAT. DHCP Server Options: Enabled: enables DHCP server. Disabled: disables DHCP server. Relay: forwards DHCP requests to a specified DHCP server, relays responses back to the DHCP clients. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 96: Configuring A Dmz Network

    (such as a manager’s computer) to connect to the LAN network and the accounting department. Nokia IP40 v2.0 supports DMZ as WAN2. That is, the DMZ port can now serve as a secondary WAN port. When the DMZ port is assigned to WAN2, the primary Internet connection uses the WAN port, and the secondary uses the DMZ port.

  • Page 97

    6. To enter the DHCP range manually, uncheck the Automatic DHCP Range check box. 7. Enter the DHCP range in the provided text boxes. 8. Click Apply. The DMZ network values are successfully saved. Enter the new values as required to edit the configured values. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 98: Vlan Support

    In a tag-based VLAN you use one of the gateway’s ports as a 802.1Q VLAN trunk, connecting the Nokia IP40 to a VLAN switch. Each VLAN behind the this trunk is assigned an identifying number called VLAN ID or VLAN tag. Tagging ensures that traffic is directed to the correct VLAN.

  • Page 99

    8. Enable or Disable Hide NAT. 9. Select for Automatic DHCP range. To configure manually, see “Configuring a DMZ Network” on page 98. 10. Click Apply. 11. Choose Network from the main menu. 12. Click the Ports tab. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 100

    VLAN tag. Value: 1-4095 IP Address IP address of the default gateway for VLAN network. Subnet Mask The internal network range. Automatic Select this option to obtain the DHCP range automatically. DHCP Range Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 101: Deleting A Vlan

    7. Click Apply. Configuring DHCP Relay Nokia IP40 v2.0 supports the DHCP relay feature. By using this feature, DHCP requests are forwarded to a specified DHCP server, which is located in a different subnet. This server relays the responses back to the DHCP clients.

  • Page 102

    The Edit Network Settings window opens (example window for LAN). 5. Select Relay from DHCP Server drop down menu. 6. Enter the IP address in the DHCP Relay text box. 7. Click Apply. The DHCP relay IP address for LAN/DMZ is configured. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 103: Changing Ip Addresses

    IP addresses in your network by using the IP40 Satellite X licenses. You might want to do this if, for example, you are adding the IP40 to a large existing network and do not want the network IP address range to change, or if you are using a DHCP server other than the IP40, that assigns addresses within a different range.

  • Page 104

    While specifying firewall rules to such hosts, use the internal IP address of the host. Do not use the Internet IP address to which the host IP address is mapped. To configure static NAT for a single computer 1. Choose Network from the IP40 main menu. The Internet window opens. 2. Click the Network Objects tab.

  • Page 105

    6. Enter the values in the IP Address and MAC address text boxes. To enter the IP Address and MAC address of your computer, click values of your computer, click This Computer icon. Note The VLAN network must not overlap other networks Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 106

    4. To enable static NAT, check the Perform Static NAT check box. 5. Enter the external IP range in the External IP Range text box. 6. Click Next. The Save window opens prompting for a descriptive name for the defined network object. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 107: Editing Static Nat

    Editing Static NAT The following procedure explains how to edit the configured static NAT. To edit static NAT 1. Choose Network from the IP40 main menu. The Internet window opens 2. Click Network Objects. The Network Objects window opens with the list of configured network objects .

  • Page 108: Viewing Static Nat

    IP40 supports proxy Address Resolution Protocol (ARP). When an external source attempts to communicate with a computer that has static NAT enabled, the IP40 automatically replies to ARP queries with its own MAC address, thereby enabling communication. As a result, the static NAT Internet IP addresses appear to external sources to be real computers connected to the WAN interface.

  • Page 109: Configuring Dhcp Reservation

    The static NAT is deleted. Configuring DHCP Reservation Nokia IP40 v2.0 supports DHCP reservation. By using this feature, you can ensure that the IP address that the DHCP server assigns to a particular computer is always constant. Normally a DHCP server assigns the same IP address to the computers. But when the DHCP server runs out of IP addresses and if any computer is inactive and the IP address is assigned to another computer.

  • Page 110: Deleting Network Objects

    The Network Objects window opens with the list of network objects configured. 3. Click Erase next to the network object, to delete. A confirmation message appears. 4. Click OK. The network object is deleted. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 111: Configuring Static Routes

    1. Choose Network from the main menu, and click the Routes tab. The Static Routes window opens, with a listing of existing static routes. 2. Click New Route. The Edit Route window opens. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 112

    The Edit Route window opens, displaying the destination network, subnet mask, and gateway IP of the selected route. b. Edit the fields by using the information inTable 18 on page 114. c. Click Apply. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 113: Managing Ports

    3. Click OK. The route is deleted. Managing Ports By using the web GUI, you can manage the ports of your Nokia IP40. You can now configure, edit and view the ports status by using GUI. To assign ports 1. Choose Network from the main menu.

  • Page 114

    To view ports status 1. Choose Network from the main menu. The Network window opens. 2. Click the Ports tab. 3. The Ports window opens with information about the ports and their link status. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 115: Quality Of Service

    Traffic shaper uses stateful inspection technology to access and analyze data derived from all communication layers. This data is used to classify traffic in eight user-defined quality of service classes. Traffic shaper divides the available bandwidth among the Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 116: Qos Classes

    You can also set delay sensitivity, which indicates whether connections belonging to one class should be allowed to precede the connections belonging to other classes. Nokia IP40 supports four default QoS classes and support a maximum of eight user-defined QoS classes. Note To assign traffic to the QoS classes, define an Allow or Allow and Forward firewall rule.

  • Page 117: Enabling Qos Classes

    Enabling QoS Classes By default the QoS classes are disabled in your IP40 device. You must enable the QoS classes before adding them. You can do this by enabling the traffic shaper while configuring your Internet connections. For more information about enabling the traffic shaper, see “Configuring...

  • Page 118

    Quality of Service 2. Click Add at the bottom of the window. Quality of Services Parameters page appears. 3. Enter the value for Weight. 4. Click Next. The Advanced Options page appears. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 119

    122. 6. Click Next. The Save page appears with the list of values that you configured for the class. 7. Enter a descriptive name for this class. example: very important 8. Click Finish. Nokia IP40 Security Platform User’s Guide v2.0...

  • Page 120

    Enter the value in kilobits/ second in the field provided. Select this option to limit the rate of incoming traffic belonging to Limit rate to this class. Enter the maximum rate in kilobits/second in the field provided. Nokia IP40 Security Platform User’s Guide v2.0...

Comments to this Manuals

Symbols: 0
Latest comments: