Page of 130
Download Table of ContentsContents Print This PagePrint Bookmark
IP300 Series
Security Platform
Installation Guide
Part No. N450312006 Rev A
Published September 2005

Advertising

   Also See for Nokia IP380 - Security Appliance

   Summary of Contents for Nokia IP380 - Security Appliance

  • Page 1

    IP300 Series Security Platform Installation Guide Part No. N450312006 Rev A Published September 2005...

  • Page 2

    Rights clause at FAR 52.227-19. IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services;...

  • Page 3

    Singapore 119968 Nokia Customer Support Web Site: https://support.nokia.com/ Email: tac.support@nokia.com Americas Europe Voice: 1-888-361-5030 or Voice: +44 (0) 125-286-8900 1-613-271-6721 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 050602 Nokia IP300 Series Security Platform Installation Guide...

  • Page 4

    Nokia IP300 Series Security Platform Installation Guide...

  • Page 5: Table Of Contents

    Overview ..........9 About the Nokia IP300 Series Disk-Based Appliance ..10 About the Nokia IP300 Series Flash-Based Appliance .

  • Page 6: Table Of Contents

    Using Network Voyager to Monitor an IP300 Series Appliance . 32 Using Nokia Horizon Manager ......33 Installing and Replacing Network Interface Cards .

  • Page 7: Table Of Contents

    NIC Interfaces ........112 Nokia IP300 Series Security Platform Installation Guide...

  • Page 8: Table Of Contents

    Index ..........119 Nokia IP300 Series Security Platform Installation Guide...

  • Page 9: Table Of Contents

    Figure 21 DIMM Socket Locations ..... . . 63 Figure 22 Battery Location in the Nokia IP300 Series Appliance 75...

  • Page 10

    Nokia IP300 Series Security Platform Installation Guide...

  • Page 11: About This Guide, In This Guide

    About this Guide This guide describes how to install and use the Nokia IP300 Series security platforms—Nokia IP350, Nokia IP355, Nokia IP380, and Nokia IP385. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only. This preface provides the following information:...

  • Page 12: Conventions This Guide Uses, Notices

    Conventions this Guide Uses The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions. Notices Warning Warnings advise the user that bodily injury might occur because of a physical hazard. Nokia IP300 Series Security Platform Installation Guide...

  • Page 13: Command-line Conventions

    Notes provide information of special interest or recommendations. Command-Line Conventions This section defines the elements of commands that are available in Nokia Network Security Solutions products. You might encounter one or more of the following elements on a command-line path.

  • Page 14

    ( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown. Single quotation marks are literal symbols that you must enter as shown. Nokia IP300 Series Security Platform Installation Guide...

  • Page 15: Text Conventions

    • Emphasizes a point or denotes new terms at the Italics place where they are defined in the text. • Indicates an external book title reference. • Indicates a variable in a command: delete interface if_name Nokia IP300 Series Security Platform Installation Guide...

  • Page 16: Related Documentation

    Related Documentation The documentation set for the Nokia IP300 Series security platform consists Getting Started Guide and Release Notes for the version of Nokia IPSO you are using Nokia IP300 Series Security Platform Installation Guide (this document) Nokia Network Voyager inline help feature, and Nokia Network Voyager...

  • Page 17: Overview

    Overview This guide describes the installation and use of the Nokia IP300 Series appliances–the IP350 and IP380 disk-based appliances and the IP355 and IP385 flash-based appliances. Most of the information for how to use these appliances is the same. Where differences exist between different IP300 platforms, they are noted in the documentation.

  • Page 18: About The Nokia Ip300 Series Disk-based Appliance

    512 MB. The IP380 appliance supports a minimum memory configuration of 256 MB, and a maximum memory configuration of 1 GB. The Nokia IP300 Series appliance provides built-in hardware-based encryption acceleration. The IP380 appliance also supports an optional encryption accelerator card to further enhance VPN performance.

  • Page 19: About The Nokia Ip300 Series Flash-based Appliance

    Appliance Both the IP355 and the IP385 share the same one-rack unit (1 RU) size. The Nokia IP355 and IP385 flash-based appliances support the same cards as IP350 and IP380 appliances. Both flash-based appliances have a maximum memory size of 1GB.

  • Page 20: Managing The Ip300 Series Appliance

    “Accessing Nokia Network Voyager” on page 30. The IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Nokia IP security platforms from the command line. Everything that you can accomplish with Network Voyager—manage, monitor, and configure the IP300 Series appliance—...

  • Page 21: About The Ip300 Series Appliance, Figure 1 Component Locations Front View

    About the IP300 Series Appliance For information about how to access the CLI, see the Nokia CLI Reference Guide for the version of Nokia IPSO you are using. Nokia Horizon Manager—a secure GUI-based software image management application. With Horizon Manager, you can securely install and upgrade the Nokia IPSO operating system, plus hardware and third- party applications such as Check Point FireWall-1 for Nokia.

  • Page 22: Ethernet Management Ports, Figure 2 Component Locations Rear View, Figure 3 Ethernet Management Ports Details

    Figure 3 Ethernet Management Ports Details Activity LED (yellow) Link LED (green) RJ-45 connectors 00120 Caution Cables that connect to the Ethernet ports must be IEEE 802.3 compliant to prevent potential data loss. Nokia IP300 Series Security Platform Installation Guide...

  • Page 23: Built-in Console Port

    Nokia recommends the use of shielded twisted-pair cables and connectors for best Electromagnetic Interference and Immunity performance. The IP300 Series appliance includes two PMC (PCI mezzanine card) expansion slots for Nokia supported network interface cards. For more information, see “Four-Port and Two-Port 10/100 Mbps Ethernet Interface, PMC”...

  • Page 24: Figure 4 Pin Assignments For Console Connection

    Overview Figure 4 Pin Assignments for Console Connection Pin# Assignment Input/Output Input Input Output Output 700001 Input Output Input Output Nokia IP300 Series Security Platform Installation Guide...

  • Page 25: Built-in Aux Port, Figure 5 Pin Assignments For Modem Connection

    5 (GND) 7 (GND) 5 (GND) 6 (DSR) Input 6 (DSR) 4 (DTR) 7 (RTS) Output 4 (RTS) 1 (DCD) 8 (CTS) Input 5 (CTS) 1 (DCD) 9 (RI) Output 22 (RI) 4 (DTR) Nokia IP300 Series Security Platform Installation Guide...

  • Page 26: Status Leds, Figure 6 Appliance Status Leds

    Unit is experiencing an internal Voltage problem Blinking The unit is experiencing a temperature problem Solid red One or more fans are not operating properly, or a 5V, 3.3V, or 12V fuse is blown Nokia IP300 Series Security Platform Installation Guide...

  • Page 27: Site Requirements, Product Disposal

    Two-Port 10/100 Mbps Ethernet Interface, PMC” on page 46. Site Requirements Before you install a Nokia IP300 Series appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.” Product Disposal...

  • Page 28

    Do not use the product near water. Caution Do not place objects over the ventilation holes on the IP350 or IP380 appliance. The components might overheat and become damaged. Nokia IP300 Series Security Platform Installation Guide...

  • Page 29: Software Requirements

    6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use. Software Requirements The Nokia IP300 Series appliance supports the following operating system and applications: Operating System Requirements—IPSO v3.5.1, v3.7 and later. Flash- based appliances require IPSO v3.9 or later.

  • Page 30

    Overview Nokia IP300 Series Security Platform Installation Guide...

  • Page 31: Installing The Appliance, Rack Mounting The Appliance

    Installing the Appliance This chapter describes how to install the Nokia IP300 Series appliance. The following topics are covered: Rack Mounting the Appliance Connecting Power and Turning the Power on Connecting Network Interfaces Caution Protect your IP300 Series appliance and other electronic equipment from static discharge by making sure you are properly grounded before you touch any electronic components.

  • Page 32: Figure 7 Mounting Screws Location, Figure 8 Adjustable Mounting Brackets

    Installing the Appliance Note To avoid damaging your equipment, Nokia recommends that you use all four rack-mounting bolts when you install your appliance on the rack. Figure 7 Mounting Screws Location Mounting Screw Slots You can relocate the mounting brackets as...

  • Page 33: Connecting Power And Turning The Power On, Figure 9 Back Panel Power Switch

    2. Plug the other end of the cord into a three-wire grounded power strip or wall outlet. 3. Press the power switch to the “on” position to turn on power to the appliance. Nokia IP300 Series Security Platform Installation Guide...

  • Page 34: Connecting Network Interfaces

    The fan unit on the power supply turns on when you press the power switch. Verify that the fans are running after you press the switch. Check the power LED on the front panel of the appliance (the Nokia logo) to ensure that the power supply is operating correctly. The power LED should be illuminated.

  • Page 35: Performing The Initial Configuration

    Performing the Initial Configuration The first time you turn power on to a Nokia IP300 Series appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways.

  • Page 36: Using A Console Connection To Perform The Initial Configuration

    If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable. Console port For cable pin assignments for the console connection, see “Built-in Console Port” on page 15. Nokia IP300 Series Security Platform Installation Guide...

  • Page 37

    BOOTMGR> Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3.

  • Page 38: Accessing Nokia Network Voyager

    Enter. For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Nokia software release you are running. 4. After you complete the initial configuration, you can use Network Voyager to configure the remaining network ports.

  • Page 39: Accessing Network Voyager Reference Information, Figure 10 Network Voyager Reference Access Points

    Accessing Network Voyager Reference Information As you use Network Voyager, the Nokia Network Voyager Reference Guide and Network Voyager inline help are available for you to use. You can access both information sources from the Network Voyager interface, Figure 10 shows.

  • Page 40: Using Network Voyager To Monitor An Ip300 Series Appliance

    The Nokia Network Voyager Reference Guide is the reference source for Voyager. To access this source, click Doc. You can also access the Nokia Network Voyager Reference Guide at the Nokia support site (https://support.nokia.com) or on the CD that was delivered with your IP300 Series appliance.

  • Page 41: Using Nokia Horizon Manager

    Using Nokia Horizon Manager Using Nokia Horizon Manager You can use Horizon Manager to install and upgrade the Nokia proprietary IPSO operating system. For information about how to obtain Horizon Manager, see the “Nokia Contact Information” on page Nokia IP300 Series Security Platform Installation Guide...

  • Page 42

    Performing the Initial Configuration Nokia IP300 Series Security Platform Installation Guide...

  • Page 43: Installing And Replacing Network Interface Cards

    “Connecting PMC Network Interface Cards.” Caution You should have a working knowledge of networking equipment before attempting to service an IP300 Series appliance. Limit service of the unit to the procedures described in this chapter. Nokia IP300 Series Security Platform Installation Guide...

  • Page 44: Deactivating Configured Interfaces, Removing, Installing, And Replacing Nics

    Use these instructions to remove, install, or replace a NIC in the IP300 Series appliance. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure. Nokia IP300 Series Security Platform Installation Guide...

  • Page 45: Before You Start

    Removing, Installing, and Replacing NICs Before You Start To remove, install, or replace a Nokia network interface card, you need the following: A Phillips-head screwdriver Physical access to the appliance Access to the appliance by using Nokia Network Voyager or the CLI...

  • Page 46

    2. Use your fingers or a screwdriver to loosen the retaining screws that hold the chassis assembly. Chassis assembly retaining screws 3. Gently pull the chassis assembly forward to expose the NIC connectors. Remove the tray completely to avoid damaging components. 00252a Nokia IP300 Series Security Platform Installation Guide...

  • Page 47

    5. From above the chassis assembly, remove the NIC retaining screws from the back of the NIC. 00255a Nokia IP300 Series Security Platform Installation Guide...

  • Page 48

    Note To reduce electromagnetic interference (EMI), a blank bezel needs to be installed in the place of any NIC you have removed. b. Proceed to step Nokia IP300 Series Security Platform Installation Guide...

  • Page 49

    Make sure that the NIC edge is completely seated into the connectors on the chassis assembly. 8. From the top of the chassis assembly, screw the NIC retaining screws into the standoffs on the back of the NIC. 00255b Nokia IP300 Series Security Platform Installation Guide...

  • Page 50

    Installing and Replacing Network Interface Cards 9. From beneath the chassis assembly, screw in the bezel retaining screws. 00254a 10. Insert and close the chassis assembly until it clicks into place. 00252c Nokia IP300 Series Security Platform Installation Guide...

  • Page 51: Configuring And Activating Interfaces, Monitoring Network Interface Cards

    Use Network Voyager to access detailed port information. For information about accessing Network Voyager, see “Accessing Nokia Network Voyager” on page 30. You can also use the IPSO tcpdump command to examine the track on a specific port. Nokia IP300 Series Security Platform Installation Guide...

  • Page 52

    Installing and Replacing Network Interface Cards Nokia IP300 Series Security Platform Installation Guide...

  • Page 53: Connecting Pmc Network Interface Cards

    “Installing and Replacing Network Interface Cards.” Caution Protect your IP300 Series appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any electronic component. Nokia IP300 Series Security Platform Installation Guide...

  • Page 54: Four-port And Two-port 10/100 Mbps Ethernet Interface, Pmc, Ethernet Pmc Nic Features

    Interface, PMC Every IP300 Series appliance has four built-in dual-mode 10-Mbps and 100- Mbps ports. Additionally, the appliance supports Nokia-approved, two-port UTP5 dual-mode 10-Mbps and 100-Mbps Ethernet NICs. When you purchase an Ethernet NIC with your IP300 Series appliance, the NIC is installed before the appliance is delivered to you.

  • Page 55: Connectors And Cables, Figure 12 Two-port Ethernet Nic Front Panel Details

    To connect to a 10-Mbps or 100-Mbps hub, use a straight-through RJ-45 cable. To connect directly to a host, use an RJ-45 crossover cable. Use IEEE 802.3 10BASE-T, 100BASE-TX unshielded twisted-pair, full- duplex or half-duplex cable. Nokia IP300 Series Security Platform Installation Guide...

  • Page 56: Figure 13 Output Connector For The Ethernet Cable

    Figure 13 Output Connector for the Ethernet Cable Pin# Assignment 00270 Figure 14 shows the pin assignments for the RJ-45 cross-over cable. Nokia IP300 Series Security Platform Installation Guide...

  • Page 57: Two-port V2 Gigabit Ethernet Card, Pmc, Copper, Figure 14 Ethernet Crossover-cable Pin Connections

    Two-Port V2 Gigabit Ethernet Card, PMC, Copper All NICs installed in a Nokia IP300 Series platform are installed into slots on the appliance. Ethernet NICs can occupy any of the slots or subslots in an appliance that other I/O cards do not occupy.

  • Page 58: Figure 15 Two-port V2 Gigabit Ethernet Nic, Copper, Connectors And Cables

    Connecting PMC Network Interface Cards Figure 15 shows the front panel details for the two-port V2 copper Gigabit Ethernet NIC you use in the Nokia IP300 Series appliance. Figure 15 Two-Port V2 Gigabit Ethernet NIC, Copper Link LEDs (green or yellow)

  • Page 59: Figure 16 Ethernet Cable Connector Output Pin Assignments

    Figure 16 Ethernet Cable Connector Output Pin Assignments Gigabit Ethernet 10/100 Mbps Pin# Assignment Assignment 00270 BI_DA+ BI_DA- BI_DB+ BI_DC+ BI_DC- BI_DB- BI_DD+ BI_DD- To connect directly to a host, use an RJ-45 crossover cable wired as Figure 18 shows. Nokia IP300 Series Security Platform Installation Guide...

  • Page 60: Two-port Gigabit Ethernet Card, Pmc, Fiber, Figure 17 Gigabit Ethernet Crossover Cable Pin Connections

    All NICs installed in the IP300 Series appliance are installed into slots on the appliance. Ethernet NICs can occupy any of the slots or subslots in an appliance that other I/O cards do not occupy. Nokia IP300 Series Security Platform Installation Guide...

  • Page 61: Figure 19 Two-port Gigabit Ethernet Nic, Fiber, Connectors And Cables

    (PICMG) cPCI specification v2 Compliance with IEEE 802.3z Gigabit Ethernet specification You can configure and monitor Ethernet interfaces with Nokia Network Voyager, the Web-based element management interface to Nokia IP security platforms. Specifically, you set the port speed and full-duplex mode with Network Voyager.

  • Page 62

    You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port. Two LC-to-SC cables are included with two-port fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice. Nokia IP300 Series Security Platform Installation Guide...

  • Page 63: Installing And Replacing Other Components

    “Installing and Replacing Network Interface Cards” Caution You should have a working knowledge of networking equipment before attempting to service an IP300 Series appliance. Limit service of the appliance to the procedures described in this chapter. Nokia IP300 Series Security Platform Installation Guide...

  • Page 64: Installing A Pcmcia Modem, Before You Start

    The IP300 Series appliance supports a PCMCIA modem card that allows you to set the country code through Network Voyager. For information about the country codes, see the Nokia Network Voyager Reference Guide. Note The IP300 Series appliance supports PCMCIA modems. Nokia supports only Nokia-supplied modems.

  • Page 65: Replacing A Hard-disk Drive

    The following figure shows the location of the hard- disk drive on the motherboard. Note Back up your files to a remote system on a regular basis. For back up and restore procedures, see the IPSO release notes. Nokia IP300 Series Security Platform Installation Guide...

  • Page 66: Figure 20 Hard-disk Drive Location, Before You Start

    Figure 20 Hard-Disk Drive Location Hard-disk drive 00253 Note The hard-disk drive must contain the IPSO partitions and boot loader before installation. For further information, contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3. Before You Start...

  • Page 67

    Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord. Nokia IP300 Series Security Platform Installation Guide...

  • Page 68

    4. From the bottom of the chassis assembly, remove the retaining screws that hold the hard-disk drive unit. 00261 5. Gently remove the hard-disk drive from the motherboard, taking care not to damage the connector. 6. Insert the new hard-disk drive unit. 00262 Nokia IP300 Series Security Platform Installation Guide...

  • Page 69

    7. Tighten the retaining screws that holds the hard-disk drive into place. 00261 8. Slide the chassis assembly back into the appliance until it clicks into place. 00252c Nokia IP300 Series Security Platform Installation Guide...

  • Page 70: Replacing Or Upgrading Memory

    The IP350 and IP380 come with different memory configurations. Contact Nokia customer support for more information on the supported memory configurations. Note Nokia recommends that you obtain memory kits only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information”...

  • Page 71: Figure 21 Dimm Socket Locations, Before You Start

    Before You Start To upgrade or replace the memory in your appliance, you need the following: Physical access to the appliance Nokia memory upgrade kit and accompanying documentation Network or console access to the appliance Caution To protect the IP300 Series appliance and the memory modules from electrostatic discharge (ESD), make sure you are properly grounded before you touch these components.

  • Page 72: Adding Or Replacing Dimms

    IP380 appliance. To use the CLI or IPSO shell, simply enter halt For information about accessing Network Voyager, see “Accessing Nokia Network Voyager” on page 30. 2. Loosen the two front panel retaining screws. Chassis assembly retaining screws Nokia IP300 Series Security Platform Installation Guide...

  • Page 73

    You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins. 5. The memory DIMMs are keyed to prevent improper insertion. Press the new DIMM into the socket until it clicks into place. Nokia IP300 Series Security Platform Installation Guide...

  • Page 74

    DIMM. 00264 The retaining clips move into the lock position as you press the DIMM into place. 6. Slide the chassis assembly back into the appliance until it clicks into place. 00252c Nokia IP300 Series Security Platform Installation Guide...

  • Page 75: Installing An Encryption Accelerator Card

    VPN performance. No hardware configuration is required for the encryption accelerators. The built-in hardware encryption accelerators are enabled by default on both appliances. Installing the optional encryption accelerator card on the IP380 Nokia IP300 Series Security Platform Installation Guide...

  • Page 76

    A disposable wrist strap (included in packaging) Warning To help guard against electrostatic discharge damage, follow the instructions on the wrist strap envelope before you handle the encryption accelerator card or open the appliance. Nokia IP300 Series Security Platform Installation Guide...

  • Page 77: Installing The Card

    Installing an Encryption Accelerator Card Installing the Card 1. Use Nokia Network Voyager, the CLI, or the IPSO shell to halt the appliance. To use the CLI or IPSO shell, simply enter halt 2. Loosen the two front-panel retaining screws.

  • Page 78

    The two sets of connectors should be aligned with each other. The four screw holes and four standoffs should also be aligned with one another. 6. Push down on the card until it is properly seated on the motherboard. Nokia IP300 Series Security Platform Installation Guide...

  • Page 79

    Chassis assembly retaining screws Reseating the chassis assembly automatically restores power to the appliance. 12. Configure your software to use hardware acceleration. For more information, see “Configuring Software to Use Hardware Acceleration.” Nokia IP300 Series Security Platform Installation Guide...

  • Page 80: Configuring Software To Use Hardware Acceleration

    4. At Hardware Device Configuration, click On. 5. Click Apply to enable the card. You can also monitor Nokia encryption accelerator card interfaces by using Nokia Network Voyager. For more information about accessing Nokia Nokia IP300 Series Security Platform Installation Guide...

  • Page 81: Replacing The Battery, Before You Start

    Replacing the Battery Network Voyager and locating relevant reference materials, see the Nokia Voyager Reference Guide. Replacing the Battery The section provides instructions for replacing the motherboard battery in Nokia IP300 Series appliance. Before You Start To replace the battery, you need the following:...

  • Page 82

    To install the battery, perform the following tasks 1. Locate the battery on the motherboard. The battery is in a black battery holder secured with a battery retaining pin. Figure 22 shows the battery location in the IP300 Series appliance. Nokia IP300 Series Security Platform Installation Guide...

  • Page 83: Figure 22 Battery Location In The Nokia Ip300 Series Appliance

    Replacing the Battery Figure 22 Battery Location in the Nokia IP300 Series Appliance 00459 2. Remove the old battery. Use a small nonconductive device, such as a plastic probe, to slide the battery out of the battery holder through the cutout in the holder.

  • Page 84

    The appliance should start up normally with the new battery installed. If it does not, repeat this procedure. If the appliance does not start up normally after that, contact your Nokia service provider. 5. Reset the appliance date and time information using Network Voyager or...

  • Page 85: Installing Pc Cards, Before You Begin

    This chapter includes information about how to install flash-memory PC cards in your IP300 Series appliance. You can use the flash-memory PC card to store local system logs, Nokia IPSO images, and configuration files. The IP300 Series appliance supports storage space of 512 MB or higher. The IP300 Series appliance has two PCMCIA slots that can support a flash- memory PC card having a capacity of 1 GB or higher.

  • Page 86: Installing A Flash-memory Pc Card, Storing System Logs On The Flash-memory Pc Card

    Storing System Logs on the Flash-Memory PC Card You can use the flash-memory PC card to store system log messages. Use Nokia Network Voyager to configure the flash-memory PC card as an optional disk. After you reboot the Nokia IP300 Series appliance, use Network Voyager to configure system logging options.

  • Page 87: Transferring Files With The Flash-memory Pc Card

    Transferring Files with the Flash-Memory PC Card You can copy configuration files between the internal compact flash memory and the flash-memory PC card. If you do not use Nokia Network Voyager to configure the flash-memory PC card as an optional disk, you must mount the...

  • Page 88

    PC card. To transfer Nokia IPSO images or configuration files to the flash- memory PC card: 1. Insert the flash-memory PC card into the IP300 Series appliance.

  • Page 89: Using The Boot Manager

    Protecting the Boot Manager with a Password Installing the Boot Manager Upgrading the Boot Manager The Nokia IP300 Series appliance incorporates a boot manager on disk to control the boot-up process. The boot manager allows you to perform a number of tasks, including the following:...

  • Page 90: Variables

    Factory default: yes. bootwait The amount of time, in seconds, that the boot manager waits for input during a boot up when autoboot is set to yes. Factory default: five seconds. Nokia IP300 Series Security Platform Installation Guide...

  • Page 91

    Single-User Mode: If the console is marked as insecure, you must enter the root password to access the manager. Verbose Mode: Verbose during device probing and thereafter. boot-device: This is the device from which the boot-file loads. Factory default: Options: (hard disk). Nokia IP300 Series Security Platform Installation Guide...

  • Page 92: Viewing The Variables And Other System Parameters

    The command has the following syntax: printenv For example: BOOTMGR[93]> printenv Bootmgr Revision: 3.3,base kernel=3.5.1- 06.12.2002- 080000 autoboot: YES testboot: NO bootwait: 0 boot-file: boot-flags: boot-device: vendor: Nokia model: IP Nokia IP300 Series Security Platform Installation Guide...

  • Page 93

    0:20:30:0:11:4 speed 10M full duplex eth2: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:20:30:0:11:5 speed 10M full duplex eth3: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:20:30:0:11:6 speed 10M full duplex eth4: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:20:30:0:11:7 speed 10M full duplex Nokia IP300 Series Security Platform Installation Guide...

  • Page 94: Setting The Variables

    For example: BOOTMGR[2]> setenv autoboot yes sets the value of to be yes. autoboot Nokia IP300 Series Security Platform Installation Guide...

  • Page 95

    Use the command to set an alias. The command has the following setalias syntax: setalias name device where name is the alias name, and device the device for which name is the alias. Nokia IP300 Series Security Platform Installation Guide...

  • Page 96: Other Commands

    The command has the following halt syntax: halt help Use the command to display a list of the available commands. The help command has the following syntax: help Nokia IP300 Series Security Platform Installation Guide...

  • Page 97: Booting The System, Using The Boot Manager To Install Ipso

    Using the Boot Manager to Install IPSO Use the install command to install IPSO. The syntax of the command is: install For complete installation procedures, refer to the appropriate version of release notes. Nokia IP300 Series Security Platform Installation Guide...

  • Page 98: Protecting The Boot Manager With A Password

    The password you enter gives you access to the install command in boot manager, not access to IPSO. To set a password 1. At the boot manager command prompt enter: BOOTMGR[0]> passwd program prompts you for your current password. passwd Nokia IP300 Series Security Platform Installation Guide...

  • Page 99: Installing The Boot Manager

    The program prompts you to reenter the new password for verification. 4. Enter the new password again. Note If you forget your install password, contact the appropriate Nokia Customer Support site as listed in “Nokia Contact Information” on page 3 for information on how to set a new one.

  • Page 100: Upgrading The Boot Manager

    To upgrade the boot manager 1. Get the upgraded boot manager image from the appropriate Nokia customer support site as listed in the Nokia Contact Information section at the front of this guide. 2. Start the IP300 Series appliance in single-user mode.

  • Page 101

    The command upgrades the boot manager with the new image ), writing it into the hard-disk drive ( ). The upgrade takes nkipflash some time to complete. Do not interrupt the upgrade process. Nokia IP300 Series Security Platform Installation Guide...

  • Page 102

    Using the Boot Manager Nokia IP300 Series Security Platform Installation Guide...

  • Page 103: Troubleshooting, General Troubleshooting Information

    Problem You do not have a console connection to the IP300 Series appliance. Solution For information about how to create a console connection, “Using a Console Connection to Perform the Initial Configuration” page 28. Nokia IP300 Series Security Platform Installation Guide...

  • Page 104

    3. Problem Database is corrupt. Solution Return to default settings according to the instructions included in the instructions for resetting the default password, or contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.

  • Page 105

    The two double quotation marks at the end of the command properly indicate a blank password. After you execute this command, the system reports that the password was not successfully changed. However, the password is changed and is now newpassword. Nokia IP300 Series Security Platform Installation Guide...

  • Page 106

    For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Nokia customer support Web site as listed in the “Nokia Contact Information”...

  • Page 107

    Do Not See Interfaces that Should be Present Problem Local IP300 Series appliance ports do not appear. Solution Your NIC might be defective. Contact the appropriate Nokia customer support site as listed in “Nokia Contact Information”...

  • Page 108

    Use tcpdump to verify that a packet is leaving or entering a port. Problem Interfaces not up. Solution Ensure that all interfaces are up and active, as described in Chapter 3, “Performing the Initial Configuration.” Nokia IP300 Series Security Platform Installation Guide...

  • Page 109

    4. Click Delete for the entry you want to delete. 5. Click Apply. Problems with Multicast Use tcpdump to view packets. To display packets for a specific interface, use the following command: tcpdump . For more -i interface proto igmp Nokia IP300 Series Security Platform Installation Guide...

  • Page 110

    Troubleshooting information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide. Under Routing Options in the Routing Configuration section in Network Voyager, you can also enable several types of trace options for DVMRP. These traces are logged into /var/tmp/ipsrd.log...

  • Page 111

    Solution Set encapsulation to LLC/SNAP. Consult your 1483 device documentation. Problem The MTU size is not 1500. Solution The MTU size must be 1500. Nokia does not support larger MTU sizes. Appliance Not Receiving Power Problem Power cord is not properly plugged in.

  • Page 112

    Troubleshooting Appliance locks up after you upgrade Nokia IPSO with a console connection. No error messages appear, but the appliance stops responding to console and network. Problem During the upgrade process, some of the environment variables might not have updated correctly.

  • Page 113: Troubleshooting Routing Problems

    ICLID (IPSRD command-line interface daemon) command. An example use of the ICLID command is shown below. For information about the ICLID command, see the Nokia Network Voyager Reference Guide. For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager”...

  • Page 114

    0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111 In addition, several trace options are available. You can enable these options under the routing options in Network Voyager. When a trace is enabled the output appears in /var/tmp/ipsrd.log. Nokia IP300 Series Security Platform Installation Guide...

  • Page 115

    -i interface proto ospf For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide. Under routing options in Network Voyager, you can also enable several types of trace options for OSPF.

  • Page 116

    -i interface proto rip For more information about how to use the tcpdump command, see the Nokia Network Voyager Reference Guide. Under routing options in Network Voyager, you can also enable several types of trace options for routing information protocol (RIP).

  • Page 117

    Problem Routing protocol is not functioning properly. Solution to ensure that each routing protocol is functioning properly, see “Common Problems with OSPF” on page 107 and “Common Problems with RIP” on page 108. Nokia IP300 Series Security Platform Installation Guide...

  • Page 118

    Troubleshooting Nokia IP300 Series Security Platform Installation Guide...

  • Page 119: A Technical Specifications, Physical Dimensions, Space Requirements

    1.75 inches (4.45 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the IP300 Series appliance to allow the back exit fan to move air through the appliances Nokia IP300 Series Security Platform Installation Guide...

  • Page 120: Nic Interfaces

    IEEE 802.32 Gigabit Ethernet Ethernet Multimode Fiber Two-port V2 Copper Gigabit Straight-through RJ-45 cable RJ-45 Ethernet (Category 5 type) or crossover cable; in some cases, shielded Category 5 Ethernet cable to meet Class B emissions standards Nokia IP300 Series Security Platform Installation Guide...

  • Page 121: B Compliance Information, Declaration Of Conformity

    This appendix contains the following compliance information: Declaration of Conformity Compliance Statements FCC Notice (US) Declaration of Conformity According to ISO/IEC Guide 22 and EN 45014: Manufacturer’s Name: Nokia Inc. Manufacturer’s Address: 313 Fairchild Drive Mountain View, CA 94043-2215 Nokia IP300 Series Security Platform Installation Guide...

  • Page 122

    EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3 Supplementary information: Pursuant to directive 1999/5/EC this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/336/EEC with Amendment 93/68/EEC. Nokia IP300 Series Security Platform Installation Guide...

  • Page 123: Compliance Statements

    Mountain View, CA Compliance Statements This hardware complies with the standards listed in this section. Emissions Standards FCC Part 15 Subpart B Class A US/Canada EN55022 (CISPR 22 Class A) European Community (CE) Nokia IP300 Series Security Platform Installation Guide...

  • Page 124: Fcc Notice (us)

    This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction, may cause harmful interference to radio communications. However, there is no Nokia IP300 Series Security Platform Installation Guide...

  • Page 125

    Consult the dealer or an experienced radio/TV technician for help. Caution Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. 050324 Nokia IP300 Series Security Platform Installation Guide...

  • Page 126

    Compliance Information Nokia IP300 Series Security Platform Installation Guide...

  • Page 127: Index

    83 Gigabit Ethernet network interface cards 53 bootwait variable 82 console cable 28 built-in console port 15 copper two-port V2 Gigabit Ethernet network interface card 50 cable output connector 112 Nokia IP300 Series Security Platform Installation Guide Index - 119...

  • Page 128

    LEDs 18 disabling 78 secondary status 19 transferring files 79 status 18 flash-memory PC cards 77 line cards 10, 12 four-port Ethernet network interface card 46 ls command 86 Index - 120 Nokia IP300 Series Security Platform Installation Guide...

  • Page 129

    Nokia Horizon Manager 13 safety standards 114 Nokia IPSO version 11, 12 secondary status LEDs 19 null-modem cable 28 serial number 114 setalias command 87 set-defaults command 87 setenv command 86 Nokia IP300 Series Security Platform Installation Guide Index - 121...

  • Page 130

    Gigabit Ethernet network interface card, fiber 53 two-port V2 Gigabit Ethernet network inter- face card, copper 50 unsetalias command 88 unsetenv command 87 upgrading memory 62 variables 82 autoboot 82 Index - 122 Nokia IP300 Series Security Platform Installation Guide...

This manual also for:

Ip385 - security appliance

Comments to this Manuals

Symbols: 0
Latest comments: