IP40 Version 1.0 Appliance User’s Guide N450916001 Rev A October 2003...
IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services;...
Nokia Customer Support Web Site: https://support.nokia.com/ Email: email@example.com Americas Europe Voice: 1-888-361-5030 or Voice: +44 (0) 125-286-8900 1-613-271-6721 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 021216 Nokia IP40 User Guide...
Nokia IP40, see the Nokia IP40 Quick Start Guide and the IP40 Online Help that is part of the graphical user interface (GUI) in the device. Installation and maintainance should be performed by experienced technicians or Nokia- approved service providers only.
Event Log, Active Computers, Active Connections, and VPN Tunnels. Chapter 13, “Working with VPNs,” explains how to configure a VPN by using the IP40. Chapter 14, “Using Managed Services,” describes methods for enabling and using subscription services such as Web filtering, email antivirus, and automatic and manual updates.
Conventions This Guide Uses Command-Line Conventions This section defines the elements of commands that are available in Nokia products. You might encounter one or more of the following elements on a command-line path. Table 1 Command-Line Conventions Convention Description command...
• Indicates an external book title reference. • Indicates a variable in a command: delete interface if_name Menu Items Nokia IP40 menu items in procedures are separated by the greater than sign. Nokia IP40 User Guide...
Related Documentation For example, Start > Programs > Nokia > Security indicates that you first click Start, then choose the Programs menu command, then choose Nokia, and finally choose Security Related Documentation In addition to this guide, documentation for this product includes the following: Nokia IP40 Quick Start Guide—Provides a description of the system features and an...
Point FireWall-1 Stateful Inspection technology, inspects and filters all incoming and outgoing traffic, blocking all unauthorized traffic. The IP40 is a hardware appliance and is easy to install. It allows you to share your Internet connection among several computers, other network devices and enables advanced home and office networking, besides providing protection for your entire network.
Introduction Nokia IP40 Tele 8 The IP40 Tele 8 is for home telecommuters and work extenders who also need VPN client access. The IP40 Tele 8 supports both firewall and VPN client capabilities over an eight-node network. The appliance supports VPN client capabilities for users to connect to the central office from their home with firewall protection, extending the enterprise network to the employees’...
About the Nokia IP40 Table 3 Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) DHCP client Backup Internet connection, static NAT, static routes Firewall Table 4 Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) Based on Check Point...
IPSEC VPN site-to-site gateway IPSEC VPN remote access client VPN pass through X.509 certificates SecuRemote server RADIUS support DAIP with VPN certificates Backup VPN gateways SmartCenter Connector (SSC) NG AI support Bypass NAT Route all traffic Nokia IP40 User Guide...
About the Nokia IP40 Table 5 Nokia IP40 Satellite Feature Nokia IP40 Tele8 (16/32/Unlimited) Multiple PPP connections Active tunnels Management Table 6 Nokia IP40 Satellite Feature Nokia IP40 Tele 8 (16/32/Unlimited) Web-based management Access to IP40 through OOB, SSH and SNMP...
A country specific power cord for universal power supply An Ethernet-crossover cable, labeled Crossover An RS-232 console (null modem) cable The IP40 CD. The IP40 CD includes the following documents needec to set up and use the device: Quickstart Guide...
Navigator 4.7 or higher. Appliance Overview The following sections provide an overview of your device’s rear and front panels. IP40 Rear Panel All physical connections (network and power) to the IP40 are made through the rear panel. Nokia IP40 User Guide...
Appliance Overview Figure 1 Rear View of Nokia IP40 CONSOLE AUXILIARY POWER 00409 The items on the rear panel of the IP40 are explained in Table 1. Table 9 Rear Panel of the IP40 Label Description Power A power jack used for supplying power to the device.
Introduction IP40 Front Panel You can monitor the IP40 operations by viewing the LEDs on the front panel. Figure 2 Front Panel of Nokia IP40 00418 The items on the front panel of the IP40 are explained in Table 2.
Installing the Nokia IP40 Installing the Nokia IP40 This chapter describes how to set up and install the Nokia IP40 in a networking environment. The chapter covers the following topics: “Before You Install the Nokia IP40” on page 27 “Setting Up Nokia IP40 with Microsoft Windows 98 or Millennium Operating Systems”...
Installing the Nokia IP40 To check for TCP/IP Installation 1. Choose Start > Settings > Control Panel. The Control Panel window appears. 2. Double click the Network icon. The Network window appears. 3. In the Network window, check if TCP/IP appears in the network components list and if it is already configured with the Ethernet card installed on your computer.
5. Restart your computer if prompted. To make TCP/IP Settings If you are connecting the IP40 to an existing LAN, consult your network manager/system administrator for the correct configuration. 1. In the Network window, double-click the TCP/IP Service for the Ethernet card on your computer.
Installing the Nokia IP40 2. Click the Gateway tab and remove any installed gateways. 3. Click the DNS Configuration tab and click Disable DNS radio button. 4. Click the IP Address tab, and click Obtain an IP address automatically radio button.
Before You Install the Nokia IP40 Note Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static IP address to your computer. To assign a static IP address, select Specify an IP address and enter an IP address in the range of 192.168.10.129 to 254. Enter 255.255.255.0 as the Subnet Mask.
Installing the Nokia IP40 2. Double click the Network and Dial-up Connections icon (Network Connections icon from Windows XP). The Network and Dial-up Connections window appears. 3. Right-click the Local Area Connection icon and select Properties from the drop-down menu.
Before You Install the Nokia IP40 4. Check for TCP/IP in the Component list and whether it is configured with the Ethernet card installed on your computer. If TCP/IP does not appear in the Components list, install it as described in the following section.
2. Select Obtain an IP address automatically. Note Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static IP address to your computer. To assign a static IP address, select Specify an IP address and...
1. Click Obtain DNS server address automatically. 2. Click OK to save the new settings. Your computer is now ready to access your IP40. Setting up Nokia IP40 with an Apple Computer Use the following procedure to set up the TCP/IP protocol: To make TCP/IP settings 1.
Installing the Nokia IP40 Installing Your Network Plan your network and the location of the IP40, then install your network. To install the network 1. Connect the LAN cable: Connect one end of the Ethernet cable to the LAN port at the back of the unit.
Note The IP40 ships without a password defined. If you are logging in for the first time, you will be prompted to define the password by entering it twice. If you have already logged in before, enter the username and password you previously defined.
Setup on the navigation bar and click Password. Configuring Nokia IP40 for Internet Connection This section provides information on making the initial settings for your IP40 using the Setup Wizard and connecting to Internet. To connect to Internet from Nokia IP40 1.
Making Initial Nokia IP40 Settings For more information Chapter 5, “Configuring the IP40 for Internet Connection.” Note Refer to Chapter 5 for information on connecting to the Internet. Making Initial Nokia IP40 Settings Once you exit the Internet Connection Method wizard, you will be prompted for setting the device time.
If you select Your computer’s clock, the IP40 is automatically updated with the time settings of your computer. b. If you click Keep the current time, the IP40 retains its current time settings. No changes to the time settings are made.
Click on Finish to exit the Set Time Wizard Registering with Nokia Support Site. You can register with Nokia Support Site once you have made your time settings. The following dialog box appears once you have exited the Set Time Wizard.
Check Point Smart Center, Smart Center Pro, or Security Management Platform server. If your IP40 is centrally managed by any of these servers be sure "I wish to connect to a service center" is checked and enter the IP address of the central management server in the "Specified IP"...
The Nokia IP40 initial login page appears. 2. Enter the password directly for the IP40 Tele 8 license. For the IP40 Satellite X licenses, enter the username and password. If you are logging on for the first time, you should use admin as the username.
2. The IP40 GUI welcome page appears. Logging Off Logging off terminates the IP40 session. To connect to the IP40 again, enter the password. To log out of IP40, perform one of the following procedures: If you are connected locally, click Logout.
For information on connecting to your device through HTTPS, refer to the section below. Understanding the Web based GUI of IP40 Once you have logged on to IP40 using HTTP or HTTPS, you can configure the IP40 in two ways:...
Figure 3 shows the main components of the GUI. The following table gives the name and functionality of each button in Nokia IP40 GUI. Note The Tele 8 license of IP40 does not support all the features mentioned in the table below. Refer to “Nokia IP40 Features”...
Understanding the Web based GUI of IP40 Table 12 Navigation Bar Main Tab Secondary Tabs Description Welcome Displays Welcome and configuration information Reports Event Log Displays the last 100 events in three different categories - Blue, Red, Orange and Green.
Allows you to view and edit list of configured VPN sites VPN Login Enables you to manually login to a VPN site Certificate Allows you to control certificates for site-to-site VPN usage Help Online Help Logout Logs you out of IP40 Nokia IP40 User Guide...
Typically your device’s WAN port is connected to your Internet Service Provider (ISP), while the LAN port is connected to your computer, or to a hub, in case you are using IP40 between your computer network and the outside world. You can connect your computer to the console port of your IP40 to manage the device using CLI.
Connecting the Nokia IP40 to a computer by Using the Console Port Your IP40 has a console serial port. Connect the RS-232 cable (that is shipped along with the appliance) from the serial port of your computer to the console port of IP40. You can then manage the device using a terminal emulation program such as HyperTerminal.
5. The login prompt is displayed by default. The IP40 ships without a password defined. If you are logging in for the first time, you will be prompted to define the password by entering it twice. If you have logged in before, enter the username and password you previously defined.
If you device IP address is 192.168.10.1, your screen will appear as follows: 3. Click OK, and and the telnet command window appears with a login prompt 4. Once you enter your user name and password, you will be able to manage your IP40 using simple commands 5.
Managing large scale deployments of the Nokia IP40 Enabling and Disabling Telnet Access to the Nokia IP40 You can use the following command from the IP40 CLI to enable or disable telnet access to the device: set acl service telnet The Telnet service is enabled by default.
Nokia Horizon Manager You can manage Nokia IP40 using Nokia Horizon Manager. Nokia Horizon Manager is a software application designed to manage and configure a large number of Nokia security platforms (devices) that reside on a corporate enterprise, managed service provider (MSP), or hosted applications service provider network (ASP).
Managing large scale deployments of the Nokia IP40 Configure and fine-tune Sofaware management services like Web filtering, email antivirus and software updates. Nokia IP40 User Guide...
Accessing the Nokia IP40 Nokia IP40 User Guide...
You must configure the Internet connection on initial operation and after all reset to defaults operations. Using the Setup Wizard The Setup Wizard can be used to configure the Internet connection for IP40. The Setup Wizard guides you through the configuration process step by step. To configure the Internet connection using Setup Wizard 1.
Connecting to the Internet using IP40 2. Click on the Setup Wizard button at the bottom of the screen. The Setup Wizard window appears. 3. Click Next to proceed. The Internet Connection Method screen appears. You can choose between three modes of broadband connection:...
Refer to Chapter 3, “Getting Started,” for information on configuring device time, registering with Nokia Support Center and subscribing to additional services using the Setup Wizard. 2. Follow the instructions until the wizard is done, and then click Finish You are now connected to the Internect using a direct LAN connection.
Internet connection can be established. The Nokia IP40 takes the place of the computer behind the Cable modem and the local user can use MAC Cloning to enter the original computer MAC address without contacting the ISP for changing that information.
2. Click Next. Note Most DSL providers use PPPoE. If you are uncertain about which connection method to use, contact your DSL provider. To connect using PPPoE connection method If you select PPPoE, the PPPoE Configuration window appears. Nokia IP40 User Guide...
Connecting to the Internet using IP40 In the PPPoE dialog box enter the following, 1. Your Username, Password and confirm the Password. 2. The service name. This is optional. 3. Click Next. The system attempts to connect to the Internet through the DSL connection. At the end of the connection process, the Connected message appears.
2. Follow the instructions until the wizard is done, and then click Finish. Manually Configuring the Internet Setting You can manually configure the advanced features in the IP40 using Advanced Setup. To configure the Internet connection 1. Proceed as per steps 1 and 2 in “Using the Setup Wizard.”...
1. Enter the Host name. This field is optional. If a service center requires it, the Host Name will be provided by them. 2. If you do not want the IP40 to obtain an IP address automatically using DHCP, do the following: a.
1. Enter your Username and Password and confirm the Password. 2. Enter the service name as given by your service center. Note If your service center did not provide you with a service name, leave this text box empty. Nokia IP40 User Guide...
Connecting to the Internet using IP40 You can set the maximum transmission unit size (MTU). Nokia recommends that you leave this field empty. However, to modify the default MTU, consult with your service center. 3. If you are not using automatic configuration of DNS servers, do the following: a.
You can view information on your Internet connections in terms of status, duration and activity. To view Internet connection information 1. Click Network in the main menu, and click the Internet tab The Internet page appears. The following information is displayed: Nokia IP40 User Guide...
Connecting to the Internet using IP40 Table 13 Field Description Status Indicates the connection’s status Duration Indicates the connection duration, if active. The duration is given in the format hh:mm:ss, where: hh=hours mm=minutes ss=seconds IP Address Your IP address Enabled Indicates whether or not the connection is enabled.
Use the Edit buttons against Primary and Secondary Connection types for configuring a backup Internet connection. To physically connect multiple WAN devices to the IP40, a switch connected to the WAN port is required with multiple devices connected to that switch.
Connecting to the Internet using IP40 Nokia IP40 User Guide...
If you change the network settings to incorrect values and are unable to correct the error, reset the IP40 to its factory default settings. To reset the IP40 to its factory default settings, choose Setup > Firmware > Factory Defaults. You can also press the reset button at the back of the device.
Use DHCP to disable the Obtain IP address automatically setting in the TCP/IP settings. Changing IP Addresses You can change the IP address of your IP40. You can also change the entire range of IP addresses in your network using the IP40 Satellite X licenses. You might want to do this if, for...
Network Address Translation (NAT) enables you to share a single IP address among several computers. Note NAT can only be disabled in IP40 Satellite X licenses. NAT is enabled by default. If NAT is disabled, you need to buy an IP address range. To enable NAT 1.
2. Go to the DMZ Network Settings area 3. If desired, enable or disable Hide NAT 4. In the IP40 DMZ IP text box, enter the IP address of the DMZ network’s default gateway Note The DMZ network must not overlap the LAN network 5.
Note IP40 supports Proxy ARP (Address Resolution Protocol). When an external source attempts to communicate with a computer which has static NAT enabled, the IP40 automatically replies to ARP queries with its own MAC address, thereby enabling communication. As a result, the Static NAT Internet IP addresses appear to external sources to be real computers connected to the WAN interface.
Click this option to map a range of Internet IP addresses to a range of local range computer IP addresses of the same size You mist then fill in the Map this WAN IP range and To this Internal IP range fields Nokia IP40 User Guide...
“Up”, or reachable, or not. To add a static route 1. Click Network in the main menu, and click the Static Routes tab. The Static Routes page appears, with a listing of existing static routes. Nokia IP40 User Guide...
Managing Your Local Area Network 2. Click New Route. The Edit Route page appears. 3. Complete the fields using information given in the table below 4. Click Apply The new static route is saved. Nokia IP40 User Guide...
1. Click Network in the main menu, and click the Static Routes tab The Static Routes page appears, with a listing of existing static routes 2. In the desired route row, click the Delete icon A confirmation message appears. 3. Click OK. The route is deleted. Nokia IP40 User Guide...
Managing Your Local Area Network Nokia IP40 User Guide...
Setting Up the Security Policy in IP40 This chapter describes how to set up the Nokia IP40 security policy. It includes the following topics: “Setting the Firewall Security Level” on page 81 “Configuring Virtual Servers” on page 82 “Creating Firewall Rules”...
Setting Up the Security Policy in IP40 2. To set the security level, drag the slider. The IP40 security level changes accordingly. Note You may experience a temporary break in the service. Configuring Virtual Servers Note If you do not intend to host any public Internet servers (Web server, mail server and so on) in your network, you can skip this section.
Customing your security policy 3. In the Allow column, select the check box of the desired service or application. If you are using IP40 Satellite X, the appropriate check box in the VPN Only column is enabled. 4. To allow only connections made through a VPN, select the VPN Only check box.
Setting Up the Security Policy in IP40 By default, in the Medium security level, the IP40 blocks all connection attempts from the Internet (WAN) to the LAN, and allows all outgoing connection attempts from the LAN to the Internet (WAN).
Customing your security policy Note In IP40 Tele 8, the Allow Rules page does not contain a VPN Only column, and the Block Rules page does not contain an Also VPN column. 4. Complete the fields using the information in table below.
Setting Up the Security Policy in IP40 7. Click Finish. The new rule appears in the Firewall Rules page. Table 16 Firewall Rule Fields In this field... Do this... Any Service Click this option to specify that the rule should apply to any service...
The rule is deleted. Defining an Exposed Host The IP40 allows you to define an exposed host, which is a computer that is not protected y the firewall. This is useful for setting up a public server. It will allow unlimited incoming and outgoing connections between the Internet and the exposed host computer.
Setting Up the Security Policy in IP40 The selected computer is now defined as an exposed host. Nokia IP40 User Guide...
You can change your password at any time. The method for changing password varies depending on the IP40 configuration you are using. The default username for Nokia IP40 Tele 8 Configuration is admin. You can change the password for this user.
Use 5 to 25 characters (letters or numbers) for the new password. 3. Click Apply. Your changes are saved. In Nokia IP40 Satellite X, you can define multiple users and perform the following tasks: Changing Your Password Adding Users Viewing and Editing Users...
4. Click Apply. Your changes are saved. Adding Users You can perform this task only with IP40 Satellite X. The number of IP40 users you can add is limited according to your software. To add a user 1. In the Navigation Bar, click Users.
The default level is No Access. The “admin” user’s Administrator Level (Read/Write) cannot be changed. VPN Remote Allows the user to connect to this IP40 using Access their VPN client. For further information on setting up VPN remote access, see Chapter 13, “Working with VPNs.”...
You can use RADIUS to authenticate both IP40 users and VPN clients trying to connect to the IP40. When a user accesses the IP40 GUI and tries to log on, the IP40 sends the entered user name and password to the RADIUS server. The server then checks whether the RADIUS database contains a matching user name and password pair.
Shared Secret Type the shared secret to use for secure communication with the RADIUS server Administrator Select the level of access to the IP40 portal to assign to all users Level authenticated by the RADIUS server. The levels are: • No Access: The user cannot access the IP40 •...
IP40 1.0 supports SSH 2.0. The SSH feature in IP40 will provide secure remote access to the device. In addition, SCP is also supported to enable secure upgrade of the device, downloading of public keys and HTTPS certificates and Import/Export features.
There are two SSH authentication methods: Password Authentication — Password authentication is set up by default. In this method, you can connect to the SSH server running on IP40 from the SSH client installed on your machine, after entering your password.
Secure Shell Using SSH Client You first need to have an SSH client to connect to the SSH server running on IP40. Install an SSH client if you do not have one already. You can use the SSH client to connect to the IP40 using password authentication or public key authentication.
Use the following commands to view host keys. show ssh hostkey Managing Authorized Keys Use the following commands to add authorized keys. add ssh authkeys <dsa/rsa> user admin <openssh-format/ssh2-format> file Use the following commands to delete authorized keys. Nokia IP40 User Guide...
Enabling HTTPS Web Access You can enable HTTPS remote access, so that IP40 users can securely access the IP40 portal from the Internet, by accessing the URL https://X.X.X.X:981, where X.X.X.X is the IP40 Internet IP address.
1. Enter https://<external IP address of IP40>:981 in the address bar of your browser. (Note that the URL starts with https, not http.) If you are accessing the IP40 for the first time, the security certificate in the IP40 is not yet known to the browser, so a Security Alert appears.
<cert-file path | cert-request-file path> key-file path Refer to IP40 CLI Reference Guide for additional information. Installing a Certificate and Private Key Use the following commands to copy a certificate and its associated private key in the /var/etc/ https_ssl_cert_server.crt and /var/etc/https_ssl_server.key files.
Configuring Network Access Nokia IP40 User Guide...
SNMP is the protocol that enables this interaction. SNMP Configuration from the Nokia IP40 You can use the Nokia IP40 GUI portal and the command-line interface to set, change and view parameters for SNMP. Setting up SNMP access to the Nokia IP40 You should specifically allow or disallow SNMP manager software running outside your network from monitoring the IP40.
If you select Internal Network, then SNMP access to the IP40 is allowed only from computers in your internal network or LAN; if you select IP Address Range, you can specify a range of IP addresses from where SNMP access is allowed to your IP40 and so on. Configuring the SNMP Parameters Once you set the SNMP access rules, you can configure the SNMP parameters from the Nokia IP40 GUI.
IP address of the device from where a trap is generated. Use the command ‘set snmp trappduAgent ip_address’ from the IP40 CLI for setting the trapPduAgent. You cannot set the trapPduAgent from the IP40 GUI portal. Refer to the IP40 CLI Reference Guide for more information.
- snmp trappduagent trapreceiver - snmp Trapreceiver traps - SNMP Traps Refer to the Nokia IP40 CLI Reference Guide for additional and detailed information on using the set and show commands to set and view the SNMP parameters. Nokia IP40 User Guide...
The Nokia IP40 supports supports remote management using Out of Band Management (OOB). To use OOB, a modem is connected to the AUX port of your appliance. The IP40 acts as a Remote Access Server (RAS) and waits for the incoming call. An administrator can dial in to the device using a dial-up interface, and use HTTPS, SSH, or SNMP protocols to monitor or configure the device.
8. Click on the Test button to verify whether your modem settings are working fine. Note You cannot configure all the OOB parameters from the IP40 GUI. The parameters which cannot be configured from GUI such as address of the OOB interface, destination address of the OOB interface and set IP header compression have default values.
Secure Shell and HTTPS Access through Out of Band Dial-in You can access the Nokia IP40 using Secure Shell (SSH) or HTTPS and configure the device. Once you dial in to the Nokia IP40 from a modem (Refer to “To connect a modem to the Nokia IP40”...
Booting in to Failsafe Mode The IP40 goes in to the failsafe mode when the main kernel gets corrupted. If the main kernel gets corrupted, the IP40 loads a failsafe kernel to the RAM. For the device to function properly, it must be upgraded with a new firmware.
Special Deployment Mode in the Nokia IP40 The default user name and password for OOB are admin and password respectively if the first- time password is not set. Using this special mode, you can manage the device remotely using OOB for half an hour irrespective of current firewall filters.
Configuring the Nokia IP40 through Out of Band Management Nokia IP40 User Guide...
Refer to IP40 CLI Reference Guide for more information on setting the host name. Date and Time Configuration You can use the Set Time Wizard from Setup > Tools > Set Time to set the date and time for your IP40.
Guide. System Logging Configuration The Nokia IP40 supports local event logging, which can be viewed from Reports > Event Log. Up to 100 events can be logged here. An external syslog server can also be configured using the following method.
Ping Traceroute WHOIS To use the network utilities from the Nokia IP40 GUI 1. Click Setup from the main menu, and select the Tools tab. The tools page appears. 2. Select Ping, traceroute or WHOIS from the drop-down menu next to IP tools, depending on the tool you want to use.
Exporting the IP40 Configuration You can export the IP40 configuration to a *.cfg file, and use this file to backup and restore IP40 settings, as needed. The configuration file includes all your settings. Exporting the IP40 Configuration 1.
Importing the IP40 Configuration In order to restore the configuration of your appliance from a configuration file, you must import the file: To import the IP40 configuration 1. Click Setup in the main menu, and click the Tools tab The Tools page appears.
Firmware Upgrade You can upgrade the IP40 to a new firmware version of the product. If you are subscribed to Software Updates, firmware updates are performed automatically. These updates include new product features and protection against new security threats.
Installing Your Product Key Your IP40 is identified by the product key that is obtained when you purchase the device. You can purchase and upgrade to any of the other versions of the IP40. To install a product key 1.
4. Select Product Key. 5. In the Product Key field, enter the new product key. 6. Click Next. The Installed New Product Key dialog box appears. 7. To register your IP40, check I want to register my product. Nokia IP40 User Guide...
Resetting the IP40 to Factory Defaults You can reset the IP40 to its default settings. When you reset your IP40, it reverts to the state it was originally in when you purchased it, and your firmware reverts to the version that shipped with the IP40.
To reset the IP40 to factory defaults using the Reset button Restore Defaults button is inside a hole on the back panel of the IP40. To press the button, use a large flat tipped object, such as a thick papaer clip. Pressing the Restore Defaults button for 7 seconds restores all IP40 settings back to factory defaults.
Viewing Reports This chapter provides an overview of the reports you can view from the Nokia IP40 GUI, and how to view them. This chapter includes the following topics: “Viewing the Event Log” on page 123 “Viewing Active Computers” on page 124 “Viewing Active Connections”...
IP address of the attacking machine. The IP40 queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information. This information is useful in tracking down external attacks.
If you exceed the maximum number of computers allowed by your license, a warning message appears, and the computers over the node limit are marked in red. These computers might not be able to access the Internet through the IP40. Note To increase the number of computers that your license allows, you must upgrade your product.
Click the Refresh button to refresh the display. To view information on the destination machine, click on its IP address. The IP40 queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information.
You can refresh the table by refreshing the browser. Viewing Diagnostics Summary You can view the diagnostics summary for your device from IP40 GUI. The diagnostics summary provides useful information about your device, such as Node Limit, Network Status, Primary Network Status, Secondary Network Status, My Network Status, Setup State, Users State, Security and Subscription Services.
Viewing Reports 4. You can use the scroll bar on your IP40 Diagnostics Window for viewing more information on your IP40. Nokia IP40 User Guide...
The IP40 Tele 8, Satellite X licenses provide VPN functionality. The IP40 Tele 8 acts as a VPN client and can establish secure VPN tunnels to your office VPN gateway. The IP40 Satellite X can act as a VPN client, a VPN server, or a VPN gateway.
Check Point NG AI (RAS Community) Satellite (Gateway) Satellite (Gateway) Satellite (Gateway) VPN-1, Check Point v4.1, NG, FP1, FP2, FP3, NG AI Satellite Check Point NG AI LSM (DAIP Object) Satellite Check Point NG AI (Star Community) Satellite Windows 2000 Nokia IP40 User Guide...
1. Click VPN in the main menu, and click the VPN Sites tab. 2. Click the New Site button at the bottom of the page. 3. The IP40 VPN site wizard appears. If you select Remote Access VPN, the VPN Network Configuration dialog box appears.
“Completing Site Creation” on page 134. Note This Configuration is supported for IP40 Tele 8 license or in case of IP40 Satellite X when VPN Server is Disabled Configuring a Site to Site VPN Gateway If you selected site-to-site VPN, the VPN Network Configuration dialog box appears.
This shared secret is a string used to identify the VPN sites to each other. The secret can contain spaces and special characters. e. Click Next. 5. If the Route All Traffic option is selected You are ready to complete your VPN site. Refer to “Completing Site Creation” on page 134 to continue. Nokia IP40 User Guide...
Setting Up the Nokia IP40 Satellite X as a VPN Server Using IP40 Satellite X, you can make your network remotely available to authorized users by setting up your IP40 as a VPN server. To set up your IP40 as a VPN server 1.
If you chose manual login, log on to a VPN site every time you want to access the VPN site. You can log on to a VPN site either through the Nokia IP40 GUI or the my.vpn page. When you log on, a VPN tunnel is established.
You can use a single username and password for each VPN destination gateway. Logging On from the Nokia IP40 GUI To log on to a VPN site from the IP40 GUI, do the following: 1. Click VPN. The VPN Sites page appears, with a list of VPN sites.
If the IP40 is configured to automatically download the network configuration, the IP40 downloads the network configuration. If when adding the VPN site you specified a network configuration, the IP40 attempts to create a tunnel to the VPN site. The VPN Login Status box appears. The Status field tracks the progress of the connection.
To log off a VPN site 1. In the VPN Login Status box, click Close. All open tunnels from the IP40 to the VPN site are closed, and the VPN Login Status box closes. Note Closing the browser or dismissing the VPN Login Status box also terminates the VPN session within a short time.
If you are using the IP40 in a standalone mode, add the license manually. Adding VPN Sites by Using the Nokia IP40 Tele 8 Using the Nokia IP40 Tele 8, you can define only remote access VPN sites. To define site-to-site VPN gateways, you must have IP40 Satellite X.
Note Downloading the network configuration is only possible if you are connecting to a Check Point VPN-1 or Nokia IP40 Satellite X VPN Gateway. Specify Configuration 7. If you chose Specify Configuration in the preceding procedure, a dialog box appears.
11. Click Next.The VPN Site Created screen appears. 12. Click Finish. 13. Select the VPN Login tab, Login if you need to authenticate each time a VPN tunnel is created. Note Automatic Login feature will not be available for IP40 Tele 8 License. Nokia IP40 User Guide...
Working with VPNs Download Configuration If you chose Download Configuration in Adding VPN sites by using IP40 Tele 8, a dialog box appears. 1. Click Next, the Network Topology will be downloaded from the specified VPN gateway. The VPN Login page appears.
The Nokia IP40 Tele 8 functions in VPN client mode, in which connection is initiated only by the VPN client. IP40 Tele 8 uses only a manual mode VPN connection. To select the VPN gateway to which you want to establish a VPN connection, go to http://my.vpn.
IP40 Tele 8 to Check Point v4.1/ NG/ FP1/ FP2/FP3/NG AI The IP40 Tele 8 can be used as a VPN client to establish a VPN connectivity with a Check Point server using version 4.1, NG, FP1, FP2, FP3 or NG AI.
VPN connection, go to http://my.vpn. Setting up IP40 Tele 8 To configure a VPN Tunnel between an IP40 Tele 8 and Check Point FP3, on IP40 Tele 8 (VPN client) add a VPN site. Setting up Check Point NG AI Configure a Safe@gateway dynamic object on the Check Point SmartBoard.
IP addresses. Note You can only use No-NAT mode with IP40 Satellite X. The Figure below shows a site-to-site VPN in No-NAT mode. Both VPN peers are considered site-to-site VPN gateways, and traffic is directly established from the source host to the destination host.
Point SmartCenter NG AI using Check Point Large Scale Manager and the dynamically configured IP40 using DAIP. The certificate created on the Check Point NG AI can be uploaded on to the IP40 Satellite X. To upload VPN Certificates and to create a Dynamic VPN Site using Check Point 1.
Working with VPNs To delete the Certificate from your IP40 device 1. On the Navigation Bar, click Services > Connect. The Subscription Services Wizard appears. 2. Uncheck I wish to Connect to the Service Center Option 3. Click Next 4. Click Finish 5.
To set up the IP40 Satellite X 1. Specify the IP address of IP40 Satellite X on the remote IP40 Satellite X. 2. Enter the Shared Secret (a password that is known to both of the IP40 Satellite X devices). Nokia IP40 User Guide...
2. Enter the Shared Secret (a password that is known to both the IP40 Satellite X devices.) Satellite X to VPN-1 (Site-to-Site VPN) The IP40 Satellite X to VPN-1 or Check Point v4.1, NG, FP1, FP2 , FP3 or NG AI configuration enables you to establish site-to-site VPN connections between an IP40 Satellite X site-to-site VPN gateway and a VPN-1 site-to-site VPN gateway.
For information on setting up VPN-1, refer to the Check Point Virtual Private Networks. IP40 Satellite X to Check Point FP3/DAIP The IP40 Satellite X can be used as a VPN server to establish a VPN connectivity with Check Point FP3 server using Check Point FP3 DAIP object.
Configure the IP40 Satellite X for VPN connection with SmartCenter FP3. 1. Specify the IP address of IP40 Satellite X on the VPN-1 server. 2. Enter the Shared Secret (a password that is known to both the IP40 Satellite X and the VPN- 1 Server).
2. Enter the IP address of the Check Point NG AI Management station The Connecting screen appears. 3. Enter the Gateway ID and Registration Key which is used while creating the IP40 Dynamic Object on the LSM 4. The Connecting Screen appears.
Working with VPNs For more information on how to configure the Windows 2000 server, refer SofaWare’s Configuring Windows 2000/ XP IPSec to Site-to-Site VPN. Nokia IP40 User Guide...
To start your subscription 1. Click Services in the main menu, and click the Account tab. The Account page appears. 2. In the Service Account area, click Connect. The Setup Wizard opens, with the Subscription Services dialog box displayed. Nokia IP40 User Guide...
If the Service Center requires authentication, a second Service Center Login dialog box appears. Do the following: a. Enter your gateway ID and registration key in the appropriate fields, as given to you by your service provider. b. Click Next The Connecting... screen appears. Nokia IP40 User Guide...
The Done screen appears with a success message. 7. Click Finish. The following things happen: If a new firmware is available, the IP40 downloads it. This may take several minutes. Once the download is complete, the IP40 restarts using the new firmware. The Welcome page appears.
Using Managed Services The services to which you are subscribed are now available on your IP40 and listed as such on the Account page. See “Viewing Services Information” section for more information. Viewing Services Information from Account Page The Account page displays the following information about your subscription: Table 21 Account Page Fields This field...
Starting your Subscription Services 2. In the Service Account area, click Refresh. The IP40 reconnects to the Service Center. Your service settings are refreshed. Configuring your Account This option allows you to access your Service Center Web site, which may offer additional configuration options for your account.
The following things happen: You are disconnected from the Service Center. The Services to which you were subscribed are no longer available on your IP40 Sofaware Security Management Portal The SofaWare Management Center (SMC) is a web-based application for managing and configuring the SofaWare Security Management Portal (SMP).
Web Filtering is enabled/disabled for all internal network computers Selecting Categories for Blocking You can define which types of Web sites should be considered appropriate for your family or office members., by selecting the categories. Categories marked with a check mark will remain Nokia IP40 User Guide...
3. To re-enable the service, click Resume, either in the popup window, or on the Web Filtering page. The service is re-enabled for all internal network computers. If you clicked Resume in the Web Filtering page, the button changes to Snooze. Nokia IP40 User Guide...
To enable/disable Email Antivirus 1. Click Services in the main menu, and click the Email Antivirus tab. The Email Antivirus page appears. 2. Drag the On/Off lever upwards or downwards. Email Antivirus is enabled/disabled for all internal network computers. Nokia IP40 User Guide...
1. Click Services in the main menu, and click the Email Antivirus tab. The Email Antivirus page appears. 2. Click Snooze. Email Antivirus is temporarily disabled for all internal network computers. The Snooze button changes to Resume. The Email Antivirus Off popup window opens. Nokia IP40 User Guide...
If you are subscribed to Software Updates, you can check for new security and software updates. Checking for Software Updates when Locally Managed If your IP40 is locally managed, you can set it to automatically check for software updates, or you can set it so that software updates must be checked for manually.
When the Software Updates service is set to Automatic, you can still manually check for updates. 3. To set the IP40 so that software updates must be checked for manually, drag the Automatic/ Manual level downwards. The IP40 does not check for software updates automatically.
Using NHM for accessing and managing your IP40 From IP40 GUI 1. From your IP40 GUI, click on Setup > Management. 2. Choose IP Address Range next to SSH, and specify the IP address of Nokia Horizon Manager. 3. Click Apply.
Using Managed Services http://my.firewall/vpntopo.html 3. You can verify that the tunnel is open by sending packets from IP40 to the VPN-1 GW. Check Point Side 1. Enable LSM: In the command prompt, type “LSMenabler on” and reset the FW services.
I cannot access the Internet. What should I do? Check for the following: Check if the PWR LED is active. If not, check the power connection to the IP40. Check if the WAN LED is on. If not check the network cable to the modem and make sure the modem is turned on.
Every time I start Internet Explorer, the application searches for an Internet connection. This is unnecessary, since I am connected through the IP40. What should I do? For Internet Explorer, versions 5 and 6, do the following: 1.
I have forgotten my password. What should I do? Reset the IP40 to factory defaults using the Reset button as detailed in “Resetting the IP40 to factory defaults.” Note that this will erase all your settings.
Set the router to direct all incoming connections to the external IP address of IP40. Keep in mind that if you use the IP40 behind another NAT device, you may lose some of the advantages of the IP40, such as broad application support and high performance.
PKCS#12 format encoding I cannot connect to the Check Point SmartCenter FP3 VPN site using IP40 Satellite 10 or Satellite 25 configured using VPN Communities. What should I do? Check for the following error messages in Report >Event Log:...
121 for more information. Running Diagnostics You can view technical information about IP40 hardware, firmware, license, network status, and subscription services. This information is useful for troubleshooting. You can copy and paste it into the body an email and send it to technical support.
Frequently Asked Questions 5. To close the window, click Close. Nokia IP40 User Guide...
Read the installation and operation procedures provided in this User Guide. Failure to follow the instructions may result in damage to equipment and / or personal injuries. Before cleaning the IP40, unplug the power cord. Use only a soft cloth dampened with water for cleaning.
Specifications Do not route the cable sin a walkway or in a location that will crimp the cables. Nokia IP40 User Guide...
Software to provide managed services provided that each copy of the Software is used solely on behalf of and for the benefit of a single client on the single piece of equipment provided by Nokia. An MSP may discontinue use of the Software on behalf of one client and use the Software to provide managed services to another single client.
Software error. Furthermore, the above warranty does not apply to any portion of the product supplied by a third party. In no event does Nokia warrant that the Software is error-free or that the Customer will be able to operate it without problems or service interruptions.
Upon termination, Customer shall cease all use of the Software and shall destroy or return to Nokia the original(s) and all copies of the Software and documentation made or furnished hereunder. Customer may terminate the License at any time by destroying all copies of the Software and documentation.
Warranty expenses incurred by the non-breaching party in connection with the enforcement of any provisions of this Agreement. If the Software is licensed to a U.S. Governmental user, the following shall apply. The Software and documentation licensed in this agreement are “commercial items” and are deemed to be “commercial computer software”...
You in Your purchase order, or request for License Key, if the Product purchased by You does not come with a License Key then the Licensed Configuration shall be the minimum configuration allowed by the user manual of SofaWare S-Box, and upon which the licensing fee was based. Nokia IP40 User Guide...
(or permit others to) decipher, reverse translate, decompile, disassemble or otherwise reverse engineer or attempt to reconstruct or discover any source code or underlying ideas or algorithms or file formats or programming or interoperability interfaces of Nokia IP40 User Guide...
Agreement infringes any patent, copyright, or other ownership rights of a third party. You agree to provide SofaWare with written notice of any such claim within ten (10) days of Your notice thereof and provide reasonable assistance in its defense. SofaWare has sole discretion and Nokia IP40 User Guide...
SofaWare's export regulation information page (www.sofaware.com or www.s-box.com) for specific information. You agree that You will not ship, transfer, or export the Product into any country, or make available or use the Product in any manner, prohibited by law. Nokia IP40 User Guide...
Agreement, and no license to the Product is granted to any government requiring different terms. 9.4 Questions? Should You have any questions concerning this Agreement contact the manufacturer at SofaWare Technologies Ltd., 3 Hilazon St., Ramat-Gan, Israel 52522. Nokia IP40 User Guide...
End User License Agreement Nokia IP40 User Guide...
“The product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/ 336/EEC.” Alan Hutchinson Quality Engineer Mountain View, California European contact:Greg Shortell Nokia Telecommunications 2 Heathrow Blvd, 284 Bath Road Heathrow, Middlesex UB7 ODQ England Nokia IP40 User Guide...
Connect the computer into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. Caution Caution: Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. Nokia IP40 User Guide...
Compliance Information Nokia IP40 User Guide...
IP30 Satellite in NAT and No-NAT Modes 153 specifications IP30 Satellite to Check Point FP3 151 compliance 190 IP30 Satellite to Check Point SmartCenter FP3 152 emissions 190 IP30 Satellite to Windows 2000 147 Nokia IP40 User Guide Index - 193...
Using VPN Certificates 138 Viewing, Active Computers 124 Viewing, Active Connections 125 Viewing, Event Log 123 Viewing, Firmware Status 174 Viewing, Reports 123 Viewing, VPN Tunnels 126 Windows 98 27 Windows, 2000 31 Windows, XP 31 Index - 194 Nokia IP40 User Guide...