Check Point NG FP3 step-by-step Install guide on NOKIA IPSO By Brandon E. Robrahn INTRO This docum ent is to be used as a refere nce on how to i n stall a NOKIA IP350 with Ch ec k Poin t NG FP3. In this document I have provi ded a step-by-step reference gui de on loading a NOKIA IP35 0 with IPSO version 3.
Enter the m asklength: 24 Do you wish to set the default route [ y ] ? y Enter the default router to use with eth1: This interface is configured as 10 mbs by default. Do you wish to configure this inter f ace for 100 mbs [ n ] ? y This interface is configured as half dup lex by default.
By typing cd /var/tmp and then typing ls -ls you are ch anging the directory /var/tm p and listin g what is in that directory. This allows you to see what IPSO version you are currently running on your NOKIA device.
Under the section System Configuratio n click on Install New IPSO Image (Upgrade) . The screen that you are on should look like the one sh own a bove. This is where you will need to type in the IP Address of your FTP Server .
If you click on the link highlighted in Blue you should s ee the statu s of your install . When the install is finished the screen will look like the one shown below.
Select the radio button that reads Last Image Downloaded . This is the IPSO version that you just loaded. At the bottom of the page, click on Test Boot . NOTE: Test boot is used incase something happens when you’re r ebooting, this wa y you can revert back to the old version and no harm was done.
You will now have to log back in so that you can commit to the test boot. Click on Apply and then click on Logout . You can now switch back to your SSH connection. You will probably need to log back in with a user name and password be ca use the box has been rebooted.
IPSO (fw-test) (ttyd0) login: ad min Password: xxxxxxxxxxx Last login: Thu May 6 19:28:42 on ttyd0 May 6 20: 03:18 fw-t est [LOG_INF O] login: DIALUP tty d0, admi n May 6 20: 03:18 fw-t est [LOG_NOTIC.
May 6 21:31:26 fw-test [LOG_ CRIT] PKG_INSTALL: INSTALL STARTED at Thu May 6 21:31:26 GMT 2004 May 6 21: 31:29 fw-test [L OG_CRIT] PK G_INSTALL: Try ing to install CPshrd-50/cp shared_ipso.t gz May 6 21: 31:29 fw-test [L OG_CRIT] PK G_INSTALL: Try ing to install CPshrd-50/cp shared_ipso.
May 6 21: 33:08 fw-test [LOG_CRIT] PK G_INSTALL: /e tc/newpkg -S - m LOCAL -i - n CPuag-50/ uag_ipso.tgz May 6 21:33:08 fw-test [LOG_ CRIT] PKG_ INSTALL: ************* *************** *************** .
Do you want to downloa d ipso_3_7 _1_Build0 07.tgz ? [' yes (default )' or 'no' o r 'exit' ]: n Skipping package ipso_3_7_1_Build007.t gz ... Do you want to downloa d ipso_3_7 _1_Build0 10.tgz ? [' yes (default )' or 'no' o r 'exit' ]: n Skipping package ipso_3_7_1_Build010.
The 2 applications (packag es) tu rned on by default are the only ones that need to be turned on. Nothing needs to be done, you’re just checking to make sure they’re turned on.
Under Security and Acce ss Configuration click on SSH (Secure Shell) , make sure that SSH is ena bled. If you click on UP it will take you back to the Configuration screen. NOTE: This is important that this is turned on so that you can manage your NOKIA box via SSH.
After all of the information has been added click o n Apply . This will bring up a screen that has a certificate and a private key in it; you need to copy the entire text that is listed. After highlighting the entire certificate right click and select “copy”.
When the Voyager SSL Certificate page comes up, Paste the co pied certificat e into the box that is labeled “New server certif icate”. Now click o n the BACK button of the IE page that you are on, I have noticed that if you click on up rather then back your cert ificate will disappear.
If you click on UP it will take you to the screen shown belo w. This is where you will choose the requi red encryption for the using SSL. Choose the radio button that reads 128-bit key or stronger . After selecting the radio button click on Apply and Save.
You know need to create the “Default filter”, this is used to deny any access to the NOKIA device except for SSH or other connections. This all depen ds o n how you create the default f ilter; I will be creating the default filter that only allows SSH connections to the NOKIA device.
---------- 1 owner group 21039771 A pr 28 14:10 SH F_HFA_325.ipso.tgz # 226 Closi ng data con nection ftp> get SHF_HFA _325.ipso.t gz local: SHF_HFA_325.
This End-user License Agreem ent (the "Agr eem ent") is an agreement between you (b oth the individual installing th e Product and any legal entity o n whose behalf s uch individ ual is acting) ( hereinafter "Y ou" or " Your" ) and Check Point Softwar e Technologies Ltd.
keystrokes will be ignored. Please keep typing until you hear th e beep and the bar is full. [.......... ..........] Thank you. Configuri ng Secure Inter nal Comm unication.
