1. Manuals
  2. Brands
  3. Nokia Manuals
  4. Firewall
  5. IP30 - Satellite Plus - Security Appliance
  6. User manual

Nokia IP30 User Manual

Hide thumbs Also See for IP30:
Table of Contents

Advertisement

Quick Links

Download this manual
Nokia
IP30
User Guide
N450829001 Rev A
October 2002

Advertisement

Table of Contents
loading

Related Manuals for Nokia IP30

Summary of Contents for Nokia IP30

  • Page 1 Nokia IP30 User Guide N450829001 Rev A October 2002...
  • Page 2 FAR 52.227-19. IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia, Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services;...
  • Page 3 Tel: 1-877-997-9199 313 Fairchild Drive Outside USA and Canada: +1 512-437-7089 Mountain View, CA 94043-2215 email: ipsecurity.na@nokia.com Europe Nokia House, Summit Avenue Tel: 00800 5543 1816 or Southwood, Farnborough 1+44 (0) 8700 555 777 Hampshire GU14 ONG UK email: ipsecurity.emea@nokia.com...

  • Page 5: Table Of Contents

    Nokia IP30 Tele ........14...
  • Page 6 Nokia IP30 GUI ........48...
  • Page 7 IP30Tele to IP30 Satellite (VPN Client to Gateway) ..94 Setting up IP30 Tele ....... 94...
  • Page 8 Using IP30 Tele........105...
  • Page 9 Resetting the IP30 to factory defaults....127 Rebooting the IP30 ....... . . 129 Running Diagnostics.
  • Page 10 Nokia IP30 User Guide...

  • Page 11: About This Guide

    Nokia IP30. This version of Nokia IP30 uses SofaWare’s Safe@ v3.0.xx software. For a quick reference on configuring features in Nokia IP30, see the Nokia IP30 Quick Start Guide and the IP30 Online Help that is part of the graphical user interface (GUI) in the device. Document Organization...

  • Page 12: Document Conventions

    Notes provide information of special interest or recommendations. Menu Items Items in Nokia IP30 menus are separated by the greater than sign, with spaces before and after the sign. For example, Start > Programs > Nokia > Security indicates that you first click Start, then choose the Programs menu command, then choose Nokia, and finally choose Security.

  • Page 13: Introduction

    FireWall-1 Stateful Inspection technology, inspects and filters all incoming and outgoing traffic, blocking all unauthorized traffic. The IP30 is a hardware appliance and is easy to install. It allows you to share your Internet connection among several computers, other network devices and enables advanced home and office networking, besides providing protection for your entire network.

  • Page 14: Nokia Ip30 Firewall

    IP30 operation and options. The IP30 comes with a pre-installed with the product of your choice. The IP30 can be upgraded to the more advanced product, without replacing the hardware. Just contact your software provider.

  • Page 15: Nokia Ip30 Satellite Plus

    Up to 10 computers and users can use it. Nokia IP30 Satellite Plus Nokia IP30 Satellite Plus extends the IP30 Satellite functionality to support up to 25 computers and users. Nokia IP30 Features and Compatibility...

  • Page 16: Management

    Content filtering E-mail anti virus protection Centralized logging and intrusion detection VPN management IPSEC VPN remote access server (Nokia IP30 Satellite only) IPSEC VPN site-to-site gateway (Nokia IP30 Satellite only) IPSEC VPN remote access client (Nokia IP30 Tele and Satellite only)

  • Page 17: Package Contents

    Internet Explorer 5.0 or later, or Netscape Navigator 4.5 and later Note Nokia recommends to use either Microsoft Internet Explorer 5.5 or higher, or Netscape Navigator 4.7 or higher. IP30 Rear Panel All physical connections (network and power) to the IP30 are made through the rear panel.

  • Page 18: Ip30 Front Panel

    Introduction The items on the rear panel of the IP30 are explained in Table 1. Table 1 Rear Panel of the IP30 Label Description A power jack used for supplying power to the device. Connect the power adapter to this jack. The device connects to the power source.
  • Page 19 Nokia IP30 Features and Compatibility The items on the front panel of the IP30 are explained in Table 2. Table 2 Front Panel of Nokia IP30 Description PWR/SEC Off: Power Off Flashing quickly (Green): System boot-up Flashing slowly (Green): Establishing Internet...
  • Page 20 Introduction Nokia IP30 User Guide...

  • Page 21: Installing The Ip30

    Connecting the IP30 to the Network Configuring the IP30 for Internet Connection Before You Install the IP30 Before you connect and set up the IP30, you must check the following: If TCP/IP is installed on your computer. If your computer's TCP/IP settings to make sure it obtains its IP address automatically.

  • Page 22: Windows 98/Millennium Operating Systems

    1. In the Network window, click Add. The Select Network Component Type window appears. 2. Choose Protocol and click Add. The Select Network Protocol window appears. 3. In the Select Network Protocol window, choose Microsoft in Manufacturers and TCP/IP in Network Protocols. Nokia IP30 User Guide...
  • Page 23 D:\win98, D:\win95 and so on. 5. Restart your computer if prompted. To set TCP/IP Settings If you are connecting the IP30 to an existing LAN, consult your network manager for the correct configuration. 1. In the Network window, double-click the TCP/IP Service for the Ethernet card on your computer.

  • Page 24: Setting Up On Xp/ Windows 2000 Operating System

    Setting up on XP/ Windows 2000 Operating System Windows XP has an Internet Connection Firewall option. Nokia recommends that you disable the Firewall option if using IP30. To Check the TCP/IP installation 1. Click Start > Settings > Control Panel.
  • Page 25 2. Select Obtain an IP address automatically. Note Nokia recommends that you use DHCP to assign IP addresses instead of assigning a static IP address to your PC. To assign a static IP address, select Specify an IP address and enter an IP address in the range of 192.168.10.129-254.

  • Page 26: Connecting The Ip30 To The Network

    Installing the IP30 Connecting the IP30 to the Network The Nokia IP30 can be connected to your network in various ways. Figure displays the various possible setups. Figure 3 Nokia IP30 Topologies Laptop Computers Cable/ DSL Nokia IP30 Modem Internet...

  • Page 27: Configuring The Ip30 For Internet Connection

    Failure to observe this warning can result in injuries or damage to equipment. Figure 4 Rear Panel Connections Configuring the IP30 for Internet Connection Configure the Internet connection to IP30 before you can access the Internet through the IP30. Nokia IP30 User Guide...

  • Page 28: Administrator Password

    You must configure the Internet connection on initial operation and after all reset to defaults operations. Administrator Password 1. Enter http://my.firewall. 2. On the IP30 Login page, enter a password. Re-enter the password to confirm. Note The password must be between five to eleven alphanumeric characters. To change the Password, click Setup on the navigation bar and click Password.

  • Page 29: Using The Setup Wizard

    Configuring the IP30 for Internet Connection You can now configure the Internet connection for IP30. Configure the Internet connection for the IP30 by doing one of the following: To manually configure the connection settings, click Cancel to abort the Setup Wizard, and use Advanced Setup. For further information, see “Using Advanced Setup.”...
  • Page 30 If you select DSL Modem, do not use dial up software to connect to the Internet. 3. Click Next. A Connecting message appears followed by a Connected message. Once connected, the wizard prompts you to register your details and set up your subscription options, which vary from product to product. Nokia IP30 User Guide...

  • Page 31: Cable Connection Settings

    Configuring the IP30 for Internet Connection 4. Follow the instructions until the wizard is done, and then click Finish. Cable Connection Settings If you selected cable connection in the previous procedure, the Host Name screen appears. MAC Cloning. Some ISPs require registration of MAC addresses of the computer behind the cable modem before an Internet connection can be established.

  • Page 32: Dsl Connection Settings

    4. Follow the instructions until the wizard is done, and then click Finish. DSL Connection Settings If you selected a DSL connection method, the following screen appears. Nokia IP30 User Guide...
  • Page 33 Configuring the IP30 for Internet Connection To connect using DSL Connection 1. Select the connection method that your DSL provider uses. 2. Click Next. Note Most DSL providers use PPPoE. If you are uncertain about which connection method to use, contact your DSL provider.
  • Page 34 Internet through the DSL connection. At the end of the connection process, the Connected message appears. Using Automatic DHCP If you enabled automatic DHCP, no further settings are required. The Confirmation message appears. Nokia IP30 User Guide...

  • Page 35: Using Advanced Setup

    2. Follow the instructions until the wizard is done, and then click Finish. Using Advanced Setup You can configure the advanced features in the IP30 using Advanced Setup. To configure the Internet connection 1. Click Cancel on the Welcome page of the Setup Wizard.

  • Page 36: Lan Connection

    The display changes according to the connection type you selected. Perform the following procedures in accordance with the connection type you choose. LAN Connection If using a LAN connection, enter the following: Nokia IP30 User Guide...
  • Page 37 This field is optional. If a service center requires it, they will provide it. 2. If you do not want the IP30 to obtain an IP address automatically using DHCP, do the following: a. Clear the Obtain IP address automatically (using DHCP) check box.

  • Page 38: Cable Connection

    If you are not using automatic configuration of DNS servers, do the following: a. Clear the Obtain DNS servers automatically check box. b. Enter the Primary DNS server IP address. c. Enter the Secondary DNS server IP address. 2. Click Apply. Nokia IP30 User Guide...

  • Page 39: Xdsl Pppoe Connection

    If your service center did not provide you with a service name, leave this text box empty. You can set the maximum transmission unit size (MTU). Nokia recommends that you leave this field empty. However, to modify the default MTU, consult with your service center.

  • Page 40: Xdsl Pptp Connection

    4. Enter the IP address of the PPTP client as given by your Service Center. 5. Select the PPTP client subnet as given by your Service Center. You can configure the MTU size. Nokia recommends that you leave this field empty. Consult your Service Center to modify the default MTU.

  • Page 41: Static Routes

    Static Routes Static routes allow you to route all traffic to a specified network or host through a specified router. In IP30 Satellite, upto 5 static routes can be configured in LAN or when using a Cable modem. To configure a Static Route 1.

  • Page 42: Installing Your Product Key

    Installing the IP30 Installing Your Product Key Your IP30 is identified by the product key that is obtained when you purchase the device. You can purchase and upgrade to any of the other versions of the IP30. To install a product key 1.
  • Page 43 Configuring the IP30 for Internet Connection 4. Select Product Key. 5. In the Product Key field, enter the new product key. 6. Click Next. The Installed New Product Key dialog box appears. Nokia IP30 User Guide...
  • Page 44 The IP30 restarts and the Welcome page appears. Firmware Upgrade You can upgrade the IP30 to a new firmware version of the product. If you are subscribed to Software Updates, firmware updates are performed automatically. These updates include new product features and protection against new security threats.
  • Page 45 4. Click Browse. A browse window appears. 5. Select the firmware file that you have purchased. 6. Click Upload. 7. The IP30 firmware is updated - this may take one minute. Upon updating, the the IP30 restarts automatically. Nokia IP30 User Guide...
  • Page 46 Installing the IP30 Nokia IP30 User Guide...

  • Page 47: Configuring The Ip30

    This chapter explains the steps and procedure to perform to configure the IP30. Logging On to the IP30 Once connected to the internet, you can configure your IP30. You can configure and manage the IP30 using the GUI. To access the user interface of the IP30, 1.

  • Page 48: Accessing The Ip30 Securely

    Accessing the IP30 securely You can access the IP30 graphical user interface (GUI) through HTTPS either remotely or locally (from your internal network). Note First configure HTTPS to access the IP30 GUI from a remote location. Nokia IP30 User Guide...
  • Page 49 (Note that the URL starts with https, not http.) If you are accessing the IP30 for the first time, the security certificate in the IP30 is not yet known to the browser, so a Security Alert appears. Click Yes to install the security certificate of the IP30 that you are trying to access.

  • Page 50: Nokia Ip30 Gui

    Help: provides context sensitive on-line help. Logout: logs you out of the web interface. If you are using IP30 Tele, Satellite/ Satellite Plus, the Navigation Bar includes the following additional main menus: VPN: lets you manage, configure, and log on to VPN sites.

  • Page 51: Logging Off

    Connection Failed Connecting Connected Logging Off Logging off terminates the IP30 session. To connect to the IP30 again, enter the password. To log out of IP30, perform one of the following procedures: If you are connected locally, click Logout. The Logout screen appears.

  • Page 52: Quick Internet Connection And Disconnection

    Quick Internet Connection and Disconnection Click the Connect or Disconnect button (depending on the connection status) to establish quick Internet connection by using the currently selected connection type. In the same manner, you can terminate the active connection. Nokia IP30 User Guide...

  • Page 53: Configuring Network Settings

    Changing network settings might result in losing the IP30 configuration. If you change the network settings to incorrect values and are unable to correct the error, reset the IP30 to its factory default settings. To reset the IP30 to its factory default settings, choose Setup >...

  • Page 54: Changing Ip Addresses

    You might want to do this if, for example, you are adding the IP30 to a large existing network and do not want the network IP address range to change, or if you are using a DHCP server other than the IP30, that assigns addresses within a different range.

  • Page 55: Enabling And Disabling Nat

    Network Address Translation (NAT) enables you to share a single IP address among several computers. Note NAT can only be disabled in IP30 Satellite and Satellite Plus. NAT is enabled by default. If NAT is disabled, you need to buy an IP address range. To enable NAT 1.

  • Page 56: Accessing The Ip30 From A Remote Location

    Internet. To allow remote access, you must first configure HTTPS. Note If your IP30 is managed from a central location, the central location must configure HTTPS access for you. To configure HTTPS 1. In the Navigation Bar, click Setup > HTTPS.

  • Page 57: Managing Ip30 Firewall From A Remote Location

    IP address range. Note You can use HTTPS to access the IP30 from your internal network even if remote HTTPS is disabled, by going to https://my.firewall. c. To allow access to the IP30 from any IP address, select Allow from any IP address.

  • Page 58: Viewing Reports

    Configuring the IP30 Viewing Reports You can view the following reports in the IP30 GUI: Event Log Active computers Active connections VPN tunnels Viewing the Event Log You can track network activity by using the event log. The event log displays the last 100 events in the following categories:...

  • Page 59: Viewing Active Computers

    IP address of the attacking machine. The IP30 queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information. This information is useful in tracking down hackers.
  • Page 60 These computers might not be able to access the Internet through the IP30. Note To increase the number of computers that your license allows, you must upgrade your product.

  • Page 61: Viewing Active Connections

    Click the Refresh button to refresh the display. To view information on the destination machine, click on its IP address. The IP30 queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information.
  • Page 62 Configuring the IP30 Note This feature is applicable for IP30 Tele and Satellite. A VPN tunnel is created whenever your computer attempts to communicate with a computer at the VPN site, after you have logged on to the site. When you log off, all open tunnels connecting to a VPN site are closed.
  • Page 63 The Time when the VPN Tunnel is established. Time This information is presented in the following format - Hour:Minute:Second The IP Address of the VPN Gateway to which the Gateway Tunnel is connected You can refresh the table by refreshing the browser. Nokia IP30 User Guide...

  • Page 64: Setting Up The Ip30 Security Policy

    Configuring the IP30 Setting up the IP30 Security Policy You can control the following security features from the IP30 GUI: Firewall security level Configuring Virtual servers Allowing specific ports and IP addresses Blocking specific ports and IP addresses Setting up a computer as a DMZ You can also subscribe to services such as Web Filtering and Anti - virus scanning.

  • Page 65: Configuring Virtual Servers

    Managing Your Network 2. To set the security level, drag the slider. The IP30 security level changes accordingly. Note You may experience a temporary break in the service. Configuring Virtual Servers Note If you do not intend to host any public Internet servers (Web server, mail server and so on) in your network, you can skip this section.
  • Page 66 3. In the Allow column, select the check box of the desired service or application. If you are using IP30 Satellite, the appropriate check box in the VPN Only column is enabled. 4. To allow only connections made through a VPN, select the VPN Only check box.

  • Page 67: Creating Rules

    The service or application for the specific host is not allowed. Creating Rules The IP30 checks the protocol used, the ports range, and destination IP address when deciding whether to allow or block traffic. User defined rules have priority over the default rules.
  • Page 68 Depending on the tab you select, the Allow Rules or the Block Rules page appears. Note In IP30 Firewall or Tele, the Allow Rules page does not contain a VPN Only column, and the Block Rules page does not contain an Also VPN column. Nokia IP30 User Guide...
  • Page 69 Internet. When you create Allow rules in NAT mode, you need to provide an IP address. This way the IP30 knows to which computer to forward incoming connections. On the other hand, when you define Block...

  • Page 70: Demilitarized Zone

    The rule is deleted. Demilitarized Zone The IP30 allows you to define a DMZ, that is define a computer that is not protected by the firewall. This procedure is useful for setting up a public server. It allows unlimited incoming and outgoing connections between the Internet and that computer.

  • Page 71: Using Subscription Services

    DMZ. 3. Click Apply. The selected computer is now defined as DMZ. Using Subscription Services Subscription services offer valuable features, such as automatic software and security policy updates, content filtering, Anti virus scanning, and remote logging. Nokia IP30 User Guide...

  • Page 72: Starting Your Subscription Services

    To start your subscription 1. In the Navigation Bar, click Services. The Account page appears. 2. In the Service Account area, click Connect. The Setup Wizard opens, with the first Subscription Services dialog box displayed. Nokia IP30 User Guide...
  • Page 73 4. Enter the desired service center IP address or the domain name in the Service Center text box, as given to you by your service provider. 5. Click Next. The Connecting screen appears. The second Subscription Services dialog box appears. Nokia IP30 User Guide...
  • Page 74 The third Subscription Services dialog box appears with a list of services to which you are subscribed. 8. Click Next. The final Subscription Services dialog box appears with a success message. 9. Click Finish. The following things happen: Nokia IP30 User Guide...

  • Page 75: Viewing Services Information

    Managing Your Network If a new firmware was installed, the IP30 is restarted. The services to which you are subscribed to are now available on your IP30 and listed on the Account page. The Services submenu includes the services you are subscribed to.

  • Page 76: Web Filtering

    When enabled, access to Web content is restricted according to the categories specified under Allow Categories. Enabling Web Filtering When Locally Managed You can enable and disable Web filtering when your IP30 is locally managed. To enable and disable Web Filtering when locally managed 1.

  • Page 77: Selecting Categories For Blocking

    Note If the configured plan is remotely managed but with services locally managed, then you can modify the services using the IP30 GUI To allow and block a category 1. In the Allow Categories area, select the desired category.
  • Page 78 Filtering service to resume. 3. To re enable the service, click Resume, either in the popup window, or on the Web Filtering page. The service is re enabled for all internal network computers. The Resume button changes to Snooze. Nokia IP30 User Guide...

  • Page 79: E-Mail Anti Virus

    1. In the Navigation Bar click Services > Anti Virus. The Anti Virus page appears. 2. Drag the On/Off slider upwards or downwards. Anti virus scanning is enabled or disabled for all internal network computers. Nokia IP30 User Guide...

  • Page 80: Selecting Protocols For Scanning

    E-mail sending (SMTP): if enabled, all outgoing email is scanned. Protocols selected are scanned. Note If your IP30 is remotely managed, contact your service center to change these settings. To enable virus scanning for a protocol 1. Select the desired protocol.

  • Page 81: Automatic And Manual Updates

    The Resume button changes to Snooze. If the Anti virus Off popup window was open, it closes. Automatic and Manual Updates If you are subscribed to software updates, you can check for new security and software updates. Nokia IP30 User Guide...

  • Page 82: Software Updates For Locally Managed Ip30

    When the Software Update service is set to Automatic, you can still manually check for updates. See step 5. 3. To set the IP30 so that software updates must be checked for manually, drag the Automatic/Manual lever downwards. The IP30 does not check for software updates automatically.

  • Page 83: Refreshing Your Service Center Connection

    IP30 services' settings. To refresh your Service Center connection 1. In the Navigation Bar, click Services > Refresh. IP30 reconnects to the Service Center. Your service settings are refreshed. Configuring Your Account The configure option allows you to access your service center, which offers additional configuration options for your account.

  • Page 84: Configuring For Nokia Horizon Manager

    Select Allow HTTPS from NHM. 3. Click Connect. Managing Users Nokia IP30 Firewall and Tele have a single user called admin. You can change this user's password. In Nokia IP30 Satellite, you can define multiple users and perform the following tasks:...

  • Page 85: Changing Your Password

    Setting Up Remote VPN Access for Users Changing Your Password You can change your password at any time. How this task is performed depends on the IP30 that you are using (Firewall, Tele, or Satellite). To change password using IP30 Firewall and Tele 1.

  • Page 86: Adding Users

    Use 5 to 25 alphanumeric characters for the new password. 4. Click Apply. Your changes are saved. Adding Users You can perform this task only with IP30 Satellite. The number of IP30 users you can add is limited according to your software. Nokia IP30 User Guide...

  • Page 87: Viewing And Editing Users

    4. Click Apply. The new user is saved. The Edit User page appears. Viewing and Editing Users You can perform this task only with IP30 Satellite. To view or edit users 1. In the Navigation Bar, click Users. The Users page appears.

  • Page 88: Deleting Users

    Allows the user to log on to my.firewall. This option cannot be disabled for the admin user. VPN Remote Allows the user to connect to this IP30 using Access their VPN client. For further information on setting up VPN remote access, see “Setting Up Remote VPN Access for Users.”...

  • Page 89: Setting Up Remote Vpn Access For Users

    Setting Up Remote VPN Access for Users You can setup VPN access for users only with IP30 Satellite. If you are using IP30 as a VPN server, you can allow users to access it remotely through their VPN clients (a Check Point SecureClient, Check Point SecuRemote, IP30 Tele, or another IP30 Satellite).
  • Page 90 Configuring the IP30 Nokia IP30 User Guide...

  • Page 91: Vpn Configuration

    IP30 Tele, IP30 Satellite and Satellite Plus provide VPN functionality. The IP30 Tele acts as a VPN client and can establish secure VPN tunnels to your office VPN gateway. IP30 Satellite and Satellite Plus can act as a VPN client, a VPN server, or a VPN gateway.
  • Page 92 If you have an IP30 Firewall and need VPN functionality, upgrade your IP30 to Tele, Satellite or Satellite Plus. Until you install your Tele or Satellite license, your IP30 functions as a Firewall. For information on how to install a license, see “Installing Your Software License.”...
  • Page 93 FP2, FP3 Satellite Check Point FP3 (DAIP object) Satellite Check Point FP3 (Star Community) Satellite Windows 2000 Note To know more on Configuring VPN gateways, refer SofaWare’s Configuring Safe@ to VPN-1 gateway to gateway VPNs with DAIP. Nokia IP30 User Guide...

  • Page 94: Securemote To Satellite (Vpn Client To Gateway)

    SecuRemote and SecureClient VPN clients to connect to an IP30 Satellite VPN server. Note In this configuration, the IP30 Satellite VPN server must have a static IP address / domain name. Below is a sample implementation of the VPN client-to-IP30...

  • Page 95: Setting Up Ip30 Satellite

    192.168.11.0/22 Satellite - Automatic mode VPN Setting up IP30 Satellite Configure a VPN tunnel between SecuRemote and IP30 Satellite. To set up IP30 Satellite 1. Add a User (refer “Managing Users” to Add a User). 2. Enable Remote Access for the User.

  • Page 96: Setting Up Securemote

    IP30 Tele functions in VPN client mode, in which connection is initiated only by the VPN client. IP30 Tele uses only a manual mode VPN connection. To select the VPN gateway to which you want to establish a VPN connection, go to http://my.vpn.

  • Page 97: Setting Up Ip30 Satellite

    3. Enable the VPN Server. IP30 Tele to Check Point v4.1/ NG/ FP1/ The IP30 Tele can be used as a VPN client to establish a VPN connectivity with a Check Point server using version 4.1, NG, FP1, FP2 or FP3.

  • Page 98: Setting Up Ip30 Tele

    This topology uses a remote access VPN community. An illustration of this topology is available in Figure 8. IP30 Tele uses only a manual mode VPN connection. To select the VPN gateway to which you want to establish a VPN connection, go to http://my.vpn.

  • Page 99: Satellite To Satellite (Vpn Gateway To Gateway)

    Satellite to Satellite (VPN Gateway to Gateway) The VPN configuration between an IP30 Satellite and another IP30 Satellite enables you to establish site-to-site VPN connections between IP30 site-to-site VPN gateways. Note In this configuration, both IP30 Satellite Site-to-Site VPN gateways must have a static IP address.

  • Page 100: Setting Up Ip30 Satellite

    2. Enter the Shared Secret (a password that is known to both the IP30 Satellite devices.) Satellite to VPN-1 (Site-to-Site VPN) The IP30 Satellite to VPN-1 or Check Point v4.1, NG, FP1, FP2 or FP3 configuration enables you to establish site-to-site VPN connections between an IP30 Satellite site-to-site VPN gateway and a VPN-1 site-to-site VPN gateway.

  • Page 101: Setting Up Ip30 Satellite

    Point VPN-1 server or gateway. To configure IP30 Satellite 1. Specify the IP address of IP30 Satellite on the VPN-1 server. 2. Enter the Shared Secret (a password that is known to both the IP30 Satellite and the VPN-1 Server).

  • Page 102: Ip30 Satellite To Check Point Fp3

    VPN Configuration IP30 Satellite to Check Point FP3 The IP30 Satellite can be used as a VPN server to establish a VPN connectivity with Check Point FP3 server using Check Point FP3 DAIP object. Figure 10 Satellite to Check Point FP3...

  • Page 103: Setting Up Ip30 Satellite

    Point FP3, select Use Certificate instead of Use Shared Secret. IP30 Satellite to Check Point SmartCenter FP3 The IP30 Satellite can be used as a VPN server to establish a VPN connectivity with SmartCenter FP3 server using Safe@gateway with a static IP address (VPN Star Community).

  • Page 104: Setting Up Ip30 Satellite

    Configure the IP30 Satellite for VPN connection with SmartCenter FP3. 1. Specify the IP address of IP30 Satellite on the VPN-1 server. 2. Enter the Shared Secret (a password that is known to both the IP30 Satellite and the VPN-1 Server).

  • Page 105: No-Nat Mode

    VPN is required between hosts with routable IP addresses. Note You can only use No-NAT mode with IP30 Satellite. The Figure below shows a site-to-site VPN in No-NAT mode. Both VPN peers are considered site-to-site VPN gateways, and traffic is directly established from the source host to the destination host.

  • Page 106: Nat Mode

    VPN) Hosts on Network 1 establish the TCP/IP connection to the external IP address of the IP30 Satellite site-to-site VPN gateway. The IP30 Satellite device is configured through the IP30 GUI Security page to port forward the inbound traffic to the defined host.

  • Page 107: Using Ip30 Tele

    If you have subscribed to Security services, then connect with your service provider or enterprise and receive a security subscription. If you are using the IP30 in a standalone mode, add the license manually. Adding VPN Sites by Using IP30 Tele With IP30 Tele, you can define only remote access VPN sites.
  • Page 108 To add a VPN site, click New Site. b. To edit a VPN site, click Edit in the desired VPN site's row. The Nokia VPN Site Wizard opens, as shown in the Figure below. 3. Click Next. The VPN Gateway Address dialog box appears.
  • Page 109 Note Downloading the network configuration is only possible if you are connecting to a Check Point VPN-1 or Nokia IP30 Satellite VPN Gateway. Specify Configuration 7. If you chose Specify Configuration in the preceding procedure, a dialog box appears.
  • Page 110 Automatic Login must be enabled by the management center. You can subscribe to this feature. 12. Click Next. The Site Name dialog box appears. 13. Enter a name for the VPN site. 14. Click Next.The VPN Site Created screen appears. Nokia IP30 User Guide...

  • Page 111: Adding Vpn Sites By Using Ip30 Satellite

    Adding VPN Sites by Using IP30 Satellite You can define each VPN site according to the function you want IP30 Satellite to perform when connecting to the site: VPN Client: Define the VPN site as a Remote Access VPN site using the procedure below.

  • Page 112: To Add Or Edit Vpn Sites By Using Ip30 Satellite

    To add a VPN site, click New Site. To edit a VPN site, click Edit in the desired VPN site’s row. The IP30 VPN Site Wizard opens, with the Welcome to the VPN Site Wizard dialog box displayed. 4. Do one of the following: Select Remote Access VPN to establish remote access from your VPN client to a VPN server or gateway.

  • Page 113: Configuring A Remote Access Vpn Site

    VPN server. Note Downloading the network configuration is only possible if you are connecting to a Check Point VPN-1 or IP30 Satellite VPN gateway. To provide the network configuration manually, select Specify Configuration. 2. Click Next.
  • Page 114 8. Do one of the following: To configure the site for manual login, select Manual Login. To enable the IP30 to log on to the VPN site automatically, do the following: a. Select Automatic Login. b. Enter a user name and password to be used for logging on to the VPN site.

  • Page 115: Configuring A Site To Site Vpn Gateway

    2. In the Subnet mask column, select the subnet masks for the destination network addresses. Note Obtain the destination networks and subnet masks from the VPN site’s system administrator. 3. Click Next. The Shared Secret dialog box appears. Nokia IP30 User Guide...

  • Page 116: Completing Site Creation

    3. Click Finish. The VPN Sites page reappears. If you added a VPN site, the new site appears in the VPN Sites list. If you edited a VPN site, the modifications are reflected in the VPN Sites list. Nokia IP30 User Guide...

  • Page 117: Setting Up Ip30 Satellite As Vpn Server

    3. Follow the procedures in “Setting Up Remote VPN Access for Users.” Deleting a VPN Site You can delete a VPN site by using both IP30 Tele and IP30 Satellite. To delete a VPN site 1. In the navigation bar, click VPN.

  • Page 118: Logging On To A Vpn Site

    If you chose manual login, log on to a VPN site every time you want to access the VPN site. You can log on to a VPN site either through the Nokia IP30 GUI or the my.vpn page. When you log on, a VPN tunnel is established.
  • Page 119 IP30 downloads the network configuration. If when adding the VPN site, you specified a network configuration, the IP30 attempts to create a tunnel to the VPN site. The VPN Login Status box appears. The Connecting screen appears. Once the IP30 has finished connecting, the Status field changes to Connected.

  • Page 120: Logging On Through My.vpn

    IP30 downloads the network configuration. If when adding the VPN site you specified a network configuration, the IP30 attempts to create a tunnel to the VPN site. The VPN Login Status box appears. The Status field tracks the progress of the connection.

  • Page 121: Logging Off A Vpn Site

    To log off a VPN site 1. In the VPN Login Status box, click Close. All open tunnels from the IP30 to the VPN site are closed, and the VPN Login Status box closes. Note Closing the browser or dismissing the VPN Login Status box also terminates the VPN session within a short time.
  • Page 122 2. Click Install Certificate. The Certificate Upload screen appears. 3. Click Browse. Select the .p12 certificate. 4. Click Upload. The screen prompts you to enter the Certficate Passphrase used when creating the .p12 certificate. 5. Click OK. Nokia IP30 User Guide...

  • Page 123: Troubleshooting

    Frequently Asked Questions Troubleshooting If the IP30 does not function normally, refer Frequently Asked Questions, and perform the required tasks: Frequently Asked Questions I cannot access the Internet. What should I do? Check for the following: Check if the PWR/SEC LED is active. If not, check the power connection to the IP30.
  • Page 124 I cannot access http://my.firewall or http://my.vpn. What should I do? Verify that the IP30 is operating (PWR/SEC LED is active) Check if the LAN LINK/ACT LED for the port used by your computer is on. If not, check the network cable linking your computer and IP30 is connected properly.
  • Page 125 My network seems extremely slow. What should I do? The Ethernet cables may be faulty. For proper operation, the IP30 requires STP CAT5 (Shielded Twisted Pair Category 5) Ethernet cables. Make sure that this specification is printed on your cables.
  • Page 126 “Resetting theIP30 to factory defaults.” Note that this will erase all your settings. I purchased IP30 Tele or IP30 Satellite, but I only seem to have IP30 Firewall functionality. What should I do? Your have not installed your product key. See Installing Your Product Key.
  • Page 127 Reset the network to its default settings using the button on the back of the IP30 unit. I am using the IP30 with another DSL/Cable router, and I am having problems with some applications. The IP30 performs Network Address Translation (NAT). It is...
  • Page 128 The following suggestions will work only if the router is connected to the WAN port of the IP30: If the router has a “DMZ Computer” option, set it to the IP30 external IP address. Set the router to direct all incoming connections to the external IP address of IP30.
  • Page 129 If the URL filtering is required, then make sure the UFP server in the Server page of SMC is correctly configured. I cannot connect to SmartCenter FP3 VPN site using IP30 Satellite or Satellite Plus when using Dynamic IP with cerificate support (DAIP).

  • Page 130: Viewing Firmware Status

    Check for the correct Username/ Authentication Failure Password given for the VPN site during login I cannot connect to IP30 Satellite VPN site using IP30 Satellite or Satellite Plus. What should I do? Check for the following error messages in Report->Event Log: Error Message...

  • Page 131: Resetting The Ip30 To Factory Defaults

    Resetting the IP30 to factory defaults The IP30 allows you to reset its settings to factory defaults. When you reset the IP30, it reverts to the state it was originally in when you purchased it, and your firmware reverts to the version that shipped with the IP30.

  • Page 132: Rebooting The Ip30

    LED flashes slowly or illuminates steadily in green light). Warning If you choose to reset the IP30 by disconnecting the power cable and then reconnecting it, be sure to leave the IP30 disconnected for at least three seconds, or the IP30 might not function properly until you reboot it as described below.

  • Page 133: Running Diagnostics

    The Firmware page appears. 3. Click on Restart. A confirmation message appears. 4. Click OK. The IP30 is restarted (the PWR/SEC LED flashes quickly) and the following message appears. The Login page appears. Running Diagnostics You can view technical information about IP30 hardware, firmware, license, network status, and subscription services.
  • Page 134 Troubleshooting IP30...

  • Page 135: A Specifications

    User Guide. Failure to follow the instructions may result in damage to equipment and / or personal injuries. Before cleaning the IP30, unplug the power cord. Use only a soft cloth dampened with water for cleaning. IP30...
  • Page 136 Part 15 of the FCC Rules. When installing the IP30, ensure that the vents are not blocked. Do not use the IP30 outdoors. Do no expose the IP30 to liquid or moisture.
  • Page 137 AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT PLEASE IMMEDIATELY RETURN THE SOFTWARE IN THE PRODUCT PACKAGE TO THE PLACE YOU PURCHASED IT FOR FULL REFUND. 1. SOFTWARE LICENSE. Unless Customer is an approved Managed Service Provider, Nokia grants to Customer a IP30...

  • Page 138: B Warranty

    2. PROPRIETARY RIGHTS. All right, title and interest in and to the Software and documentation, and any copies thereof provided by Nokia or which may be made by Customer, are and shall remain the exclusive property of Nokia or Nokia’s licensors (Nokia and its licensors are collectively referred to as “Software Owners”).
  • Page 139 (4) has been used in ultra-hazardous activities, or (5) has been used in such a way that Nokia cannot reasonably reproduce the Software error. Furthermore, the above warranty does not apply to any portion of the product supplied by a third party.
  • Page 140 ANY WARRANTY FOR THIRD PARTY SOFTWARE SUPPLIED WITH THE PRODUCT. 4. LIMITATION OF LIABILITY. IN NO EVENT WILL NOKIA, ITS SUPPLIERS OR RESELLERS BE LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY, TORT OR OTHER THEORY FOR DIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR...
  • Page 141 Customer permit others to, disclose, provide, or otherwise make available such trade secrets or copyrighted material in any form to any third party without the prior consent of Nokia. Customer agrees to implement reasonable security measures to protect such trade secrets and copyrighted material. The...
  • Page 142 Upon termination, Customer shall cease all use of the Software and shall destroy or return to Nokia the original(s) and all copies of the Software and documentation made or furnished hereunder. Customer may terminate the License at any time by destroying all copies of the Software and documentation.
  • Page 143 US. Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement. IP30...
  • Page 144 Warranty IP30...
  • Page 145 THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS. IF THESE TERMS ARE CONSIDERED AN OFFER BY SOFAWARE, YOUR ACCEPTANCE IS EXPRESSLY LIMITED TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE WITH ALL THE TERMS OF THIS IP30...

  • Page 146: C End User License Agreement

    Product as detailed in the Third Party Software Addendum attached to this Agreement. 1.5 "Third Party Software Provider" means the third party which has the right to provide and grant licenses for the use of Third Party Software. IP30...
  • Page 147 Your Service Customers or Clients from an authorized location. No Product, nor any portion thereof, may be used by or on behalf of, accessed by, re-sold to, rented to, or distributed to any other party, except for the IP30...
  • Page 148 IP addresses. Without derogation from any applicable laws, it is a violation of this End User License Agreement to create, set-up or design any hardware, software or system which alters the number of readable IP addresses presented to the Product with the IP30...
  • Page 149 Upon termination of this Agreement, You agree to cease all use of the Product and to return to SofaWare or destroy the Product and all documentation and related materials in your possession, and so certify to SofaWare. Except for the license IP30...
  • Page 150 PRODUCT AND ANY SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. SOFAWARE DOES NOT WARRANT THAT THE PRODUCT WILL MEET YOUR REQUIREMENTS OR THAT ITS OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. SOFAWARE IP30...
  • Page 151 8.2 Export. The Product is subject to export control laws of the State of Israel and/or may be subject to additional export control laws applicable to You or in Your jurisdiction, including, without limitation, the United States. If the Product contains any IP30...
  • Page 152 SofaWare. If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction, that provision of the Agreement will be enforced to the maximum extent permissible so as to effect the intent of the Agreement, and IP30...
  • Page 153 Agreement, and no license to the Product is granted to any government requiring different terms. 9.4 Questions? Should You have any questions concerning this Agreement contact the manufacturer at SofaWare Technologies Ltd., 3 Hilazon St., Ramat-Gan, Israel 52522. IP30...
  • Page 154 End User License Agreement IP30...

  • Page 155: D Compliance Information

    Compliance Information Declaration of Conformity according to ISO/IEC Guide 22 and EN 45104 Manufacturer’s name: Nokia Corporation Manufacturer’s address: 313 Fairchild Drive Mountain View, CA 94043- 2215 declares that the product: Product name: IP0530 Model number: IP530 Product options: Serial number:...

  • Page 156: Compliance Statement

    Directive 73/23/EEC and the EMC Directive 89/336/EEC.” Alan Hutchinson Quality Engineer Mountain View, California European contact: Greg Shortell Nokia Telecommunications 2 Heathrow Blvd, 284 Bath Road Heathrow, Middlesex UB7 ODQ England Compliance Statement This hardware complies with the following standards:...

  • Page 157: Fcc Notice (Us)

    Reorient or relocate the receiving antenna. Increase the separation between the computer and receiver. Connect the computer into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. IP30...
  • Page 158 Compliance Information Caution Caution Caution: Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. IP30...

  • Page 159: Index

    Index Adding VPN Sites Using IP30 Tele 105 Advanced Setup, Using 35 Anti virus, Snoozing 78 Automatic DHCP, Using 35 Blocking Categories 75 Canceling, Subscription Services 73 Changing IP Addresses 52 Changing Your Password 83 Compliance Specifications 152 compliance standards...
  • Page 160 Enabling NAT 53 Enabling, DHCP Server 51 FCC Notice 153 Frequently Asked Questions 121 immunity 152 Installing Your Network 26 IP30 GUI 48 IP30 Satellite in NAT and No-NAT Modes 102 IP30 Satellite to Check Point FP3 100 Document Title Variable...
  • Page 161 IP30 Satellite to Check Point SmartCenter FP3 101 IP30 Satellite to Windows 2000 104 IP30 Tele to Check Point FP3 95 IP30 Tele to Check Point v4.1/ NG/ FP1/ FP2 95 IP30 Tele, Using 105 IP30, Configuring for Internet Connection 27...
  • Page 162 Satellite to Satellite 97 Satellite to VPN-1 98 Scanning, Protocols 78 SecuRemote to Satellite 92 Security 15 Security Services 16 Setting the Firewall Security Level 62 Setting Up IP30 Satellite as VPN Server 115 Setup Wizard 29 Software Updates 80 Document Title Variable...
  • Page 163 Specifications 131 specifications compliance 152 emissions 152 safety 153 Specifications, Technical 131 Static Routes 41 Subscription Services, Using 69 TCP/IP Installation 22 TCP/IP Settings 23 TCP/IP, Installation 22 TCP/IP, installation 24 TCP/IP, Settings 23 TCP/IP, settings 25 Tele to Satellite 94 Troubleshooting 121 Updates, Automatic and Manual 80 Users, Adding 85...
  • Page 164 Viewing, Network Activity Information 49 Viewing, Reports 55 Viewing, Services Information 73 Viewing, VPN Tunnels 59 VPN 16 VPN Configuration 89 Web Filtering 74 Web Filtering, Enabling 74 Web Filtering, Snoozing 75 Windows 98 22 Windows, 2000 24 Windows, XP 24 Document Title Variable...

Table of Contents