[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] How to setup a Nokia Firewall

To: [email protected]
Subject: Re: [FW1] How to setup a Nokia Firewall
From: Jason Costomiris <[email protected]>
Date: Tue, 23 Jan 2001 13:05:01 -0500
Cc: [email protected]
In-Reply-To: <[email protected]>; from [email protected] on Tue, Jan 23, 2001 at 05:03:33PM +0000
References: <[email protected]>
Sender: [email protected]
User-Agent: Mutt/1.2.5i


On Tue, Jan 23, 2001 at 05:03:33PM +0000, [email protected] wrote:
: Anyone got a document "How to Setup a Nokia FW-1" ?

It's really no different than other platforms, except the software is
preloaded...  Do the OS config, do the FW config, create a policy,
install policy, adjust policy, etc.

: I have got several different documentation sets for Nokia and Checkpoint 
: which are not very helpful and it is not even clear in what order to do 
: certain things.
: 
: It would nice to have just one set of steps from start to finish (at least 
: to the point where you have a GUI connected and are ready to build a 
: rulebase) - hopefully in the correct order !

Here's a quick guide.  I'll assume two units in a VRRP config with a
management console running on the internal network.  This assumes you 
understand FW1 basics like putkeys, connecting remote fw modules to
management consoles, etc.

1) Hook up the console cable, do the initial config (hostname, admin pw,
   pick an i/f, configure it) - do this to both boxes.

2) Rack 'em and cable 'em up.

3) Configure the remaining interfaces using Voyager, including IP addresses,
   netmasks, chose 10 or 100 Mbps, full/half duplex, etc.

4) Configure routing - default gateways, static routes, etc.

5) Configure VRRP Monitored Circuits - test failover.

6) Configure FW1 on each box (cpconfig) - get them talking to the management
   console ($FWDIR/conf/masters, putkeys, etc.)

7) Make a workstation object, vrrp.mcast.net == 224.0.0.18

8) Make sure your firewalls are defined, and all of their i/fs are listed in
   the Interfaces tab of their respective workstation objects.

9) Configure FW1 state sync - Create $FWDIR/conf/sync.conf on each fw module
   with the ip of the partner fw in the file.  Don't forget to do putkeys 
   each way between the partners.  I typically dedicate an interface to 
   this, and use a crossover, running at 100 Mbps, full duplex.  Use these
   IPs for the state sharing.

10) First rule of your rulebase:
firewalls	vrrp.mcast.net		vrrp,igmp	Accept		(No log)

11) Finish building your rules, lather, rinse, repeat.

This rule permits vrrp to work properly.

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] How to setup a Nokia Firewall
  - From: "guillaume.schachtele" <[email protected]>

References:
- [FW1] How to setup a Nokia Firewall
  - From: [email protected]

Prev by Date: RE: [FW1] FW-1 performance
Next by Date: [FW1] RE: FW-1 performance
Prev by thread: [FW1] How to setup a Nokia Firewall
Next by thread: Re: [FW1] How to setup a Nokia Firewall
Index(es):
- Date
- Thread