[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] How to setup a Nokia Firewall
On Tue, Jan 23, 2001 at 05:03:33PM +0000, [email protected] wrote:
: Anyone got a document "How to Setup a Nokia FW-1" ?
It's really no different than other platforms, except the software is
preloaded... Do the OS config, do the FW config, create a policy,
install policy, adjust policy, etc.
: I have got several different documentation sets for Nokia and Checkpoint
: which are not very helpful and it is not even clear in what order to do
: certain things.
:
: It would nice to have just one set of steps from start to finish (at least
: to the point where you have a GUI connected and are ready to build a
: rulebase) - hopefully in the correct order !
Here's a quick guide. I'll assume two units in a VRRP config with a
management console running on the internal network. This assumes you
understand FW1 basics like putkeys, connecting remote fw modules to
management consoles, etc.
1) Hook up the console cable, do the initial config (hostname, admin pw,
pick an i/f, configure it) - do this to both boxes.
2) Rack 'em and cable 'em up.
3) Configure the remaining interfaces using Voyager, including IP addresses,
netmasks, chose 10 or 100 Mbps, full/half duplex, etc.
4) Configure routing - default gateways, static routes, etc.
5) Configure VRRP Monitored Circuits - test failover.
6) Configure FW1 on each box (cpconfig) - get them talking to the management
console ($FWDIR/conf/masters, putkeys, etc.)
7) Make a workstation object, vrrp.mcast.net == 224.0.0.18
8) Make sure your firewalls are defined, and all of their i/fs are listed in
the Interfaces tab of their respective workstation objects.
9) Configure FW1 state sync - Create $FWDIR/conf/sync.conf on each fw module
with the ip of the partner fw in the file. Don't forget to do putkeys
each way between the partners. I typically dedicate an interface to
this, and use a crossover, running at 100 Mbps, full duplex. Use these
IPs for the state sharing.
10) First rule of your rulebase:
firewalls vrrp.mcast.net vrrp,igmp Accept (No log)
11) Finish building your rules, lather, rinse, repeat.
This rule permits vrrp to work properly.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================