Nortel Switched Firewall 5100 Series Release 2.3.3 Browser-Based Interface User’s Guide part number: 216383-D, October 2005 4655 Great America Parkway Santa Clara, CA 95054 Phone 1-800-4Nortel http://www.nortel.
Copyright © Nortel Networks 2002– 2005. All rights reserved. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc.
Contents Preface 7 Who should use this book 7 How this book is organized 7 Typographic conventions 8 How to get help 9 Getting help from the Nortel web site 9 Getting help over the telephone from a Nortel Solutions Center 9 Using an Express Routing Code to get help from a specialist 10 Getting help through a Nortel distributor or reseller 10 Chapter 1: Introduction 11 Characteristics of the BBI 11 Getting started 12 Requirements 12 Enabling the BBI 12 CLI configuration tasks 12 Setting up the web browser 14
Nortel Switched Firewall Browser-Based Interface Users Guide Basic operation 22 Pending change exceptions 22 Lost changes 22 Creating a configuration 23 Viewing pending changes 23 Clearing pending changes 23 Submitting changes 23 Global command forms 24 Apply Changes 24 Diff 26 Revert 27 Logout 28 Help 29 Context-sensitive Help 29 Task-based Help 30 Chapter 3: Browser-Based Interface forms reference 33 BBI main menu selections 33 System form 34 NSF 5100 Ticker form 34 Cluster forms 38 Director(s) form 38 T
Nortel Switched Firewall Browser-Based Interface Users Guide License Management form 91 Installed License(s) form 93 Synchronization form 94 SMART Clients form 95 SecurID form 96 Operation forms 97 Director(s) form 97 Configuration form 98 Image Update forms 99 Administration forms 102 Monitor forms 102 Users forms 110 Access List form 115 Telnet-SSH form 117 Web forms 118 SNMP forms 126 SSH Keys form 135 RADIUS form 138 APC UPS form 141 Audit form 142 Diagnostics forms 145 Logs form 145 Events form 147 Au
Nortel Switched Firewall Browser-Based Interface Users Guide 6 Contents 216383-D October 2005
Preface This Quick Guide describes the Nortel Switched Firewall Browser-Based Interface (BBI). The components and features of the BBI can be used as an alternative to the Nortel Switched Firewall Command Line Interface (CLI) documented in the Nortel Switched Firewall 2.3.3 User’s Guide and Command Reference, (213455-L). Who should use this book This Quick Guide is intended for network installers and system administrators engaged in configuring and maintaining a network.
Nortel Switched Firewall Browser-Based Interface Users Guide Typographic conventions The following table describes the typographic styles used in this book. Table 1 Typographic conventions Typeface or Symbol Meaning Example AaBbCc123 This fixed-width type is used for names of commands, files, and directories used within the text. View the readme.txt file. It also depicts on-screen computer output and Main# prompts.
Nortel Switched Firewall Browser-Based Interface Users Guide How to get help This section explains how to get help for Nortel products and services. Getting help from the Nortel web site The best way to get technical support for Nortel products is from the Nortel Technical Support web site at: www.nortel.com/support. This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
Nortel Switched Firewall Browser-Based Interface Users Guide Using an Express Routing Code to get help from a specialist You can find Express Routing Codes (ERC) for many Nortel products and services on the Nortel Technical Support web site. ERCs allow you to connect directly to service and support organizations based on specific products or services. To locate the ERC for your product or service, go to www.nortel.com/erc.
CHAPTER 1 Introduction This chapter explains how to enable the Browser-Based Interface (BBI), set up your web browser, and launch the BBI to access the Nortel Switched Firewall (NSF) systemmanagement features from your web browser. Characteristics of the BBI Following are the characteristics of the BBI: Intuitive interface structure. Configuration and monitoring functions similar to those available through the Command Line Interface (CLI).
Nortel Switched Firewall Browser-Based Interface Users Guide Getting started Requirements Following are the requirements to enable the BBI: An installed Nortel Switched Firewall A Check Point policy to allow management station access for HTTP or HTTPS traffic A PC or workstation with network access to the Firewall host IP address A Frame-capable web browser software, such as the following: Netscape Navigator 4.6 or higher Internet Explorer 5.
Nortel Switched Firewall Browser-Based Interface Users Guide Enabling the BBI You can enable the BBI for HTTP, HTTP and HTTPS, or you can fully disable the BBI. TIP: The default setting for the BBI is enabled for HTTP access and disabled for HTTPS access. NOTE – HTTP is not a secure protocol. All data (including passwords) between an HTTP client and the Nortel Switched Firewall is not encrypted and is subject only to weak authentication. If secure remote access is required, use HTTPS.
Nortel Switched Firewall Browser-Based Interface Users Guide Applying the changes. >> SSL configuration# apply Using the access list to permit remote access to trusted clients If you already configured the access list for Telnet or SSH, you need not repeat the process. Otherwise, to permit access to only trusted clients, see the Nortel Switched Firewall 2.3.3 User’s Guide and Command Reference, Part No. 213455-L.
Nortel Switched Firewall Browser-Based Interface Users Guide c) MIP address d) virtual IP address (see Using the VRRP virtual IP address to access the NSF BBI) The NSF login window opens. 3. Log in (see Logging in). 4. Allow the main page to load (see Loading the main page on page 16). Using the VRRP virtual IP address to access the NSF BBI To use the VRRP virtual IP address for firewall access by web browser, enable management support for the VRRP interface.
Nortel Switched Firewall Browser-Based Interface Users Guide Figure 1 NSF Login window Loading the main page When the valid account name and password combination is entered on the login window, the BBI default page appears in your browser viewing window (see Figure 2). Figure 2 NSF BBI main page NOTE – A delay of a few seconds can occur while the default page collects data from all of the cluster components. Do not stop the browser while loading is in progress.
CHAPTER 2 Basics of the Browser-Based Interface Interface components The Nortel Switched Firewall (NSF) Browser-Based Interface (BBI) main page has eight component areas (see Figure 3).
Nortel Switched Firewall Browser-Based Interface Users Guide Main page tabs The two main page tabs are Wizards and Config (see Figure 3 on page 17). Wizards provides access to wizards that guide users through the processes of initial configuration, interface and bridge addition, Check Point Firewall configuration, routes and gateway configuration, DHCP Relay configuration, and OSPF configuration (see Figure 4 and Figure 5).
Nortel Switched Firewall Browser-Based Interface Users Guide Wizards menu shows the selections available on the Wizards menu tree.
Nortel Switched Firewall Browser-Based Interface Users Guide NSF Config main menu tree Each of the selections on the Config main menu tree represents a page, called a form, which provides a method to monitor or configure the NSF (see Figure 3 on page 17 and Figure 6). Figure 6 NSF Config main menu Each main menu category offers subcategories, providing a further level of control or detailed information.
Nortel Switched Firewall Browser-Based Interface Users Guide History list The History list displays the path to the current page. Up to nine of the most recently visited pages are listed, most recent first. TIP: Click a list item to go directly to that page. Forms display area The Forms display area contains fields that display information or allow you to specify information for configuring the system. The fields are different for each subpage.
Nortel Switched Firewall Browser-Based Interface Users Guide Basic operation The Browser-Based Interface for the Nortel Switched Firewall provides a variety of levels of control. TIP: To access the full functionality of the BBI, you must log in as administrator (username admin). The BBI allows you to administer the NSF in the following manner (see Table 1). Table 1 NSF administration NSF function Administration method Create a configuration Use the Config functions or Wizards.
Nortel Switched Firewall Browser-Based Interface Users Guide Pending changes are also discarded if you do not submit them before the inactivity timeout value on BBI sessions elapses. The BBI inactivity timeout value is five minutes and cannot be changed. Creating a configuration To create a configuration, do the following: 1) Select the appropriate menu item and subpage. 2) Modify fields in the appropriate forms display areas. 3) Click Update to submit the changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide 2) Click Submit. See Global command forms for details on using Apply, Diff, Revert, and Logout. Global command forms The global command buttons are always available at the top of each form. These buttons summon forms used to save, examine, or cancel configuration changes, log out, and to display Help information. Each global command form provides options to verify or cancel the command.
Nortel Switched Firewall Browser-Based Interface Users Guide When selected, this command updates the Nortel Switched Firewall with any pending configuration changes. Pending changes are first validated for correctness (see Validate Configuration on page 25). If no problems are found, the changes are applied and put into effect. If problems are found, applicable warning and error messages are displayed. Warnings are allowed, and the changes are applied and put into effect.
Nortel Switched Firewall Browser-Based Interface Users Guide Diff The global Diff command displays the Pending Updates form. Pending Updates provides a list of the pending configuration changes for the current session (see Figure 9). Figure 9 Diff form The list displays a change record for each submitted update. Each record can consist of many modifications, depending upon the complexity of the form and changes submitted.
Nortel Switched Firewall Browser-Based Interface Users Guide Revert The global Revert command displays the Revert Changes form. Use Revert to cancel pending configuration changes (see Figure 10). Figure 10 Revert form The global Revert form includes the following items: Revert button: Click Revert to cancel the pending configuration changes for the current session. TIP: Applied changes are not affected. Pending changes made in other open CLI or BBI sessions are not affected.
Nortel Switched Firewall Browser-Based Interface Users Guide Logout Use the global Logout form to terminate the current user session (see Figure 11). Figure 11 Logout form Back Logout The global Logout form includes the following items: Logout button: Click Logout to terminate the current user session. TIP: Any configuration changes made during this session that have not been applied are lost. This command has no effect on pending changes in other open CLI or BBI sessions.
Nortel Switched Firewall Browser-Based Interface Users Guide Help The global Help form provides assistance with forms and tasks in the BBI. Two kinds of Help are available: context-sensitive Help and task-based Help. Context-sensitive Help Context-sensitive Help displays detailed information about the currently displayed form in the BBI forms area. Click global Help to view a new window showing Help information appropriate to your current options (see Figure 12).
Nortel Switched Firewall Browser-Based Interface Users Guide Forms area: This area displays detailed information about the selected topic. Close button: Click Close to close the context-sensitive Help window. Task-based Help Task-based Help directs the administrator through the steps of various common procedures. To access task-based Help, click global Help and then click the Tasks bar.
Nortel Switched Firewall Browser-Based Interface Users Guide Load Page link: Click Load Page to display the form referenced on the task topic menu. If the subtask has more than one step, the steps are listed on the form. Click to display the information for the next subtask. Click to display the information for the previous subtask. Close button: Click Close to close the task-based Help window.
Nortel Switched Firewall Browser-Based Interface Users Guide 32 Basics of the Browser-Based Interface 216383-D October 2005
CHAPTER 3 Browser-Based Interface forms reference BBI main menu selections The following eight selections are available on the Nortel Switched Firewall (NSF) BrowserBased Interface (BBI) Config tab main menu: System form on page 34 NSF 5100 Ticker form on page 34 Cluster forms on page 38 Network forms on page 50 Firewall forms on page 89 Operation forms on page 97 Administration forms on page 102 Diagnostics forms on page 145 Pages, called forms, are available for each menu
Nortel Switched Firewall Browser-Based Interface Users Guide System form When you select System, the Main page, also known as the Monitor System form, is displayed as shown in Monitor System form. For more information about the System form, see Interface components on page 17.
Nortel Switched Firewall Browser-Based Interface Users Guide status of the following remote accesses: HTTP HTTPS Telnet SSH SNMP Use the NSF 5100 Ticker launch form to launch the Ticker. TIP: The Ticker cannot launch if pop-up blockers are enabled (see NSF 5100 Ticker launch form). NOTE – Java 2 Runtime Environment SE plug-in, version 1.2.4-01 or higher, is required. When you launch the Ticker, if the Java plug-in is not present, the Ticker downloads it from the java.sun.
Nortel Switched Firewall Browser-Based Interface Users Guide The NSF 5100 Ticker report form displays three tabs (see NSF 5100 Ticker results form). Figure 16 NSF 5100 Ticker results form Tabs on the NSF 5100 Ticker results form are as follows: Cluster information Properties About The Cluster Information page displays the statistics and graphs for the Firewall (see NSF 5100 Ticker results form).
Nortel Switched Firewall Browser-Based Interface Users Guide The Properties page displays properties for NSF 5100 Ticker parameters (see NSF 5100 Ticker/Properties form). Figure 17 NSF 5100 Ticker/Properties form The About page displays the NSF version and license information (see NSF 5100 Ticker/About form).
Nortel Switched Firewall Browser-Based Interface Users Guide Cluster forms The Cluster menu includes the following categories of forms: Director(s) form Time forms Current Time (see Cluster/Time/Current Time form on page 40) NTP servers (see Cluster/Time/NTP Servers on page 41) Logs Syslog (see Cluster/Logs/Syslog form on page 42) ELA (see Cluster/Logs/ELA form on page 45) Archive (see Cluster/Logs/Archive form on page 47) Warnings (see Cluster/Warnings form on page 49) D
Nortel Switched Firewall Browser-Based Interface Users Guide The Cluster/Director(s) form is divided into the following two sections: Management IP Address General Settings Fields and buttons on the Cluster/Director(s) form are as follows: Management IP Address MIP is the Management IP for the host. MIP address identifies the cluster and must be unique on the network. General Settings ID is the host identification number. Hostname displays the name of the Firewall host.
Nortel Switched Firewall Browser-Based Interface Users Guide Time forms The two Cluster/Time forms are as follows: Cluster/Time/Current Time (see Cluster/Time/Current Time form) Cluster/Time/NTP Servers (see Cluster/Time/NTP Servers form on page 41) Cluster/Time/Current Time form Use the Cluster/Time/Current Time form to set the date and time for the cluster (see Cluster/Time/Current Time form).
Nortel Switched Firewall Browser-Based Interface Users Guide Hour provides a list to select the current hour. Minute provides a list to select the current minute. Click Save to submit the date and time changes and to put the changes into immediate effect. Note that changes to the date and time zone are unlike most changes; they are not considered pending after submission. Timezone provides a list to select the region.
Nortel Switched Firewall Browser-Based Interface Users Guide Fields and buttons on the Cluster/Time/NTP Servers form are as follows: IP Address displays the IP address of an NTP server. Action—if an NTP server is present, a Delete button appears. Click Delete to delete the server. New NTP IP provides a field to configure a new NTP server. TIP: Use dotted decimal notation. Update submits the NTP server address changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Fields and buttons on the Cluster/Logs/Syslog form are as follows: System Log Debug Messages displays a list with two choices. Disabled disables transmission of debug messages to the local system log. Enabled enables transmission of debug messages to the local system log. Source IP Mode displays a list with three choices. Auto, the default setting, specifies the IP address of the outgoing interface.
Nortel Switched Firewall Browser-Based Interface Users Guide crit err warning notice info debug New Server Facility provides a list with the following local facility numbers used to uniquely identify syslog entries: auto local0 local1 local2 local3 local4 local5 local6 local7 Click Update to submit the Remote Syslog Server changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Cluster/Logs/ELA form Use the Cluster/Logs/ELA form to configure Event Logging API (ELA) (see Cluster/Logs/ELA form). ELA allows Firewall log messages to be sent to a Check Point SmartCenter Server for display through the Check Point SmartView Tracker. Figure 23 Cluster/Logs/ELA form NOTE – Configure an ELA service on the Check Point management station and transfer a SIC Certificate for the service to the Firewall to enable ELA logging.
Nortel Switched Firewall Browser-Based Interface Users Guide Management Station IP provides an entry field to specify the IP address of the Check Point SmartCenter Server where the Firewall log messages are sent. Minimum Severity provides a list that specifies the severity of messages logged and sent to the ELA service. emerg alert crit err warning notice info debug Management Station DN is the designated name of the Check Point SmartCenter Server.
Nortel Switched Firewall Browser-Based Interface Users Guide Cluster/Logs/Archive form Use the Cluster/Logs/Archive form to specify system log rotation and system log archiving parameters (see Cluster/Logs/Archive form). Figure 24 Cluster/Logs/Archive form Fields and buttons on the Cluster/Logs/Archive form are as follows: Email specifies an e-mail address for the administrator receiving the log. SMTP Server IP specifies the IP address of the SMTP server in dotted decimal notation.
Nortel Switched Firewall Browser-Based Interface Users Guide If the log file rotate size is set to >0, log rotation occurs when one of the following conditions is met: The log file surpasses the rotate size. The log file rotation interval is reached. Rotated log files are managed in one of the following ways when rotation occurs: The rotated log file is set aside. The rotated log file is e-mailed. TIP: Specify an e-mail address and SMTP server IP address.
Nortel Switched Firewall Browser-Based Interface Users Guide Warnings form Use the Cluster/Warnings form to enable or disable configuration warning messages (see Cluster/Warnings form). Figure 25 Cluster/Warnings form Fields and buttons on the Cluster/Warnings form are as follows: Warnings displays a list with two selections. Disabled disables the display of warning messages about the state of pending configuration changes when the global Apply command is issued.
Nortel Switched Firewall Browser-Based Interface Users Guide Network forms The Network menu includes the following categories of forms: DNS (see Network/DNS form on page 51) Ports (see Network/Ports form on page 52) Routes Static (see Network/Routes/Static form on page 54) Proxy ARP (see Network/Routes/Proxy ARP form on page 57) Gateway (see Network/Routes/Gateway form on page 58) OSPF o General (see Network/Routes/OSPF/General form on page 59) o Area Indexes (see Network/R
Nortel Switched Firewall Browser-Based Interface Users Guide NOTE – The NSF provides administrators with the option to configure Layer 2 and Layer 3 firewalls. The Layer 2 and Layer 3 firewall configuration procedures differ only in the configuration of the IP addresses. A Layer 3 firewall requires valid IP addresses for address 1 and address 2. A Layer 2 firewall requires no IP addresses. For detailed Layer 2 and Layer 3 configuration, see Nortel Switched Firewall 2.3.
Nortel Switched Firewall Browser-Based Interface Users Guide Ports form Use the Network/Ports form to configure network port settings (see Network/Ports form). Figure 27 Network/Ports form Fields and buttons on the Network/Ports form are as follows: Port# specifies the port number on the Firewall. Name provides the name of the port. Autonegotiation provides two choices: Yes indicates that autonegotiation is enabled. No indicates that autonegotiation is disabled.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Ports Modify Port form Use the Network/Ports Modify Port form to modify the settings for a selected port. Figure 28 Network/Ports Modify Port form The following fields can be modified on the Network/Ports Modify Port form: Identifier provides an entry field for a port number. TIP: Select a number between 1 and 6. Name provides an entry field to specify a name for the port.
Nortel Switched Firewall Browser-Based Interface Users Guide Mode provides for following two selections: Half (duplex) Full (duplex) Update submits the port changes to the pending configuration. Back returns to the Network/Ports form without submitting changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Fields and buttons on the Network/Routes/Static form are as follows: Destination IP specifies the IP address of the route destination. TIP: Use dotted decimal notation. Destination Mask specifies the subnet mask for the route destination. TIP: Use dotted decimal notation. Gateway IP specifies the IP address of the gateway. TIP: Use dotted decimal notation.
Nortel Switched Firewall Browser-Based Interface Users Guide Back returns to the Network/Routes/Static form without submitting changes to the pending configuration. Network/Routes/Static Add Route form Use the Network/Routes/Static Add Route form to add a new static route to the configuration. Figure 31 Network/Routes/Static Add Route form Fields and buttons on the Network/Routes/Static Add Route form are as follows: Destination IP specifies the IP address of the route destination.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/Proxy ARP form Use the Network/Routes/Proxy ARP (Address Resolution Protocol) form to view and configure the Proxy ARP status and addresses that allow the Firewall to respond to Proxy ARP requests (see Network/Routes/Proxy ARP form).
Nortel Switched Firewall Browser-Based Interface Users Guide New Proxy ARP IP provides an entry field to specify an IP address. TIP: Use dotted decimal format. VRRP Group provides a list for VRRP group 1 or 2 selection. Update submits the IP address changes to the pending configuration. Network/Routes/Gateway form Use the Network/Routes/Gateway form to specify the default gateway for the Firewall (see Network/Routes/Gateway form).
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF forms Following are the categories of Network/Routes/OSPF forms: General (see Network/Routes/OSPF/General form) Area Indexes (see Network/Routes/OSPF/Area Indexes form on page 60) Interfaces (see Network/Routes/OSPF/Interfaces form on page 62) GRE Tunnels (see Network/Routes/OSPF/GRE Tunnels form on page 64) Redistribute (see Network/Routes/OSPF/Redistribute form on page 67) Network/Routes/OSPF/General form
Nortel Switched Firewall Browser-Based Interface Users Guide Router Id 1 provides an entry field to set the OSPF Router ID for the first Firewall host. TIP: OSPF uses the router ID to identify the routing device. If no router ID is specified, or if the router ID is set to 0.0.0.0, the Firewall host is automatically selected as the router ID. Router Id 2 provides an entry field to set the OSPF Router ID for the second Firewall host. Save Setting submits the changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF/Area Indexes Add New form Use the Network/Routes/OSPF/Area Indexes Add New form to configure a new Area Index. Figure 36 Network/Routes/OSPF/Area Indexes Add Area Index form Fields and buttons on the Network/Routes/OSPF/Area Indexes Add Area Index form are as follows: Identifier provides a list with a numbers in a range from 1 to 16. Status provides a list with the following two selections: Enabled enables the area.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF/Interfaces form Use the Network/Routes/OSPF/Interfaces form to display and change the OSPF Interfaces settings that are required to attach an IP network to an OSPF area (see Network/Routes/OSPF/Interfaces form). Figure 37 Network/Routes/OSPF/Interfaces form Fields and buttons on the Network/Routes/OSPF/Interfaces form are as follows: Id provides a numerical ID, between 1 and 255, for the interface.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF/Interfaces Modify form Use the Network/Routes/OSPF/Interfaces Modify form to modify a selected interface. Figure 38 Network/Routes/OSPF/Interfaces Modify form Fields and buttons on the Network/Routes/OSPF/Interfaces Modify form are as follows: Identifier sets the numerical ID for the interface between 1 and 255. Status provides a list with the following two options: enabled enables the interface operational status.
Nortel Switched Firewall Browser-Based Interface Users Guide Authentication provides a list to set the authentication type for the interface, with the following selections: None Password MD5 Key provides an entry field to set the password used for OSPF authentication when the authentication options is set to password. MD5 Auth Key provides an entry field to set the password used for OSPF authentication when the authentication options is set to MD5.
Nortel Switched Firewall Browser-Based Interface Users Guide Area Index sets the OSPF area index to attach to the network for the current GRE Tunnel. Action provides the following two options: Delete deletes a selected GRE tunnel. Modify provides a form to modify a selected GRE tunnel (see Network/Routes/OSPF/GRE Tunnels Modify form). Network/Routes/OSPF/GRE Tunnels Modify form Use the Network/Routes/OSPF/GRE Tunnels Modify form to modify GRE tunnel settings.
Nortel Switched Firewall Browser-Based Interface Users Guide Priority provides a list to set the GRE Tunnel priority used to elect a Designated Router (DR) and Backup Designated Router (BDR) for the area. TIP: A value of 0 specifies that the elected GRE Tunnel is DROTHER and cannot be used as a DR or BDR. Cost1 provides an entry field to set the cost of output routes for the first Firewall host. TIP: Cost is based on bandwidth. Low cost indicates high bandwidth.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF/Redistribute form Use the Network/Routes/OSPF/Redistribute form to display and modify the OSPF Redistribution settings (see Network/Routes/OSPF/Redistribute form).
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Routes/OSPF/Redistribute Modify form Use the Network/Routes/OSPF/Redistribute Modify form to modify the connected route redistribution.
Nortel Switched Firewall Browser-Based Interface Users Guide DHCP Relay forms The three DHCP Relay forms are: General Interfaces Servers Network/DHCP Relay/General form Use the Network/DHCP Relay/General form to display DHCP Relay settings and statistics (see Network/DHCP Relay/General form).
Nortel Switched Firewall Browser-Based Interface Users Guide DHCP Relay Statistics DHCP Relay Statistics provides a list containing the following two selections: o Show DHCP Relay statistics o Clear DHCP Relay statistics Submit submits changes to the pending configuration. Network/DHCP Relay/Interfaces form Use the Network/DHCP Relay/Interfaces form to configure the DHCP relay requests into the network (see Network/DHCP Relay/Interfaces form).
Nortel Switched Firewall Browser-Based Interface Users Guide Network/DHCP Relay/Interfaces Modify form Use the Network/DHCP Relay/Interfaces Modify form to modify a selected DHCP Relay Interface. Figure 45 Network/DHCP Relay/Interfaces Modify form Fields and buttons on the Network/DHCP Relay/Interfaces Modify form are as follows: Identifier is the interface identifier. IP Address is the interface IP address. DHCP Requests enables or disables access for DHCP clients through the interface.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/DHCP Relay/Servers form Use the Network/DHCP Relay/Servers form to display and modify the information about the DHCP Relay Servers (see Network/DHCP Relay/Servers form). Figure 46 Network/DHCP Relay/Servers form Fields and buttons on the Network/DHCP Relay/Servers form, when DHCP servers are configured, are as follows: Id provides the internal ID of the DHCP server. Enabled Yes indicates that the DHCP server is enabled.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/DHCP Relay/Servers Add New Server form Use the Network/DHCP Relay/Servers Add New Server form to add a new DHCP server. Figure 47 Network/DHCP Relay/Servers Add New Server form Fields and buttons on the Network/DHCP Relay/Servers Add New Server form are as follows: Identifier provides a numerical list with a range from 1 to 8 to specify the internal ID of the DHCP server.
Nortel Switched Firewall Browser-Based Interface Users Guide Interfaces form Use the Network/Interfaces form to view and configure the settings for individual interfaces (see Network/Interfaces form). Figure 48 Network/Interfaces form The Firewall can be configured with up to 255 IP interfaces, each representing the Firewall on the IP subnet.
Nortel Switched Firewall Browser-Based Interface Users Guide Modify (only visible if interfaces are present) is used to modify a displayed interface (see Network/Interfaces Modify form on page 75). Delete (only visible if interfaces are present) is used to delete an interface from the system. Add New Interface adds a new interface to the configuration (see Network/Interfaces Add New Interface form on page 77).
Nortel Switched Firewall Browser-Based Interface Users Guide Subnet Mask provides an entry field to specify the subnet mask of the interface. Vlan Id provides a list to select the numerical ID, between 0 and 4094, for the VLAN. Port provides a list to select a port number, between 1 and 6 for the 5109 and 5111NE1 hardware platforms, or 1 and 4 for other hardware platforms, to associate with the interface ID number.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Interfaces Add Interface form Use the Network/Interfaces Add Interface form to add a new interface. Figure 50 Network/Interfaces Add New Interface form Fields and buttons on the Network/Interfaces Add New Interface form are as follows: General Settings Identifier provides a list to select a numerical ID, between 1 and 255, for the interface. Status provides a list to enable or disable the interface operation.
Nortel Switched Firewall Browser-Based Interface Users Guide Ip2 provides an entry field to specify the second virtual IP address for the interface (applied for VRRP Active-Active). Vrid provides a list to select a numerical ID, between 1 and 255, for the virtual router. Update submits the changes to the pending configuration. Back returns to the Network/Interfaces form without submitting changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide VRRP specifies the virtual router ID and IP address of the IP interface configured for high availability or active–active. Actions provides the following two options: Delete deletes the selected bridge. Modify provides a form to modify the selected bridge. Add New Bridge (see Network/Bridges Add New Bridge form on page 79).
Nortel Switched Firewall Browser-Based Interface Users Guide Ports specifies the port number associated with the bridge ID. VRRP Settings Vrid provides a list to select the numerical ID, between 1 and 255, for the virtual router on the bridge. Ip1 provides an entry field to specify virtual IP address #1 for the interface. Ip2 provides an entry field to specify virtual IP address #2 for the interface (applied for VRRP Active-Active).
Nortel Switched Firewall Browser-Based Interface Users Guide Enabled indicates that high availability VRRP is enabled. TIP: Two Firewall hosts must be in the cluster to apply high availability VRRP. High availability VRRP cannot be enabled when active-active VRRP or ClusterXL is enabled. Active-Active provides a list with the following two selections: Disabled indicates that active-active VRRP is disabled. Enabled indicates that active-active VRRP is enabled.
Nortel Switched Firewall Browser-Based Interface Users Guide GRE Tunnels form Use the Network/GRE Tunnels form to view and modify GRE Tunnels settings (see Network/GRE Tunnels form). Figure 54 Network/GRE Tunnels form Fields and buttons on the Network/GRE Tunnels form are as follows: Id specifies the numerical ID for the GRE tunnel in a range between 1 and 5. Name specifies the name given to the GRE tunnel. Enabled provides the status of the GRE tunnel.
Nortel Switched Firewall Browser-Based Interface Users Guide Actions provides the following two options: Delete deletes the selected GRE tunnel. Modify provides a form to modify the settings for the selected GRE tunnel. Add New GRE Tunnel (see Network/GRE Tunnels Add New GRE Tunnel form). Network/GRE Tunnels Add new GRE Tunnel form Use the Network/GRE Tunnels Add New GRE Tunnel form to add a new GRE tunnel to the configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Host 1 Tunnel Source IP provides an entry field for the tunnel source IP address for host 1. Destination IP provides an entry field for the tunnel destination IP address for host 1. Mask provides an entry field for the tunnel subnet mask. Host 2 Tunnel Source IP provides an entry field for the tunnel source IP address for host 2. Destination IP provides an entry field for the tunnel destination IP address for host 2.
Nortel Switched Firewall Browser-Based Interface Users Guide Status forms Following are four Network/Status forms: Interface (see Network/Status/Interface form) Link (see Network/Status/Link form on page 86) Bridge Statistics (see Network/Status/Bridge Statistics form on page 87) Bridge Mac Entries (see Network/Status/Bridge Mac Entries form on page 88) Network/Status/Interface form The Network/Status/Interface form provides runtime information for all Ethernet ports on the Firewall.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Status/Link form Use the Network/Status/Link form to obtain information about all network interface ports (see Network/Status/Link form). Figure 57 Network/Status/Link form Fields and buttons on the Network/Status/Link form are as follows: Firewall Director provides a list of all hosts on the system. You can select ALL or individual hosts. Update provides information about the selected hosts. Port No.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Status/Bridge Statistics form Use the Network/Status/Bridge Statistics form to view the bridge statistics for the selected firewall (see Network/Status/Bridge Statistics form). Figure 58 Network/Status/Bridge Statistics form Fields and buttons on the Network/Status/Bridge Statistics form are as follows: Firewall Director provides a list of hosts in the system. Refresh provides the statistics for the selected host.
Nortel Switched Firewall Browser-Based Interface Users Guide Network/Status/Bridge Mac Entries form Use the Network/Status/Bridge Mac Entries form to display the bridge MAC entries for the selected Firewall Director (see Network/Status/Bridge Mac Entries form). Figure 59 Network/Status/Bridge Mac Entries form Fields and buttons on the Network/Status/Bridge Mac Entries form are as follows: Firewall Director provides a list to select the Firewall Director for bridge MAC entry display.
Nortel Switched Firewall Browser-Based Interface Users Guide Firewall forms The Firewall menu includes the following five categories of forms: Settings (see Settings form) License Management (see License Management form on page 91) Installed Licenses (see Installed License(s) form on page 93) Synchronization (see Synchronization form on page 94) SMART Clients (see SMART Clients form on page 95) SecurID (see Firewall/SecurID form on page 96) Settings form Use the Firewall/Settings fo
Nortel Switched Firewall Browser-Based Interface Users Guide Fields and buttons on the form are as follows: General o Enabled indicates that Check Point FireWall-1 NGX is processing on the Firewall. o Disabled indicates that Check Point FireWall-1 NGX is not processing on the Firewall. Update submits the changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide License Management form Use the Firewall/Licenses form to modify or install additional Check Point licenses on the Firewall (see Firewall/License Management form). Figure 61 Firewall/License Management form Fields and buttons on the Firewall/License Management form are as follows: IP Address is the address for the Firewall. In Use Yes indicates that the IP address is currently assigned to a Firewall.
Nortel Switched Firewall Browser-Based Interface Users Guide Firewall/License Management/Add New License Entry form Use the Firewall/License Management/Add New License Entry form to add Check Point licenses.
Nortel Switched Firewall Browser-Based Interface Users Guide Add New Licenses Expiration Date provides an entry field to specify the Check Point License expiration date. Feature String provides an entry field to specify the Check point License feature string. License String provides an entry field to specify the Check Point License string. Save Page submits the changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Features provides the Check Point license features. Synchronization form Use the Firewall/Synchronization form to display the cluster synchronization status and enable or disable cluster synchronization (see Firewall/Synchronization form). Figure 64 Firewall/Synchronization form NOTE – Firewall synchronization provides for stateful failover of open sessions when a master is backed up by the backup master.
Nortel Switched Firewall Browser-Based Interface Users Guide SMART Clients form The Firewall/SMART Clients form displays, and allows modification to, SMART Clients addresses. This form also provides a field to add a new SMART Client (see Firewall/SMART Clients form). Figure 65 Firewall/SMART Clients form Fields and buttons on the Firewall/SMART Clients form are as follows: IP Address provides the IP Address of any configured SMART Clients.
Nortel Switched Firewall Browser-Based Interface Users Guide SecurID form The SecurID form provides access to a two-factor form method for centralized authentication and management (see Firewall/SecurID form). For more information about SecurID, see the Nortel Switched Firewall 5100 Series User’s Guide and Command Reference (213455-L). Figure 66 Firewall/SecurID form The SecurID form is divided into two sections.
Nortel Switched Firewall Browser-Based Interface Users Guide Operation forms The Operation menu includes the following three categories of forms: Director(s) (see Director(s) form) Configuration (see Configuration form on page 98) Image Update (see Image Update forms on page 99) Director(s) form Use the Operation/Director(s) form to control the Firewall (see Operation/Director(s) form).
Nortel Switched Firewall Browser-Based Interface Users Guide Configuration form Use the Operation/Configuration form to export or import configuration files (see Operation/Configuration form).
Nortel Switched Firewall Browser-Based Interface Users Guide Import causes the BBI to restart immediately, using the replacement configuration. TIP: No Apply command is required in conjunction with Import. WARNING – IMPORT CAUSES REPLACEMENT OF THE CURRENT CONFIGURATION, AND ALL PREVIOUS CONFIGURATION SETTINGS, BY THE IMPORTED CONFIGURATION. ALL CHANGES PENDING AT THE TIME OF THE IMPORT ARE LOST. THE REVERT COMMAND CANNOT BE USED TO RECOVER THE PREVIOUS CONFIGURATION.
Nortel Switched Firewall Browser-Based Interface Users Guide Fields and buttons on the Operation/Image Update/Packages form are as follows: Installed Packages Version provides the NSF software version running on the cluster. Name provides the name of the software package.
Nortel Switched Firewall Browser-Based Interface Users Guide NOTE – Activating the software using the browser disables remote access to the Firewall. Use the local console to re-enter the Check Point License and reload the remote access policy to restore remote, or browser, access. Operation/Image Update/Patches form Use the Operation/Image Update/Patches form to obtain information about existing patches and to install or uninstall patches (see Operation/Image Update/Patches form).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration forms The Administration forms provide access to administering and monitoring aspects of the Firewall, such as user information, web settings, and SNMP activity.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Monitor/Director(s) form The Administration/Monitor/Director(s) form displays Firewall director details and application status (see Administration/Monitor/Director(s) form). Figure 71 Administration/Monitor/Director(s) form Fields and buttons on the Administration/Monitor/Director(s) form are as follows: List of iSDs provides a list containing individual iSD selections or ALL.
Nortel Switched Firewall Browser-Based Interface Users Guide Uptime provides the time, in Hours:Minutes:Seconds, since the applications started. To help determine which physical host is using a particular IP Address, click Beep Firewall Director to cause multiple beeps to be emitted at the host. Administration/Monitor/Alarms form The Administration/Monitor/Alarms form provides information about alarm status (see Administration/Monitor/Alarms form).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Monitor/Syslog form The Administration/Monitor/Syslog form displays the system logs for the Firewall based on selected search criteria (see Administration/Monitor/Syslog form).
Nortel Switched Firewall Browser-Based Interface Users Guide All info messages (INFO) All notice messages (NOTICE) All warning messages (WARNING) Messages Per Page provides the maximum number of messages displayed for each request. Case Sensitive provides a check box to select or deselect case sensitivity in the search. Search executes the log search using the defined parameters.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Monitor/GUI Lock form The Administration/Monitor/GUI Lock form allows an administrator to take control of the GUI lock and provide an alert message to other users (see Administration/Monitor/GUI Lock form). Taking control of the GUI lock prevents firewall configuration conflicts between concurrent user sessions.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Monitor/CLI Logins form The Administration/Monitor/CLI Logins form provides information about CLI Login sessions on the Firewall (see Administration/Monitor/CLI Logins form). Figure 76 Administration/Monitor/CLI Logins form Fields and buttons on the Administration/Monitor/CLI Logins form are as follows: Logged In On specifies the time the user logged in to the CLI. From specifies the IP address of the remote user.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Monitor/About form The Administration/Monitor/About form displays general product information about the Firewall (see Administration/Monitor/About form). Figure 77 Administration/Monitor/About form Fields and buttons on the Administration/Monitor/About form are as follows: Product provides the model number of the cluster that is connected to the BBI. Version provides the software version running on the cluster.
Nortel Switched Firewall Browser-Based Interface Users Guide Users forms Administration/Users provides the following two categories of forms: General (see Administration/Users/General form) SSH Users (see Administration/Users/SSH Users form on page 113) Administration/Users/General form Use the Administration/Users/General form to add, modify, delete, or list Firewall user accounts, and change passwords (see Administration/Users/General form).
Nortel Switched Firewall Browser-Based Interface Users Guide Group(s) displays the group to which the user belongs. Actions provides a Modify button used to modify passwords for the default user names or modify information for user names other than the defaults (see Administration/Users/General Modify User form).
Nortel Switched Firewall Browser-Based Interface Users Guide Current Login Password provides an entry field to record the current active password for the named user (for example, oper user or admin user). Password provides an entry field to record the new password. Password (again) provides an entry field to confirm the new password. Click Change Password to submit the new password to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Password (again) provides an entry field to confirm the new password. Save User saves the user information and returns to the Administration/users/General form. TIP: Save User applies the change. Do not use the Apply command. Back returns to the Administration/Users/General form with saving the user information.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Users/SSH Users Add New SSH User form Use the Administration/Users/SSH Users Add New SSH User form to add a new SSH user to the configuration. Figure 82 Administration/Users/SSH Users Add New SSH User form Fields and buttons on the Administration/Users/SSH Users Add New SSH User form are as follows: Status provides a list with the following two selections: Enabled enables the SSH user. Disabled disables the SSH user.
Nortel Switched Firewall Browser-Based Interface Users Guide Access List form Use the Administration Access List form to specify which clients are permitted to administer the system (see Administration/Access List form). Web access must also be specified (see Administration/Web/General form on page 118). Figure 83 Administration/Access List form Fields and buttons on the Administration/Access List form are as follows: Network Address provides the IP address of the client.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Access List Add New Client Access form Use the Administration/Access List Add New Client Access form to add a new client access to the configuration. Figure 84 Administration/Access List Add New Client Access form Fields and buttons on the Administration/Access List Add New Client Access form are as follows: Client Network Address provides an entry field to record the new client address.
Nortel Switched Firewall Browser-Based Interface Users Guide Telnet-SSH form Use the Administration/Telnet-SSH form to enable or disable Telnet/SSH administration (see Administration/Telnet-SSH form). Figure 85 Administration/Telnet-SSH form The Administration/Telnet-SSH form is divided into the following two sections: Telnet/SSH Settings SSH Key Generation Fields and buttons on the form are as follows: Telnet/SSH Settings Telnet enables or disables administration through Telnet.
Nortel Switched Firewall Browser-Based Interface Users Guide Web forms The Administration/Web forms provide the following: Web (HTTP) administration Creation and administration of self-signed server certificates that allow the BBI to run under SSL Administration of server certificates on the host Administration of Certificate Authority (CA) certificates The four main categories of Administration/Web forms are: General (see Administration/Web/General form) Create Cert (see Administrat
Nortel Switched Firewall Browser-Based Interface Users Guide The Administration/Web/General form is divided into the following two sections for web settings: HTTP Settings HTTP/SSL Settings Fields and buttons on the form are as follows: HTTP Settings Port provides an entry field to specify the port number for non-secure HTTP access to the BBI. TIP: The default is port 80. Status provides a list with two selections: o Enabled enables HTTP web administration.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Web/Create Cert form The Administration/Web/Create Cert form provides a quick method to create a self-signed certificate that allows the BBI to run under SSL (see Administration/Web/Create Cert form). TIP: When the BBI is launched with HTTPS using this method, users can expect warnings from the web browser that the Certificate Authority (CA) root certificate is not trusted.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Web/Server Certs form Use the Administration/Web/Server Certs form to administer server certificates on the Firewall (see Administration/Web/Server Certs form).
Nortel Switched Firewall Browser-Based Interface Users Guide Add New Server Certificate opens a form to add a new server certificate (see Administration/Web/Server Certs Add Server Certificate form). Server Certificate Management Generate Certificate Request opens the request form (see Administration/Web/Server Certs/Generate Certificate Request form on page 123). Export Certificate Request exports the certificate request.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Web/Server Certs/Generate Certificate Request form Use the Administration/Web/Server Certs/Generate Certificate Request form to generate a certificate request (see Administration/Web/Server Certs/Generate Certificate Request form).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Web/CA Certs form Use the Administration/Web/CA Certs form to administer Certificate Authority (CA) certificates on the Firewall (see Administration/Web/CA Certs form). CA certificates are required if server certificates from an external CA are used. Figure 91 Administration/Web/CA Certs form Fields and buttons on the Administration/Web/CA Certs form are as follows: Id provides an identifier for the certificate.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/Web/CA Certs Add Server Certificate form Use the Administration/Web/CA Certs Add Server Certificate form to add a server certificate. Figure 92 Administration/Web/CA Certs Add Server Certificate form Fields and buttons on the Administration/Web/CA Certs Add Server Certificate form are as follows: Identifier provides the assigned number of the certificate issuer.
Nortel Switched Firewall Browser-Based Interface Users Guide SNMP forms Use the Administration/SNMP forms to enable or disable SNMP event and alarm messages, enter administrative information for the SNMP system, list configured trap hosts, administer USM users, and configure the source IP address used with SNMP traps.
Nortel Switched Firewall Browser-Based Interface Users Guide SNMPv3 (USM) Options Fields and buttons on the form are as follows: SNMP Settings o Enabled enables the SNMP agent. o Disabled disables the SNMP agent. Security Model provides a list, used to specify the form of SNMP security, with the following selections: o v1 specifies the SNMPv1 security model. o v2c specifies the SNMPv2c security model. o usm specifies the SNMPv3 (USM) security model.
Nortel Switched Firewall Browser-Based Interface Users Guide Update submits the form changes to the pending configuration. Administration/SNMP/System form Use the Administration/SNMP/System form to enter administrative information on behalf of the SNMP system (see Administration/SNMP/System form).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SNMP/Trap Hosts form The Administration/SNMP/Trap Hosts form lists configured trap hosts receiving SNMP event or alarm messages from the Firewall (see Administration/SNMP/Trap Hosts form). Figure 95 Administration/SNMP/Trap Hosts form Fields and buttons on the Administration/SNMP/Trap Hosts form are as follows: IP Address specifies the IP address of the trap host. TIP: Use dotted decimal notation.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SNMP/Trap Hosts Add Trap Host form Use the Administration/SNMP/Trap Hosts Add Trap Host form to add a trap host. Figure 96 Administration/SNMP/Trap Hosts Add Trap Host form Fields and buttons on the Administration/SNMP/Trap Hosts Add Trap Host form are as follows: IP Address provides an entry field to specify the IP address of the trap host. Port provides an entry field to specify the port to send the trap.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SNMP/USM Users form Use the Administration/SNMP/USM Users form to administer USM users employed in SNMP v3 (usm) authentication and encryption (see Administration/SNMP/USM Users form). Figure 97 Administration/SNMP/USM Users form Fields and buttons on the Administration/SNMP/USM Users form are as follows: Username specifies the name of the user for SNMP v3 (usm) authentication and encryption.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SNMP/USM Users Add SNMP User form Use the Administration/SNMP/USM Users Add SNMP User form to add a new SNMP user. Figure 98 Administration/SNMP/USM Users Add SNMP User form Fields and buttons on the Administration/SNMP/USM Users Add SNMP User form are as follows: Username provides an entry field to specify the name of the user for SNMP v3 (usm) authentication/encryption.
Nortel Switched Firewall Browser-Based Interface Users Guide Back returns to the Administration/SNMP/USM/Users form without submitting changes to the pending configuration. Administration/SNMP/MIBs form The Administration/SNMP/MIBs form displays all of the SNMP MIB files available on the Firewall (see Administration/SNMP/MIBs form).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SNMP/Advanced form Use the Administration/SNMP/Advanced form to configure the source IP address used with SNMP traps generated from the Firewall (see Administration/SNMP/Advanced form).
Nortel Switched Firewall Browser-Based Interface Users Guide SSH Keys form Use the Administration/SSH keys form to display the current Host Keys and generate new SSH keys for the cluster (see Administration/SSH keys form).
Nortel Switched Firewall Browser-Based Interface Users Guide Import SSH Key imports an SSH key from a remote host (see Administration/SSH Keys Import SSH Key form on page 137). SSH Key Generation includes the following fields and buttons: Generate new Keys generates new SSH keys. Show SSH Keys shows the current SSH host keys for the cluster (see Administration/SSH Keys Show SSH keys form on page 138).
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SSH Keys Import SSH key form Use the Administration/SSH Keys Import SSH Key form to import SSH keys (see Administration/SSH Keys Import SSH Key form). Figure 103 Administration/SSH Keys Import SSH Key form Fields and buttons on the Administration/SSH Keys Import SSH Key form are as follows: IP Address provides an entry field to specify the IP address of the Firewall.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/SSH Keys Show SSH keys form Use the Administration/SSH Keys Show SSH keys form to view resident SSH key information (see Administration/SSH Keys Show SSH keys form). Figure 104 Administration/SSH Keys Show SSH keys form Click Back to return to the Administration/SSH keys form. RADIUS form Use the Administration/RADIUS form to configure RADIUS authentication for system users (see Administration/RADIUS form).
Nortel Switched Firewall Browser-Based Interface Users Guide The Administration/RADIUS form is divided into the following two sections: General RADIUS Servers Fields and buttons on the form are as follows: General o Enabled enables RADIUS authentication of system users. o Disabled disables RADIUS authentication of system users. TIP: Disabled is the default setting. Timeout provides an entry field to specify a timeout value, in seconds, for a connection request to a RADIUS server.
Nortel Switched Firewall Browser-Based Interface Users Guide Administration/RADIUS Add RADIUS Authentication Server form Use the Administration/RADIUS Add RADIUS Authentication Server form to add a RADIUS Authentication server. Figure 106 Administration/RADIUS Add RADIUS Authentication Server form Fields and buttons on the Administration/RADIUS Add RADIUS Authentication Server form are as follows: IP Address provides an entry field to specify the IP address of the RADIUS server.
Nortel Switched Firewall Browser-Based Interface Users Guide APC UPS form Use the Administration/APC UPS form to configure settings for American Power Corporation Uninterrupted Power Supply (APC UPS) (see Administration/APC UPS form). Figure 107 Administration/APC UPS form Fields and buttons on the Administration/APC/UPS form are as follows: Status provides a list with the following two selections: Enabled enables the UPS monitor. Disabled disables the UPS monitor.
Nortel Switched Firewall Browser-Based Interface Users Guide Update submits the UPS Monitor changes to the pending configuration. Audit form Use the Administration/Audit form to configure a RADIUS server to receive log messages about commands executed in the CLI (see Administration/Audit form).
Nortel Switched Firewall Browser-Based Interface Users Guide RADIUS Servers IP Address provides the address of a configured RADIUS server or an entry field to change or specify the IP Address of a RADIUS server. Port provides the TCP port number or an entry field to change or specify the TCP port number. Actions provides the following two options: o Delete deletes a selected RADIUS server. o Modify opens a form to modify the selected RADIUS server settings.
Nortel Switched Firewall Browser-Based Interface Users Guide Update submits the changes to the pending configuration. Back returns to the Administration/Audit form without submitting changes to the pending configuration.
Nortel Switched Firewall Browser-Based Interface Users Guide Diagnostics forms The Diagnostics forms provide information about logs, forms to check configuration and Check Point Logs, system commands, and OSPF Debug settings.
Nortel Switched Firewall Browser-Based Interface Users Guide The Diagnostics/Logs form is divided into the following two sections: Log Information Log Files Fields and buttons on the form are as follows: Log Information Firewall Director provides a list containing the IP addresses of the Firewall Directors. o Refresh displays the details of the selected Firewall Director. Log Files lists all of the log files on the selected Firewall. File Name displays the names of log files.
Nortel Switched Firewall Browser-Based Interface Users Guide Events form The Diagnostics/Events form displays the contents of the event log file (see Diagnostics/Events form). Figure 111 Diagnostics/Events form Fields and buttons on the Diagnostics/Events form are as follows: Firewall Director provides a list containing the IP addresses of the Firewall Directors. Refresh displays the details of the selected Firewall Director.
Nortel Switched Firewall Browser-Based Interface Users Guide Audit Log form Use the Diagnostics/Audit Log form to display the latest 64 K of the device audit log (see Diagnostics/Audit Log form). Figure 112 Diagnostics/Audit Log form Fields and buttons on the Diagnostic/Audit Log form are as follows: Firewall Director provides a drop down list containing the IP addresses of the Firewall Directors. Refresh displays the audit information for the selected Firewall Director.
Nortel Switched Firewall Browser-Based Interface Users Guide Maintenance forms Use the Diagnostics/Maintenance/Check Configuration form to check the applied configuration (see Diagnostics/Maintenance/Check Configuration form).
Nortel Switched Firewall Browser-Based Interface Users Guide Applied Configuration displays configuration information. Diagnostics/Maintenance/Check Point Logs form Use the Diagnostics/Maintenance/Check Point Logs form to provide Check Point Log file information, collected from NSF devices, to the local system for technical support purposes (see Diagnostics/Maintenance/Check Point Logs form).
Nortel Switched Firewall Browser-Based Interface Users Guide System Commands form Use the Diagnostics/System Commands/System Commands form to execute Check Point system commands normally entered in a command window (see Diagnostics/System Commands/System Commands form). Figure 115 Diagnostics/System Commands/System Commands form Fields and buttons on the Diagnostics/System Commands/System Commands form are as follows: Host IP provides a list of host IP addresses.
Nortel Switched Firewall Browser-Based Interface Users Guide Unload Check Point Policy (fw unloadlocal) Current interfaces (ifconfig) Current running processes (ps -aefH) Iptables information (iptables -L) ARP Table Entries/info/net/arp (arp -n) Click Submit to execute the selected Check Point command. Result displays the result of the selected command execution.
Nortel Switched Firewall Browser-Based Interface Users Guide Packets turns on debugging for OSPF packets. Enabled displays the following OSPF Debug operational settings: Yes indicates OSPF Debug is enabled. No indicates OSPF Debug is disabled. Action displays a form used to modify a displayed OSPF Debug option. Modify displays a form to modify an OSPF debug option (see Diagnostics/Debug/OSPF Modify form).
Nortel Switched Firewall Browser-Based Interface Users Guide Wizards forms The Wizards guide the user through configuration processes.
Nortel Switched Firewall Browser-Based Interface Users Guide The figures in this section represent the first page of each NSF BBI Wizard. Initial Configuration Wizard Use the Initial Configuration wizard to configure a working NSF environment (see Initial Configuration Wizard form).
Nortel Switched Firewall Browser-Based Interface Users Guide Add Wizard forms Use the Add forms to add or modify interfaces and bridges. Add Interface Use the Add Interface wizard to add a new interface or modify an existing interface (see Add Interface Wizard form). Figure 120 Add Interface Wizard form Add Bridge Use the Add Bridge wizard to add a bridge to the configuration (see Add Bridge Wizard form).
Nortel Switched Firewall Browser-Based Interface Users Guide Add GRE Tunnel Use the Add GRE Tunnel wizard to add a GRE tunnel to the configuration (see Add GRE Tunnel Wizard form). Figure 122 Add GRE Tunnel Wizard form Configure Wizard forms Use the Configure forms to perform system configurations.
Nortel Switched Firewall Browser-Based Interface Users Guide Routes/Gateways Use the Routes/Gateways form to configure static routes and default gateways (Configure Routes/Gateways Wizard form). Figure 124 Configure Routes/Gateways Wizard form DHCP Relay Use the DHCP Relay form to configure DHCP relay (see Configure DHCP Relay Wizard form).
Nortel Switched Firewall Browser-Based Interface Users Guide OSPF Use the OSPF form to configure use of the Open Shortest Path First (OSPF) protocol (see Configure OSPF Wizard form). Figure 126 Configure OSPF Wizard form Remote Access Use the Remote Access wizard form to perform functions associated with remote access configuration, such as add or delete client access lists (see Remote Access Wizard form).
Nortel Switched Firewall Browser-Based Interface Users Guide Users Use the User Administration Wizard to perform user administration tasks and configuration, such as add, modify, or delete a user (see User Administration Wizard form).
