Avaya FireWall-1 Manual do Utilizador Página 1

BayRS Version 14.00Part No. 308613-14.00 Rev 00September 19994401 Great America ParkwaySanta Clara, CA 95054Configuring BaySecure FireWall-1

308613-14.00 Rev 00xi PrefaceThis guide describes BaySecure™ FireWall-1 and what you do to start and customize BaySecure FireWall-1 services on a Nort

Configuring BaySecure FireWall-1xii308613-14.00 Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) Indica

Preface308613-14.00 Rev 00xiii AcronymsThis guide uses the following acronyms:Hard-Copy Technical ManualsYou can print selected technical manuals and

Configuring BaySecure FireWall-1xiv308613-14.00 Rev 00You can purchase selected documentation sets, CDs, and technical publications through the collat

308613-14.00 Rev 001-1 Chapter 1Overview of the BaySecure FireWall-1 SoftwareThe BaySecure FireWall-1 software builds firewall security features into

Configuring BaySecure FireWall-11-2308613-14.00 Rev 00How the Firewall Software WorksThe management station downloads the policy information to the st

Overview of the BaySecure FireWall-1 Software308613-14.00 Rev 001-3 Selecting a Backup Management StationA router connects to a backup firewall manage

Configuring BaySecure FireWall-11-4308613-14.00 Rev 00Where to Go NextTo get a firewall up and running on your Nortel Networks router, see the followi

308613-14.00 Rev 002-1 Chapter 2Installing the FireWall-1 Management SoftwareTo install the FireWall-1 software, see the following topics:Obtaining So

ii308613-14.00 Rev 00 Copyright © 1999 Nortel NetworksAll rights reserved. Printed in the USA. September 1999.The information in this document is subj

Configuring BaySecure FireWall-12-2308613-14.00 Rev 00Obtaining a FireWall-1 License for the Management StationTo obtain a FireWall-1 license for the

Installing the FireWall-1 Management Software308613-14.00 Rev 002-3 Sample Response from Check PointYour license request with the following details ha

Configuring BaySecure FireWall-12-4308613-14.00 Rev 00Obtaining a FireWall-1 License for the RouterTo obtain a FireWall-1 license for a router you pla

Installing the FireWall-1 Management Software308613-14.00 Rev 002-5 Sample Response from Check PointThe following license was generated:We recommend p

Configuring BaySecure FireWall-12-6308613-14.00 Rev 00Sample Installation The following sample installation takes the Check Point FireWall-1 software

Installing the FireWall-1 Management Software308613-14.00 Rev 002-7 The Selecting Product Type window (Figure 2-2) opens.Figure 2-2. Selecting Product

Configuring BaySecure FireWall-12-8308613-14.00 Rev 006.Enter the license information you obtained from Check Point.7.Click on Next.The Administrators

Installing the FireWall-1 Management Software308613-14.00 Rev 002-9 9.Enter the administrator’s user name and password (limited to eight characters),

Configuring BaySecure FireWall-12-10308613-14.00 Rev 0014.Click on Next.The CA Key window opens.15.Click on Generate to generate a new key.The host us

Installing the FireWall-1 Management Software308613-14.00 Rev 002-11 3.Click on Next.The Select Components window (Figure 2-8) opens.Figure 2-8. Selec

308613-14.00 Rev 00iiiNortel Networks NA Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using t

Configuring BaySecure FireWall-12-12308613-14.00 Rev 00Installing on a UNIX PlatformUse the following sections as a guide to installing the FireWall-1

Installing the FireWall-1 Management Software308613-14.00 Rev 002-13 For HP-UXlab# mount -r /dev/dsk/c1t2d0 (or your specific CD-ROM address) /cdrom

Configuring BaySecure FireWall-12-14308613-14.00 Rev 00**************** FireWall-1 v4.0 Installation ****************Reading fwinstall configuration.

Installing the FireWall-1 Management Software308613-14.00 Rev 002-15 The following evaluation License key is provided with this FireWall-1 distributio

Configuring BaySecure FireWall-12-16308613-14.00 Rev 00Configuring Groups...=====================FireWall-1 access and execution permissions----------

Installing the FireWall-1 Management Software308613-14.00 Rev 002-17 **************** FireWall-1 is now installed. ****************Do you wish to star

Configuring BaySecure FireWall-12-18308613-14.00 Rev 00Installing a License on the Management StationTo install a FireWall-1 license, enter the licens

Installing the FireWall-1 Management Software308613-14.00 Rev 002-19 Synchronizing the Management Station and the Router PasswordsOnce you have instal

Configuring BaySecure FireWall-12-20308613-14.00 Rev 00Transferring Security Policy and Configuration FilesFirewall backup management stations must ha

Installing the FireWall-1 Management Software308613-14.00 Rev 002-21 From the World Wide WebYou can also download the files from the World Wide Web. C

iv308613-14.00 Rev 00for the security of its own data and information and for maintaining adequate procedures apart from the Software to reconstruct

Configuring BaySecure FireWall-12-22308613-14.00 Rev 003.Using FTP, copy, or another transfer utility, manually transfer the file <filename>.zip

308613-14.00 Rev 003-1 Chapter 3Configuring a Firewall on a RouterTo configure a firewall on the router, see the following topics:Effective with the r

Configuring BaySecure FireWall-13-2308613-14.00 Rev 00You can also use the Technician Interface, which lets you modify parameters by issuing set and c

Configuring a Firewall on a Router308613-14.00 Rev 003-3 Disabling and Reenabling a Firewall on a RouterBy default, a firewall is enabled when you fir

Configuring BaySecure FireWall-13-4308613-14.00 Rev 00Establishing a Static RouteYou may need to establish a static route between the router and the m

Configuring a Firewall on a Router308613-14.00 Rev 003-5 Identifying the First Backup Firewall Management StationIf your router loses communication wi

Configuring BaySecure FireWall-13-6308613-14.00 Rev 00Use the BCC to specify the second backup firewall management station. Navigate to the firewall p

Configuring a Firewall on a Router308613-14.00 Rev 003-7 Enabling the Firewall on Router InterfacesAfter you have created a firewall on the router, us

Configuring BaySecure FireWall-13-8308613-14.00 Rev 00For example, the following command invokes the prompt for IP interface 2.2.2.2/255.0.0.0 (which

Configuring a Firewall on a Router308613-14.00 Rev 003-9 For example, the following command assigns the name “offsite” to the firewall on IP interface

308613-14.00 Rev 00vContents PrefaceBefore You Begin ...

Configuring BaySecure FireWall-13-10308613-14.00 Rev 00Activating the FirewallBefore the FireWall-1 security policy can take effect on the router, you

Configuring a Firewall on a Router308613-14.00 Rev 003-11 Installing the Security Policy on the Router and Its InterfacesOnce you have defined a secur

Configuring BaySecure FireWall-13-12308613-14.00 Rev 00Troubleshooting ChecklistIf you experience problems with the FireWall-1 software, verify that y

308613-14.00 Rev 004-1 Chapter 4Customizing a Firewall on a RouterTo customize a firewall on the router, see the following topics:Effective with the r

Configuring BaySecure FireWall-14-2308613-14.00 Rev 00Specifying FireWall-1 MemoryYou can specify the maximum and minimum amount of memory that FireWa

Customizing a Firewall on a Router308613-14.00 Rev 004-3 Setting the Firewall Filter TimerThe firewall filter timer is the number of seconds between a

Configuring BaySecure FireWall-14-4308613-14.00 Rev 00Specifying a Timeout Period for an Inactive TCP ConnectionIf a TCP connection is inactive for a

Customizing a Firewall on a Router308613-14.00 Rev 004-5 For example, the following command disables the keepalive feature:firewall# idle-time-keepali

Configuring BaySecure FireWall-14-6308613-14.00 Rev 00For example, the following command sets the keepalive retransmit timer to 5 seconds:firewall# re

308613-14.00 Rev 00A-1 Appendix AMonitoring the Firewall UsingBCC show CommandsThis appendix describes how to use the BCC show command to obtain BaySe

vi308613-14.00 Rev 00Installation Options ...2-13Sample Insta

Configuring BaySecure FireWall-1A-2308613-14.00 Rev 00show firewall interfacesThe show firewall interfaces command displays information about the inte

Monitoring the Firewall Using BCC show Commands308613-14.00 Rev 00A-3 show firewall summaryThe show firewall summary command displays the current fire

308613-14.00 Rev 00B-1 Appendix BUpgrading to BayRS Version 14.00This appendix describes the procedure you must follow if you are upgrading to BayRS V

Configuring BaySecure FireWall-1B-2308613-14.00 Rev 00To reenable firewall on each IP interface, use the BCC to navigate to the prompt for the slot/co

Upgrading to BayRS Version 14.00308613-14.00 Rev 00B-3 If you are using FireWall-1 on more than 32 circuits, you must group circuits with the same sec

Configuring BaySecure FireWall-1B-4308613-14.00 Rev 00Preventing Spoofing with FireWall-1You can configure FireWall-1 to eliminate the possibility of

308613-14.00 Rev 00Index-1Aacronyms, xiiiactivating a firewall, 3-10addingadministrators, 2-17groups, 2-17GUI clients, 2-11, 2-17license, 2-11, 2-17re

Index-2308613-14.00 Rev 00fwstop command, 2-18fwui& command, 2-19Ggroups, adding, 2-17GUI clients, adding, 2-11, 2-17Iidle-time-keepalive command,

308613-14.00 Rev 00viiChapter 4 Customizing a Firewall on a RouterSpecifying FireWall-1 Memory ...

308613-14.00 Rev 00ixFiguresFigure 2-1. Choose Destination Location Window ..............2-6Figure 2-2. Select