2. Avaya
  3. BaySecure FireWall-1

Avaya BaySecure FireWall-1 Important Notice

  • Hello! I am an AI chatbot trained to assist you with the Avaya BaySecure FireWall-1 Important Notice. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Important Notice for BaySecure FireWall-1
*117623-G_REV_00*
Thank you for purchasing BaySecure FireWall-1!
Nortel Networks
BaySecure
FireWall-1 integrates the Check Point Software Technologies
FireWall-1 stateful inspection technology into BayRS
to provide the highest level of network
access control available.
Instructions for Configuring and Using Firewalls
For instructions on configuring and using the FireWall-1 software feature, see Configuring
BaySecure FireWall-1. This manual is available on the BayRS documentation CD. It is also available
at the Nortel Networks support site at http://www12.nortelnetworks.com/library/tpubs/nav/router/
bayrs.htm. Click on the appropriate version of BayRS software, then click on Security, and then click
on the icon next to Configuring BaySecure FireWall-1.
Please also read this Important Notice for information that supplements the manual.
BayRS Software Compatibility
FireWall-1 4.0 with Service Pack 4 works with BayRSVersions 12.05, 13.04, 13.20, and 14.00.
Upgrading FireWall-1 Configurations Earlier than BayRS 13.20
If you are upgrading FireWall-1 configurations earlier than BayRS 13.20 to work with later versions
of BayRS, see Appendix B of Configuring BaySecure FireWall-1 for BayRS Version 14.00 for
important instructions. If you are upgrading from BayRS 13.20 or later versions of BayRS, you do
not need to follow the instructions in Appendix B.
*117623-G_REV_00*
Required Components for BaySecure FireWall-1
To use FireWall-1 with a Nortel Networks router, you need certificate keys, the Enterprise Security
Management CD, and the Service Pack 4 CD. The following sections describe each of these items.
Certificate Keys
Before you can install the FireWall-1 management software and create a firewall on your router, you
must obtain permanent software license strings from Check Point Software Technologies. You must
obtain license strings for the management station (PC or UNIX platform from which you control the
operation of the firewall) and for each router for which you want to activate a firewall agent. To
obtain these license strings, you need the certificate key printed on a sticker on the inside of the box
containing the FireWall-1 software and documentation.
If you ordered one of the software bundles — FireWall-1 Management with ASN, ARN, or S5000
Agent (Light or Medium) — you can use the certificate key in the FireWall-1 box to obtain both the
management and router agent licenses from Check Point Software Technologies.
If you ordered the FireWall-1 agent or management stand-alone product, you will need one
certificate key for your management station and one agent certificate key for each router on which
you want to install a firewall.You use all of these certificate keys to obtain software licenses from
Check Point Software Technologies.
For details about how to use the management and agent certificate keys to obtain software license
strings, see Chapter 2 of the manual Configuring BaySecure FireWall-1. When you request the
license strings, use the IP address of the management station for both the management software
license request and the router license requests.
Check Point FireWall-1 Enterprise Security Management CD
You use this CD to install the management software that lets you control the operation of FireWall-1.
Instructions for installing the management software on a PC or UNIX platform are in this Important
Notice (see “Installing Check Point FireWall-1 Management Software and Service Pack”).
Check Point Service Pack 4 Software CD
You use this CD to install additional software on your PC or UNIX system to control the operation of
the firewall on your router. Instructions for installing the Service Pack 4 software are in this
Important Notice (see “Installing Check Point FireWall-1 Management Software and Service Pack”).
Note:
If you previously installed the FireWall-1 software, you may already
have licenses for your existing management station and agents.
Important Notice for BaySecure FireWall-1
*117623-G_REV_00*
Installing Check Point FireWall-1 Management Software and Service
Pack
Use the following instructions to install the Check Point FireWall-1 management software and the
Service Pack 4 software on a PC or UNIX platform. These instructions supersede those in the
Configuring BaySecure FireWall-1 manual.
Before You Begin
Make sure that you have the following items before you begin the installation procedure:
Check Point FireWall-1 Enterprise Security Management CD
Check Point Service Pack 4 CD
Check Point FireWall-1 4.0 management license (see “Certificate Keys” earlier in this document
and refer to Chapter 2 of Configuring BaySecure FireWall-1 for instructions)
Installing on a Solaris Workstation
To install FireWall-1 management software on a Solaris workstation:
1.
Log in as superuser.
2.
Insert and mount the Enterprise Security Management CD.
3.
Change directory to /cdrom/solaris2 (or the directory where you placed the install files).
4.
Enter the following command:
pkgadd –d /cdrom/solaris2
5.
Choose option 3, Checkpoint FireWall-1 (sparc) 4.0 (CKPfw) and follow the screen
prompts.
6.
When the FireWall GUI installation is complete, change directory to etc/fw/bin.
7.
Enter the following command:
./fwconfig
8.
After you read the license agreement, choose option 3, VPN-1 & FireWall-1 Enterprise
Management Console Product.
9.
Follow the screen prompts. Answer NO for both CA Keys.
*117623-G_REV_00*
To install the service pack software on a Solaris workstation:
1.
Insert and mount the Service Pack 4 CD.
2.
Use the
untar
command to copy the files to the /tmp directory. This creates two new
directories.
3.
Change to the directory CKPSP000004-01.
4.
Enter the following command:
./installpatch /tmp/CKPSP00000-01
5.
When the patch installation completes, change to the /tmp directory.
6.
Enter the following command:
pkgadd –d /tmp
7.
Choose the option to install the Check Point FireWall-1 GUI (Sparc) 4.0.
8.
Reboot your Sparcstation.
9.
Reenter all keys (for example,
/etc/fw/bin/fw putkey –p
<key> <router_ip>
on the server and
fwputkey
<key> <server_ip>
on the router).
Installing on an AIX Workstation
Before you can install the Management Software Version 4.0 on an AIX workstation, you must first
install the file set bos.adt.syscalls 4.0.5.1. For instructions, refer to the AIX installation media.
To install FireWall-1 management software on an AIX workstation:
1.
Log in as superuser.
2.
Insert and mount the Enterprise Security Management software CD.
3.
Change directory to /cdrom/aix/FireWall-1 (or the directory where you placed the install
files).
4.
Enter the following command:
smit &
5.
Choose Software Installation and Maintenance.
6.
Choose Install and Upgrade from LATEST Available Software.
7.
Enter the following command:
/cdrom/aix/FireWall-1
(FireWall-1 is always installed in the /usr/lpp/FireWall-1 directory.)
8.
In software to install, choose List.
Important Notice for BaySecure FireWall-1
*117623-G_REV_00*
9.
Choose FireWall-1.
10.
Click on OK to begin the installation.
11.
After the installation is complete, be sure to set the following environment variables:
setenv FWDIR /usr/lpp/FireWall-1
set path=($FWDIR/bin $path)
To install the service pack software on an AIX workstation:
1.
Insert and mount the Service Pack 4 CD.
2.
Use the
untar
command to copy the Firewall-1.fw.usr.4.0.4.0 Service Pack 4patch file to the
/tmp directory.
3.
Unzip the Firewall-1.fw.usr.4.0.4.0 file.
4.
Enter the following command:
smit &
5.
Choose Software Installation and Maintenance.
6.
Choose Install and Upgrade from LATEST Available Software.
7.
Change to the /tmp directory.
8.
Enter the following command:
./installpatch /tmp/Firewall-1.fw.usr.4.0.4.0
9.
In software to install, choose List.
10.
Choose FireWall-1.
11.
Click on OK to begin the installation.
12.
After the installation is complete, be sure to set the following environment variables:
setenv FWDIR /usr/lpp/FireWall-1
set path=($FWDIR/bin $path)
*117623-G_REV_00*
Installing on an HP-UX Workstation
For instructions on installing the management software on an HP-UX workstation, refer to your
Check Point Software Technologies documentation.
To install the service pack software on an HP-UX workstation:
1.
Insert and mount the Service Pack 4 CD.
2.
Copy the fw.sd.vpn.tar Service Pack 4 patch file to the /tmp directory.
3.
Use the
untar
command to expand the fw.sd.vpn.tar file.
4.
Locate the directories CKPsp_4, CKPsp_4_mgmt, and CKPsp_4_gui.
5.
Enter the following command:
swinstall &
6.
In the Source Depot, enter
/tmp
and click on OK
.
7.
Mark CKPsp_4 and CKPsp_4_mgmt for installation.
8.
Choose Options.
9.
From the pull-down menu, choose Change Options and click on
OK
.
10.
Make sure that the option “Reinstall filesets even if the same revision” is checked and click
on OK
.
11.
Choose Actions, Install (analysis)...
Installing on a Windows NT System
For instructions on installing the management software on a Windows NT
®
system, refer to your
Check Point Software Technologies documentation.
To install the service pack software on a Windows NT system:
1.
Insert the Service Pack 4 CD.
2.
Copy the fw.sp4.vpn.zip Service Pack 4 patch file to the /tmp directory.
3.
Double-click on setup.exe
.
Important Notice for BaySecure FireWall-1
*117623-G_REV_00*
Downloading fwfilex Scripts
Nortel Networks provides scripts to help you synchronize your firewall management stations. The
scripts are included on the BayRS Router and Site Manager Software CD. The UNIX version of the
script is in the directory fwbkpscr/unix and the Windows NT version of the script is in the directory
fwbkpscr/win.
If you have a service contract or if you are within the 90-day warranty period, you can also use the
following instructions to download the scripts from theWorldWideWeb. These instructions
supersede those in the Configuring BaySecure FireWall-1 manual.
To download the fwfilex scripts for UNIX and Windows NT platforms:
1.
Use your browser to go to the Nortel Networks SupportWeb site at:
http://www.nortelnetworks.com/servsup
2.
ClickonSoftwareDistribution.
3.
Click on Enterprise Solution Routers.
4.
Select the appropriate router software version from the Enterprise Solutions Routers
pull-down menu.
5.
Under the heading Misc: Firewall Scripts, select the tar file.
Known Anomalies
Antispoofing does not work with BayRSVersion 12.05.
MCT1 modules do not enforce security policies in BayRS Version 13.04.
/