Avaya BaySecure FireWall-1 Important Notice

Brand: Avaya

Model: BaySecure FireWall-1

Type: Important Notice

Avaya BaySecure FireWall-1 is a powerful and versatile security appliance that can help you protect your network from a variety of threats. With its stateful inspection technology, FireWall-1 can identify and block malicious traffic before it can reach your network. FireWall-1 also includes a number of other features that make it a valuable addition to any security arsenal, including:

VPN support: FireWall-1 can be used to create and manage VPNs, which allow you to securely connect remote users to your network.
** Intrusion prevention:** FireWall-1 can be used to prevent a variety of attacks, including denial-of-service attacks, buffer overflows, and SQL injections.

VPN support: FireWall-1 can be used to create and manage VPNs, which allow you to securely connect remote users to your network.
** Intrusion prevention:** FireWall-1 can be used to prevent a variety of attacks, including denial-of-service attacks, buffer overflows, and SQL injections.

Important Notice for BaySecure FireWall-1

*117623-G_REV_00*

Thank you for purchasing BaySecure FireWall-1!

Nortel Networks

™

BaySecure

™

FireWall-1 integrates the Check Point Software Technologies

FireWall-1 stateful inspection technology into BayRS

™

to provide the highest level of network

access control available.

Instructions for Configuring and Using Firewalls

For instructions on configuring and using the FireWall-1 software feature, see Configuring

BaySecure FireWall-1. This manual is available on the BayRS documentation CD. It is also available

at the Nortel Networks support site at http://www12.nortelnetworks.com/library/tpubs/nav/router/

bayrs.htm. Click on the appropriate version of BayRS software, then click on Security, and then click

on the icon next to Configuring BaySecure FireWall-1.

Please also read this Important Notice for information that supplements the manual.

BayRS Software Compatibility

FireWall-1 4.0 with Service Pack 4 works with BayRSVersions 12.05, 13.04, 13.20, and 14.00.

Upgrading FireWall-1 Configurations Earlier than BayRS 13.20

If you are upgrading FireWall-1 configurations earlier than BayRS 13.20 to work with later versions

of BayRS, see Appendix B of Configuring BaySecure FireWall-1 for BayRS Version 14.00 for

important instructions. If you are upgrading from BayRS 13.20 or later versions of BayRS, you do

not need to follow the instructions in Appendix B.

*117623-G_REV_00*

Required Components for BaySecure FireWall-1

To use FireWall-1 with a Nortel Networks router, you need certificate keys, the Enterprise Security

Management CD, and the Service Pack 4 CD. The following sections describe each of these items.

Certificate Keys

Before you can install the FireWall-1 management software and create a firewall on your router, you

must obtain permanent software license strings from Check Point Software Technologies. You must

obtain license strings for the management station (PC or UNIX platform from which you control the

operation of the firewall) and for each router for which you want to activate a firewall agent. To

obtain these license strings, you need the certificate key printed on a sticker on the inside of the box

containing the FireWall-1 software and documentation.

If you ordered one of the software bundles — FireWall-1 Management with ASN, ARN, or S5000

Agent (Light or Medium) — you can use the certificate key in the FireWall-1 box to obtain both the

management and router agent licenses from Check Point Software Technologies.

If you ordered the FireWall-1 agent or management stand-alone product, you will need one

certificate key for your management station and one agent certificate key for each router on which

you want to install a firewall.You use all of these certificate keys to obtain software licenses from

Check Point Software Technologies.

For details about how to use the management and agent certificate keys to obtain software license

strings, see Chapter 2 of the manual Configuring BaySecure FireWall-1. When you request the

license strings, use the IP address of the management station for both the management software

license request and the router license requests.

Check Point FireWall-1 Enterprise Security Management CD

You use this CD to install the management software that lets you control the operation of FireWall-1.

Instructions for installing the management software on a PC or UNIX platform are in this Important

Notice (see “Installing Check Point FireWall-1 Management Software and Service Pack”).

Check Point Service Pack 4 Software CD

You use this CD to install additional software on your PC or UNIX system to control the operation of

the firewall on your router. Instructions for installing the Service Pack 4 software are in this

Important Notice (see “Installing Check Point FireWall-1 Management Software and Service Pack”).

Note:

If you previously installed the FireWall-1 software, you may already

have licenses for your existing management station and agents.

Important Notice for BaySecure FireWall-1

*117623-G_REV_00*

Installing Check Point FireWall-1 Management Software and Service

Pack

Use the following instructions to install the Check Point FireWall-1 management software and the

Service Pack 4 software on a PC or UNIX platform. These instructions supersede those in the

Configuring BaySecure FireWall-1 manual.

Before You Begin

Make sure that you have the following items before you begin the installation procedure:

• Check Point FireWall-1 Enterprise Security Management CD

• Check Point Service Pack 4 CD

• Check Point FireWall-1 4.0 management license (see “Certificate Keys” earlier in this document

and refer to Chapter 2 of Configuring BaySecure FireWall-1 for instructions)

Installing on a Solaris Workstation

To install FireWall-1 management software on a Solaris workstation:

Insert and mount the Enterprise Security Management CD.

Change directory to /cdrom/solaris2 (or the directory where you placed the install files).

Enter the following command:

pkgadd –d /cdrom/solaris2

Choose option 3, Checkpoint FireWall-1 (sparc) 4.0 (CKPfw) and follow the screen

prompts.

When the FireWall GUI installation is complete, change directory to etc/fw/bin.

Enter the following command:

./fwconfig

After you read the license agreement, choose option 3, VPN-1 & FireWall-1 Enterprise

Management Console Product.

Follow the screen prompts. Answer NO for both CA Keys.

*117623-G_REV_00*

To install the service pack software on a Solaris workstation:

Insert and mount the Service Pack 4 CD.

Use the

untar

command to copy the files to the /tmp directory. This creates two new

directories.

Change to the directory CKPSP000004-01.

Enter the following command:

./installpatch /tmp/CKPSP00000-01

When the patch installation completes, change to the /tmp directory.

Enter the following command:

pkgadd –d /tmp

Choose the option to install the Check Point FireWall-1 GUI (Sparc) 4.0.

Reboot your Sparcstation.

Reenter all keys (for example,

/etc/fw/bin/fw putkey –p

on the server and

fwputkey

on the router).

Installing on an AIX Workstation

Before you can install the Management Software Version 4.0 on an AIX workstation, you must first

install the file set bos.adt.syscalls 4.0.5.1. For instructions, refer to the AIX installation media.

To install FireWall-1 management software on an AIX workstation:

Insert and mount the Enterprise Security Management software CD.

Change directory to /cdrom/aix/FireWall-1 (or the directory where you placed the install

files).

Enter the following command:

smit &

Choose Software Installation and Maintenance.

Choose Install and Upgrade from LATEST Available Software.

Enter the following command:

/cdrom/aix/FireWall-1

(FireWall-1 is always installed in the /usr/lpp/FireWall-1 directory.)

In software to install, choose List.

Important Notice for BaySecure FireWall-1

*117623-G_REV_00*

Choose FireWall-1.

10.

Click on OK to begin the installation.

11.

After the installation is complete, be sure to set the following environment variables:

setenv FWDIR /usr/lpp/FireWall-1

set path=($FWDIR/bin $path)

To install the service pack software on an AIX workstation:

Insert and mount the Service Pack 4 CD.

Use the

untar

command to copy the Firewall-1.fw.usr.4.0.4.0 Service Pack 4patch file to the

/tmp directory.

Unzip the Firewall-1.fw.usr.4.0.4.0 file.

Enter the following command:

smit &

Choose Software Installation and Maintenance.

Choose Install and Upgrade from LATEST Available Software.

Change to the /tmp directory.

Enter the following command:

./installpatch /tmp/Firewall-1.fw.usr.4.0.4.0

In software to install, choose List.

10.

Choose FireWall-1.

11.

Click on OK to begin the installation.

12.

After the installation is complete, be sure to set the following environment variables:

setenv FWDIR /usr/lpp/FireWall-1

set path=($FWDIR/bin $path)

*117623-G_REV_00*

Installing on an HP-UX Workstation

For instructions on installing the management software on an HP-UX workstation, refer to your

Check Point Software Technologies documentation.

To install the service pack software on an HP-UX workstation:

Insert and mount the Service Pack 4 CD.

Copy the fw.sd.vpn.tar Service Pack 4 patch file to the /tmp directory.

Use the

untar

command to expand the fw.sd.vpn.tar file.

Locate the directories CKPsp_4, CKPsp_4_mgmt, and CKPsp_4_gui.

Enter the following command:

swinstall &

In the Source Depot, enter

/tmp

and click on OK

Mark CKPsp_4 and CKPsp_4_mgmt for installation.

Choose Options.

From the pull-down menu, choose Change Options and click on

10.

Make sure that the option “Reinstall filesets even if the same revision” is checked and click

on OK

11.

Choose Actions, Install (analysis)...

Installing on a Windows NT System

For instructions on installing the management software on a Windows NT

system, refer to your

Check Point Software Technologies documentation.

To install the service pack software on a Windows NT system:

Insert the Service Pack 4 CD.

Copy the fw.sp4.vpn.zip Service Pack 4 patch file to the /tmp directory.

Double-click on setup.exe

Important Notice for BaySecure FireWall-1

*117623-G_REV_00*

Downloading fwfilex Scripts

Nortel Networks provides scripts to help you synchronize your firewall management stations. The

scripts are included on the BayRS Router and Site Manager Software CD. The UNIX version of the

script is in the directory fwbkpscr/unix and the Windows NT version of the script is in the directory

fwbkpscr/win.

If you have a service contract or if you are within the 90-day warranty period, you can also use the

following instructions to download the scripts from theWorldWideWeb. These instructions

supersede those in the Configuring BaySecure FireWall-1 manual.

To download the fwfilex scripts for UNIX and Windows NT platforms:

Use your browser to go to the Nortel Networks SupportWeb site at:

http://www.nortelnetworks.com/servsup

ClickonSoftwareDistribution.

Click on Enterprise Solution Routers.

Select the appropriate router software version from the Enterprise Solutions Routers

pull-down menu.

Under the heading Misc: Firewall Scripts, select the tar file.

Known Anomalies

• Antispoofing does not work with BayRSVersion 12.05.

• MCT1 modules do not enforce security policies in BayRS Version 13.04.

Avaya BaySecure FireWall-1 Important Notice

Brand: Avaya

Model: BaySecure FireWall-1

Type: Important Notice

VPN support: FireWall-1 can be used to create and manage VPNs, which allow you to securely connect remote users to your network.
** Intrusion prevention:** FireWall-1 can be used to prevent a variety of attacks, including denial-of-service attacks, buffer overflows, and SQL injections.

Download PDF

report

Avaya BaySecure FireWall-1 Important Notice

Avaya BaySecure FireWall-1 Important Notice

Related papers

Other documents