Avaya FireWall-1 Manual de usuario Pagina 1

Configuring BaySecure FireWall-1Part No. 117384-D Rev 00April 1999BayRS Version 13.20Site Manager Software Version 7.20 BCC Version 4.20

117384-D Rev 00xi PrefaceThis guide describes BaySecure FireWall-1 and what you do to install, start, and customize BaySecure FireWall-1 services on a

Configuring BaySecure FireWall-1 xii117384-D Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) Indicate

Preface117384-D Rev 00xiii AcronymsBay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release notes free, directl

Configuring BaySecure FireWall-1 xiv117384-D Rev 00How to Get HelpFor product assistance, support contracts, information about educational services, a

117384-D Rev 001-1 Chapter 1Overview of the BaySecure FireWall-1 SoftwareThe BaySecure™ FireWall-1 software builds firewall security features into Bay

Configuring BaySecure FireWall-1 1-2117384-D Rev 00How the Firewall Software WorksThe management station downloads the policy information to the state

Overview of the BaySecure FireWall-1 Software117384-D Rev 001-3 Selecting a Backup Management StationA router connects to a backup firewall management

Configuring BaySecure FireWall-1 1-4117384-D Rev 00Where to Go NextTo get a firewall up and running on your Bay Networks router:For information about

117384-D Rev 002-1 Chapter 2Installing the FireWall-1 Management SoftwareTo install the FireWall-1 software, see the following sections:Obtaining Soft

ii117384-D Rev 00Bay Networks, Inc.4401 Great America ParkwaySanta Clara, CA 95054Copyright © 1999 Bay Networks, Inc.All rights reserved. Printed in t

Configuring BaySecure FireWall-1 2-2117384-D Rev 00Obtaining a FireWall-1 License for the Management StationTo obtain a FireWall-1 license for the fir

Installing the FireWall-1 Management Software117384-D Rev 002-3 Sample Response from Check PointYour license request with the following details has be

Configuring BaySecure FireWall-1 2-4117384-D Rev 00Obtaining a FireWall-1 License for the RouterTo obtain a FireWall-1 license for a router you plan t

Installing the FireWall-1 Management Software117384-D Rev 002-5 Sample Response from Check PointThe following license was generated:We recommend print

Configuring BaySecure FireWall-1 2-6117384-D Rev 00Sample Installation The following sample installation takes the Check Point FireWall-1 software fro

Installing the FireWall-1 Management Software117384-D Rev 002-7 The Selecting Product Type window (Figure 2-2) opens.Figure 2-2. Selecting Product Typ

Configuring BaySecure FireWall-1 2-8117384-D Rev 006.Enter the license information you obtained from Check Point.7.Click on Next.The Administrators wi

Installing the FireWall-1 Management Software117384-D Rev 002-9 9.Enter the administrator’s user name and password (limited to eight characters), and

Configuring BaySecure FireWall-1 2-10117384-D Rev 0014.Click on Next.The CA Key window opens.15.Click on Generate to generate a new key.The host uses

Installing the FireWall-1 Management Software117384-D Rev 002-11 3.Click on Next.The Select Components window (Figure 2-8) opens.Figure 2-8. Select Co

117384-D Rev 00iiiTHIS LICENSE AGREEMENT. THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH BAY NETWORKS WILL PERMIT YOU TO USE TH

Configuring BaySecure FireWall-1 2-12117384-D Rev 00Installing on a UNIX PlatformUse the following sections as a guide to installing the FireWall-1 so

Installing the FireWall-1 Management Software117384-D Rev 002-13 For HP-UXlab# mount -r /dev/dsk/c1t2d0 (or your specific CD-ROM address) /cdromlab#

Configuring BaySecure FireWall-1 2-14117384-D Rev 00**************** FireWall-1 v3.0 Installation ****************Reading fwinstall configuration. Th

Installing the FireWall-1 Management Software117384-D Rev 002-15 The following evaluation License key is provided with this FireWall-1 distributionEva

Configuring BaySecure FireWall-1 2-16117384-D Rev 00Configuring Groups...=====================FireWall-1 access and execution permissions-------------

Installing the FireWall-1 Management Software117384-D Rev 002-17 **************** FireWall-1 is now installed. ****************Do you wish to start FW

Configuring BaySecure FireWall-1 2-18117384-D Rev 00Installing a License on the Management StationTo install a FireWall-1 license, enter the license i

Installing the FireWall-1 Management Software117384-D Rev 002-19 Synchronizing the Management Station and the Router PasswordsOnce you have installed

Configuring BaySecure FireWall-1 2-20117384-D Rev 00Transferring Security Policy and Configuration FilesFirewall backup management stations must have

Installing the FireWall-1 Management Software117384-D Rev 002-21 From the World Wide WebYou can also download the files from the World Wide Web. Compl

iv117384-D Rev 00IF BAY NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL THE LIABILITY OF BAY NETWORKS RELATING TO THE

Configuring BaySecure FireWall-1 2-22117384-D Rev 003.Using FTP, copy, or another transfer utility, manually transfer the file <filename>.zip to

117384-D Rev 003-1 Chapter 3Configuring a Firewall on a RouterTo configure a firewall on the router, see the following topics:Effective with the relea

Configuring BaySecure FireWall-1 3-2117384-D Rev 00You can also use the Technician Interface, which lets you modify parameters by issuing set and comm

Configuring a Firewall on a Router117384-D Rev 003-3 Disabling and Reenabling a Firewall on a RouterBy default, a firewall is enabled when you first c

Configuring BaySecure FireWall-1 3-4117384-D Rev 00Establishing a Static RouteYou may need to establish a static route between the router and the mana

Configuring a Firewall on a Router117384-D Rev 003-5 Identifying the First Backup Firewall Management StationIf your router loses communication with i

Configuring BaySecure FireWall-1 3-6117384-D Rev 00Use the BCC to specify the second backup firewall management station. Navigate to the firewall prom

Configuring a Firewall on a Router117384-D Rev 003-7 Enabling the Firewall on Router InterfacesAfter you have created a firewall on the router, use th

Configuring BaySecure FireWall-1 3-8117384-D Rev 00For example, the following command invokes the prompt for IP interface 2.2.2.2/255.0.0.0 (which has

Configuring a Firewall on a Router117384-D Rev 003-9 For example, the following command assigns the name “offsite” to the firewall on IP interface 2.2

117384-D Rev 00vContents PrefaceBefore You Begin ...

Configuring BaySecure FireWall-1 3-10117384-D Rev 00Activating the FirewallBefore the FireWall-1 security policy can take effect on the router, you mu

Configuring a Firewall on a Router117384-D Rev 003-11 Installing the Security Policy on the Router and Its InterfacesOnce you have defined a security

Configuring BaySecure FireWall-1 3-12117384-D Rev 00Troubleshooting ChecklistIf you experience problems with the FireWall-1 software, verify that you

117384-D Rev 004-1 Chapter 4Customizing a Firewall on a RouterTo customize a firewall on the router, see the following topics:Effective with the relea

Configuring BaySecure FireWall-1 4-2117384-D Rev 00Specifying FireWall-1 MemoryYou can specify the maximum and minimum amount of memory that FireWall-

Customizing a Firewall on a Router117384-D Rev 004-3 Setting the Firewall Filter TimerThe firewall filter timer is the number of seconds between attem

Configuring BaySecure FireWall-1 4-4117384-D Rev 00Specifying a Timeout Period for an Inactive TCP ConnectionIf a TCP connection is inactive for a cer

Customizing a Firewall on a Router117384-D Rev 004-5 For example, the following command disables the keepalive feature:firewall# idle-time-keepalive 0

Configuring BaySecure FireWall-1 4-6117384-D Rev 00For example, the following command sets the keepalive retransmit timer to 5 seconds:firewall# retri

117384-D Rev 00A-1 Appendix AMonitoring the Firewall UsingBCC show CommandsThis appendix describes how to use the BCC show command to obtain BaySecure

vi117384-D Rev 00Installation Options ...2-13Sample Installat

Configuring BaySecure FireWall-1 A-2117384-D Rev 00show firewall interfacesThe show firewall interfaces command displays information about the interfa

Monitoring the Firewall Using BCC show Commands117384-D Rev 00A-3 show firewall summaryThe show firewall summary command displays the current firewall

117384-D Rev 00B-1 Appendix BUpgrading to BayRS Version 13.20This appendix describes the procedure you must follow if you are upgrading to BayRS Versi

Configuring BaySecure FireWall-1 B-2117384-D Rev 00To reenable firewall on each IP interface, use the BCC to navigate to the prompt for the slot/conne

Upgrading to BayRS Version 13.20117384-D Rev 00B-3 If you are using FireWall-1 on more than 32 circuits, you must group circuits with the same securit

117384-D Rev 00Index-1Aacronyms, xiiiactivating a firewall, 3-10addingadministrators, 2-17groups, 2-17GUI clients, 2-11, 2-17license, 2-11, 2-17remote

Index-2117384-D Rev 00Ggroups, adding, 2-17GUI clients, adding, 2-11, 2-17Iidle-time-keepalive command, 4-4inspection code, 3-11installationoptions, 2

117384-D Rev 00viiChapter 4 Customizing a Firewall on a RouterSpecifying FireWall-1 Memory ...

117384-D Rev 00ixFiguresFigure 2-1. Choose Destination Location Window ..............2-6Figure 2-2. Selecting