Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nokia DOH (adding rules)

Status
Not open for further replies.
Piloria

Piloria

IS-IT--Management
Mar 12, 2002
435
0
0
GB
ok this is the first time i have configured a nokia box i have always used NT. so a gui console on the machine makes it easy.

1. activated CP FW-1
2. ran cpconfig on box (only works under admin user at this point)
3. entered required data and set up gui client ip addresses
4. rebooted
5. firewall has no rule to allow gui client management access.
6. need to add a rule (i presume via command line on console)

how do i enter the management rule (never added a rule via command line before)

is there another way of setting up where this isnt required?
 
Sort by date Sort by votes
You don't need to add a rule to allow the GUI access. Just run cpconfig, create the administrator account(s), GUI client addresses, reboot it and then point your policy editor / SMARTDashboard at the box and then accept the fingerprint and bingo .... you're in!!

I'm in the middle of building a new fw on a Nokia IP330 at the moment. Cool platform!

Chris. **********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
ok i need to unload the policy

fw unload localhost
 
Upvote 0 Downvote
inothe firewall wont accept an incomming connection if there isnt a management rule (not in defauly rulebase)

so you need to unload the policy (it adds it automaticly) so get the gui client working then add the management rule and it all works again
 
Upvote 0 Downvote
You shouldn't need to unload the policy. When it starts up it loads the default filter which allows management connections. Are you using NG? I built mine last week using NG FP3 but I've also done it on 4.1 on a Nokia IP440 and I didn't need to unload the policy to get connected via the GUI. However, if you can't get in then unloading the policy from the command line will do it.

This is from Nokia Network Security - Syngress (Good book) ..

" After you have the CheckPoint packages installed, enabled, and configured, you can begin configuring a security policy for your Nokia firewall. Even if the InitialPolicy is loaded, you should be able to connect with a GUI client and push a policy. If you have any trouble with this process, unload the default filter with fw unloadlocal (prior to NG FP2 the command was fw unload localhost)."

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
You only need a rule if you have a distributed implementation and your management traffic has to go over the firewall to get to the management station. Otherwise its just the addition of the GUI through CP Config. B-)
Brian, CCSE
brian@domain-integrity.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

desrose
  • Locked
  • Question
snort rules alert for maximum tcp connection of 10
Replies
1
Views
52
kjv1611
kjv1611
neutec
  • Locked
  • Question
Adding another Public IP to ASA5505
Replies
1
Views
37
iggsterman
iggsterman
thedivaofsteel
  • Locked
  • Question
Adding another Network to our Sonicwall NSA 3500 and existing VPN
Replies
1
Views
28
jkupski
jkupski
DKIAdmin
  • Locked
  • Question
Stumped - PIX515 Rules for SMTP (and others) not working
Replies
0
Views
30
DKIAdmin
DKIAdmin
notShai
  • Locked
  • Question
adding an ASA to an 1841?
Replies
1
Views
17
brainpk
brainpk

Part and Inventory Search

Sponsor

Back
Top