Nokia Firewall (5001) - CA...

Nokia Firewall

Device Management

Supports Management Module SM-NOK1000

Titlep

ae

D e v i c e M a n a g e m e n t N o k i a F i r e w a l l

Copyright NoticeDocument 5001. Copyright © 2002-present by Aprisma Management Technologies, Inc. All rights reserved worldwide. Use, duplication, or disclosure by the United States government is subject to the restrictions set forth in DFARS 252.227-7013(c)(1)(ii) and FAR 52.227-19.Liability DisclaimerAprisma Management Technologies, Inc. (“Aprisma”) reserves the right to make changes in specifications and other information contained in this document without prior notice. In all cases, the reader should contact Aprisma to inquire if any changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.

IN NO EVENT SHALL APRISMA, ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF APRISMA HAS BEEN ADVISED OF, HAS KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Trademark, Service Mark, and Logo InformationSPECTRUM, IMT, and the SPECTRUM IMT/VNM logo are registered trademarks of Aprisma Management Technologies, Inc., or its affiliates. APRISMA, APRISMA MANAGEMENT TECHNOLOGIES, the APRISMA MANAGEMENT TECHNOLOGIES logo, MANAGE WHAT MATTERS, DCM, VNM, SpectroGRAPH, SpectroSERVER, Inductive Modeling Technology, Device Communications Manager, SPECTRUM Security Manager, and Virtual Network Machine are unregistered trademarks of Aprisma Management Technologies, Inc., or its affiliates. For a complete list of Aprisma trademarks, service marks, and trade names, go tohttp://www.aprisma.com/manuals/trademark-list.htm.

All referenced trademarks, service marks, and trade names identified in this document, whether registered or unregistered, are the intellectual property of their respective owners. No rights are granted by Aprisma Management Technologies, Inc., to use such marks, whether by implication, estoppel, or otherwise. If you have comments or concerns

about trademark or copyright references, please send an e-mail to [email protected]; we will do our best to help.

Restricted Rights Notice(Applicable to licenses to the United States government only.)This software and/or user documentation is/are provided with RESTRICTED AND LIMITED RIGHTS. Use, duplication, or disclosure by the government is subject to restrictions as set forth in FAR 52.227-14 (June 1987) Alternate III(g)(3) (June 1987), FAR 52.227-19 (June 1987), or DFARS 52.227-7013(c)(1)(ii) (June 1988), and/or in similar or successor clauses in the FAR or DFARS, or in the DOD or NASA FAR Supplement, as applicable. Contractor/manufacturer is Aprisma Management Technologies, Inc. In the event the government seeks to obtain the software pursuant to standard commercial practice, this software agreement, instead of the noted regulatory clauses, shall control the terms of the government's license.Virus DisclaimerAprisma makes no representations or warranties to the effect that the licensed software is virus-free.

Aprisma has tested its software with current virus-checking technologies. However, because no antivirus system is 100 percent effective, we strongly recommend that you write-protect the licensed software and verify (with an antivirus system in which you have confidence) that the licensed software, prior to installation, is virus-free.

Contact InformationAprisma Management Technologies, Inc.273 Corporate DrivePortsmouth, NH 03801Phone: 603-334-2100U.S. toll-free: 877-468-1448Web site: http://www.aprisma.com

http://www.aprisma.com/manuals/trademark-list.htm

http://www.aprisma.com

http://www.aprisma.com

http://www.aprisma.com/manuals/trademark-list.htm


ContentsINTRODUCTION 4

Purpose and Scope ........................................................4Required Reading ...........................................................4Supported Devices..........................................................5The SPECTRUM Model ..................................................5

TASKS 7

DEVICE VIEW 8

Interface Icons ................................................................9Interface Icon Subviews Menu......................................10Secondary Address Panel ............................................11

DEVICE TOPOLOGY VIEWS 12

APPLICATION VIEWS 13

Main Application View...................................................13Application Icons...........................................................14Supported Applications .................................................14

Common Applications................................................14Device Specific Applications......................................16

Checkpoint Application .................................................16Firewall Information View ..........................................16

General Information ...............................................16Filter Information ....................................................17Packet Information .................................................17

RateShape Application ................................................. 17RateShape Performance View .................................. 17

Rule Status Table View ......................................... 18Aggregation Class Status Table View ................... 18

Virtual Router Redundancy Protocol Application .......... 19

PERFORMANCE VIEWS 20

CONFIGURATION VIEWS 21

Device Configuration View............................................ 21IPSO Configuration View .............................................. 22

Config ........................................................................ 22Log Table .................................................................. 23Card........................................................................... 23

IPSO Additional Configuration View ............................. 23Image ........................................................................ 23Fan ............................................................................ 24Power ........................................................................ 24

RateShape Configuration View..................................... 24Aggregation Class Table View .................................. 25Rule Table View ........................................................ 26

MODEL INFORMATION VIEWS 28

INDEX 29


Introduction

This section introduces SPECTRUM Device Management documentation for the Nokia Firewall series of devices.

This introduction contains the following topics:

• Purpose and Scope• Required Reading• Supported Devices (Page 5)• The SPECTRUM Model (Page 5)

Purpose and ScopeUse this documentation as a guide for managing Nokia Firewall devices with the SPECTRUM management module SM-NOK1000. This documentation describes the icons, menus, and views that enable you to remotely monitor, configure, and troubleshoot Nokia Firewall devices through software models in your SPECTRUM database.

This documentation consists primarily of information specific to the supported management module. For general information about device management using SPECTRUM, and

for explanations of basic SPECTRUM functionality, refer to the documentation listed under Required Reading.

Required ReadingBefore using this document, you should be familiar with the information provided in the following documentation:

• Getting Started with SPECTRUM for Operators

• Getting Started with SPECTRUM for Administrators

• How to Manage Your Network with SPECTRUM

• SPECTRUM Views• SPECTRUM Icons• SPECTRUM Menus

I n t r o d u c t i o n S u p p o r t e d D e v i c e s


Supported DevicesSPECTRUM management module SM-NOK1000 allows you to model several different types of Nokia Firewall /VPN devices. These devices offer a combination of firewall and VPN technology on a Nokia platform with a security-specific operating system (IPSO). They allow organizations to deploy a single, integrated solution for secure Internet communications and access control. They are ideal for network environments from carrier class to the regional or small office

The following Noika devices are supported by the SM-NOK1000 management module:

• IPUnkwn• IP4xx• IP400• IP410• IP440• IP6xx• IP600• IP650• IP3xx• IP110• IP530• IP740• IP3400

• VPNUnkwn• VPNRL50• VPNRL250• VPNRL500• VPNRLU• VPN210• VPN220• VPN230• VPN240

The SPECTRUM ModelSPECTRUM uses a single model type for modeling the supported Nokia Firewall devices. This model type is NokiaFW. This model is represented in SpectroGRAPH views by Device icons. As shown in Figure 1, the appearance of the Device icon varies depending on the view in which it appears.

I n t r o d u c t i o n T h e S P E C T R U M M o d e l


Figure 1: Device Icon

The device-specific Icon Subviews menu options available from the Device icon are listed below.

The rest of this document covering management module SM-NOK1000 is organized as follows:

• Tasks (Page 7)• Device View (Page 8)• Device Topology Views (Page 12)• Application Views (Page 13)• Performance Views (Page 20)• Configuration Views (Page 21)• Model Information Views (Page 28)

Option Accesses the...

Fault Management

For further information refer to How to Manage Your Network with SPECTRUM documentation.

Device Device View (Page 8)

Model Name

XYZ_Mxxx

Model Name

IP440

Small Device icon appears inTopology and Application views

Large Device icon appears inDevice Topology, Location, andDevice Interface views.

DevTop Device Topology Views (Page 12)

Application Application Views (Page 13)

Configuration Configuration Views (Page 21)

Model Information

Model Information Views (Page 28)

Primary Application

Menu options that let you select either Gen Bridge App or MIB-II as the primary application.



Tasks

This section contains an alphabetical list of device management tasks, with each task providing one or more links to views that let you perform the task.

Application Information (examine)• Application Views (Page 13)

Device (configure)• Configuration Views (Page 21)

Device Performance (monitor)• Device View (Page 8)

File Transfer (initiate/examine)• Firewall Information View (Page 16)

Interface Mask and Address (examine)• Secondary Address Panel (Page 11)

IPSO Configuration (configure)• IPSO Configuration View (Page 22)

Model Information (examine)• Model Information Views (Page 28)

Port Configuration (examine/modify)• Interface Icons (Page 9)• Device Configuration View (Page 21)

Port Statistics (monitor)• Performance Views (Page 20)

RateShape Configuration (configure)• RateShape Configuration View (Page 24)


Device View

This section describes the Device view and subviews available for models of Nokia Firewall devices in SPECTRUM.

Access: From the Icon Subviews menu for the Device icon, select Device.

This view (Figure 2) uses icons and labels to represent the device and its components, such as modules, ports, and applications. The view provides dynamic configuration and performance information for each of the device’s serial and network I/O ports, which are represented by Interface icons in the bottom panel of the view. The middle panel of the view displays a Device icon, which lets you monitor the device operation and access other device-specific views.

Figure 2: Device View

File View HelpTools

Model NameContactDescriptionLocation

Sys Up TimeManufacturerDevice TypeSerial Number

Network Address

Interface Description

Filter Physical

Interface Options PanelDevice Icon

XYZ_Mxxx

Model Name

1Ethernet

0:0:1D:F:FD:B6

ei0

0.0.0.0

ON

5SFTWARLPBK

0:0:1D:F:FD:B6

lo0

0.0.0.0

ON

9ATM8023

0:0:1D:F:FD:B6

zn1

0.0.0.0

ON

512AAL5

UAAL5

0.0.0.0

ON

2ATMCPU

0.0.0.0

ON

6ATM portCPU.1

0.0.0.0

ON

ATM7A1

0.0.0.0

ON

ATM7B1

0.0.0.0

ON

ATM7B2

0.0.0.0

ON

ATM7B3

0.0.0.0

ON

ATM8B1

0.0.0.0

ON

ATM8B2

0.0.0.0

ON

ATM8B3

0.0.0.0

ON

ATM8B4

0.0.0.0

ON

10

2783905 2783909

11

7

3 4

8

Interface Icons

Bookmarks

Model Name of type XYZ_Mxxx of Landscape node: Primary

Primary Application Gen Bridge App

D e v i c e V i e w I n t e r f a c e I c o n s


Interface IconsFigure 3 shows a close-up of an Interface icon from the Device view. Most of the informational labels on the icon also provide double-click access to other views, as explained in the following label descriptions.

Figure 3: Interface Icon

Interface Number LabelThis label displays the interface (port) number.

IF Status LabelThis label displays the current status of the interface for the primary application selected, e.g., Gen Rtr App or MIB-II App. Table 1 lists the possible label color representations. Note that the color of the label also depends on the interface’s current Administrative Status, which you set in the Interface Configuration View. This view can be accessed by double-clicking the Interface Type label.

Interface Type LabelThis label identifies the interface type (Ethernet, ATM, etc.). Double-click this label to access the Interface Configuration view. See the SPECTRUM Views documentation.

c

f

b

1ethernet

0:0:1D:F:FD:B6

a

a Interface Number Label

b IF Status Label

c Interface Type Label

d Network Type Label

e Physical Address Label

f IP Address Label

fxp0

0.0.0.0

d

e

ONTable 1: Interface Status Label Colors

ColorOperational

StatusAdministrative

StatusLabelText

Green up up ON

Blue down down OFF

Yellow down up OFF

Red testing testing TEST

D e v i c e V i e w I n t e r f a c e I c o n S u b v i e w s M e n u


Network Type LabelThis label identifies the type of network to which the interface is connected. Double-click the label to open the Model Information view for the interface.

Physical Address LabelThis label displays the physical (MAC) address of the interface. Double-click this label to open the Address Translation Table (AT).

IP Address LabelThis label displays the IP address for the interface. Double-click this label to open the Secondary Address Panel (Page 11), which lets you change the address and mask for the interface.

Interface Icon Subviews MenuTable 2 lists the device-specific interface Icon Subviews menu options and the views to which they provide access.

Table 2: Interface Icon Subviews Menu


Detail Interface Detail view, which displays packet, error, and discard breakdown statistics for the interface.

IF Configuration Interface Configuration view (see SPECTRUM Views).

Address Translation Table

Interface Address Translation Table, which identifies the physical and network address for the interface.

Secondary Address Panel

Secondary Address Panel (Page 11).

Thresholds Interface Threshold view, which lets you set the on/off alarm thresholds for load, packet rate, error rate, and % discarded for the interface.

Model Information

Model Information Views (Page 28).

Trap Configuration

Interface Trap Configuration view (see How to Manage Your Network with SPECTRUM).

D e v i c e V i e w S e c o n d a r y A d d r e s s P a n e l


Secondary Address PanelAccess: From the Icon Subviews menu for the Interface icon in the Device view, select Secondary Address Panel.

This panel provides a table of IP addresses and masks obtained from the Address Translation table within the device’s firmware. You can change the current address displayed in the IP Address field by selecting an entry from the table in this panel and clicking the Update button.


Device Topology Views

This section describes the Device Topology view available for models of the Nokia Firewall devices.

Access: From the Icon Subviews menu for the Device icon, select DevTop.

The Device Topology view (Figure 4) shows the connections between a modeled device and other network entities. The lower panel of the view uses Interface icons to represent the device’s serial, network, and I/O ports. These icons provide the same information and menu options as those in the Device View (Page 8). If a device is connected to a particular interface, a Device icon appears on the vertical bar above the Interface icon along with an icon representing the network group that contains the device.

Refer to the SPECTRUM Views documentation for details on Device Topology view.

Figure 4: Device Topology View

File View HelpTools

1Ethernet

0:0:1D:F:FD:B6ei0

0.0.0.0

ON 2ATM

0:0:1D:F:FD:B6A2

0.0.0.0

ON 3ATM

0:0:1D:F:FD:B6CPU

0.0.0.0

ON

XYZ_Mxxx

Model Name

Bookmarks

SpectroGRAPH: Device Topology: Model Name

Graphic ofNokia Firewall

Device

Model Name of type Model Type of Landscape node: Primary


Application Views

This section describes the main Application view and the associated application-specific subviews available for models of Nokia Firewall devices.

Access: From the Icon Subviews menu for the Device icon, select Application.

Main Application ViewWhen a device model is created, SPECTRUM automatically creates models for each of the major and minor applications supported by the device. The main Application view identifies all of these application models, shows their current condition status, and provides access to application-specific subviews. Figure 5 shows this view in the Icon mode. If you prefer the List mode, which displays applications as text labels, select View > Mode > List.

For more information on this view, refer to the MIBs and the Application View document.

Figure 5: Application View

SpectroGRAPH: Application: Model Name

Model Name

Contact

Description

Location

Network Address System Up Time

Manufacturer

Device Type

Serial Number

Model Name

6E132_25

Model Name

Model Type

File View Tools Bookmarks

Model Name of type <model type> of Landscape node: Primary

Help

A p p l i c a t i o n V i e w s A p p l i c a t i o n I c o n s


Application IconsWhen the Application view is in Icon mode, each of the application models is represented by an Application icon (Figure 6). Double-clicking the Model Name label (a) at the top of the icon opens the associated Model Information view—see Model Information Views (Page 28). For some applications, the Model Type label (c) at the bottom of the icon is also a double-click zone, which opens an application-specific view. Any views accessible through these double-click zones are also accessible from the Application icon’s Icon Subviews menu.

Figure 6: Application Icon

Supported ApplicationsSPECTRUM’s applications can be grouped within two general categories as follows:

• Applications associated with non proprietary MIBs. See Common Applications below.

• Applications associated with device-specific MIBs. See Device Specific Applications (Page 16).

Common ApplicationsFor the most part, these applications represent the non proprietary MIBs supported by your device. Listed below (beneath the title of the SPECTRUM document that describes them) are some of the common applications currently supported by SPECTRUM. Nokia Firewall devices support both common and device-specific applications.

• Routing Applications- Generic Routing- Repeater

a Model Name Label / Model Information View

b Condition Status Label

c Model Type Label / Application-Specific View

(a)

(b)

(c)

172.59.203.24

IP2_App

IP2_App

Note:Note:

The documents listed below (in bold font) are available for viewing at:

www.aprisma.com/manuals/



http://www.aprisma.com/manuals/


A p p l i c a t i o n V i e w s S u p p o r t e d A p p l i c a t i o n s


- AppleTalk- DECnet- OSPF- OSPF2- BGP4- VRRP- RFC 2932

• Bridging Applications- Ethernet Special Database- Spanning Tree- Static- Transparent- PPP Bridging- Source Routing- Translation- QBridge

• MIB II Applications- SNMP- IP- ICMP- TCP- System2- UDP

• Transmission Applications- FDDI- Point to Point

- DS1- DS3- RS-232- WAN- Frame Relay- Token Ring- Ethernet- Fast Ethernet- RFC 1317App- RFC 1285App- RFC 1315App- 802.11App- SONET

• Technology Applications- APPN- ATM Client- DHCP- DLSw- PNNI- RFC 1316App- RFC 1514- RFC 2287- RFC 2790- RFC 2925

• DOCSIS Applications- DOCSISCblDvApp - DOCSISQOSApp

A p p l i c a t i o n V i e w s C h e c k p o i n t A p p l i c a t i o n


- DOCSISBPI2App - DOCSISBPIApp - DOCSISIFApp

• Digital Subscriber Line (DSL) Applications- ADSL

Device Specific ApplicationsThe views and subviews available for Nokia Firewall device-specific applications are described in the rest of this section.

• Checkpoint Application• RateShape Application (Page 17)• Virtual Router Redundancy Protocol

Application (Page 19)

Checkpoint ApplicationThis major application (model type CheckpointApp) provides access to the following application-specific subview:

• Firewall Information View• Model Information Views (Page 28)

Firewall Information ViewAccess: From the Icon Subview menu for the CheckpointApp application, select Firewall.

This view provides fields in the following areas:

• General Information• Filter Information (Page 17)• Packet Information (Page 17)

General InformationThis area of the Firewall Information view provides the following information:

ProductType of Firewall.

Module StateThe state of the module.

Last SNMP FW EventThe last SNMP trap sent via “fw”.

Major VersionThe major Firewall version.

Minor VersionThe minor Firewall version.

A p p l i c a t i o n V i e w s R a t e S h a p e A p p l i c a t i o n


Filter InformationThis area of the Firewall Information view provides the following information:

NameThe name of the loaded filter.

DateThe date the filter was installed.

Packet InformationThis area of the Firewall Information view provides the following information:

Accepted PacketsThe number of accepted packets

Rejected PacketsThe number of rejected packets.

Dropped PacketsThe number of dropped packets.

Logged PacketsThe number of logged packets.

RateShape ApplicationThis major application (model type NkIpsoRateApp) provides access to the following application-specific subviews:

• IPSO Configuration View (Page 22)• RateShape Configuration View (Page 24)• RateShape Performance View

RateShape Performance ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select RateShape Performance.

This view displays the Access List Status Table which provides the following information:

ifIndexIdentifies the MIB-II interface which this access list stat entry is responsible for.

IndexA unique value identifying this table entry.

DirectionThe data source for this access list.

Pkts PassedNumber of packets successfully exiting this access list.

A p p l i c a t i o n V i e w s R a t e S h a p e A p p l i c a t i o n


Bytes PassedNumber of bytes successfully exiting this access list.

Clicking this button opens the Rule Status Table View.

Clicking this button opens the Aggregation Class Status Table View (Page 18).

Rule Status Table ViewAccess: From the RateShape Performance view, click the Rules button.

This view provides the following information:

ifIndexA unique value corresponding to the interface to which this rule is applied.

IndexThe “rsRuleIndex” value of the rule this entry describes.

DirectionThe data source for this rule.

Drop PktsThe number of packets that exceeded this rate limit.

Drop OctetsThe number of bytes that exceeded this rate limit.

Pkts PassedNumber of packets successfully exiting this rule.

Bytes PassedNumber of bytes successfully exiting this rule.

Aggregation Class Status Table ViewAccess: From the RateShape Performance view, click the Aggregation Class button.


ifIndexThe value of “ifIndex” which corresponds to the interface for which this aggregation class handles tokens.

IndexA unique value identifying this entry in the table.

DirectionThe data source for this aggregation class.

Shaped PktsThe number of packets shaped by this rate limit.

Rules

Aggregation Class

A p p l i c a t i o n V i e w s V i r t u a l R o u t e r R e d u n d a n c y P r o t o c o l A p p l i c a t i o n


Shaped OctetsThe number of octets shaped by this rate limit.

Enqueued PktsThe number of packets enqueued by this rate limit.

Enqueued OctetsThe number of packets enqueued by this rate limit.

Dropped PktsThe number of packets which exceeded this rate limit.

Dropped OctetsThe number of octets which exceeded this rate limit.

Pkts Passed InThe number of packets passed in successfully exiting this aggregation class.

Pkts Passed OutThe number of packets passed out successfully exiting this aggregation class.

Bytes Passed InThe number of bytes passed in successfully exiting this aggregation class.

Bytes Passed OutThe number of bytes passed out successfully exiting this aggregation class.

Virtual Router Redundancy Protocol ApplicationThe Virtual Router Redundancy Protocol (VRRP) application (model type rfc2338App) provides access to the VRRP Configuration View. See Routing Applications for documentation.


Performance Views

This section introduces the Performance view. For details concerning this view, refer to the SPECTRUM Views documentation.

Performance views display performance statistics in terms of a set of transmission attributes, e.g., cell rates, frame rates, % error, etc. A typical view is shown in Figure 7. The instantaneous condition of each transmission attribute is recorded in a graph. The statistical information for each attribute is presented in the adjacent table.

Generally, you determine performance at the device level through Performance views accessed from the Device and Application icons. You determine performance at the port/interface level through Performance views accessed from Interface icons.

Figure 7: Performance View

SpectroGRAPH: Type Routing

File View Tools Bookmarks

% Discarded

type routing of type IP Routing of Landscape node: Primary

Performance View

Day/Month/ Time/ Year

100.0

10.01.000.100.010

00:30 00:20 00:10 0

* Frame/Sec

% Received

% Forwarded

% Trans

Value Average Peak Value

Scroll to Date-TimeGraph Properties* Graph X 1000

Log

Network Address Device Type

% Error

% Discarded

Detail

at

at

at

at

at

at


Configuration Views

This section describes the Configuration views available for models of Nokia Firewall devices in SPECTRUM.

Configuration views allow you to view and modify current settings for the modeled device and its interfaces, ports, and applications. The following Configuration views are available for models of Nokia Firewall devices:

• Device Configuration View• IPSO Configuration View (Page 22)• RateShape Configuration View (Page 24)

Device Configuration ViewAccess: From the Icon Subviews menu for the Device icon, select Configuration.

A typical Device Configuration view is shown in Figure 8. Generally, this view includes a few fields that display device information as well as an Interface Configuration Table that lists interface parameters, some of which can be changed (see SPECTRUM Views). Some Device Configuration views include one or more buttons that provide

access to device-specific configuration information. These are described below.

Figure 8: Device Configuration Viewp

Model Name

File View Tools Bookmarks Help

DescriptionLocation

ContactManufacturerSys Up Time

Net Address

Device Type

Serial Number

Configuration View

Number of Interfaces

Interface Address Translation

Sort Interface Configuration Table

Index Description Type Bandwidth Physical Addre

Find Update

Redundancy and Model Reconfiguration Options

Contact Status

C o n f i g u r a t i o n V i e w s I P S O C o n f i g u r a t i o n V i e w


Refer to the SPECTRUM Views documentation

Refer to the SPECTRUM Views documentation.

IPSO Configuration ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select Configuration.

This view provides the fields described below and contains other fields in the following areas:

• Config• Log Table (Page 23)• Card (Page 23)

Serial NumberThe serial number of this device.

Memory (MB)The total memory capacity, in megabytes.

Log SizeA maximum limit on the number of entries which may be recorded in the Log Table.

MB TypeThe type of motherboard populating this device.

MB Rev NumberA string value representing the type of motherboard populating this device.

MB Serial NumberThe serial number of the motherboard.

Clicking this button opens the IPSO Additional Configuration View (Page 23).

ConfigThis area of the IPSO Configuration View provides the following information:

IndexThe index for this configuration, with 1 representing the currently running database and traversing from newest to oldest.

File PathThe absolute pathname and filename that holds a record of this configuration.

Date/TimeThe date and time this file was last changed.

Redundancy and Model Reconfiguration Options

Interface Address Translation

Additional Configuration

C o n f i g u r a t i o n V i e w s I P S O A d d i t i o n a l C o n f i g u r a t i o n V i e w


Log TableThis area of the IPSO Configuration View provides the following information:

Index The unique index of this configuration change entry.

DescriptionA description of the nature of the configuration change.

CardThis area of the IPSO Configuration View provides the following information:

IndexThe number of the slot in which this card is plugged.

StatusThe operational status of this card. Possible values are: enabled or disabled.

TypeThe “ifType” value for any interface(s) on this card. Please refer to RFC1213.

IPSO Additional Configuration ViewAccess: From the IPSO Configuration View, click the Additional Configuration button.

This view provides fields in the following areas:

• Image• Fan (Page 24)• Power (Page 24)

ImageThis area of the IPSO Additional Configuration View provides the following information on resident kernel images on this system:

IndexA unique value for the image represented by this entry.

Version No.The version number of this image.

Serial No.The serial number of this image.

Time of LoadThe date and time when this image was first transferred onto this device.

C o n f i g u r a t i o n V i e w s R a t e S h a p e C o n f i g u r a t i o n V i e w


FanThis area of the IPSO Additional Configuration View provides the following information:

Index A unique value representing this particular fan.

StatusThe operational status of this fan. Possible values are: running and notRunning.

PowerThis area of the IPSO Additional Configuration View provides the following information:

IndexA unique value representing this power supply.

TemperatureAn indication of whether or not this power supply’s internal temperature is over the recommended operation temperature limit. Possible values are: normal and overTemperature.

Oper StatusThe operational status of this power supply. Possible values are: running and notRunning.

RateShape Configuration ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select RateShape Config.

This view displays the Access List table which provides the following information:

ifIndexThe “ifIndex” of the MIB-II interface for which this access list entry is responsible.

IndexA unique value identifying this Access List.

DirectionThe data source for this access list.

NameA unique descriptor for this access list.

Row StatusThe current status of this access list. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.

Clicking on this button opens the Access List Add View, which enables you to create an Access List within the Access List Table by entering an instance and then selecting its desired status.

Add New Access List



Clicking this button opens the Aggregation Class Table View.

Clicking this button opens the Rule Table View (Page 26).

Aggregation Class Table ViewAccess: From the RateShape Configuration view click on the Aggregation Class button.


ifIndexThe value of “ifIndex” which corresponds to the first interface for which this aggregation class handles tokens.

IndexThe unique value identifying this aggregation class (queue).

DirectionThe data source for this aggregation class.

NameA description of this aggregation class.

Mean RateThe peak bandwidth when Burst Rate and Burst Duration are not set. When mean rate and burst duration are set, the mean rate specifies the long-term rate which the packet stream will be shaped to, but the packet stream can burst above that rate, with no penalty, for as long as the burst duration specifies.

Burst RateThe maximum burst peak rate in kilobits per second before being shaped. This value is obsolete and will no longer be supported.

Burst DurationThe number of milliseconds this aggregation class needs to transmit Burst Rate. If this is not set to a non-zero value, Mean Rate is the peak rate.

Row StatusThe current status of this aggregation class. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.

Aggregation Class

Rules



Rule Table ViewAccess: From the RateShape Configuration view click on the Rules button.


ifIndexThe “ifIndex” of the MIB-II interface for which this access list entry is responsible.

IndexAn arbitrary value for rate limit objects.

DirectionThe data source for the Rate Limit object.

TOSThe TOS field of the type of packet which this rule governs.

ActionThe forwarding Action associated with this rule. Possible values are: drop, accept, reject, condition, and skip.

Src AddrThe source IP address for this rule.

Src Addr MaskThe mask of source address for this rule.

Dest AddrThe destination IP address for this rule.

Dest Addr MaskThe mask of destination address for this rule.

ProtocolThe number of IP protocol that rule applies on.

Src Start PortThe start of the source range of port number(s) of the IP protocol for this rule.

Src End PortThe end of the source range of port number(s) of the IP protocol for this rule.

Dest Start PortThe start of the destination range of port number(s) of the IP protocol for this rule.

Dest End PortThe end of the destination range of port number(s) of the IP protocol for this rule.

Agg Class IndexThe index to the aggregation class (queue) if the value of Action is enqueue.

EstablishedIndicates whether this rule is effective on previously-established TCP connections.



Row StatusThe current status of this rule. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.


Model Information Views

This section provides a brief overview of the Model Information view.

Model Information views display administrative information about devices and their applications and let you set thresholds and alarm severity for the devices.

Figure 9 shows a sample Model Information view. The layout of this view is the same for all model types in SPECTRUM but some information will vary depending on the model it defines. Refer to the SPECTRUM Views documentation for a complete description of this view.

Figure 9: Model Information View

Model Name ContactDescriptionLocation

SpectroGRAPH: Model Name

File View Tools Bookmarks Help

ManufacturerSysUpTime

Net AddressDevice TypeSerial Number

Model Information View

MM Name

MM Part Number

MM Version Number

Model Type

Model Creation Time

Model Created By

Model State

Security String

Communication Information

Poll / Log Information

Condition Value

Contact Status

DCM TimeOut

DCM Retry

Lost Child Count

Value When Yellow

Value When OrangeValue When Red

Community Name

Mgnmt Protocol

Poll Interval

Poll Status

Log Ratio

Last Successful Poll

Logged Polled

True

General InformationCondition


Index

AAddress

Interface IP 10Physical (MAC) 10Translation 11

Admin Status 9Aggregation Class Status Table

View 18Bytes Passed In 19Bytes Passed Out 19Direction 18Dropped Octets 19Dropped Pkts 19Enqueued Octets 19Enqueued Pkts 19ifIndex 18Index 18Pkts Passed In 19Pkts Passed Out 19Shaped Octets 19Shaped Pkts 18

Aggregation Class Table View 28Burst Duration 25Burst Rate 25Direction 25ifIndex 25Index 25

Mean Rate 25Name 25Row Status 25

ApplicationDevice-specific 16

Application Icons 14Application View 13

CCheckpoint Application 16Condition Status Label 14Configuration views 21

DDevice icon 5Device Topology Views 12

FFile Transfer MIB View 16Firewall Information View

Accepted Packets 17Date 17

Dropped Packets 17Filter Information 17General Information 16Last SNMP FW Event 16Logged Packets 17Major Version 16Minor Version 16Module State 16Name 17Packet Information 17Product 16Rejected Packets 17

Firewall InformationView 16

IIcons

Device 5Interface 9

Image 23Interface

Type, Device 9IPSO Additional Configuration

View 23Fan 24

Index 24Status 24

I n d e x I n d e x


Image 23Index 23Serial No. 23Time of Load 23Version No. 23

Power 24Index 24Oper Status 24Temperature 24

IPSO Configuration View 2223

buttonAdditional Configuration 22

Card 23Config

Date/Time 22File Path 22Index 22

Log Size 22Log Table 23

Description 23Index 23

MB Rev Number 22MB Serial Number 22MB Type 22Status 23Type 23

LLabels

Application IconCondition Status 14Model Name 14Model Type 14

MMask 11Model type 5Model Type Label 14

NNetwork I/O ports 12Network Type 10

PPerformance Statistics 20Port Number, Device 9

RRateShape Application 17RateShape Configuration View 24

buttonAdd New Access List 24Aggregation Class 25

Rules 25Direction 24ifIndex 24Index 24Name 24Row Status 24

RateShape Performance View 17button

Aggregation Class 18Rules 18

Bytes Passed 18Direction 17ifIndex 17Index 17Pkts Passed 17

Row 24Rule Status Table View 18

Bytes Passed 18Direction 18Drop Octets 18Drop Pkts 18ifIndex 18Index 18

Rule Table View 26Action 26Agg Class Index 26Dest Addr 26Dest Addr Mask 26Dest End Port 26Dest Start Port 26Direction 26Established 26

I n d e x I n d e x


ifIndex 26Index 26Protocol 26Row Status 27Src Addr 26Src Addr Mask 26Src End Port 26Src Start Port 26TOS 26

SSerial ports 12

TTasks 7Threshold Information 10

VViews

Configuration 21Virtual Router Redundancy Protocol

(VRRP) Application 19

Nokia Firewall (5001) - CA...

Documents

Transcript of Nokia Firewall (5001) - CA...