博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 2043|回复: 0

Nokia防火墙配置过程

[复制链接]
发表于 2008-3-9 09:27:36 | 显示全部楼层 |阅读模式
Nokia防火墙配置过程
System boot ….
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio0: type 16550A
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio1: type 16550A
Hostname? Firewall-001
Hostname set to "Firewall-001", OK? [y]

Please enter password for user admin:<type admin’s password>
Please re-enter password for confirmation:<type admin’s password again>


You can configure your system in two ways:

1) configure an interface and use our Web-based Voyager via a remote
browser
2) VT100-based Lynx browser

Please enter a choice [ 1-2, q ]:1

Select an interface from the following for configuration:

1) eth1
2) eth2
3) eth3
4) eth4
5) quit this menu

Enter choice [1-5]:4

Enter the IP address to be used for eth4: x.x.x.x

Enter the masklength: 24

Do you wish to set the default route [ y ] ? n

Do you wish to configure this interface for 100 mbs [ n ] ? y

This interface is configured as half duplex by default.
Do you wish to configure this interface as full duplex [ n ] ? y

You have entered the following parameters for the eth4 interface:

IP address: 10.18.4.4
masklength: 24
Speed: 100M
Duplex: full

Is this information correct [ y ] ?

You may now configure your interfaces with the Web-based Voyager by
typing in the IP address "10.18.4.4" at a remote browser.


Cpconfig

Do you accept all the terms of this license agreement (y/n) ? y

Which Module would you like to install ?
-------------------------------------------
(1) VPN-1 & FireWall-1 Enterprise Primary Management and Enforcement Module
(2) VPN-1 & FireWall-1 Enforcement Module
(3) VPN-1 & FireWall-1 Enterprise Primary Management






Enter your selection (1-3/a-abort) [1]:
IP forwarding disabled
Hardening OS Security: IP forwarding will be disabled during boot.
Generating default filter
Default Filter installed
Hardening OS Security: Default Filter will be applied during boot.
This program will guide you through several steps where you
will define your Check Point products configuration.
At any later time, you can reconfigure these parameters by
running cpconfig

Configuring Licenses...
=======================
Host Expiration Features

Note: The recommended way of managing licenses is using SecureUpdate.
This window can be used to manage local licenses only on this machine.

Do you want to add licenses (y/n) [y] ?n

Configuring Administrators...
=============================
No Check Point Administrators are currently
defined for this Management Station.
Administrator name: admin
Password:
Verify Password:
Permissions for all Management Clients (Read/[W]rite All, [R]ead Only All, [C]us
tomized)w
Administrator admin was added successfully and has
Read/Write permission to all management clients

Add another one (y/n) [n] ?


Configuring GUI clients...
==========================
GUI clients are trusted hosts from which
Administrators are allowed to log on to this Management Station
using Windows/X-Motif GUI.

Do you want to [C]reate a new list, [A]dd or [D]elete one?:C
Please enter the list hosts that will be GUI clients.
Enter hostname or IP address, one per line, terminating with CTRL-D or your EOF
character.
10.18.4.38 (Press Ctrl+D)
Is this correct (y/n) [y] ?

Configuring Groups...
=====================
Check Point access and execution permissions
-------------------------------------------
Usually, a Check Point module is given group permission
for access and execution.
You may now name such a group or instruct the installation
procedure to give no group permissions to the Check Point module.
In the latter case, only the Super-User will
be able to access and execute the Check Point module.

Please specify group name [<RET> for no group permissions]:
No group permissions will be granted. Is this ok (y/n) [y] ?

Configuring Random Pool...
==========================
You are now asked to perform a short random keystroke session.
The random data collected in this session will be used in
various cryptographic operations.






Please enter random text containing at least six different
characters. You will see the '*' symbol after keystrokes that
are too fast or too similar to preceding keystrokes. These
keystrokes will be ignored.

Please keep typing until you hear the beep and the bar is full.

[ ] <press a lot of keys until you can hear a sound>
Thank you.

Configuring Certificate Authority...
====================================
The system uses an internal Certificate Authority
to provide Secured Internal Communication (SIC) Certificates
for the components in your System.

Note that your components won't be able to communicate
with each other until the Certificate Authority is initialized
and they have their SIC Certificate.

Press 'Enter' to initialize the Certificate Authority... (press enter)
Internal Certificate Authority created successfully
Certificate was created successfully
Certificate Authority initialization ended successfully


The FQDN (Fully Qualified Domain Name) of this Management Server
is required for proper operation of the Internal Certificate Authority.

Would you like to define it now (y/n) [y] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?

Press 'Enter' to send it to the Certificate Authority...
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?

Press 'Enter' to send it to the Certificate Authority...
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ? y
FQDN initialized successfully

The FQDN was successfully sent to the CA


Configuring Certificate's Fingerprint...
========================================
The following text is the fingerprint of this Management machine:
NAIR GUNK HIKE WYNN TOW HER GUY CAST TRAG CROW TONE DIRT

Do you want to save it to a file? (y/n) [y] ?

Please enter the file name[/opt/CPshared-50-02/conf]:cp020812-key

The fingerprint was successfully saved.
generating GUI-clients INSPECT code
initial_management:
Compiled OK.

Hardening OS Security: Initial policy will be applied
until the first policy is installed

In order to complete the installation of module
you must reboot the machine.
Do you want to reboot? (y/n) [y] ?

(system reboot )

cleaning up...
syncing disks... done
Aug 12 08:43:16 Firewall-001 [LOG_CRIT] kernel:
Rebooting..
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-22 11:03 , Processed in 0.082121 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表