Nokia IP265 Security Guide - Page 30

with Check Point VPN-1 R54. The Crypto Officer needs to upgrade

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

preferably /opt/packages. (For additional security, choose SFTP or SCP for transferring the file.) 2. From the system console, issue the command /etc/newpkg and select option 4. 3. At the prompt, enter the pathname (for instance /opt/packages). 4. Choose option 1 to install the NGX with R60 package 5. After the install is complete, reboot. 6. Run 'cpconfig' after reboot and follow the instructions contained in Section 3.1.3. 7. For instructions on installing NGX (R60) while doing a fresh install of IPSO 3.9 Build 045, please refer to the external document "Installation Guide for FIPS 140-2 Kit and Nokia IPSO 3.9 Build 045". 8. Follow the instructions below to install HFA (note that the FIPS 140-2 validated Check Point Hot Fix is HFA-03). C. Install HFA for Check Point NGX (R60) from the system console: 1. Ensure that all Check Point services are stopped via the 'cpstop' command 2. FTP the appropriate HFA tgz to the system under any directory (note that the FIPS 140-2 validated Check Point Hot Fix is HFA-03) 3. Untar the file via the 'tar zxvf ' command 4. This will create an executable with the name fw1_HOTFIX_R60__ in the directory 5. Running this executable will install the HOTFIX 6. Reboot the device after installation is complete 3.1.2.2 SCENARIO 2 - Upgrade both the IPSO and Check Point VPN-1 versions In this scenario, the module is pre-loaded with IPSO 3.7.99 FIPS build with Check Point VPN-1 (R54). The Crypto Officer needs to upgrade the module firmware to IPSO 3.9 Build 045 with NGX (R60) and HFA-03: © Copyright 2005, 2006, 2007 Nokia Page 30 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
preferably /opt/packages. (For additional security, choose SFTP or
SCP for transferring the file.)
2. From the system console, issue the command /etc/newpkg and
select option 4.
3. At the prompt, enter the pathname (for instance /opt/packages).
4. Choose option 1 to install the NGX with R60 package
5. After the install is complete, reboot.
6. Run ‘cpconfig’ after reboot and follow the instructions contained in
Section 3.1.3.
7. For instructions on installing NGX (R60) while doing a fresh install
of
IPSO 3.9 Build 045, please refer to the external document
Installation Guide for FIPS 140-2 Kit and Nokia IPSO 3.9 Build
045
”.
8. Follow the instructions below to install HFA (note that the
FIPS 140-2 validated Check Point Hot Fix is HFA-03).
C. Install HFA for Check Point NGX (R60) from the system console:
1. Ensure that all Check Point services are stopped via the ‘cpstop’
command
2. FTP the appropriate HFA tgz to the system under any directory
(note that the FIPS 140-2 validated Check Point Hot Fix is HFA-03)
3. Untar the file via the ‘tar zxvf
<hfa tgz file>
’ command
4. This will create an executable with the name
fw1_HOTFIX_R60_<>_
in the directory
5. Running this executable will install the HOTFIX
6. Reboot the device after installation is complete
3.1.2.2
SCENARIO 2 – Upgrade both the IPSO and Check Point VPN-1 versions
In this scenario, the module is pre-loaded with IPSO 3.7.99 FIPS build
with Check Point VPN-1 (R54). The Crypto Officer needs to upgrade the
module firmware to IPSO 3.9 Build 045 with NGX (R60) and HFA-03:
© Copyright 2005, 2006, 2007
Nokia
Page 30 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.