Nokia IP265 Security Guide - Page 31
Installing IPSO and NGX R60, Installation Guide for FIPS 140-2 Kit and Nokia IPSO 3.9 Build, - user guide
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 31 highlights
1. Access the console on the device that is running 3.7.99 FIPS build with Check Point NG AI (R54). 2. If the device is running in the FIPS mode, exit this mode by executing the 'set fips off with-restore' command followed by the 'save config' command. This will bring the device to a non-fips mode of operation. 3. Ensure that the IPSO 3.9 Build 045 and Check Point NGX (R60) and HFA-03 are on an FTP server reachable from the device. 4. Follow the steps in the 'Installing IPSO and NGX R60' section of the "Installation Guide for FIPS 140-2 Kit and Nokia IPSO 3.9 Build 045" document. 5. If you did not install NGX (R60) while installing IPSO 3.9 build 045c above, follow the instructions in Section 3.1.2.1(B) and (C) above. 3.1.3 Initializing Check Point Modules Before the User can use the Check Point VPN-1 functionalities (also before he can enable FIPS mode), the Check Point module must be enabled and initialized using the CLI. The initialization process requires that the Crypto Officer establishes the SIC configuration. This is done via the cpconfig command. Once you have rebooted the device after installing the correct IPSO and VPN-1 versions, run 'cpconfig' and follow the instructions. Be sure to choose the following options during cpconfig: Distributed Installation (option 2) and Enforcement Module (option 1). You will also be prompted to initialize the SIC (Secure Internal Communication). This is used to initialize secure communication with the Check Point SmartCenter Management Station. Also enter a valid Check Point license. NGX (R60) includes support for Diffie-Hellman Group 14 (2048 bit modulus) key sizes. Groups 15-18 (3072 bits to 8192 bits) can also be optionally configured. To support Groups 15-18, the Local Crypto-Officer must obtain patch SK27054 from Check Point support before beginning the initialization of the module. The patch contains instructions for enabling the additional groups and will be installed during the initialization process. Using the SmartDashboard application, the Check Point module should be configured for FIPS mode by selecting the screens and options shown in the screen shots included in Section 3.1.6 of this document. Only the screens shown should be configured. © Copyright 2005, 2006, 2007 Nokia Page 31 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.