Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide · Nokia IP390 Intrusion...

Part No. N450000377 Rev 001

Published May 2007

Nokia IP390 IntrusionPrevention with Sourcefire

Installation Guide

COPYRIGHT©2007 Nokia. All rights reserved.Rights reserved under the copyright laws of the United States.

RESTRICTED RIGHTS LEGENDUse, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

Nokia reserves the right to make changes without further notice to any products herein.

TRADEMARKS Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.

070101

2 Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide

Nokia Contact InformationCorporate Headquarters

Regional Contact Information

Nokia Customer Support

Web Site http://www.nokia.com

Telephone 1-888-477-4566 or 1-650-625-2000

Fax 1-650-691-2170

Mail Address

Nokia Inc.313 Fairchild DriveMountain View, California94043-2215 USA

Americas Nokia Inc.313 Fairchild DriveMountain View, CA 94043-2215USA

Tel: 1-877-997-9199Outside USA and Canada: +1 512-437-7089email: [email protected]

Europe, Middle East, and Africa

Nokia House, Summit AvenueSouthwood, FarnboroughHampshire GU14 ONG UK

Tel: UK: +44 161 601 8908Tel: France: +33 170 708 166email: [email protected]

Asia-Pacific 438B Alexandra Road#07-00 Alexandra TechnoparkSingapore 119968

Tel: +65 6588 3364email: [email protected]

Web Site: https://support.nokia.com/

Email: [email protected]

Americas Europe

Voice: 1-888-361-5030 or 1-613-271-6721

Voice: +44 (0) 125-286-8900

Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666

Asia-Pacific

Voice: +65-67232999

Fax: +65-67232897

050602

Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide 3

http://www.nokia.com

mailto:[email protected]



https://support.nokia.com/


Contents

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Conventions this Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19About Nokia IP390 IPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Built-In Gigabit Ethernet Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . 21PMC Expansion Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Managing Your Nokia IP390 IPS . . . . . . . . . . . . . . . . . . . . . . . . . . 25Site Requirements, Warnings, and Cautions . . . . . . . . . . . . . . . . . 25Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2 Installing Nokia IP390 IPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Connecting Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Connecting to the Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Connecting to Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 36


3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . 39Using a Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Using Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Viewing Nokia IPSO-LX Documentation by Using Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Using the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . 44

4 Installing and Replacing Network Interface Cards . . . . . . . . . 45Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 46Removing, Installing, and Replacing NICs. . . . . . . . . . . . . . . . . . . 46

Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Monitoring Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . 53

5 Connecting to the Gigabit Ethernet Network Interface Cards 55Two-Port Copper Gigabit Ethernet NIC . . . . . . . . . . . . . . . . . . . . . 56

Copper Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . 56Copper Gigabit Ethernet Connectors and Cables . . . . . . . . . . . . 57

Two-Port Fiber-Optic Gigabit Ethernet NIC . . . . . . . . . . . . . . . . . . 59Fiber-Optic Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . 59Fiber-Optic Gigabit Ethernet Connectors and Cables . . . . . . . . . 60

Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs 60Fail Open Copper Gigabit Ethernet NIC Features. . . . . . . . . . . . 61How a Fail Open NIC Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Front Panel Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61LED Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Fail Open Copper Gigabit Ethernet Connectors and Cables . . . 64

Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC . . . . . . . . . . 66Fail Open Fiber-Optic Gigabit Ethernet NIC Features. . . . . . . . . 67How a Fail Open NIC Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Front Panel Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68LED Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Fail Open Fiber-Optic Gigabit Ethernet Connectors and Cables 69


6 Installing and Replacing Other Components . . . . . . . . . . . . . . 71Replacing the Compact Flash Memory Card . . . . . . . . . . . . . . . . . 72Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Replacing the Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Operating Temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100NIC Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105


Tables

Table 1 Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . 15Table 2 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Table 3 Specifications for Nokia IP390 IPS . . . . . . . . . . . . . . . . . 20Table 4 Supported Network Interface Cards for PMC Expansion

Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Table 5 System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Table 6 Pin Assignments Console Connector and Cable . . . . . . 36Table 7 LED Details for Two-Port Copper Fail Open NIC . . . . . . 63Table 8 LED Details for Four-Port Copper Fail Open NIC . . . . . 63Table 9 LED Details for Fail Open Fiber-Optic NIC . . . . . . . . . . . 69


Figures

Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . 20Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . 21Figure 3 Built-In Gigabit Ethernet Ports Details . . . . . . . . . . . . . . 21Figure 4 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . 23Figure 5 Mounting Screws Location . . . . . . . . . . . . . . . . . . . . . . 30Figure 6 Adjustable Mounting Brackets . . . . . . . . . . . . . . . . . . . . 31Figure 7 Back Panel Power Switch and Socket . . . . . . . . . . . . . 32Figure 8 Nokia Network Voyager Reference Access Points . . . . 43Figure 9 Two-Port Copper Gigabit Ethernet NIC . . . . . . . . . . . . . 57Figure 10 Copper Gigabit Ethernet Cable Connector Output Pin

Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Figure 11 Gigabit Ethernet Crossover Cable Pin Connections . . 58Figure 12 Two-Port Fiber-Optic Gigabit Ethernet NIC . . . . . . . . . 60Figure 13 Two-Port Fail Open Copper Gigabit Ethernet NIC . . . 62Figure 14 Four-Port Fail Open Copper Gigabit Ethernet NIC . . . 62Figure 15 Copper Fail Open Gigabit Ethernet Cable Connector

Output Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . 65Figure 16 Fail Open Copper Gigabit Ethernet Crossover Cable Pin

Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Figure 17 Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC 68Figure 18 Compact Flash Memory Card Slot . . . . . . . . . . . . . . . 72Figure 19 Hard-Disk Drive Location . . . . . . . . . . . . . . . . . . . . . . 75


Figure 20 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . 82


About this Guide

This guide describes how to install and maintain Nokia IP390 Intrusion Prevention with Sourcefire appliances. For information on Nokia IP390 Firewall/VPN appliances, see the IP390 Security Platform Installation Guide.Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only. This preface provides the following information:

In this GuideConventions this Guide UsesRelated Documentation

In this GuideThis guide is organized into the following chapters and appendixes:

Chapter 1, “Overview” presents a general overview of the Nokia IP390 IPS appliance.Chapter 2, “Installing Nokia IP390 IPS” describes how to rack-mount the appliance and how to physically connect it to a network and power.Chapter 3, “Performing the Initial Configuration” describes how to make the appliance available on the network.Chapter 4, “Installing and Replacing Network Interface Cards” describes how to install, monitor, and replace network interface cards (NICs).


Chapter 5, “Connecting to the Gigabit Ethernet Network Interface Cards” describes how to connect to and use each of the supported NICs.Chapter 6, “Installing and Replacing Other Components” describes how to install or replace the compact flash memory card, RAM memory, a hard-disk drive, and the battery.Chapter 7, “Troubleshooting” describes problems you might encounter and proposes solutions to these problems.Appendix A, “Technical Specifications” provides technical specifications such as interface characteristics.Appendix B, “Compliance Information” provides compliance and regulatory information.

Conventions this Guide UsesThe following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.

Notices

WarningWarnings advise the user that bodily injury might occur because of a physical hazard.

CautionCautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.


Conventions this Guide Uses

NoteNotes provide information of special interest or recommendations.

Command-Line ConventionsYou might encounter one or more of the following elements on a command-line path.

Table 1 Command-Line Conventions

Convention Description

command This required element is usually the product name or other short word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.

Italics Indicates a variable in a command that you must supply. For example:delete interface if_name

Supply an interface name in place of the variable. For example:delete interface nic1

angle brackets < > Indicates arguments for which you must supply a value:retry-limit <1–100>

Supply a value. For example:retry-limit 60


Square brackets [ ] Indicates optional arguments.delete [slot slot_num]

For example:delete slot 3

-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.

.ext A filename extension, such as .ext, might follow a variable that represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.

( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown.

' ' Single quotation marks are literal symbols that you must enter as shown.

Table 1 Command-Line Conventions



Related Documentation

Text ConventionsTable 2 describes the text conventions this guide uses.

Related DocumentationYou can find this guide in PDF on the Nokia support Web site (https:// support.nokia.com/) and on the product CD that was included with your

Table 2 Text Conventions


monospace font Indicates command syntax, or represents computer or screen output, for example:Log error 12453

bold monospace font Indicates text you enter or type, for example:# configure nat

Key names Keys that you press simultaneously are linked by a plus sign (+):Press Ctrl + Alt + Del.

Menu commands Menu commands are separated by a greater than sign (>):Choose File > Open.

The words enter and type Enter indicates you type something and then press the Return or Enter key.Do not press the Return or Enter key when an instruction says type.

Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text.

• Indicates an external book title reference.• Indicates a variable in a command: delete interface if_name


Nokia IP390 IPS. In addition to this guide and other documents shipped with your appliance, documentation for this product includes the following:

Administrator’s Guide for Nokia IPSO-LX for the version of Nokia IPSO-LX you are usingCLI Reference Guide for Nokia IPSO-LX for the version of Nokia IPSO-LX you are usingRelease Notes for Nokia IPSO-LX for the version of Nokia IPSO-LX you are usingNokia Network Voyager page help

For information on setting up the appliance to operate as a Sourcefire Sensor on Nokia, see the following manuals:

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup GuideNokia Intrusion Prevention with Sourcefire User’s Guide

You can find the most up-to-date version of the Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide in PDF on the Nokia support Web site at https://support.nokia.com.


1 Overview

Nokia IP390 Intrusion Prevention with Sourcefire, also referred to as Nokia IP390 IPS, is a purpose-built network security appliance optimized for the Sourcefire 3D System. Running Nokia IPSO-LX, a security-hardened operating system, Nokia IP390 IPS is designed to provide consistent in-line reliability, ease of management and simple acquisition and implementation. Nokia IP390 IPS comes preinstalled with Sourcefire Intrusion Prevention System (IPS) and Real-time Network Awareness (RNA) and can run both simultaneously.This highly versatile 1RU platform is designed for growing medium businesses, remote campuses, large branch offices and securing internal network segments. This chapter provides an overview of Nokia IP390 IPS and the requirements for using it. The following topics are covered:

About Nokia IP390 IPSManaging Your Nokia IP390 IPSSite Requirements, Warnings, and CautionsSoftware RequirementsProduct Disposal


1 Overview

About Nokia IP390 IPSNokia IP390 IPS is a one rack-unit appliance that incorporates a serviceable slide-out tray into the chassis design and support for various network interface cards (NICs). Table 3 shows the specifications for Nokia IP390 IPS.

The following figures show component locations for Nokia IP390 IPS.

Figure 1 Component Locations Front View

Table 3 Specifications for Nokia IP390 IPS

Feature Nokia IP390 IPS

Maximum memory size 2 GB

Network interface cards (NICs) support

• Two or fewer two-port copper Gigabit Ethernet NICs• Two or fewer two-port fiber-optic Gigabit Ethernet

NICs• Two or fewer two-port or four-port copper fail open

Gigabit Ethernet NICs • Two or fewer two-port fiber-optic fail open Gigabit

Ethernet NICs

00525

IP390

System status LEDs

AUX portConsole port

Four-port Gigabit Ethernet

PC-card slots PMC NIC slots (slots 1 and 2)

Reset button


About Nokia IP390 IPS

NoteThe AUX port and the PC-card slots are not supported on Nokia IP390 IPS.

Figure 2 Component Locations Rear View

Built-In Gigabit Ethernet PortsThe four built-in Gigabit Ethernet ports are located on the front of the appliance. Figure 3 shows the layout of the built-in Gigabit Ethernet ports and status LEDs.

Figure 3 Built-In Gigabit Ethernet Ports Details

00527

Power socket

Power switch

00547

Activity LED (blinking yellow)Link LED (solid yellow for 10/100 Mbps, solid green for 1000 Mbps)

RJ-45 connectors


1 Overview

CautionCables that connect to the Gigabit Ethernet ports must be IEEE 802.3 compliant to prevent potential data loss.

NoteNokia recommends the use of shielded twisted-pair cables and connectors for best Electromagnetic Interference and Immunity performance.

PMC Expansion SlotsNokia IP390 IPS appliances provide two additional PMC network interface card (NIC) slots. These slots can be used for the NICs described in Table 4.

Table 4 Supported Network Interface Cards for PMC Expansion Slots

NIC For details, see...

Two-port copper Gigabit Ethernet (10/100/1000 Mbps)

“Two-Port Copper Gigabit Ethernet NIC” on page 56

Two-port fiber-optic Gigabit Ethernet

“Two-Port Fiber-Optic Gigabit Ethernet NIC” on page 59

Two-port fail open copper Gigabit Ethernet(10/100/1000 Mbps)

“Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs” on page 60

Four-port fail open copper Gigabit Ethernet(10/100/1000 Mbps)

“Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs” on page 60

Two-port fail open fiber-optic Gigabit Ethernet

“Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC” on page 66


About Nokia IP390 IPS

NoteNokia products only support NICs purchased from Nokia or Nokia-approved resellers. The Nokia Global Support Services group can provide support only for Nokia products that use Nokia-approved accessories. For sales or reseller information, contact a Nokia service provider listed in the “Nokia Contact Information” on page 3.

System Status LEDsYou can monitor the basic operation of the appliance and NICs by checking their status LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 4 shows.

Figure 4 Appliance Status LEDs

Table 5 shows the system status LEDs and describes their meaning.

Table 5 System Status LEDs

Status Indicator Meaning Symbol

Solid blue Power on

Solid yellow Appliance is experiencing an internal voltage problem.

00526

!

Power indicator (blue)

Fault (red)Warning (yellow)

System OK (green)

!


1 Overview

The location and meaning of the status LEDs for NICs are described in Chapter 5, “Connecting to the Gigabit Ethernet Network Interface Cards.”

For information on the built-in Gigabit Ethernet interface LEDs, see “Built-In Gigabit Ethernet Ports” on page 21.For information on the two-port copper Gigabit Ethernet NIC LEDs, see “Two-Port Copper Gigabit Ethernet NIC” on page 56.For information on the two-port fiber-optic Gigabit Ethernet NIC LEDs, see “Two-Port Fiber-Optic Gigabit Ethernet NIC” on page 59.For information on the two-port or four-port fail open copper Gigabit Ethernet NIC LEDs, see “Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs” on page 60.For information on the two-port fail open fiber-optic Gigabit Ethernet NIC LEDs, see “Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC” on page 66.

Blinking yellow Appliance is experiencing a temperature problem.

Solid red One or more fans are not operating properly.Power supply over temperature fault.

Blinking green System activity indicator

Table 5 System Status LEDs

Status Indicator Meaning Symbol

!


Managing Your Nokia IP390 IPS

Managing Your Nokia IP390 IPSYou can manage your Nokia IP390 IPS by using one of the following interfaces:

Nokia Network Voyager—an SSL-secured, Web-based element management interface to Nokia appliances. Network Voyager is preinstalled on the appliance and enabled through the IPSO-LX operating system. With Network Voyager, you can manage and configure the appliance from any authorized location within the network by using a standard Web browser.For information about how to access Network Voyager and the related reference materials, see “Using Nokia Network Voyager” on page 41.The IPSO-LX command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Nokia appliances from the command line. Almost everything that you can accomplish with Network Voyager you can also accomplish with the CLI. For information about how to access the CLI, see the CLI Reference Guide for Nokia IPSO-LX for the version of Nokia IPSO-LX you are using.

Site Requirements, Warnings, and CautionsBefore you install your Nokia IP390 IPS, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Chapter A, “Technical Specifications.”

WarningExcessive electromagnetic interference (EMI) can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.


1 Overview

WarningTo reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.

WarningRisk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer's instructions.

CautionDo not block any of the ventilation holes on the appliance. The components might overheat and become damaged.

WarningHazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.

CautionFor Nokia IP390 IPS appliances intended for shipment outside of the United States, the cord might be optional. If a cord is not provided, use a power cord rated at 6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.


Software Requirements

Software RequirementsNokia IP390 IPS supports the following operating system and applications:

Nokia operating system software requirements—IPSO-LX 7.0 or laterSourcefire Sensor on Nokia versions compatible with the version of Nokia IPSO-LX you are using

For information about updates to the software requirements or additional applications that have become available since this guide was published, contact your Nokia service provider, as listed in “Nokia Contact Information” on page 3.

Product DisposalAt the end of its useful life, your appliance and all peripherals included with it, including power cords and cables, must be disposed of in accordance with all applicable national, state, and local laws and regulations. These devices contain materials and components that must be disposed of properly. Therefore, to help prevent damage to the environment, Nokia encourages you to dispose of these devices in an environmentally-friendly manner.The following resources are available to you to help with equipment-disposal decisions:

Many Nokia products are labeled with information about the materials used in their manufacture that can help those who will process equipment after you have disposed of it.The Nokia web site (http://www.nokia.com) provides information about our environmental programs and practices, which includes details about materials used in manufacturing and end-of-life practices. You can also find your product’s Eco Declaration, which provides basic information on the environmental attributes of the product covering material use, packaging, disassembly, and recycling.Contact your local waste management agencies for guidelines specific to your area.


http://www.nokia.com

1 Overview

The crossed-out wheeled bin means that within the European Union the product must be taken to separate collection at the product end-of-life. This applies to your device but also to any enhancements marked with this symbol. Do not dispose of these products as unsorted municipal waste.


2 Installing Nokia IP390 IPS

This chapter describes how to install Nokia IP390 IPS. The following topics are covered:

Before You BeginRack Mounting the ApplianceConnecting PowerConnecting to the Console PortConnecting to Network Interfaces

Before You BeginTo rack-mount the appliance, you need:

Phillips-head screwdriverGrounding wrist strapSuitable, grounded work surface on which to place the chassis tray assembly

CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance.



Rack Mounting the ApplianceNokia IP390 IPS mounts in a standard 19-inch rack with four mounting screws as Figure 5 shows.

NoteTo avoid damaging your equipment, Nokia recommends that you use all four rack-mounting screws when you install your appliance on the rack.

Figure 5 Mounting Screws Location

00525

IP390

Mounting screw slots


Connecting Power

Two mounting positions are available allowing you to mount the unit either flush with the rack, or two inches forward of the rack.

Figure 6 Adjustable Mounting Brackets

CautionBlocking ventilation openings during installation may result in damage to the appliance.

Connecting PowerThe power plug and power switch are located on the back of the appliance, as Figure 7 shows.

00539

IP390

IP390Brackets located for flush with rack installation

Brackets located for forward of rack installation



NoteThe Nokia IP390 IPS power supply automatically detects the input voltage (115VAC/60Hz [90 to 132] or 220VAC/50Hz [180 to 264]) and configures itself appropriately.

Figure 7 Back Panel Power Switch and Socket

To connect to the power supply1. Connect the power cord securely into the power socket on the back of the

appliance. 2. Plug the other end of the cord into a three-wire grounded power strip or

wall outlet.

Connecting to the Console PortYou must use a serial console connection (RJ-45 null-modem cable included) to perform the initial configuration of the appliance. After you perform the initial configuration, you no longer need the console connection, unless you want to make a local connection to the appliance.You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program.If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.

00527

Power socket


Connecting to the Console Port

Use the following configuration settings for the console:9600 bps8 data bitsNo parity1 stop bit

To connect to the console with a null-modem cable1. Connect the supplied null-modem console cable to the console port on the

front panel.

NoteThe supplied console cable is Cisco compatible.

Use only the RJ-45 port labeled Console on the front panel; the serial (AUX) port is not functional on Nokia IP390 IPS.One RJ-45 termination has a retractable shroud that releases or secures the RJ-45 tab. Use this end of the cable when connecting to the console port of Nokia IP390 IPS.

For cable pin assignments for the console connection, see “Console Port” on page 35.

2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program.

The cable that Nokia provides with Nokia IP390 IPS includes a latching mechanism used to secure the cable to the console port of your appliance.

00525

IP390

Console port



NoteThe cable described in this section is a rollover cable, which is required for Nokia IP390 IPS console connections. You cannot use standard Ethernet cables for the console and auxiliary connections.

To connect the cable, push the connector into the receptacle, as you would with other similar cables. To disconnect the cable, push the cable toward the appliance, pull back on the boot to release the latch, and pull the connector out of the receptacle..

1 + 2 =

2

1

00548a

Push cable

Pull boot

To connect the cable

To disconnect the cable


Connecting to the Console Port

You can connect the other end of the cable to a DB-9 console connection (using the appliance console port and the DB-9 female adaptor).The DB-9 adapter is provided with the cable.

Console PortUse the built-in console port, shown in Figure 6, to supply information that makes the appliance available on the network. The default configuration of the serial ports are: 9600 baud, 8 bits, no parity, and 1 stop. Table 6 provides pin assignment information for console connections. If you need to access the devices locally, you must use the console port.

DB-9 female adapter



Table 6 Pin Assignments Console Connector and Cable

The console cable provided with Nokia IP390 IPS is comprised of two parts:6-foot rollover cable with RJ-45 terminationsRJ-45 to DB-9 adapter

On the opposite end of the console cable, connect the RJ-45 to the DB-9 adapter, which you can then connect to the host terminal.

Connecting to Network InterfacesConnect at least one network interface to use as the Nokia Network Voyager system management interface. You can choose any interface; however, it is customary to use the first on-board Ethernet port. This interface is configured during the system startup procedure, as described in Chapter 3, “Performing the Initial Configuration.”

Console Port (DTE)

RJ-45 to RJ-45 Rollover Cable

RJ-45 to DB-9 Terminal Adapter Remote Device

Signal RJ-45 Pin RJ-45 Pin DB-9 Pin Signal

RTS 1 8 8 CTS

DTR 2 7 6 DSR

TxD 3 6 2 RxD

GND 4 5 5 GND

GND 5 4 5 GND

RxD 6 3 3 TxD

DSR 7 2 4 DTR

CTS 8 1 7 RTS


Connecting to Network Interfaces

You can also connect the remaining LAN interface cables at this point, although you are not required to do so.

To connect copper Gigabit Ethernet devicesUse a straight-through or crossover RJ-45 cable to connect to a 10-Mbps, 100-Mbps, or 1000-Mbps hub or directly to a host.

NoteAll Nokia copper Gigabit Ethernet NICs support cable auto-sensing. You can use a straight-through or crossover cable to connect the NIC to a Gigabit Ethernet hub or switch, or to connect directly to a host.

For details, see “Copper Gigabit Ethernet Connectors and Cables” on page 57 or “Fail Open Copper Gigabit Ethernet Connectors and Cables” on page 64

To connect fiber-optic Gigabit Ethernet devicesUse a multimode, fiber-optic cable with an LC connector to connect to a 10-Mbps, 100-Mbps, or 1000-Mbps hub or directly to a host. The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port.

For details, see “Fiber-Optic Gigabit Ethernet Connectors and Cables” on page 60 or “Fail Open Fiber-Optic Gigabit Ethernet Connectors and Cables” on page 69.After you connect the network interfaces, continue with Chapter 3, “Performing the Initial Configuration.”


3 Performing the Initial Configuration

The first time you turn power on to Nokia IP390 IPS, the initial configuration process begins. This process enables you to configure the network settings for the management interface and provides access to the admin account. This chapter describes how to perform the initial configuration by using a console connection. It includes the following sections:

Using a Console ConnectionUsing Nokia Network VoyagerUsing the Command-Line Interface

Using a Console ConnectionIf you have not already done so, you need to connect to the console port to complete the initial configuration. For information about console connections, see “Connecting to the Console Port” on page 32.Before you perform the initial configuration, you might gather the following information, which can be useful during the configuration process:

What is the hostname?What is the admin password?What is the root password?



Which interface will you use for the management interface?What is its assigned IP address and masklength?What is the default router?What is the interface speed?

To perform the initial configuration1. Press the power switch to the “on” position to turn on power to the

appliance.

The fans on the back of the appliance turn on when you press the power switch. Verify that the fans are running after you press the switch.Check the power LED on the front panel of the appliance (the Nokia logo) to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “System Status LEDs” on page 23.If the power supply fans are not running, or if the power LED is not illuminated:

Check the power supply cord to make sure it is properly connected.Make sure the power switch is on.Make sure the chassis tray assembly is pushed all the way in from the front of the appliance and that the front panel retaining screws are tightened.Make sure that power is turned on to the power strip or wall receptacle you plugged the appliance in to.

00527

Power switchCooling fans


Using Nokia Network Voyager

If the fans are still not running, or if the power LED does not illuminate, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3 for technical support.

2. After some miscellaneous output, the following prompt appears:Hostname?

If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see the Hostname? prompt, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3.

3. Enter the hostname and press Enter. At each subsequent prompt, type the requested configuration information and then press Enter.For more information about how to respond to the prompts during the initial configuration process, see the Release Notes for Nokia IPSO-LX for the version of Nokia IPSO-LX you are using.

After you complete the initial configuration, you can use Network Voyager to configure the remaining network ports.

Using Nokia Network VoyagerUse Nokia Network Voyager to configure and monitor your appliance. For additional information about how to use Network Voyager, see “Viewing Nokia IPSO-LX Documentation by Using Nokia Network Voyager” later in this section.

To open Nokia Network Voyager1. Open a Web browser on the host you plan to use to configure or monitor

your appliance.2. In the Location or Address field, enter the IP address of the initial

interface you configured for the appliance.



Because SSL is enabled by default, you will receive warning messages about the sample certificate on the system. Accept the connection.

NoteIf you use HTTP to connect, you are automatically directed to HTTPS and the correct SSL port.

For IPSO-LX 7.1 and later, if you use HTTPS to connect, you must include the SSL port, 8443, in the URL. For example:

https://10.10.10.5:8443

3. Enter the admin username and the password you entered when you performed the initial configuration.

NoteIf the login screen does not open, you might not have a physical network connection between the host and your appliance, or you might have a network routing problem. Confirm the information you entered during the initial configuration and check that all cables are firmly connected. For more information, see the Chapter 7, “Troubleshooting.”

Viewing Nokia IPSO-LX Documentation by Using Nokia Network Voyager

The following documentation is available in Nokia Network Voyager and is accessible from the Network Voyager interface, as shown in Figure 8:

Administrator’s Guide for Nokia IPSO-LX—This guide is the comprehensive reference source for configuring and managing the appliance using Nokia Network Voyager. To access this source, look at the list in the navigation tree on the left side of the window (as shown in Figure 8).You can also find this guide and other Nokia IPSO-LX


Using Nokia Network Voyager

documentation at the Nokia support site (https://support.nokia.com) or on the software CD that was delivered with your appliance. Network Voyager Page Help—You can access help for individual pages when you use Network Voyager. To access help for the page you are viewing, click Help. A Close and Print button are available at the bottom of each help window.

Figure 8 Nokia Network Voyager Reference Access Points

button for context-sensitive page help

Link to Administrator’s Guide to Nokia IPSO-LX


https://support.nokia.com


Using the Command-Line InterfaceYou can also use the Nokia IPSO-LX command-line interface (CLI) to manage and configure Nokia IP appliances from the command line. Almost everything that you can accomplish with Network Voyager you can also do with the CLI.

To access the command-line interface1. Log on to the appliance by using a command-line connection (SSH or

console) over a TCP/IP network as an admin or monitor user:2. If you log in as a monitor user, you can execute only the show form of

commands. That is, you can view configuration settings, but you cannot change them.

You can now execute CLI commands from the CLI shell. For more information about how to use the CLI, see the CLI Reference Guide for Nokia IPSO-LX for the version of Nokia IPSO-LX you are using.


4 Installing and Replacing Network Interface Cards

Your Nokia IP390 IPS comes with any network interface cards (NICs) you ordered already installed. This chapter describes how to remove, add, or replace NICs later if it becomes necessary. The following topics are covered:

Deactivating Configured InterfacesRemoving, Installing, and Replacing NICsConfiguring InterfacesMonitoring Network Interface Cards

For detailed information on specific NICs, see Chapter 5, “Connecting to the Gigabit Ethernet Network Interface Cards.”

CautionYou should have a working knowledge of networking equipment before attempting to service a Nokia IP390 IPS. Limit service of the unit to the procedures described in this chapter.



CautionProtect your Nokia IP390 IPS and other electronic equipment from electrostatic discharge (ESD) by making sure you are properly grounded before touching any electronic components.

Deactivating Configured InterfacesIf you are removing or replacing an installed NIC, use Network Voyager to deactivate any configured ports on the NIC before removing it.If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its physical interfaces in Network Voyager.

NoteIf the interfaces are configured as Sourcefire Sensor on Nokia sensing interfaces, use the Sourcefire Defense Center for Nokia to remove the interfaces from any interface sets to which they belong before you remove the NIC.

For information about how to access Network Voyager, see “Using Nokia Network Voyager” on page 41.

Removing, Installing, and Replacing NICs

NoteBefore removing a configured NIC with these instructions, you must deactivate the NIC in Network Voyager. For additional information, see “Deactivating Configured Interfaces” on page 46.



Use these instructions to remove, install, or replace a NIC in Nokia IP390 IPS. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure.

Before You StartTo remove, install, or replace a Nokia NIC, you need the following:

A Phillips-head screwdriverPhysical access to the applianceAccess to the appliance by using Nokia Network Voyager or the CLISuitable, grounded work surface Network interface card kit

To remove, install, or replace a NIC

NoteBecause power to the appliance is automatically disconnected when the chassis tray assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis tray assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.

1. Use Network Voyager or the CLI to halt the appliance. To use Network Voyager to halt the appliance, select System Configuration > Reboot or Shutdown System > Halt.To use the CLI to do this, enter halt at the prompt.



2. Use your fingers or a screwdriver to loosen the retaining screws that hold the chassis tray assembly.

3. Gently pull the chassis tray assembly forward to expose the NIC connectors. Remove the tray completely to avoid damaging components.

00525

IP390

Chassis tray assembly retaining screws

00537

IP390



4. From underneath the chassis tray assembly, remove the bezel retaining screws.

If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel, retain it for future use, and proceed to step 7.

5. From above the chassis tray assembly, remove the NIC retaining screws from the back of the NIC.

00529

00530



6. Remove the NIC by lifting the back of the NIC away from the chassis tray assembly and pulling the NIC gently away from the front panel.

7. Insert the new NIC or blank bezel.If you are removing a NIC without installing another NIC:a. Insert a blank bezel into the front panel slot formerly occupied by the

NIC and push it gently into place. Make sure that the bezel is completely seated into the front panel and that the screw holes on the bottom of the bezel align with those in the front panel.

NoteTo reduce electromagnetic interference (EMI), a blank bezel needs to be installed in the place of any NIC you have removed.

b. Proceed to step 9.

00533



If you are installing or replacing a NIC, insert the NIC.a. Insert the NIC bezel into the front panel.

b. Gently push the back of the NIC down toward the chassis tray assembly.Make sure that the NIC edge is completely seated into the connectors on the chassis tray assembly.

8. From the top of the chassis tray assembly, screw the NIC retaining screws into the standoffs on the back of the NIC.

00532

00531



9. From beneath the chassis tray assembly, screw in the bezel retaining screws.

10. Slide the chassis tray assembly back into the appliance until it clicks into place.

The appliance automatically restarts when the chassis tray assembly clicks into place.

00528

00538

IP390


Configuring Interfaces

11. Tighten the retaining screws that hold the chassis tray assembly.

Configuring InterfacesNokia IP390 IPS automatically detects any new NIC when the appliance is restarted. Use Network Voyager to configure the interfaces on the NIC.

NoteDo not administratively enable interfaces that you intend to use as Sourcefire Sensor on Nokia sensing interfaces. Connect the network cables but leave the interfaces in an administratively disabled state.

For information about how to access Network Voyager and the related reference materials, see “Using Nokia Network Voyager” on page 41.

Monitoring Network Interface CardsYou can assess the general operating condition of the NICs in your appliance by looking at the LED status indicators on the NICs. The status indicators for each NIC are explained in the NIC reference chapter.

For status indicator information for the built-in Gigabit Ethernet ports, see “Built-In Gigabit Ethernet Ports” on page 21.For status indicator information for the two-port copper Gigabit Ethernet NIC, see “Two-Port Copper Gigabit Ethernet NIC” on page 56.

00525

IP390




For status indicator information for the two-port fiber-optic Gigabit Ethernet NIC, see “Two-Port Fiber-Optic Gigabit Ethernet NIC” on page 59.For status indicator information for the two-port fail open copper Gigabit Ethernet NIC, see “Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs” on page 60.For status indicator information for the four-port fail open copper Gigabit Ethernet NIC, see “Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs” on page 60.For status indicator information for the two-port fail open fiber-optic Gigabit Ethernet NIC, see “Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC” on page 66.

Use Network Voyager to access additional port information. For information about accessing Network Voyager, see “Using Nokia Network Voyager” on page 41.


5 Connecting to the Gigabit Ethernet Network Interface Cards

This chapter describes the PMC network interface cards (NICs) available for Nokia IP390 IPS appliances and describes how to connect those NICs to your network. The following NICs are covered:

Two-Port Copper Gigabit Ethernet NICTwo-Port Fiber-Optic Gigabit Ethernet NICTwo-Port and Four-Port Fail Open Copper Gigabit Ethernet NICsTwo-Port Fail Open Fiber-Optic Gigabit Ethernet NIC

For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards.”

CautionProtect your Nokia IP390 IPS and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any electronic component.



Two-Port Copper Gigabit Ethernet NICNokia IP390 IPS supports Nokia-approved, two-port copper Gigabit Ethernet NICs installed in its PMC expansion slots. When you purchase a copper Gigabit Ethernet NIC with your Nokia IP390 IPS, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards.”

NoteCopper Gigabit Ethernet NICs you use in Nokia IP390 IPS appliances need to be the Version 2 type, as indicated on the right end of the NIC faceplate. These NICs are sold by Nokia under the order code NIF4425.

Copper Gigabit Ethernet NIC FeaturesThe copper Gigabit Ethernet NIC supports the following features:

Supports traffic at 10, 100, and 1000 MbpsHigh bandwidthHalf-duplex mode operation up to 100 MbpsPacket tracing for analysis through tcpdumpCompliance with IEEE 802.3ab Gigabit Ethernet specification

NoteSensing interfaces used by the Sourcefire Sensor on Nokia software must must be 1000 Mbps.

Figure 9 shows the front panel details for the two-port copper Gigabit Ethernet NIC supported by Nokia IP390 IPS.


Two-Port Copper Gigabit Ethernet NIC

Figure 9 Two-Port Copper Gigabit Ethernet NIC

NoteThe Link LED on the NIC is bicolored. A green LED indicates a 1 Gbps link speed, and an orange LED indicates a 10/100 Mbps link speed.

Copper Gigabit Ethernet Connectors and CablesThe copper Gigabit Ethernet NIC receptacles use RJ-45 connectors.To connect to a 1 Gbps hub, switch, or router, use a straight-through RJ-45 cable (Cat 5 type cable, or as required by your network configuration).

NoteAll Nokia copper Gigabit Ethernet NICs support cable auto-sensing. You can use a straight-through or crossover cable to connect the NIC to a Gigabit Ethernet hub or switch, or to connect directly to a host.

In Figure 10, the RJ-45 cable output connector is numbered from right to left, with the copper pins facing up and toward you.

00386.5

LINK

ACT

V2

LINK

ACT

1000

Base

T

Link LED (solid orange for 10/100 Mbps, solid green for 1000 Mbps)Activity LEDs (blinking orange)

RJ-45 connectors



Figure 10 Copper Gigabit Ethernet Cable Connector Output Pin Assignments

To connect directly to a host, use an RJ-45 crossover cable wired as Figure 11 shows.

Figure 11 Gigabit Ethernet Crossover Cable Pin Connections

00270

Pin#

GigabitEthernetAssignment

10/100 MbpsAssignment

1 BI_DA+ TX

2 BI_DA- TX

3 BI_DB+ RX

4 BI_DC+

5 BI_DC-

6 BI_DB- RX

7 BI_DD+

8 BI_DD-

8 1

00020

12345678

12345678


Two-Port Fiber-Optic Gigabit Ethernet NIC

To connect the appliance to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.

Two-Port Fiber-Optic Gigabit Ethernet NICNokia IP390 IPS supports Nokia-approved, two-port fiber-optic Gigabit Ethernet NICs installed in its PMC expansion slots. When you purchase a fiber-optic Gigabit Ethernet NIC with your Nokia IP390 IPS, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards.”

Fiber-Optic Gigabit Ethernet NIC FeaturesThe two-port fiber-optic Gigabit Ethernet NIC provides the following features:

High bandwidthFull-duplex mode operation up to 1 Gbps (no half-duplex support)Link speed auto advertisingPacket tracing for analysis through tcpdumpCompliance with IEEE 802.3z Gigabit Ethernet specification

You can configure and monitor Ethernet interfaces with Nokia Network Voyager, the Web-based element management interface to Nokia IP appliances. Figure 12 shows the front panel details for the two-port fiber-optic Gigabit Ethernet NIC supported by Nokia IP390 IPS.



Figure 12 Two-Port Fiber-Optic Gigabit Ethernet NIC

Fiber-Optic Gigabit Ethernet Connectors and CablesTo connect the two-port Gigabit Ethernet NIC to other network components, use a multimode, fiber-optic cable with an LC connector for each NIC interface. The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port.Two LC-to-SC cables are included with two-port fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice.

Two-Port and Four-Port Fail Open Copper Gigabit Ethernet NICs

Nokia IP390 IPS supports Nokia-approved, two-port and four-port fail open copper Gigabit Ethernet NICs installed in its PMC expansion slots. When you purchase a fail open copper Gigabit Ethernet NIC with your Nokia IP390 IPS, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards.”

00206

GIG

E

Link LEDs (solid green)Activity LEDs (blinking orange)

Ports



Fail Open Copper Gigabit Ethernet NIC FeaturesThe fail open copper Gigabit Ethernet NICs provide the following features:

High bandwidth10, 100, or 1000 Mbps operationSupports half-duplex up to 100 Mbps; full-duplex up to 1000 MbpsTracing through tcpdumpCompliance with IEEE 802.3ab Gigabit Ethernet specification

NoteSensing interfaces used by the Sourcefire Sensor on Nokia software must must be 1000 Mbps.

How a Fail Open NIC WorksDuring the Normal State, the two Gigabit Ethernet signals are straight-through connected to the Gigabit Ethernet ports through the NIC. The two Gigabit Ethernet ports work independently as normal dual Gigabit Ethernet ports. During the Bypass State, the two Gigabit Ethernet signal are crossover connected to each other, so that the Ethernet connection bypasses the computer or the network appliance where your fail open NIC is installed. A relay system sets the Normal or Bypass State as determined by a watch dog timer and bypass control logic circuits, and based on your configuration settings. For information about configurations applicable to your fail open NIC, see the Nokia Intrusion Prevention with Sourcefire User’s Guide.

Front Panel DetailsFigure 13 shows the front panel details for the two-port fail open copper Gigabit Ethernet NIC supported by Nokia IP390 IPS.



Figure 13 Two-Port Fail Open Copper Gigabit Ethernet NIC

Figure 14 shows the front panel details for the four-port fail open copper Gigabit Ethernet NIC supported by Nokia IP390 IPS.

Figure 14 Four-Port Fail Open Copper Gigabit Ethernet NIC

FailO

pen

ACT NORMAL

LNK

00608

P1ACT

LNK

P2

Normal LED (green)Illuminated for Normal State,off for Bypass State

Port 1 Port 2

Activity LEDs (blinking orange)Link LEDs (green)

FailO

pen

1

1

2

3

A B

4 2 3 4

00609

Normal LED (A) forPorts 1 and 2Green for Normal StateOff for Bypass State

Normal LED (B) forPorts 3 and 4Green for Normal StateOff for Bypass State

Link (green) and Activity (blinking green) LEDsfor Ports 1, 2, 3, and 4



LED IndicatorsBy default, the NIC is initially in Bypass State after you connect the cables and turn on power to the appliance. Both the Link and Normal LEDs are not illuminated. The Normal and Link LEDs will illuminate only after you use the Sourcefire Defense Center for Nokia to add the interfaces to an interface set and apply a detection policy to the interface set.As the NIC transmits data, the Activity LEDs on the appliance illuminate.Table 7 describes the LEDs for the two-port copper fail open Gigabit Ethernet NICs.Table 8 describes the LEDs for the four-port fail open copper Gigabit Ethernet NICs.

Table 7 LED Details for Two-Port Copper Fail Open NIC

LED Color Description

Link Green 10, 100, or 1000 Mbps connection

Activity Blinking orange Data received and transmitted

Normal Green Normal State

Off Bypass State

Table 8 LED Details for Four-Port Copper Fail Open NIC


A Green Ports 1 and 2 in Normal State

Off Ports 1 and 2 in Bypass State

B Green Ports 3 and 4 in Normal State

Off Ports 3 and 4 in Bypass State



Fail Open Copper Gigabit Ethernet Connectors and Cables

The fail open copper Gigabit Ethernet NICs use RJ-45 connectors. To connect to a hub, switch, or router, use a straight-through RJ-45 cable (Cat 5 type cable or as required by your network configuration).

CautionCables that connect to the copper fail open Gigabit Ethernet NIC must be IEEE 802.3 compliant to prevent potential data loss.

NoteCertain circumstances might require shielded Cat 5 Ethernet cables to meet Class B emissions requirements.

NoteAll Nokia copper Gigabit Ethernet NICs support cable autosensing. You can use a straight-through or crossover cable to connect the NIC to a copper Gigabit Ethernet hub or switch, or to connect directly to a host.

1, 2, 3, 4 Green 1-Gbps or 10/100-Mbps connection

Blinking green Data being received or transmitted

Table 8 LED Details for Four-Port Copper Fail Open NIC




In Figure 10, the RJ-45 cable output connector is numbered from right to left, with the copper pins facing up and toward you.

Figure 15 Copper Fail Open Gigabit Ethernet Cable Connector Output Pin Assignments

To connect directly to a host, use an RJ-45 crossover cable wired as Figure 16 shows.

00270

Pin#

GigabitEthernetAssignment

10/100 MbpsAssignment

1 BI_DA+ TX

2 BI_DA- TX

3 BI_DB+ RX

4 BI_DC+

5 BI_DC-

6 BI_DB- RX

7 BI_DD+

8 BI_DD-

8 1



Figure 16 Fail Open Copper Gigabit Ethernet Crossover Cable Pin Connections

To connect the fail open copper Gigabit Ethernet NIC to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.

Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC

Nokia IP390 IPS supports Nokia-approved, two-port fail open fiber-optic Gigabit Ethernet NICs installed in its PMC expansion slots. When you purchase a fiber-optic Gigabit Ethernet NIC with your Nokia IP390 IPS, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards.”

00020

12345678

12345678



Fail Open Fiber-Optic Gigabit Ethernet NIC FeaturesThe fail open fiber-optic Gigabit Ethernet NICs provide the following features:

High bandwidthFull-duplex mode operation at 1 Gbps (no half-duplex support)Tracing through tcpdumpCompliance with IEEE 802.3z Gigabit Ethernet specification

How a Fail Open NIC WorksDuring the Normal state, the two Gigabit Ethernet signals are straight-through connected to the Gigabit Ethernet ports through the NIC. The two Gigabit Ethernet ports work independently as normal dual Gigabit Ethernet ports.During the Bypass state, the two Gigabit Ethernet signal are crossover connected to each other, so that the Ethernet connection bypasses the computer or the network appliance where your fail open NIC is installed.A relay system sets the Normal or Bypass state as determined by a watch dog timer and bypass control logic circuits, and based on your configuration settings. For information about configurations applicable to your fail open NIC, see the Nokia Intrusion Prevention with Sourcefire User’s Guide.



Front Panel DetailsFigure 12 shows the front panel details for the two-port fail open fiber-optic Gigabit Ethernet NIC you can use in Nokia IP390 IPS appliances.

Figure 17 Two-Port Fail Open Fiber-Optic Gigabit Ethernet NIC

LED IndicatorsBy default, the NIC is initially in Bypass State after you connect the cables and turn on power to the appliance. Both the Link and Normal LEDs are not illuminated. The Normal and Link LEDs will illuminate only after you use the Sourcefire Defense Center for Nokia to add the interfaces to an interface set and apply a detection policy to the interface set.A green Link LED indicates a 1-Gbps link speed. As the NIC transmits data, the Activity LEDs on the appliance illuminate.

00012

FailO

pen�

�TX TXRXRX

LINK P1 ACT LINK P2 ACT

NORMAL

Link LEDs (green)Activity LEDs (blinking orange)

Separate LEDs for Port 2

Port 1

Normal LED (green)Illuminated for Normal state

RX LEDTX LED

RX LEDTX LED

Port 2



Table 7 describes the LED signals for the fail open fiber-optic Gigabit Ethernet NIC.

Fail Open Fiber-Optic Gigabit Ethernet Connectors and Cables

To connect the fail open fiber-optic Gigabit Ethernet NIC to other network components, use a multimode, fiber-optic cable with an LC connector for each NIC interface. You can use either 50 or 62.5 micron cable; 50 micron-type cable provides longer transmission length. The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination fail open Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port. LC and SC define the fiber-optic connector types; LC connectors are smaller than SC connectors.Two LC-to-SC cables are included with two-port fail open fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice.

Table 9 LED Details for Fail Open Fiber-Optic NIC

LED Color Definition

Link Green 1-Gbps connection

Activity Blinking orange Data received and transmitted

Normal Green Normal state

Off Bypass state



CautionCables that connect to the fail open Gigabit Ethernet NIC must be IEEE 802.3 compliant to prevent potential data loss.


6 Installing and Replacing Other Components

This chapter provides information on how to add or replace user serviceable items other than network interface cards (NICs) in your Nokia IP390 IPS. The following topics are covered:

Replacing the Compact Flash Memory CardReplacing a Hard-Disk DriveReplacing or Upgrading MemoryReplacing the Battery

For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards.”

CautionYou should have a working knowledge of networking equipment before attempting to service an appliance. Limit service of the appliance to the procedures described in this chapter.

CautionProtect your Nokia IP390 IPS and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any component.



Replacing the Compact Flash Memory CardThe compact flash card stores the boot manager, which is used to boot the system or perform a new installation of the IPSO-LX operating system on the disk. The compact flash card is located on the motherboard in a slot behind the hard-disk drive location.Figure 18 shows the location of the compact flash memory card.

Figure 18 Compact Flash Memory Card Slot

CautionTo protect the appliance and the compact flash memory from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

00550

IP390


Replacing the Compact Flash Memory Card

You must perform an orderly shutdown of the appliance and turn the power off whenever you remove the chassis tray assembly to service internal components.

NoteBecause power to the appliance is automatically disconnected when the chassis tray assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis tray assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.

CautionYou risk damage to the appliance or loss of data if you do not use the following procedure when you replace the compact flash memory.

To replace compact flash memory in your appliance1. Use Network Voyager or the CLI to halt the appliance.

To use Network Voyager to halt the appliance, select System Configuration > Reboot or Shutdown System > Halt.To use the CLI to do this, enter halt at the prompt.

2. Loosen the two front panel retaining screws.

00525

IP390




3. Slide the chassis tray assembly forward and completely remove the chassis to expose the motherboard components.

4. Place the chassis tray assembly on a table top.5. Locate and remove the existing compact flash memory card from the slot

by gently sliding it out of the slot.6. Gently insert the new compact flash memory card into the slot. 7. Slide the chassis tray assembly back into the appliance until it clicks into

place.


8. Resecure the two chassis tray assembly retaining screws.

00537

IP390

00538

IP390


Replacing a Hard-Disk Drive

Replacing a Hard-Disk DriveThe following figure shows the location of the hard-disk drive on the motherboard.

NoteBack up your files to a remote system on a regular basis. For back up and restore procedures, see the Administrator’s Guide for Nokia IPSO-LX for the version of Nokia IPSO-LX you are using.

Figure 19 Hard-Disk Drive Location

00542

IP390

Hard-disk drive



Before You StartTo replace the hard-disk drive in your appliance, you need the following:

Physical access to the applianceA Nokia-approved hard-disk driveAccess to the appliance through Network VoyagerA Phillips-head screwdriverA torque screwdriver capable of a 69.4ozf*in (5kgf*cm) setting

To install or replace a hard-disk drive1. Use Network Voyager or the CLI to halt the appliance.

To use Network Voyager to halt the appliance, select System > Configuration > Reboot or Shutdown System > Halt.To use the CLI to do this, enter halt at the prompt.

2. Loosen the retaining screws that hold the chassis tray assembly.

00525

IP390




3. Gently slide the chassis tray assembly forward to remove the tray from the appliance so you can access the hard-disk drive retaining screws from the bottom of the tray.

NoteBecause power to Nokia IP390 IPS is automatically disconnected when the chassis tray assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis tray assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.

00537

IP390



4. Remove the retaining screws that hold the hard-disk drive unit from the bottom of the chassis tray assembly.

Gently remove the hard-disk drive from the motherboard, taking care not to damage the connector.

00534



5. Insert the hard-disk drive unit.

NotePush the hard-disk drive gently into place. Take care to align the connectors correctly as the connectors are not keyed.

00536



6. Tighten the retaining screws that holds the hard-disk drive into place.



00535

00538

IP390


Replacing or Upgrading Memory

8. Tighten the retaining screws that hold the chassis tray assembly.

Replacing or Upgrading MemoryNokia IP390 IPS appliances have two dual inline memory-module (DIMM) sockets. This section explains how to upgrade or replace the memory in your appliance by using a Nokia-approved memory upgrade kit.Nokia IP390 IPS comes with different memory configurations. Contact Nokia customer support for more information on the supported memory configurations.

NoteNokia recommends that you obtain memory kits only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.

The DIMM sockets are located at the right of the motherboard, as you look at the appliance from the front, as Figure 20 shows.

00525

IP390




Figure 20 DIMM Socket Locations

Before You StartTo upgrade or replace the memory in your appliance, you need the following:

Physical access to the applianceNokia memory upgrade kitNetwork or console access to the appliance

CautionTo protect Nokia IP390 IPS and the memory modules from electrostatic discharge (ESD), make sure you are properly grounded before you touch these components.

00546

IP390

DIMMs and DIMM sockets



To add or replace DIMMs1. Use Network Voyager or the CLI to halt the appliance.

To use Network Voyager to halt the appliance, select System Configuration > Reboot or Shutdown System > Halt.To use the CLI to do this, enter halt at the prompt.


3. Slide the chassis tray assembly forward to expose the DIMM sockets. Remove the tray completely to avoid damaging components.

NoteBecause power to Nokia IP390 IPS appliance is automatically disconnected when the chassis tray assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis tray assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.

00525

IP390




4. Remove any memory module necessary by pressing the two retaining clips outward and carefully pulling each DIMM upward as the following figure shows.

You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins.

5. The memory DIMMs are keyed to prevent improper insertion. Press the new DIMM into the socket until it clicks into place.

00545

IP390



The top of the DIMM is smooth. The bottom edge has three different length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.

The retaining clips move into the lock position as you press the DIMM into place.

00544

IP390





7. Resecure the two retaining screws.

The appliance automatically recognizes the new memory configuration. You can verify this from the Network Voyager or the IPSO-LX shell.To verify the memory from the IPSO-LX shell, enter:

dmesg | grep ‘Memory’

ormore /proc/meminfo

00538

IP390

00525

IP390



Replacing the Battery

Replacing the BatteryTo replace the battery, you need the following:

The appropriate Nokia battery replacement kit for your appliancePhysical access to the applianceA Phillips-head screwdriverA grounding wrist strap(Optional) Safety glasses

WarningRisk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer's instructions.

WarningMake certain to remove the power cord from the appliance before you proceed with any of the following steps. Failure to do so could cause electric shock with burns or death resulting for the user.

CautionMake certain that you are properly grounded when you handle components internal to the appliance to protect against electrostatic discharge damage to the appliance. Use the grounding strap included in the battery replacement kit.

To install the battery1. Use Network Voyager or the CLI to halt the appliance.

To use Network Voyager to halt the appliance, select System Configuration > Reboot or Shutdown System > Halt.



To use the CLI to do this, enter halt at the prompt.2. Loosen the two front panel retaining screws.


4. Slide the chassis tray assembly forward to expose the DIMM sockets. Remove the tray completely to avoid damaging components.

NoteBecause power to Nokia IP390 IPS is automatically disconnected when the chassis tray assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis tray assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord

00525

IP390


00537

IP390


Replacing the Battery

5. .Locate the battery on the motherboard. The battery is in a black battery holder secured with a battery retaining pin.

6. Remove the old battery. Use a small nonconductive device, such as a plastic probe, to slide the battery out of the battery holder through the cutout in the holder.

CautionReplace the battery only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.

7. With the positive side facing up, slide the new battery through the cutout in the battery holder.

00014

IP390



CautionYou must place the new battery into the battery holder observing the correct polarity. The positive terminal of the battery must be facing up.



9. Resecure the two retaining screws.

10. Reset the appliance date and time information by using Network Voyager or the command-line interface. The battery is required to maintain the date and time whenever you shut down the appliance.

00538

IP390

00525

IP390


7 Troubleshooting

This chapter provides troubleshooting tips, problems, and solutions related to Nokia IP390 IPS installations.

Unable to Log in to the Console Port—No Error MessageTwo laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with Nokia IP390 IPS. If this is not possible using your laptop computer or terminal, the problem is with the terminal or cable and not the appliance.

Problem You do not have a console connection to the appliance.Solution For information about how to create a console connection, see “Using a Console Connection” on page 39.

Problem Not connected with a null-modem cable. Solution Verify that you are using a null-modem cable. For pinout information, see “Using a Console Connection” on page 39.

Problem Wrong terminal settings.Solution Verify terminal settings: 8 data, 1 stop, no parity, 9600 bps.


7 Troubleshooting

Problem Terminal set for flow control.Solution Nokia IP390 IPS does not use flow control. The terminal should be set for no flow control.

Problem Defective appliance or file system.Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.

Do Not Get a Login Prompt—Error Messages Appear

Problem The appliance is defective, or the file system on the appliance is defective.Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.

NoteUse the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an appliance. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Nokia customer support Web site as listed in the “Nokia Contact Information” on page 3.

Login Prompt Appears, But Password Not Accepted

Problem Entered wrong password.Solution Obtain a valid password or set the password to a default value.


To reset the Admin password without knowing the current password1. Log in to the system as the root user.2. Open a CLI shell by entering the following command:

su - admin

This operation does not require a password.3. If the default shell for Admin is not clish, enter the clish command.4. Enter the following command:

set user admin passwd

5. At the prompt Old password, press Enter without typing a password.6. At the New password and Verify new password prompts, enter the

new password and press Enter.The password is now reset.

If you have lost the root password, you can reset the root password by using the procedure in “To reset the password for root user.” You must have physical access to the device to perform this procedure.

To reset the password for root user1. From a console connection, reboot the system, watching the message that

appear on the console.2. Enter the boot manager by typing 2 when you see the following message:

LILO 22.5.91 ipso2 bootmgrPress key '2' to enter BOOTMGR command modeboot:

You must do this within 5 seconds or else the reboot continues.3. When you see the BOOTMGR[1]> prompt, enter the following

command:overpw


7 Troubleshooting

This is a hidden command and is not in the help menu. The root password is reset to " ", that is, there is no password.

4. Continue the boot process by entering the following command:boot

5. Log in as root (no password)6. Enter the following command:

passwd root 7. Set a new password for root.

Unable to Connect to Network Voyager Using the Ethernet Port, But Console Access Works

Problem Using the wrong Ethernet cable.Solution Use a crossover Ethernet cable if you are connecting directly to the computer. Use a straight-through cable if you are connecting to a hub. For cabling information, see “Connecting to Network Interfaces” on page 36.

Problem Port is not configured as active. Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.

Problem Host port configuration is incorrect.Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.

Problem Wrong link speed.Solution Use the CLI over the console connection to verify the interface configuration and fix it if necessary.


Do Not See Interfaces that Should be Present

Problem Local appliance ports do not appear. Solution Your NIC might be defective. Contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.

NoteThe problem could be with the slot on the PMC card carrier. Try installing the NIC in another slot.

Common Ethernet Problems—Connectivity with Attached Device

Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between a Nokia IP390 IPS and a host, and a straight-through cable between a Nokia IP390 IPS and a hub.

Problem Solid data and activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection.

Problem Port not enabled.Solution Verify from the Interface page in Network Voyager that the interface port is configured as active.

Problem High collision rate on the hub. Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.


7 Troubleshooting

Unable to Ping Through Appliance—No Connectivity Between Ports This section covers connectivity issues that are isolated within a Nokia IP390 IPS or network.Localize the problem by issuing pings to various network interfaces. Use tcpdump to help isolate the problem. Use tcpdump to verify that a packet is leaving or entering a port.

Problem Interfaces not up. Solution Ensure that the interfaces are up and active, as described in Chapter 3, “Performing the Initial Configuration.”

Problem No route to network. Solution Check the routing table to see if a route exists to the network where the interface is located.

Problem Attached device does not have proper default route or routing information. Solution If a local computer is unable to ping through an attached appliance, the computer might contain either an invalid default route or invalid routing information.If you are using default routes from a computer, ensure that the local interface is the default route for that computer.

Appliance Not Receiving Power

Problem Power cord is not properly plugged in.Solution Check cord. Make sure it is properly seated at both ends.


Problem Power supply not providing power.Solution Check power source. If there is no power at the source, take appropriate action such as inserting a new fuse or resetting circuit breaker.

Appliance Does Not Recognize New Memory Configuration

Problem DIMMs are not properly seated in DIMM sockets.Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place.


7 Troubleshooting


A Technical Specifications

Physical Dimensions

Space RequirementsNokia IP390 IPS is designed for front-screw mounting in a 19-inch rack. Each Nokia IP390 IPS requires the following space in a rack:

1.75 inches (4.45 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the appliance to allow the back exit fan to move air through the appliances

Dimensions Height: 1.75 in. (4.45 cm)

Width: 17 in. (44 cm)19 in. (48 cm) rack mountable

Depth: 16.12 in. (40.94 cm)

Weight 17 lbs. (7.7 kg) base system


A Technical Specifications

CautionDo not place objects over the ventilation holes on the appliance. The appliance might overheat and become damaged.

Operating TemperatureThe operating temperature range for Nokia IP390 IPS is 0° C to 45° C (32° F to 113° F).

NIC Interfaces

NIC Type Cable TypeCable Output Connector

Two-port fiber-optic Gigabit EthernetTwo-port fiber-optic fail open Gigabit Ethernet

IEEE 802.32 Gigabit Ethernet multi-mode Fiber

LC

Two-port copper Gigabit EthernetTwo-port copper fail open Gigabit EthernetFour-port copper fail open Gigabit Ethernet

Straight-through RJ-45 cable (Cat 5 type) or crossover cable; in some cases, shielded Cat 5 Ethernet cable to meet Class B emissions standards

RJ-45


B Compliance Information

This appendix contains the following compliance information:Declaration of ConformityCompliance StatementsFCC Notice (US)

Declaration of ConformityAccording to ISO/IEC Guide 22 and EN 45014:

declares that the product:

Manufacturer’s Name: Nokia Inc.

Manufacturer’s Address: 313 Fairchild DriveMountain View, CA 94043-2215USA

Product Name: IP390 and IP390 IPS

Model Number: EM7500

Product Options: All



conforms to the following standards:

Supplementary information:Pursuant to directive 1999/5/EC this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/336/EEC with Amendment 93/68/EEC.

Compliance StatementsThis hardware complies with the standards listed in this section.

Serial Number: 1 to 100,000

Date First Applied: 2006

Safety: EN60950-1:2001+A11; IEC60950-1:2001; UL60950, Third Edition:2000; CAN/CSA-C22.2 No.60950:2000.

EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3

Christopher SaleemCompliance & Reliability Engineering ManagerSecurity & Mobile Connectivity, Enterprise SolutionsMountain View, CaliforniaMay 2006


Compliance Statements

Emissions Standards

Immunity Standards

Harmonics and Voltage Fluctuation

Safety Standards

FCC Part 15 Subpart B Class A US/Canada

EN55022 (CISPR 22 Class A) European Community (CE)

EN55024 European Community (CE)

EN61000-4-2

EN61000-4-3

EN61000-4-4

EN61000-4-5

EN61000-4-6

EN61000-4-11

EN61000-3-2 European Community (CE)

EN61000-3-3 European Community (CE)

UL60950/EN60950 US/European Community(CE)

CAN/CSA-C22.2 No.60950 Canada



FCC Notice (US)This device has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio or television reception, the user is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna.Increase the separation between the computer and receiver.Connect the computer into an outlet on a circuit different from that to which the receiver is connected.Consult the dealer or an experienced radio/TV technician for help.

CautionAny changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.

060425


Index

Aappliance 20applications

supported 27auxiliary (AUX) port

lack of support of 21

Bbattery

holder 89location 89replacing 87

built-in Gigabit Ethernet ports 21

Ccables

Gigabit Ethernet NIC connectionsfor copper 57for copper fail open 64for fiber-optic 60for fiber-optic fail open 69

command-line interface (CLI)overview 25using the 44

compliance information 101declaration of conformity 101FCC notice 104

compliance statements 102component locations 20

Nokia IP390 Intrusion Prevention with Sourcefire

connectionspower 31two-port Gigabit Ethernet NIC, fiber-optic

fail open 69two-port Gigabit Ethernet NICs, copper 57two-port Gigabit Ethernet NICs, fiber-

optic 60two-port or four-port Gigabit Ethernet NICs,

copper fail open 64connector pin assignments

console connection 36Gigabit Ethernet crossover cable 58Gigabit Ethernet NICs, copper 58

connectors forGigabit Ethernet network interface cards 69

console connectionsusing 39

console portpin assignments 36

Ddeactivating NICs 46declaration of conformity 101depth specification 99DIMMs

socket locations 82

Eend-of-life information 27

Installation Guide Index - 105

equipment disposal 27

FFCC notice 104front panel details 20

GGigabit Ethernet network interface cards

connectors 69Gigabit Ethernet NICs

four-port copper fail opencable pin assignments 65connecting to 64front panel 62

two-port coppercable pin assignments 58connecting to 57front panel 57

two-port copper fail opencable pin assignments 65connecting to 64front panel 62

two-port fiber-opticconnecting to 60front panel 60

two-port fiber-optic fail openconnecting to 69front panel 68

Gigabit Ethernet ports, built-in 21

Hhard-disk drive

installing a 75height specification 99

Iinstalling

hard-disk drive, a 75NICs 46

LLEDs

Gigabit Ethernet NICsfour-port copper fail open 62two-port copper 57two-port copper fail open 62two-port fiber-optic 60two-port fiber-optic fail open 68

system status 23

Mmemory (RAM)

replacing 81upgrading 81

monitoring appliances 23

Nnetwork interface cards

see NICsnetwork interfaces

connecting to 36NICs

deactivating 46Gigabit Ethernet, four-port copper fail

open 60Gigabit Ethernet, two-port copper 57Gigabit Ethernet, two-port copper fail

open 60Gigabit Ethernet, two-port fiber-optic 60Gigabit Ethernet, two-port fiber-optic fail

open 66installing 45, 46

Index - 106 Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide

interface specifications 100specifications 20, 100

Nokia IPSO-LXcommand-line interface (CLI) 25, 44reference documentation 42requirements 27

Nokia Network Voyageropening 41overview 25using 41

Oopening Nokia Network Voyager 41operating temperature specification 100output connector

Gigabit Ethernet NIC, copper 58Gigabit Ethernet NIC, copper fail open 65Gigabit Ethernet NIC, fiber-optic 60Gigabit Ethernet NIC, fiber-optic fail

open 69

Pphysical dimensions 99power connections 31power supply 32power switch 32

Rrack mounting 30random access memory (RAM)

specification 20recycling retired equipment 27replacing RAM memory 81RJ-45 connector

console cables, for 36

Sspace requirements 99specification

depth 99height 99operating temperature 100physical dimensions 99space requirements 99weight 99width 99

specificationsnetwork interfaces 100technical 99

system status LEDs 23

Ttechnical specifications 99troubleshooting 91

Uupgrading RAM memory 81

Vventilation requirements 26

Wweight specification 99width specification 99

Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide Index - 107

Index - 108 Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide

Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide · Nokia IP390 Intrusion...

Documents

Transcript of Nokia IP390 Intrusion Prevention with Sourcefire Installation Guide · Nokia IP390 Intrusion...