nokia firewall (5001) - ca...
Post on 20-Mar-2018
217 Views
Preview:
TRANSCRIPT
Nokia Firewall
Device Management
Supports Management Module SM-NOK1000
Titlep
ae
D e v i c e M a n a g e m e n t Page 2 N o k i a F i r e w a l l
Copyright NoticeDocument 5001. Copyright © 2002-present by Aprisma Management Technologies, Inc. All rights reserved worldwide. Use, duplication, or disclosure by the United States government is subject to the restrictions set forth in DFARS 252.227-7013(c)(1)(ii) and FAR 52.227-19.Liability DisclaimerAprisma Management Technologies, Inc. (“Aprisma”) reserves the right to make changes in specifications and other information contained in this document without prior notice. In all cases, the reader should contact Aprisma to inquire if any changes have been made.
The hardware, firmware, or software described in this manual is subject to change without notice.
IN NO EVENT SHALL APRISMA, ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF APRISMA HAS BEEN ADVISED OF, HAS KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.
Trademark, Service Mark, and Logo InformationSPECTRUM, IMT, and the SPECTRUM IMT/VNM logo are registered trademarks of Aprisma Management Technologies, Inc., or its affiliates. APRISMA, APRISMA MANAGEMENT TECHNOLOGIES, the APRISMA MANAGEMENT TECHNOLOGIES logo, MANAGE WHAT MATTERS, DCM, VNM, SpectroGRAPH, SpectroSERVER, Inductive Modeling Technology, Device Communications Manager, SPECTRUM Security Manager, and Virtual Network Machine are unregistered trademarks of Aprisma Management Technologies, Inc., or its affiliates. For a complete list of Aprisma trademarks, service marks, and trade names, go tohttp://www.aprisma.com/manuals/trademark-list.htm.
All referenced trademarks, service marks, and trade names identified in this document, whether registered or unregistered, are the intellectual property of their respective owners. No rights are granted by Aprisma Management Technologies, Inc., to use such marks, whether by implication, estoppel, or otherwise. If you have comments or concerns
about trademark or copyright references, please send an e-mail to spectrum-docs@aprisma.com; we will do our best to help.
Restricted Rights Notice(Applicable to licenses to the United States government only.)This software and/or user documentation is/are provided with RESTRICTED AND LIMITED RIGHTS. Use, duplication, or disclosure by the government is subject to restrictions as set forth in FAR 52.227-14 (June 1987) Alternate III(g)(3) (June 1987), FAR 52.227-19 (June 1987), or DFARS 52.227-7013(c)(1)(ii) (June 1988), and/or in similar or successor clauses in the FAR or DFARS, or in the DOD or NASA FAR Supplement, as applicable. Contractor/manufacturer is Aprisma Management Technologies, Inc. In the event the government seeks to obtain the software pursuant to standard commercial practice, this software agreement, instead of the noted regulatory clauses, shall control the terms of the government's license.Virus DisclaimerAprisma makes no representations or warranties to the effect that the licensed software is virus-free.
Aprisma has tested its software with current virus-checking technologies. However, because no antivirus system is 100 percent effective, we strongly recommend that you write-protect the licensed software and verify (with an antivirus system in which you have confidence) that the licensed software, prior to installation, is virus-free.
Contact InformationAprisma Management Technologies, Inc.273 Corporate DrivePortsmouth, NH 03801Phone: 603-334-2100U.S. toll-free: 877-468-1448Web site: http://www.aprisma.com
D e v i c e M a n a g e m e n t Page 3 N o k i a F i r e w a l l
ContentsINTRODUCTION 4
Purpose and Scope ........................................................4Required Reading ...........................................................4Supported Devices..........................................................5The SPECTRUM Model ..................................................5
TASKS 7
DEVICE VIEW 8
Interface Icons ................................................................9Interface Icon Subviews Menu......................................10Secondary Address Panel ............................................11
DEVICE TOPOLOGY VIEWS 12
APPLICATION VIEWS 13
Main Application View...................................................13Application Icons...........................................................14Supported Applications .................................................14
Common Applications................................................14Device Specific Applications......................................16
Checkpoint Application .................................................16Firewall Information View ..........................................16
General Information ...............................................16Filter Information ....................................................17Packet Information .................................................17
RateShape Application ................................................. 17RateShape Performance View .................................. 17
Rule Status Table View ......................................... 18Aggregation Class Status Table View ................... 18
Virtual Router Redundancy Protocol Application .......... 19
PERFORMANCE VIEWS 20
CONFIGURATION VIEWS 21
Device Configuration View............................................ 21IPSO Configuration View .............................................. 22
Config ........................................................................ 22Log Table .................................................................. 23Card........................................................................... 23
IPSO Additional Configuration View ............................. 23Image ........................................................................ 23Fan ............................................................................ 24Power ........................................................................ 24
RateShape Configuration View..................................... 24Aggregation Class Table View .................................. 25Rule Table View ........................................................ 26
MODEL INFORMATION VIEWS 28
INDEX 29
D e v i c e M a n a g e m e n t Page 4 N o k i a F i r e w a l l
Introduction
This section introduces SPECTRUM Device Management documentation for the Nokia Firewall series of devices.
This introduction contains the following topics:
• Purpose and Scope• Required Reading• Supported Devices (Page 5)• The SPECTRUM Model (Page 5)
Purpose and ScopeUse this documentation as a guide for managing Nokia Firewall devices with the SPECTRUM management module SM-NOK1000. This documentation describes the icons, menus, and views that enable you to remotely monitor, configure, and troubleshoot Nokia Firewall devices through software models in your SPECTRUM database.
This documentation consists primarily of information specific to the supported management module. For general information about device management using SPECTRUM, and
for explanations of basic SPECTRUM functionality, refer to the documentation listed under Required Reading.
Required ReadingBefore using this document, you should be familiar with the information provided in the following documentation:
• Getting Started with SPECTRUM for Operators
• Getting Started with SPECTRUM for Administrators
• How to Manage Your Network with SPECTRUM
• SPECTRUM Views• SPECTRUM Icons• SPECTRUM Menus
I n t r o d u c t i o n S u p p o r t e d D e v i c e s
D e v i c e M a n a g e m e n t Page 5 N o k i a F i r e w a l l
Supported DevicesSPECTRUM management module SM-NOK1000 allows you to model several different types of Nokia Firewall /VPN devices. These devices offer a combination of firewall and VPN technology on a Nokia platform with a security-specific operating system (IPSO). They allow organizations to deploy a single, integrated solution for secure Internet communications and access control. They are ideal for network environments from carrier class to the regional or small office
The following Noika devices are supported by the SM-NOK1000 management module:
• IPUnkwn• IP4xx• IP400• IP410• IP440• IP6xx• IP600• IP650• IP3xx• IP110• IP530• IP740• IP3400
• VPNUnkwn• VPNRL50• VPNRL250• VPNRL500• VPNRLU• VPN210• VPN220• VPN230• VPN240
The SPECTRUM ModelSPECTRUM uses a single model type for modeling the supported Nokia Firewall devices. This model type is NokiaFW. This model is represented in SpectroGRAPH views by Device icons. As shown in Figure 1, the appearance of the Device icon varies depending on the view in which it appears.
I n t r o d u c t i o n T h e S P E C T R U M M o d e l
D e v i c e M a n a g e m e n t Page 6 N o k i a F i r e w a l l
Figure 1: Device Icon
The device-specific Icon Subviews menu options available from the Device icon are listed below.
The rest of this document covering management module SM-NOK1000 is organized as follows:
• Tasks (Page 7)• Device View (Page 8)• Device Topology Views (Page 12)• Application Views (Page 13)• Performance Views (Page 20)• Configuration Views (Page 21)• Model Information Views (Page 28)
Option Accesses the...
Fault Management
For further information refer to How to Manage Your Network with SPECTRUM documentation.
Device Device View (Page 8)
Model Name
XYZ_Mxxx
Model Name
IP440
Small Device icon appears inTopology and Application views
Large Device icon appears inDevice Topology, Location, andDevice Interface views.
DevTop Device Topology Views (Page 12)
Application Application Views (Page 13)
Configuration Configuration Views (Page 21)
Model Information
Model Information Views (Page 28)
Primary Application
Menu options that let you select either Gen Bridge App or MIB-II as the primary application.
Option Accesses the...
D e v i c e M a n a g e m e n t Page 7 N o k i a F i r e w a l l
Tasks
This section contains an alphabetical list of device management tasks, with each task providing one or more links to views that let you perform the task.
Application Information (examine)• Application Views (Page 13)
Device (configure)• Configuration Views (Page 21)
Device Performance (monitor)• Device View (Page 8)
File Transfer (initiate/examine)• Firewall Information View (Page 16)
Interface Mask and Address (examine)• Secondary Address Panel (Page 11)
IPSO Configuration (configure)• IPSO Configuration View (Page 22)
Model Information (examine)• Model Information Views (Page 28)
Port Configuration (examine/modify)• Interface Icons (Page 9)• Device Configuration View (Page 21)
Port Statistics (monitor)• Performance Views (Page 20)
RateShape Configuration (configure)• RateShape Configuration View (Page 24)
D e v i c e M a n a g e m e n t Page 8 N o k i a F i r e w a l l
Device View
This section describes the Device view and subviews available for models of Nokia Firewall devices in SPECTRUM.
Access: From the Icon Subviews menu for the Device icon, select Device.
This view (Figure 2) uses icons and labels to represent the device and its components, such as modules, ports, and applications. The view provides dynamic configuration and performance information for each of the device’s serial and network I/O ports, which are represented by Interface icons in the bottom panel of the view. The middle panel of the view displays a Device icon, which lets you monitor the device operation and access other device-specific views.
Figure 2: Device View
File View HelpTools
Model NameContactDescriptionLocation
Sys Up TimeManufacturerDevice TypeSerial Number
Network Address
Interface Description
Filter Physical
Interface Options PanelDevice Icon
XYZ_Mxxx
Model Name
1Ethernet
0:0:1D:F:FD:B6
ei0
0.0.0.0
ON
5SFTWARLPBK
0:0:1D:F:FD:B6
lo0
0.0.0.0
ON
9ATM8023
0:0:1D:F:FD:B6
zn1
0.0.0.0
ON
512AAL5
UAAL5
0.0.0.0
ON
2ATMCPU
0.0.0.0
ON
6ATM portCPU.1
0.0.0.0
ON
ATM7A1
0.0.0.0
ON
ATM7B1
0.0.0.0
ON
ATM7B2
0.0.0.0
ON
ATM7B3
0.0.0.0
ON
ATM8B1
0.0.0.0
ON
ATM8B2
0.0.0.0
ON
ATM8B3
0.0.0.0
ON
ATM8B4
0.0.0.0
ON
10
2783905 2783909
11
7
3 4
8
Interface Icons
Bookmarks
Model Name of type XYZ_Mxxx of Landscape node: Primary
Primary Application Gen Bridge App
D e v i c e V i e w I n t e r f a c e I c o n s
D e v i c e M a n a g e m e n t Page 9 N o k i a F i r e w a l l
Interface IconsFigure 3 shows a close-up of an Interface icon from the Device view. Most of the informational labels on the icon also provide double-click access to other views, as explained in the following label descriptions.
Figure 3: Interface Icon
Interface Number LabelThis label displays the interface (port) number.
IF Status LabelThis label displays the current status of the interface for the primary application selected, e.g., Gen Rtr App or MIB-II App. Table 1 lists the possible label color representations. Note that the color of the label also depends on the interface’s current Administrative Status, which you set in the Interface Configuration View. This view can be accessed by double-clicking the Interface Type label.
Interface Type LabelThis label identifies the interface type (Ethernet, ATM, etc.). Double-click this label to access the Interface Configuration view. See the SPECTRUM Views documentation.
c
f
b
1ethernet
0:0:1D:F:FD:B6
a
a Interface Number Label
b IF Status Label
c Interface Type Label
d Network Type Label
e Physical Address Label
f IP Address Label
fxp0
0.0.0.0
d
e
ONTable 1: Interface Status Label Colors
ColorOperational
StatusAdministrative
StatusLabelText
Green up up ON
Blue down down OFF
Yellow down up OFF
Red testing testing TEST
D e v i c e V i e w I n t e r f a c e I c o n S u b v i e w s M e n u
D e v i c e M a n a g e m e n t Page 10 N o k i a F i r e w a l l
Network Type LabelThis label identifies the type of network to which the interface is connected. Double-click the label to open the Model Information view for the interface.
Physical Address LabelThis label displays the physical (MAC) address of the interface. Double-click this label to open the Address Translation Table (AT).
IP Address LabelThis label displays the IP address for the interface. Double-click this label to open the Secondary Address Panel (Page 11), which lets you change the address and mask for the interface.
Interface Icon Subviews MenuTable 2 lists the device-specific interface Icon Subviews menu options and the views to which they provide access.
Table 2: Interface Icon Subviews Menu
Option Accesses the...
Detail Interface Detail view, which displays packet, error, and discard breakdown statistics for the interface.
IF Configuration Interface Configuration view (see SPECTRUM Views).
Address Translation Table
Interface Address Translation Table, which identifies the physical and network address for the interface.
Secondary Address Panel
Secondary Address Panel (Page 11).
Thresholds Interface Threshold view, which lets you set the on/off alarm thresholds for load, packet rate, error rate, and % discarded for the interface.
Model Information
Model Information Views (Page 28).
Trap Configuration
Interface Trap Configuration view (see How to Manage Your Network with SPECTRUM).
D e v i c e V i e w S e c o n d a r y A d d r e s s P a n e l
D e v i c e M a n a g e m e n t Page 11 N o k i a F i r e w a l l
Secondary Address PanelAccess: From the Icon Subviews menu for the Interface icon in the Device view, select Secondary Address Panel.
This panel provides a table of IP addresses and masks obtained from the Address Translation table within the device’s firmware. You can change the current address displayed in the IP Address field by selecting an entry from the table in this panel and clicking the Update button.
D e v i c e M a n a g e m e n t Page 12 N o k i a F i r e w a l l
Device Topology Views
This section describes the Device Topology view available for models of the Nokia Firewall devices.
Access: From the Icon Subviews menu for the Device icon, select DevTop.
The Device Topology view (Figure 4) shows the connections between a modeled device and other network entities. The lower panel of the view uses Interface icons to represent the device’s serial, network, and I/O ports. These icons provide the same information and menu options as those in the Device View (Page 8). If a device is connected to a particular interface, a Device icon appears on the vertical bar above the Interface icon along with an icon representing the network group that contains the device.
Refer to the SPECTRUM Views documentation for details on Device Topology view.
Figure 4: Device Topology View
File View HelpTools
1Ethernet
0:0:1D:F:FD:B6ei0
0.0.0.0
ON 2ATM
0:0:1D:F:FD:B6A2
0.0.0.0
ON 3ATM
0:0:1D:F:FD:B6CPU
0.0.0.0
ON
XYZ_Mxxx
Model Name
Bookmarks
SpectroGRAPH: Device Topology: Model Name
Graphic ofNokia Firewall
Device
Model Name of type Model Type of Landscape node: Primary
D e v i c e M a n a g e m e n t Page 13 N o k i a F i r e w a l l
Application Views
This section describes the main Application view and the associated application-specific subviews available for models of Nokia Firewall devices.
Access: From the Icon Subviews menu for the Device icon, select Application.
Main Application ViewWhen a device model is created, SPECTRUM automatically creates models for each of the major and minor applications supported by the device. The main Application view identifies all of these application models, shows their current condition status, and provides access to application-specific subviews. Figure 5 shows this view in the Icon mode. If you prefer the List mode, which displays applications as text labels, select View > Mode > List.
For more information on this view, refer to the MIBs and the Application View document.
Figure 5: Application View
SpectroGRAPH: Application: Model Name
Model Name
Contact
Description
Location
Network Address System Up Time
Manufacturer
Device Type
Serial Number
Model Name
6E132_25
Model Name
Model Type
File View Tools Bookmarks
Model Name of type <model type> of Landscape node: Primary
Help
A p p l i c a t i o n V i e w s A p p l i c a t i o n I c o n s
D e v i c e M a n a g e m e n t Page 14 N o k i a F i r e w a l l
Application IconsWhen the Application view is in Icon mode, each of the application models is represented by an Application icon (Figure 6). Double-clicking the Model Name label (a) at the top of the icon opens the associated Model Information view—see Model Information Views (Page 28). For some applications, the Model Type label (c) at the bottom of the icon is also a double-click zone, which opens an application-specific view. Any views accessible through these double-click zones are also accessible from the Application icon’s Icon Subviews menu.
Figure 6: Application Icon
Supported ApplicationsSPECTRUM’s applications can be grouped within two general categories as follows:
• Applications associated with non proprietary MIBs. See Common Applications below.
• Applications associated with device-specific MIBs. See Device Specific Applications (Page 16).
Common ApplicationsFor the most part, these applications represent the non proprietary MIBs supported by your device. Listed below (beneath the title of the SPECTRUM document that describes them) are some of the common applications currently supported by SPECTRUM. Nokia Firewall devices support both common and device-specific applications.
• Routing Applications- Generic Routing- Repeater
a Model Name Label / Model Information View
b Condition Status Label
c Model Type Label / Application-Specific View
(a)
(b)
(c)
172.59.203.24
IP2_App
IP2_App
Note:Note:
The documents listed below (in bold font) are available for viewing at:
www.aprisma.com/manuals/
A p p l i c a t i o n V i e w s S u p p o r t e d A p p l i c a t i o n s
D e v i c e M a n a g e m e n t Page 15 N o k i a F i r e w a l l
- AppleTalk- DECnet- OSPF- OSPF2- BGP4- VRRP- RFC 2932
• Bridging Applications- Ethernet Special Database- Spanning Tree- Static- Transparent- PPP Bridging- Source Routing- Translation- QBridge
• MIB II Applications- SNMP- IP- ICMP- TCP- System2- UDP
• Transmission Applications- FDDI- Point to Point
- DS1- DS3- RS-232- WAN- Frame Relay- Token Ring- Ethernet- Fast Ethernet- RFC 1317App- RFC 1285App- RFC 1315App- 802.11App- SONET
• Technology Applications- APPN- ATM Client- DHCP- DLSw- PNNI- RFC 1316App- RFC 1514- RFC 2287- RFC 2790- RFC 2925
• DOCSIS Applications- DOCSISCblDvApp - DOCSISQOSApp
A p p l i c a t i o n V i e w s C h e c k p o i n t A p p l i c a t i o n
D e v i c e M a n a g e m e n t Page 16 N o k i a F i r e w a l l
- DOCSISBPI2App - DOCSISBPIApp - DOCSISIFApp
• Digital Subscriber Line (DSL) Applications- ADSL
Device Specific ApplicationsThe views and subviews available for Nokia Firewall device-specific applications are described in the rest of this section.
• Checkpoint Application• RateShape Application (Page 17)• Virtual Router Redundancy Protocol
Application (Page 19)
Checkpoint ApplicationThis major application (model type CheckpointApp) provides access to the following application-specific subview:
• Firewall Information View• Model Information Views (Page 28)
Firewall Information ViewAccess: From the Icon Subview menu for the CheckpointApp application, select Firewall.
This view provides fields in the following areas:
• General Information• Filter Information (Page 17)• Packet Information (Page 17)
General InformationThis area of the Firewall Information view provides the following information:
ProductType of Firewall.
Module StateThe state of the module.
Last SNMP FW EventThe last SNMP trap sent via “fw”.
Major VersionThe major Firewall version.
Minor VersionThe minor Firewall version.
A p p l i c a t i o n V i e w s R a t e S h a p e A p p l i c a t i o n
D e v i c e M a n a g e m e n t Page 17 N o k i a F i r e w a l l
Filter InformationThis area of the Firewall Information view provides the following information:
NameThe name of the loaded filter.
DateThe date the filter was installed.
Packet InformationThis area of the Firewall Information view provides the following information:
Accepted PacketsThe number of accepted packets
Rejected PacketsThe number of rejected packets.
Dropped PacketsThe number of dropped packets.
Logged PacketsThe number of logged packets.
RateShape ApplicationThis major application (model type NkIpsoRateApp) provides access to the following application-specific subviews:
• IPSO Configuration View (Page 22)• RateShape Configuration View (Page 24)• RateShape Performance View
RateShape Performance ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select RateShape Performance.
This view displays the Access List Status Table which provides the following information:
ifIndexIdentifies the MIB-II interface which this access list stat entry is responsible for.
IndexA unique value identifying this table entry.
DirectionThe data source for this access list.
Pkts PassedNumber of packets successfully exiting this access list.
A p p l i c a t i o n V i e w s R a t e S h a p e A p p l i c a t i o n
D e v i c e M a n a g e m e n t Page 18 N o k i a F i r e w a l l
Bytes PassedNumber of bytes successfully exiting this access list.
Clicking this button opens the Rule Status Table View.
Clicking this button opens the Aggregation Class Status Table View (Page 18).
Rule Status Table ViewAccess: From the RateShape Performance view, click the Rules button.
This view provides the following information:
ifIndexA unique value corresponding to the interface to which this rule is applied.
IndexThe “rsRuleIndex” value of the rule this entry describes.
DirectionThe data source for this rule.
Drop PktsThe number of packets that exceeded this rate limit.
Drop OctetsThe number of bytes that exceeded this rate limit.
Pkts PassedNumber of packets successfully exiting this rule.
Bytes PassedNumber of bytes successfully exiting this rule.
Aggregation Class Status Table ViewAccess: From the RateShape Performance view, click the Aggregation Class button.
This view provides the following information:
ifIndexThe value of “ifIndex” which corresponds to the interface for which this aggregation class handles tokens.
IndexA unique value identifying this entry in the table.
DirectionThe data source for this aggregation class.
Shaped PktsThe number of packets shaped by this rate limit.
Rules
Aggregation Class
A p p l i c a t i o n V i e w s V i r t u a l R o u t e r R e d u n d a n c y P r o t o c o l A p p l i c a t i o n
D e v i c e M a n a g e m e n t Page 19 N o k i a F i r e w a l l
Shaped OctetsThe number of octets shaped by this rate limit.
Enqueued PktsThe number of packets enqueued by this rate limit.
Enqueued OctetsThe number of packets enqueued by this rate limit.
Dropped PktsThe number of packets which exceeded this rate limit.
Dropped OctetsThe number of octets which exceeded this rate limit.
Pkts Passed InThe number of packets passed in successfully exiting this aggregation class.
Pkts Passed OutThe number of packets passed out successfully exiting this aggregation class.
Bytes Passed InThe number of bytes passed in successfully exiting this aggregation class.
Bytes Passed OutThe number of bytes passed out successfully exiting this aggregation class.
Virtual Router Redundancy Protocol ApplicationThe Virtual Router Redundancy Protocol (VRRP) application (model type rfc2338App) provides access to the VRRP Configuration View. See Routing Applications for documentation.
D e v i c e M a n a g e m e n t Page 20 N o k i a F i r e w a l l
Performance Views
This section introduces the Performance view. For details concerning this view, refer to the SPECTRUM Views documentation.
Performance views display performance statistics in terms of a set of transmission attributes, e.g., cell rates, frame rates, % error, etc. A typical view is shown in Figure 7. The instantaneous condition of each transmission attribute is recorded in a graph. The statistical information for each attribute is presented in the adjacent table.
Generally, you determine performance at the device level through Performance views accessed from the Device and Application icons. You determine performance at the port/interface level through Performance views accessed from Interface icons.
Figure 7: Performance View
SpectroGRAPH: Type Routing
File View Tools Bookmarks
% Discarded
type routing of type IP Routing of Landscape node: Primary
Performance View
Day/Month/ Time/ Year
100.0
10.01.000.100.010
00:30 00:20 00:10 0
* Frame/Sec
% Received
% Forwarded
% Trans
Value Average Peak Value
Scroll to Date-TimeGraph Properties* Graph X 1000
Log
Network Address Device Type
% Error
% Discarded
Detail
at
at
at
at
at
at
D e v i c e M a n a g e m e n t Page 21 N o k i a F i r e w a l l
Configuration Views
This section describes the Configuration views available for models of Nokia Firewall devices in SPECTRUM.
Configuration views allow you to view and modify current settings for the modeled device and its interfaces, ports, and applications. The following Configuration views are available for models of Nokia Firewall devices:
• Device Configuration View• IPSO Configuration View (Page 22)• RateShape Configuration View (Page 24)
Device Configuration ViewAccess: From the Icon Subviews menu for the Device icon, select Configuration.
A typical Device Configuration view is shown in Figure 8. Generally, this view includes a few fields that display device information as well as an Interface Configuration Table that lists interface parameters, some of which can be changed (see SPECTRUM Views). Some Device Configuration views include one or more buttons that provide
access to device-specific configuration information. These are described below.
Figure 8: Device Configuration Viewp
Model Name
File View Tools Bookmarks Help
DescriptionLocation
ContactManufacturerSys Up Time
Net Address
Device Type
Serial Number
Configuration View
Number of Interfaces
Interface Address Translation
Sort Interface Configuration Table
Index Description Type Bandwidth Physical Addre
Find Update
Redundancy and Model Reconfiguration Options
Contact Status
C o n f i g u r a t i o n V i e w s I P S O C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 22 N o k i a F i r e w a l l
Refer to the SPECTRUM Views documentation
Refer to the SPECTRUM Views documentation.
IPSO Configuration ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select Configuration.
This view provides the fields described below and contains other fields in the following areas:
• Config• Log Table (Page 23)• Card (Page 23)
Serial NumberThe serial number of this device.
Memory (MB)The total memory capacity, in megabytes.
Log SizeA maximum limit on the number of entries which may be recorded in the Log Table.
MB TypeThe type of motherboard populating this device.
MB Rev NumberA string value representing the type of motherboard populating this device.
MB Serial NumberThe serial number of the motherboard.
Clicking this button opens the IPSO Additional Configuration View (Page 23).
ConfigThis area of the IPSO Configuration View provides the following information:
IndexThe index for this configuration, with 1 representing the currently running database and traversing from newest to oldest.
File PathThe absolute pathname and filename that holds a record of this configuration.
Date/TimeThe date and time this file was last changed.
Redundancy and Model Reconfiguration Options
Interface Address Translation
Additional Configuration
C o n f i g u r a t i o n V i e w s I P S O A d d i t i o n a l C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 23 N o k i a F i r e w a l l
Log TableThis area of the IPSO Configuration View provides the following information:
Index The unique index of this configuration change entry.
DescriptionA description of the nature of the configuration change.
CardThis area of the IPSO Configuration View provides the following information:
IndexThe number of the slot in which this card is plugged.
StatusThe operational status of this card. Possible values are: enabled or disabled.
TypeThe “ifType” value for any interface(s) on this card. Please refer to RFC1213.
IPSO Additional Configuration ViewAccess: From the IPSO Configuration View, click the Additional Configuration button.
This view provides fields in the following areas:
• Image• Fan (Page 24)• Power (Page 24)
ImageThis area of the IPSO Additional Configuration View provides the following information on resident kernel images on this system:
IndexA unique value for the image represented by this entry.
Version No.The version number of this image.
Serial No.The serial number of this image.
Time of LoadThe date and time when this image was first transferred onto this device.
C o n f i g u r a t i o n V i e w s R a t e S h a p e C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 24 N o k i a F i r e w a l l
FanThis area of the IPSO Additional Configuration View provides the following information:
Index A unique value representing this particular fan.
StatusThe operational status of this fan. Possible values are: running and notRunning.
PowerThis area of the IPSO Additional Configuration View provides the following information:
IndexA unique value representing this power supply.
TemperatureAn indication of whether or not this power supply’s internal temperature is over the recommended operation temperature limit. Possible values are: normal and overTemperature.
Oper StatusThe operational status of this power supply. Possible values are: running and notRunning.
RateShape Configuration ViewAccess: From the Icon Subviews menu for the NkIpsoRateApp application, select RateShape Config.
This view displays the Access List table which provides the following information:
ifIndexThe “ifIndex” of the MIB-II interface for which this access list entry is responsible.
IndexA unique value identifying this Access List.
DirectionThe data source for this access list.
NameA unique descriptor for this access list.
Row StatusThe current status of this access list. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.
Clicking on this button opens the Access List Add View, which enables you to create an Access List within the Access List Table by entering an instance and then selecting its desired status.
Add New Access List
C o n f i g u r a t i o n V i e w s R a t e S h a p e C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 25 N o k i a F i r e w a l l
Clicking this button opens the Aggregation Class Table View.
Clicking this button opens the Rule Table View (Page 26).
Aggregation Class Table ViewAccess: From the RateShape Configuration view click on the Aggregation Class button.
This view provides the following information:
ifIndexThe value of “ifIndex” which corresponds to the first interface for which this aggregation class handles tokens.
IndexThe unique value identifying this aggregation class (queue).
DirectionThe data source for this aggregation class.
NameA description of this aggregation class.
Mean RateThe peak bandwidth when Burst Rate and Burst Duration are not set. When mean rate and burst duration are set, the mean rate specifies the long-term rate which the packet stream will be shaped to, but the packet stream can burst above that rate, with no penalty, for as long as the burst duration specifies.
Burst RateThe maximum burst peak rate in kilobits per second before being shaped. This value is obsolete and will no longer be supported.
Burst DurationThe number of milliseconds this aggregation class needs to transmit Burst Rate. If this is not set to a non-zero value, Mean Rate is the peak rate.
Row StatusThe current status of this aggregation class. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.
Aggregation Class
Rules
C o n f i g u r a t i o n V i e w s R a t e S h a p e C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 26 N o k i a F i r e w a l l
Rule Table ViewAccess: From the RateShape Configuration view click on the Rules button.
This view provides the following information:
ifIndexThe “ifIndex” of the MIB-II interface for which this access list entry is responsible.
IndexAn arbitrary value for rate limit objects.
DirectionThe data source for the Rate Limit object.
TOSThe TOS field of the type of packet which this rule governs.
ActionThe forwarding Action associated with this rule. Possible values are: drop, accept, reject, condition, and skip.
Src AddrThe source IP address for this rule.
Src Addr MaskThe mask of source address for this rule.
Dest AddrThe destination IP address for this rule.
Dest Addr MaskThe mask of destination address for this rule.
ProtocolThe number of IP protocol that rule applies on.
Src Start PortThe start of the source range of port number(s) of the IP protocol for this rule.
Src End PortThe end of the source range of port number(s) of the IP protocol for this rule.
Dest Start PortThe start of the destination range of port number(s) of the IP protocol for this rule.
Dest End PortThe end of the destination range of port number(s) of the IP protocol for this rule.
Agg Class IndexThe index to the aggregation class (queue) if the value of Action is enqueue.
EstablishedIndicates whether this rule is effective on previously-established TCP connections.
C o n f i g u r a t i o n V i e w s R a t e S h a p e C o n f i g u r a t i o n V i e w
D e v i c e M a n a g e m e n t Page 27 N o k i a F i r e w a l l
Row StatusThe current status of this rule. Possible values are: active, notInService, notReady, createAndGo, createAndWait, and destroy.
D e v i c e M a n a g e m e n t Page 28 N o k i a F i r e w a l l
Model Information Views
This section provides a brief overview of the Model Information view.
Model Information views display administrative information about devices and their applications and let you set thresholds and alarm severity for the devices.
Figure 9 shows a sample Model Information view. The layout of this view is the same for all model types in SPECTRUM but some information will vary depending on the model it defines. Refer to the SPECTRUM Views documentation for a complete description of this view.
Figure 9: Model Information View
Model Name ContactDescriptionLocation
SpectroGRAPH: Model Name
File View Tools Bookmarks Help
ManufacturerSysUpTime
Net AddressDevice TypeSerial Number
Model Information View
MM Name
MM Part Number
MM Version Number
Model Type
Model Creation Time
Model Created By
Model State
Security String
Communication Information
Poll / Log Information
Condition Value
Contact Status
DCM TimeOut
DCM Retry
Lost Child Count
Value When Yellow
Value When OrangeValue When Red
Community Name
Mgnmt Protocol
Poll Interval
Poll Status
Log Ratio
Last Successful Poll
Logged Polled
True
General InformationCondition
D e v i c e M a n a g e m e n t Page 29 N o k i a F i r e w a l l
Index
AAddress
Interface IP 10Physical (MAC) 10Translation 11
Admin Status 9Aggregation Class Status Table
View 18Bytes Passed In 19Bytes Passed Out 19Direction 18Dropped Octets 19Dropped Pkts 19Enqueued Octets 19Enqueued Pkts 19ifIndex 18Index 18Pkts Passed In 19Pkts Passed Out 19Shaped Octets 19Shaped Pkts 18
Aggregation Class Table View 28Burst Duration 25Burst Rate 25Direction 25ifIndex 25Index 25
Mean Rate 25Name 25Row Status 25
ApplicationDevice-specific 16
Application Icons 14Application View 13
CCheckpoint Application 16Condition Status Label 14Configuration views 21
DDevice icon 5Device Topology Views 12
FFile Transfer MIB View 16Firewall Information View
Accepted Packets 17Date 17
Dropped Packets 17Filter Information 17General Information 16Last SNMP FW Event 16Logged Packets 17Major Version 16Minor Version 16Module State 16Name 17Packet Information 17Product 16Rejected Packets 17
Firewall InformationView 16
IIcons
Device 5Interface 9
Image 23Interface
Type, Device 9IPSO Additional Configuration
View 23Fan 24
Index 24Status 24
I n d e x I n d e x
D e v i c e M a n a g e m e n t Page 30 N o k i a F i r e w a l l
Image 23Index 23Serial No. 23Time of Load 23Version No. 23
Power 24Index 24Oper Status 24Temperature 24
IPSO Configuration View 2223
buttonAdditional Configuration 22
Card 23Config
Date/Time 22File Path 22Index 22
Log Size 22Log Table 23
Description 23Index 23
MB Rev Number 22MB Serial Number 22MB Type 22Status 23Type 23
LLabels
Application IconCondition Status 14Model Name 14Model Type 14
MMask 11Model type 5Model Type Label 14
NNetwork I/O ports 12Network Type 10
PPerformance Statistics 20Port Number, Device 9
RRateShape Application 17RateShape Configuration View 24
buttonAdd New Access List 24Aggregation Class 25
Rules 25Direction 24ifIndex 24Index 24Name 24Row Status 24
RateShape Performance View 17button
Aggregation Class 18Rules 18
Bytes Passed 18Direction 17ifIndex 17Index 17Pkts Passed 17
Row 24Rule Status Table View 18
Bytes Passed 18Direction 18Drop Octets 18Drop Pkts 18ifIndex 18Index 18
Rule Table View 26Action 26Agg Class Index 26Dest Addr 26Dest Addr Mask 26Dest End Port 26Dest Start Port 26Direction 26Established 26
I n d e x I n d e x
D e v i c e M a n a g e m e n t Page 31 N o k i a F i r e w a l l
ifIndex 26Index 26Protocol 26Row Status 27Src Addr 26Src Addr Mask 26Src End Port 26Src Start Port 26TOS 26
SSerial ports 12
TTasks 7Threshold Information 10
VViews
Configuration 21Virtual Router Redundancy Protocol
(VRRP) Application 19
top related