TM

Alteon Switched Firewall 4.0.2

Browser-Based Interface
Quick Access Guide

part number: 217015-A, November 2004

4655 Great America Parkway

Santa Clara, CA 95054
Phone 1-800-4Nortel
http://www.nortelnetworks.com
ASF 4.0.2 BBI Quick
Access Guide
Alteon Switched Firewall 4.0.2 BBI Quick Access Guide

Copyright 2004 Nortel Networks, Inc.,4655 Great America Parkway, Santa Clara, California 95054, USA.
All rights reserved. Part Number: 217015-A, Revision Release 4.0.2.

This document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this document may be reproduced in any form by any means
without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without
warranty of any kind, either express or implied, including any kind of implied or express warranty of non-
infringement or the implied warranties of merchantability or fitness for a particular purpose.
U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR
2.101 (Oct 1995) and contains “commercial technical data” and “commercial software documentation” as
those terms are used in FAR 12.211-12.212 (Oct 1995). Government End Users are authorized to use this
documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR
12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995).
Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without
notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products
described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of
this product does not convey a license under any patent rights, trademark rights, or any other intellectual
property rights of Nortel Networks, Inc.
Alteon, Alteon Switched Firewall, Alteon 5008, 5010, 5014, 5300, 5400, 5600, 5700, 6400, 5308, 5408,
5610, 5710, 6414, Alteon Firewall Director, Firewall OS, Alteon Firewall Accelerator, and Alteon
Accelerator OS are trademarks of Nortel Networks, Inc. in the United States and certain other countries.
Check Point, SecureXL, SmartCenter, SmartDashboard, SmartView Tracker, OPSEC, and SmartView
Monitor are trademarks of Check Point Software Technologies Ltd. FireWall-1 and VPN-1 are registered
trademark of Check Point Software Technologies Ltd. Any other trademarks appearing in this manual are
owned by their respective companies.
Portions of this manual are Copyright © 2001 Dell Computer Corporation. All Rights Reserved.

Originated in the USA.

2
217015-A, November 2004
 Contents

Preface 5
Who Should Use This Book 5
Related Documentation 5
Typographic Conventions 6
How to Get Help 7

Chapter 1: Getting Started 9

Features 10
Requirements 10
Enabling the Browser-Based Interface 11
Setting Up the Web-Browser 12
Starting the Browser-Based Interface 13
Basics of the Browser-Based Interface 17
Interface Components 17
Basic Operation 18

Chapter 2: BBI Forms Reference 19

Global Command Forms 19
Apply 20
Diff 21
Revert 22
Logout 23
Help 24
Site Map 26

Chapter 3: Using the Browser-Based Interface 31

Configuring Interfaces 32
Expanding a Cluster 35
Configuring a Sync Device 37
Downloading MIB Files 38

3
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

4 „ Contents
217015-A, November 2004
 Preface
Browser-Based Interface (BBI) software is included in the Nortel Networks’ family of Alteon
Switched Firewalls (ASF). The BBI software lets you use your Web browser to access ASF
information and statistics, and to perform ASF configuration via the Internet.

This Browser-Based Interface Quick Access Guide provides an overview of how to access and
use the Browser-Based Interface.

Who Should Use This Book

This Browser-Based Interface Quick Access Guide is intended for network installers and sys-
tem administrators engaged in configuring and maintaining a network. It assumes that you are
familiar with your Alteon Switched Firewall, your Web browser, Ethernet concepts, IP
addressing, the IEEE 802.1d Spanning-Tree Protocol, and SNMP configuration parameters.

Related Documentation
For detailed information about the functionality and configuration of the Alteon Switched
Firewall and physically installing the hardware components, see the following documentation:

„ Alteon Switched Firewall 4.0.2 User’s Guide and Command Reference (Part Number
217014-A) published in November 2004.
„ Alteon Switched Firewall 4.0.2 Hardware Installation Guide (Part Number 217016-A)
published in November 2004.

5
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Typographic Conventions
The following table describes the typographic styles used in this book.

Table 1 Typographic Conventions

Typeface or Meaning Example

Symbol

AaBbCc123 This type is used for names of commands, View the readme.txt file.
files, and directories used within the text.

It also depicts on-screen computer output and Main#

prompts.

AaBbCc123 This bold type appears in command exam- Main# sys

ples. It shows text that must be typed in
exactly as shown.

<AaBbCc123> This italicized type appears in command To establish a Telnet session, enter:
examples as a parameter placeholder. Replace host# telnet <IP address>
the indicated text with the appropriate real
name or value when using the command. Do
not type the brackets.

This also shows book titles, special terms, or Read your User’s Guide thoroughly.
words to be emphasized.

[ ] Command items shown inside brackets are host# ls [-a]

optional and can be used or excluded as the
situation demands. Do not type the brackets.

6
217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

How to Get Help

If you purchased a service contract for your Nortel Networks product from a distributor or autho-
rized reseller, contact the technical support staff for that distributor or reseller for assistance.

If you purchased a Nortel Networks service program, contact one of the following Nortel Net-
works Technical Solutions Centers:

Technical Solutions Center Telephone

Europe, Middle East, and Africa 00800 8008 9009

or
+44 (0) 870 907 9009

North America (800) 4NORTEL or (800) 466-7835

Asia Pacific (61) (2) 8870-8800

China (800) 810-5000

Additional information about the Nortel Networks Technical Solutions Centers is available at
the following URL:

http://www.nortelnetworks.com/help/contact/global
An Express Routing Code (ERC) is available for many Nortel Networks products and services.
When you use an ERC, your call is routed to a technical support person who specializes in sup-
porting that product or service. To locate an ERC for your product or service, refer to the fol-
lowing URL:

http://www.nortelnetworks.com/help/contact/erc/index.html

7
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

8
217015-A, November 2004
 CHAPTER 1
Getting Started
This chapter explains how to enable, setup, and launch the Browser-Based Interface (BBI) to
access and manage the features in the Alteon Switched Firewall system in the following sec-
tions:

„ “Features” on page 10
„ “Requirements” on page 10
„ “Enabling the Browser-Based Interface” on page 11
„ “Setting Up the Web-Browser” on page 12
„ “Starting the Browser-Based Interface” on page 13
„ “Basics of the Browser-Based Interface” on page 17

9
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Features
The BBI provides the following features:

„ Intuitive and easy-to-use interface structure

„ Most of the configuration functions available through the Command Line Interface (CLI)
„ Monitoring functions are updated dynamically
„ Can be accessed using HTTP, or secure HTTPS using Secure Socket Layer (SSL)
„ Nothing to install; the BBI is part of the Firewall OS software
„ Can be upgraded along with future software releases as available
„ Up to 10 concurrent BBI users can access the Alteon Switched Firewall at any given time

Requirements
„ An installed Alteon Switched Firewall
„ PC or workstation with network access to the cluster Management IP (MIP) address
„ Frame-capable Web-browser software, such as the following:
† Netscape Navigator 4.6 or higher
† Internet Explorer 5.0 or higher
„ JavaScript enabled in your Web-browser

10 „ Chapter 1: Getting Started

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Enabling the Browser-Based Interface

Before BBI access is possible, some configuration must first be performed using the CLI. For
information on accessing and using the CLI, see the Command Reference section in the Alteon
Switched Firewall 4.0.2 User’s Guide and Command Reference.

1. Enable the BBI.

By default, the BBI is enabled for HTTP access, and disabled for HTTPS access. The BBI can
be enabled for HTTP and/or HTTPS, or fully disabled.

NOTE – HTTP is not a secure protocol. All data (including passwords) between an HTTP cli-
ent and the Alteon Switched Firewall is unencrypted and is subject only to weak authentica-
tion. If secure remote access is required, consider using HTTPS instead of HTTP.

To explicitly allow remote BBI access, enter the following commands in the CLI.

„ To enable HTTP access:

>> # /cfg/sys/adm/web/http/ena

„ To enable HTTPS access using SSL:

>> # /cfg/sys/adm/web/ssl/ena

2. Use the access list (cfg/sys/accesslist) to permit remote access to trusted clients.
If you have already configured the access list for Telnet or SSH, there is no need to repeat the
process. Otherwise, to permit access to only trusted clients, see the section on “Defining the
Remote Access List” in Chapter 10, “The Command Line Interface” in the ASF 4.0.2 User’s
Guide and Command Reference.

3. If using HTTPS, generate a temporary certificate.

An SSL server certificate is required for HTTPS access to the BBI. The Firewall Director can
generate a temporary, self-signed certificate. The commands to create a default certificate are
as follows:

>> SSL configuration# certs/serv/gen <Name> <Country code> <Key size>

Do you want to generate a self-signed certificate with the generated
Key? y

Chapter 1: Getting Started „ 11

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

where Name is the common name that will appear on the certificate, Country code is a two-let-
ter code (US for the United States of America, CA for Canada, JP for Japan, etc.), and Key size
is 512, 1024, or 2048 bits. For example:

>> SSL configuration# certs/serv/gen Alteon US 1024

NOTE – When you log in to the BBI with the temporary certificate, you will be warned that the
certificate is not signed or authenticated. This should be permitted only during initial configu-
ration where the system is not attached to active networks that could be a source of attack.
Install a signed and authenticated certificate prior to connecting any untrusted network.

4. Apply the changes.

>> SSL configuration# apply

5. Use the Check Point™ SmartDashboard™ tool on your management client to add a secu-
rity policy that allows BBI traffic.
The firewall policy should be constructed as follows:

„ Source: The management client IP address or management network IP address range

„ Destination: The cluster MIP address
„ Service: HTTP for non-secure access, or SSL for HTTPS access
„ Action: Allow

Setting Up the Web-Browser

Most modern Web-browsers work with JavaScript by default and require no additional set up.
However, you should check your Web-browser’s features and configuration to make sure Java-
Script is enabled.

NOTE – JavaScript is not the same as Java. Please make sure that JavaScript is enabled in your
Web-browser.

12 „ Chapter 1: Getting Started

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Starting the Browser-Based Interface

When the Firewall Director and browser set up is done, follow these steps to launch the BBI:

1. Start your Web-browser.

2. Enter the Alteon Switched Firewall MIP address in the Web-browser’s URL field.
For example, consider a cluster MIP address of 192.168.1.1. Using Netscape Navigator, you
could enter the following:

If the MIP address has a name on your local domain name server, you could enter the name
instead. For example, with Internet Explorer, you could enter the following:

NOTE – When you use HTTPs to connect to the BBI with a temporary certificate, you will be
warned that the certificate is not signed or authenticated. This should be permitted only during
initial configuration where the system is not attached to active networks that could be a source of
attack. Install a signed and authenticated certificate prior to connecting any untrusted network.

Chapter 1: Getting Started „ 13

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

3. Log in.
If your Alteon Switched Firewall and browser are properly configured, you will be asked to
enter a password:

Enter the account name and password for the system administrator or operator account. For
more login and password information, see the section on Users and Passwords in the ASF 4.0.2
User’s Guide and Command Reference.

4. Allow the main page to load.

14 „ Chapter 1: Getting Started

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

When the proper account name and password combination is entered, the BBI default page is
displayed in your browser’s viewing window. The following page refreshes every 30 seconds.

NOTE – There may be a few seconds delay while the default page collects data from all of the
cluster components. You should not stop the browser while loading is in progress.

5. Select the Go To Lock Page to notify other BBI users that you are accessing the firewall
configuration via the BBI.

6. Enter a message indicating a reason for accessing the firewall configuration.

This message notifies other BBI administrators that you are accessing the firewall configura-
tion.

Chapter 1: Getting Started „ 15

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

7. The following GUI lock message is displayed when the next BBI administrator logs in:

You may enter a message to notify other BBI users that you are accessing the BBI.

16 „ Chapter 1: Getting Started

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Basics of the Browser-Based Interface

Interface Components
The BBI screen consists of the following areas:

„ Main Page Menu

The buttons in this area (Monitor, Cluster, and so on) represent the main categories of
forms available for collecting information and configuring the system. Each main cate-
gory contains a variety of sub-pages.
„ Sub-Pages Menu
These buttons represent the sub-categories under each main page. A different list of sub-
pages is available for each main page. When a sub-page is selected, the appropriate infor-
mation and configuration fields are displayed in the forms area.
„ Forms Area
This area contains fields that display information or allow you to specify information for
configuring the system. The fields are different for each sub-page.
„ Global Command Buttons
These buttons are available from any page. The buttons display forms used for saving,
examining, or aborting configuration changes, and for displaying help information for the
current page.

Chapter 1: Getting Started „ 17

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Basic Operation
Using the BBI, Alteon Switched Firewall administration is performed in the following manner:

„ The administrator selects from a series of pages and sub-pages, and modifies fields to cre-
ate the desired configuration.
„ When finished making changes on any given page, the administrator submits the form
using the appropriate Update buttons. If the user selects a new form or ends the session
without submitting the information, the changes are lost.
„ Most submitted changes are considered pending and are not immediately put into effect or
permanently saved. Only a few types of changes take effect as soon as the form is submit-
ted: changes to users and passwords, and setting the time or time zone.
„ In order to save changes and make them take effect, the administrator must use the global
Apply form. This allows the administrator to make an entire series of updates on multiple
forms and then put them into effect all at once.
„ From the Apply form, the administrator can validate the configuration to check for any
configuration problems prior to applying them. If the configuration is in an invalid state,
the Apply command will not be allowed.
„ The global Diff form can be used to view pending changes before they are applied.
„ To clear all pending changes, the administrator can use the global Revert form and then
continue the configuration session, or the global Logout form to exit from the system.
Closing your browser will also discard pending changes, though logging out manually is
preferred.

NOTE – When multiple CLI or BBI administrator sessions are open at the same time, only
pending changes made during your current session will be affected by the Diff, Revert, or
Logout commands. However, if multiple CLI or BBI administrators apply changes to the same
set of parameters concurrently, the latest applied changes take precedence. Refer to the GUI
lock in Step 5 on page 15.

18 „ Chapter 1: Getting Started

217015-A, November 2004
 CHAPTER 2
BBI Forms Reference
This chapter explains the commands available in the Browser-Based Interface (BBI) to access
and manage the features in the Alteon Switched Firewall system.

„ “Global Command Forms” on page 19

„ “Site Map” on page 26

Global Command Forms

The global command buttons are always available at the top of each form:

These buttons summon pages which are used for saving, examining, or aborting configuration
changes, logging out, and for displaying help information. Each global command page pro-
vides options to verify or cancel the command as appropriate.

19
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Apply
The global Apply form is used for checking the validity of the current session’s pending con-
figuration changes, and for saving the configurations change and putting them into effect.

This form includes the following items:

„ Apply Changes pull-down menu. To use this menu, select one of the following options
and click on the Submit button:
† Apply Changes
When submitted, this action updates the cluster with any pending configuration
changes. Pending changes are first validated for correctness (see below). If problems
are found, applicable warning and error messages are displayed. If errors are found,
the changes are not applied. If there are no errors (warnings are allowed), the changes
are saved and put into effect.
This command has no effect on pending changes in other open CLI or BBI sessions.

NOTE – The global Revert command clears pending changes. It cannot be used to restore the
old configuration after the Apply Changes command has been issued.

† Validate Configuration
When submitted, this button validates the current session’s pending changes, but does
not apply them. The pending configuration changes are examined to ensure that they
are complete and consistent. If problems are found, the following types of messages
are displayed:
Warnings. These appear in yellow. Warnings identify conditions that the administra-
tor should pay special attention to, but which will not cause errors or prevent the con-
figuration from being applied.

20 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Errors. These appear in red. Errors identify serious configuration problems that must
be corrected before changes can be applied. Uncorrected errors will cause the Apply
Changes command to fail.
If the configuration is valid, the administrator must still separately submit the Apply
Changes command.
† Run Security Audit
When submitted, this option lists security information, such as the status (enabled or
disabled) for remote management features such as Telnet, SSH, and the BBI for the
cluster and the IP addresses which can access them. It also lists which users (if any)
are still configured with default passwords which should be changed.
„ Submit button. This button performs the action selected in the Apply Changes pull-down
menu.
„ Back button. This button returns the previously viewed form without applying changes.

Diff
The global Diff form provides a list of the current session’s pending configuration changes.

This form includes the following items:

„ Change list. The list displays a change record for each submitted update. Each record may
consist of many modifications, depending upon the complexity of the form and changes
submitted. Modifications are color coded:
† Green: New items that will be added to the configuration when the global Apply com-
mand is given and verified.

Chapter 2: BBI Forms Reference „ 21

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

† Blue: Existing items that will be modified.

† Red: Configuration items that will be deleted.
„ Back button. This button returns the previously viewed form.
The Diff list is cleared when configuration changes are applied or reverted, or when the admin-
istrator logs out or closes the browser window.

This change list does not show pending changes made in other open CLI or BBI sessions.

Revert
The global Revert form is used for canceling pending configuration changes.

This form includes the following items:

„ Revert button. This button cancels the current session’s pending configuration changes.
Applied changes are not affected. Pending changes made in other open CLI or BBI ses-
sions are not affected.
„ Back button. This button returns the previous form without cancelling pending changes.

22 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Logout
The global Logout form is used to terminate the current user session.

This form includes the following items:

„ Logout button. This button terminates the current user session. Any configuration changes
made during this session that have not yet been applied will be lost. This command has no
effect on pending changes in other open CLI or BBI sessions.
„ Back button. This button returns the previously viewed form without logging out.

NOTE – For thorough security, close all BBI windows (including help) after logging out.

Chapter 2: BBI Forms Reference „ 23

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Help
The global Help form provides assistance with forms and tasks in the BBI. There are two kinds
of help: context-sensitive help and task-based help.

Context-Sensitive Help
Context-sensitive help displays detailed information about whatever form is currently dis-
played in the BBI forms area. When you click on the global Help button, a new window
appears with information appropriate to your current options:

The context-sensitive help window consists of the following areas:

„ Help topic menu. You can select a new help topic using the menu on the left-hand side of
the help window. Each main menu item is listed, along with the sub-menu items under the
current selection. Select a different menu item to reveal its sub-menu list. Select any sub-
menu item to display help for the relevant form.
„ Forms area. This area displays detailed information about the selected topic.
„ Load Page link. Click on the title of this bar in the forms area to return to the main BBI
window and jump directly to the form currently referenced by the help window.
„ Tasks Page link. Click on the title of this bar at the bottom of the help topic menu to acti-
vate the task-based help system.
„ Close button. This button (in the top, right corner) closes the help window.

24 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Task-Based Help
Task-based help directs the administrator through the steps of various common procedures. To
access task-based help, first click on the global Help button and then click on the Tasks Page
title at the bottom of the help topic menu in the help window. The task help menu will be dis-
played in a new window with information appropriate to the current BBI form:

The Task-based help window consists of the following areas:

„ Task topic menu. You can select from a list of tasks using the menu on the left-hand side of
the help window. Each main task item is listed, along with the various steps under the cur-
rent selection. Select a different task item to reveal its steps. Select any step to display rel-
evant help information.
„ Forms area. This area displays detailed information about the selected task.
„ Previous link (if appropriate): Displays the information for the previous step in the task.
„ Next link (if appropriate): Displays the information for the next step in the task.
„ Load Page link. Click on the title of this bar in the forms area to return to the main BBI
window and jump directly to the form currently referenced by the help window.
„ Close button. This button at the top, right-hand corner closes the task-based help window.

Chapter 2: BBI Forms Reference „ 25

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Site Map
The Site Map table below provides the list of sub-page menus and status/command labels for
each form to aid navigation through the BBI. Items in parenthesis are for clarification or to
indicate the operations that can be performed.

Table 2-1 ASF 4.0.2 BBI Site Map

Form Sub-Page Sub-Page Status and Command Labels

Menu

Monitor System List of Firewall Accelerators and Firewall Directors

ISDs List of Directors, Director name, Management IP, MAC address,

Director type, System Uptime, Hard Disk Usage, Memory Usage,
CPU load

Network Network routes: Destination IP, Destination Subnet, Gateway IP

Syslog Syslog Messages: Director IP, Search String, Messages Per Page

Alarms List of alarms (Name, Sender, Cause, Severity)

GUI Lock Notify other BBI users.

About Product Information and Software Version

Cluster Time Current time Date and Timezone (modify)

NTP servers IP address (add/delete/modify)

ISD(s) Management IP address (add/delete/modify), General settings for

Firewall Director (modify)

Accelerator(s) General Auto discovery, high availability, VMA, Re-ARP, Management

Net, Health check settings

Configuration Preferred Master, MAC address, IP address, Inter-Accelerator port

Flow control Flow Control (enable/disable), Window, Sync interval (modify)

Logs Syslog Debug messages, Source IP Mode, Current Remote Syslog Serv-
ers (add/delete/modify)

ELA ELA (enable/disable), Management station IP, Minimum severity,

Management station DN, SIC certificate (add/delete/modify)

Archive Email, SMTP server IP, Rotate size, Interval (modify)

Miscellaneous Warnings (enable/disable)

26 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Table 2-1 ASF 4.0.2 BBI Site Map

Network General Subnet/Domain ASF subnet, Domain name (modify)

Gateways Default gateway metric, Gateway (add/delete/modify)

DNS DNS Servers (add/delete/modify)

Ports General Ports (add/delete/modify), Port #, Trunk, NAAP, VLAN tag, Fil-
ters, Filters list

Mirroring Port mirroring (enable/disable), Monitoring ports (add/delete/

modify)

VLANs VLANs (add/delete/modify), Name, Jumbo frame, ports, IDS

group

Interfaces Interfaces (enable/disable), IP address (add/delete/modify),

VLAN, Ports

Filters Filters (add/delete/modify)

Routes Static Routes (add/delete/ modify), Destination IP, Destination Subnet,

Gateway IP

Local Automatic localnet configuration (enable/disable),

Local networks (add/delete/ modify)

Proxy ARP Proxy Director addresses and cluster MIP address, Proxy ARP IP
address (add/delete/modify)

RIP General RIP (enable/disable), version,

metric

VLANs RIP/VLAN settings

Redistribute Connected, static, OSPF,

Default Gateway, Fictitious

OSPF General Default Metric, SPF Interval,

SPF Hold time, Route ID

Area Index OSPF Area Index settings

Range OSPF Range settings

OSPF Interface OSPF Interface settings

OSPF Virtual Link OSPF Virtual Link settings

Chapter 2: BBI Forms Reference „ 27

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Table 2-1 ASF 4.0.2 BBI Site Map

DHCP Relay General DHCP Relay (enable/disable), DHCP Relay statistics,

Interface DHCP Relay Interface settings (modify), IP address, DHCP allow

Server DHCP Server (add/modify/delete)

IDS SLB IDS SLB (enable/disable), IDS group (add/delete/modify)

Firewall Settings Firewall (enable/disable), Reset SIC (list of Directors)

License Manage- Auto-detect Firewall Directors, List of Check Point licenses (add/
ment delete/modify)

Synchronization Firewall Synchronization (enable/disable), Network address,

Device name, Auto negotiation, Speed, Mode

Operation Configuration Cluster Configuration (export/import), Secret Key (import)

Update Upgrade ASF with newer versions of the image

28 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Table 2-1 ASF 4.0.2 BBI Site Map

Administration Users Administration of Users (add/modify/delete; except default user

names), Password (update), Password Expire Time (update)

Access List Lists Client Access, Access Control (add/delete/modify)

Access is restricted to clients in the list. An empty list means
access is unrestricted.

Telnet-SSH Telnet-SSH Settings (enable/disable), CLI Timeout,

SSH Key Generation (Generate)

Web General HTTP/HTTPS (enable/disable), Port # (modify), TLS, SSL v2 and

SSL v3

Create Cert Generate self-signed certificate

Server Cert Certificate Request (generate, add new server certificate, export)

CA Certs CA Certificate (add/delete/modify)

SNMP General SNMP (enable/disable), Security Model, Access, Events, Alarms,

Community strings, SNMP users (usm)

System Email, cluster name, cluster location

Trap Hosts List trap hosts (add/delete/modify)

USM Users SNMP Users (add/delete/modify)

Advanced Interface access, Source IP

MIBs Download MIB files

Audit Audit (enable/disable), Timeout, Retries, Vendor ID, Vendor Type,

Audit servers (add/delete/modify)

Diagnostics Security Zones Lists the VNICs with IP address, VLAN, and port

Accelerator CLI Execute Accelerator commands

System Com- ASF Statistics Execute System commands

mands 
FW-1 Statistics

Logs Lists contents of the log file

Chapter 2: BBI Forms Reference „ 29

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

30 „ Chapter 2: BBI Forms Reference

217015-A, November 2004
 CHAPTER 3
Using the Browser-Based Interface
This chapter provides few examples of how to perform basic tasks using the BBI. For example,

„ “Configuring Interfaces” on page 32

„ “Expanding a Cluster” on page 35
„ “Configuring a Sync Device” on page 37
„ “Downloading MIB Files” on page 38

31
217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Configuring Interfaces
Adding an Interface to the Firewall is one of the first tasks that need to be performed. This
example illustrates how to configure interfaces. To configure an interface, the following steps
need to be completed:

„ Add a new interface

„ Assign the ports to the interface
„ Enable the ports

1. Click Network > Interfaces on the Main Page Menu.

32 „ Chapter 3: Using the Browser-Based Interface

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

2. Click Add a New Interface to display the Interface form.

Specify an ID, enable the status, and provide the IP address and mask. VLAN is optional. If
you are using high availability, specify the VRRP commands.

3. Click on Update.

4. Assign the ports to the interface and enable them.

5. Click on Apply.

Chapter 3: Using the Browser-Based Interface „ 33

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

You have now configured an interface and assigned ports. Continue to add more interfaces to
the Firewall.

6. Click Network > Interfaces on the Main Page Menu to display all the configured inter-
faces.

34 „ Chapter 3: Using the Browser-Based Interface

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Expanding a Cluster
This section describes how to expand the Alteon Switched Firewall cluster beyond the basic
configuration. The cluster can be expanded in a variety of ways. The following procedure
explains how to add the Firewall Directors to the cluster, increasing firewall processing capac-
ity without taking the system offline. For more information on other ways to expand the Alteon
Switched Firewall cluster, see the ASF 4.0.2 User’s Guide and Command Reference.

The installation of additional Firewall Directors is handled as an expansion to the existing clus-
ter and requires the following:

„ A basic cluster (one Firewall Director and one Firewall Accelerator) must already be
physically installed as described in the Alteon Switched Firewall Hardware Installation
Guide.”
„ The basic cluster must already be configured with basic parameters as described in Chap-
ter 2, “Initial Setup” in the ASF 4.0.2 User’s Guide and Command Reference.
„ The redundant Firewall Director being added must be identical to the existing Firewall
Director. You cannot mix different models of Firewall Director in the same cluster.
Firewall traffic is load balanced among all Firewall Directors within the cluster, regardless of
whether attached to the master or backup Firewall Accelerator.

1. On the Main Page Menu, click Firewall > License Management.

2. Click on Add New License Entry.

Chapter 3: Using the Browser-Based Interface „ 35

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

The Add New License form is displayed.

3. Enter the IP address of the new Firewall Director.

Specify the password that you entered when you installed the Firewall Director. Enter the
Expiration Date, Feature String, and License String.

4. Click on Update.

5. Click on Apply.

36 „ Chapter 3: Using the Browser-Based Interface

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Configuring a Sync Device

This section describes how to configure Sync devices for Check Point Sync interface. This
capability also allows you to configure the speed, auto-negotiation features of the Sync device.
The new Firewall Director 5014 has 2 copper gigabit ports and 2 fiber gigabit ports, so now
you have the option to configure the appropriate sync device.

1. Click Firewall > Synchronization on the Main Page Menu.

2. Configure the Sync device on the Director.

3. Click on Update.

4. Click on Apply.

Chapter 3: Using the Browser-Based Interface „ 37

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

Downloading MIB Files

This section describes how to access the Management Information Base (MIB) files shipped
with the Alteon Switched Firewall software. All managed objects are contained in the MIB,
which is a database of the managed objects. The managed objects, or variables, can be set or
read to provide information on network devices and interfaces.

1. Click Administration > SNMP > MIBs on the Main Page Menu.

2. Click Download to download the MIB files.

Table 3-1 lists the ASF MIBs with a brief description of each file:

Table 3-1 ASF MIB Files

MIB File Description

altroot.mib Provides the baseline OID for the other two MIBs. This
MIB is a requirement for the other two MIB files.

ALTEON-ISD-PLATFORM-MIB.mib Provides generic system information, such as CPU, mem-

ory, disk utilization, and Firewall Director status.

alteon_asf.mib Provides firewall-specific information, such as firewall

policy, accelerator status, and packet/session statistics.

3. Click Save to save the MIB files locally.

38 „ Chapter 3: Using the Browser-Based Interface

217015-A, November 2004
 Alteon Switched Firewall BBI Quick Access Guide

Chapter 3: Using the Browser-Based Interface „ 39

217015-A, November 2004
Alteon Switched Firewall BBI Quick Access Guide

40 „ Chapter 3: Using the Browser-Based Interface

217015-A, November 2004