You know need to create the “Default filter”, this is used to deny any access to the NOKIA device except
for SSH or other connections. This all depends on how you create the default filter; I will be creating the
default filter that only allows SSH connections to the NOKIA device. Shown below are the steps that
need to be taken to apply the default filter.
NOTE: The default filter is really a default policy on the NOKIA device. A policy will be applied to the device when it is pushed via
the management server.
fw-test[admin]# cd $FWDIR/lib
fw-test[admin]# cp defaultfilter.ipso $FWDIR/conf/defaultfilter.pf
fw-test[admin]# fw defaultgen
Generating default filter
defaultfilter:
Compiled OK.
fw-test[admin]# cd $FWDIR/state
fw-test[admin]# ls -ls
total 1
1 -rw-rw-r-- 1 root 80 736 May 21 17:41 default.bin
fw-test[admin]# cp default.bin $FWDIR/boot
fw-test[admin]# cd $FWDIR/boot
fw-test[admin]# ls -ls
total 59
1 -rw-r--r-- 1 root 80 41 Sep 19 2002 boot.conf
1 -rw-rw-r-- 1 root 80 736 May 21 17:41 default.bin
56 -rwxr-xr-x 1 root 80 57344 Sep 19 2002 fwboot
1 drwxr-xr-x 2 root 80 512 May 6 21:33 modules
fw-test[admin]#
Now that the default filter is created you can move on to the second to last step of the configuration. All
of the appropriate patches and hot fixes should be applied at this time. I will demonstrate one for you; it is
best to use the directory /var/tmp.
NOTE: Make sure that your FTP server is running for this portion. You can get all of the current patches and hot fixes on Check
Point’s website.
fw-test[admin]# cd /var/tmp
fw-test[admin]# ls -ls
total 2
1 -rw-rw-rw- 1 root wheel 107 May 6 19:34 fetchout
0 -rw-r--r-- 1 root wheel 0 May 21 14:47 ipsopmddebug.txt
0 -rw-r--r-- 1 root wheel 0 May 6 22:10 ipsopmddebug.txt1
1 -rw-rw-rw- 1 root wheel 438 May 6 19:35 newimageout
0 lrwxrwxrwt 1 root wheel 42 May 21 15:44 present -> IPSO-3.7.1-BUILD010-04.05.2004-185427-1253
fw-test[admin]# ftp 10.0.0.2
Connected to 131.87.68.130.
220 3Com FTP Server Version 1.1
Name (131.87.68.130:admin):
331 User name ok, need password
Password:
230 User logged in
Remote system type is Windows/NT.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> bin
200 Type set to I.
ftp> dir
200 PORT command successful.
150 File status OK ; about to open data connection
D--------- 1 owner group 0 Apr 15 11:19 .
D--------- 1 owner group 0 Apr 15 11:19 ..
---------- 1 owner group 32330013 Oct 21 10:05 CP_FP3_IPSO.tgz
---------- 1 owner group 37908646 Apr 27 19:41 ipso_3_7_1_Build010.tgz
---------- 1 owner group 285169 Apr 16 18:52 OpenSSL_HF_mar_2004_fp3_hf2_ipso.tgz