Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
41424344454647484950
Chapter 5 Troubleshooting Open Security Extension Nortel (Bay) Routers: Configuration and Problem Resolution
Advanced Technical Reference Guide 4.1 June 2000 43
7. Exit the "Managers" and the SNMP Community List windows (Don't erase the "Public" default community
yet. Do it later).
8. In the Configuration Manager, save your definition in a file, preferably with the ".cfg" suffix (File Save
As).
To enable VPN-1/FireWall-1 to correctly communicate with the Bay router via SNMP, make sure that the
following steps are performed during configuration:
In the VPN-1/FireWall-1 GUI
1. Open the Network Objects Manager, and define the router. The definitions should be as follows:
Type = Router
Location = Internal
Vendor = Bay Networks
FireWall-1 = Not Installed
2. Press the "SNMP Info..." button to Enter the "SNMP Information" window, and in it change the values of
both "Read" and "Write" fields to the new community you've defined previously using Bay's Site Manager.
Make rules which have either "Routers" or the specific router in the "Install On" field.
Warning - Make sure that you are not adding rules which block SNMP communication between
FireWall-1 and the router, and from the Site Manager to the router.
3. Install the policy. This should load the access list on the router.
Further security considerations
After you've done all the above, take note of the following considerations:
1. Preventing illegal SNMP access to your router:
Using Configuration Manager, as described above, erase the default "Public" community, or make it
READ ONLY.
Whatever access list you make, it is recommended you allow SNMP connections to the router only
from the VPN-1/FireWall-1 site and from the Site Manager. No other SNMP connections to the router
should be allowed (this, of course, doesn't include SNMP THROUGH the router, to different locations,
which is simply a matter of your security policy choices).
2. It is recommended that you copy the configuration file on the router to a special file called "config"(no
extensions), which is the default configuration file, used when the router comes up from a failure (when
turned on, after a power supply failure, etc.). This, of course, should only be done after you verified
everything is OK with your configuration file.
Common problems resolution for Nortel Routers
Cannot get logs from the router
See the SecureKnowledge Solution (ID: 10022.0.527050.2411096) in the Check Point Technical Services site
Error message while trying to install new license (only for 4.1)
See the SecureKnowledge Solution (ID: 10043.0.4395816.2572453) in the Check Point Technical Services site
What methods of packet filtering can a Bay router handle?
See the SecureKnowledge Solution (ID: 47.0.4030890.2554461) in the Check Point Technical Services site