Nokia Horizon Manager Basic Operations Reference

Transcription

Nokia Horizon Manager
Basic Operations Reference
Version 1.3.4
Part No. N451322002 Rev A
Published: August 2004
COPYRIGHT
©2004 Nokia. All rights reserved.
Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not
limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or
consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or
registered trademarks of their respective holders.
2
Nokia Horizon Manager v1.3.4 Basic Operations Reference
Nokia Contact Information
Corporate Headquarters
Web Site
http://www.nokia.com
Telephone
1-888-477-4566 or
1-650-625-2000
Fax
1-650-691-2170
Mail
Address
Nokia Inc.
313 Fairchild Drive
Mountain View, California
94043-2215 USA
Regional Contact Information
Americas
Nokia Internet Communications. Tel: 1-877-997-9199
Outside USA and Canada: +1 512-437-7089
313 Fairchild Drive
Mountain View, CA 94043-2215 email: [email protected]
USA
Nokia House, Summit Avenue
Europe,
Middle East, Southwood, Farnborough
Hampshire GU14 ONG UK
and Africa
Tel: UK: +44 161 601 8908
Tel: France: +33 170 708 166
email: [email protected]
Asia-Pacific 438B Alexandra Road
#07-00 Alexandra Technopark
Singapore 119968
Tel: +65 6588 3364
email: [email protected]
Nokia Customer Support
Web Site:
https://support.nokia.com/
Email:
[email protected]
Americas
Europe
Voice:
1-888-361-5030 or
1-613-271-6721
Voice:
+44 (0) 125-286-8900
Fax:
1-613-271-8782
Fax:
+44 (0) 125-286-5666
Asia-Pacific
Voice:
+65-67232999
Fax:
+65-67232897
021216
3
4
Contents
In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Logging Off and Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Info required to complete login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Exiting Nokia Horizon Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Groups Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
About Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Creating Quick Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Creating Filtered Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Creating Unfiltered Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Editing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Deleting Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Copying or Moving Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Importing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Exporting Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Deselecting Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Showing the Groups Pane Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Devices Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Creating Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Editing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Deleting Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Adding Devices to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Removing Devices from Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Creating Groups from Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Importing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Exporting Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Working with Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Copying into Cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Showing the Devices Pane Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Actions Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
About Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Action Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5
Configuring CP41 FireWall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring CP NG (FP2) Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring CP NG (FP3) Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring CP NG with AI Firewall, CP NG with AI (R55) FireWall, and CP NG with AI
(R55) for Nokia IPSO v3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Getting Check Point Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Implementing the Check Point License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Starting Check Point FireWall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Stopping Check Point FireWall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Backing Up Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Managing Configurations on Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Extracting Configurations from Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Restoring Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Updating Device Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Uploading Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Deploying Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Generating a Dossier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Downloading and Installing Device Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Executing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Uploading Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Rebooting Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Running Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Performing a Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Performing a Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Verifying Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Applying Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Selecting Operating System Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Selecting Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Deleting Operating System Versions or Packages . . . . . . . . . . . . . . . . . . . . . . 166
Installing Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Installing Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Upgrading Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Monitoring Progress and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Results Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Deleting Action Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Stopping Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Reviewing Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Rerunning Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Creating a Group of Devices from Action Results . . . . . . . . . . . . . . . . . . . . . . . 178
Working with the Results Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Show Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Tools Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Locking Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
6
Managing Toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Masking Private Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting Backup Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Options Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing and Managing Installable Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Constraints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Nokia Horizon Manager Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Device Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administration Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing User Security Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing the Nokia Horizon Manager License. . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the Nokia Horizon Manager License File . . . . . . . . . . . . . . . . . . . . . . .
Help Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Nokia Horizon Manager Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About the Nokia Horizon Manager License. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
179
182
183
183
184
184
187
189
196
197
197
212
212
213
213
213
213
213
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
7
8
About This Guide
This manual is written for technical network administrators. It provides information for the
administration of Nokia Horizon Manager. Maintainance of NHM should be performed by
experienced network professionals only.
This preface provides the following information:

“In This Guide” on page 9
“Conventions This Guide Uses” on page 9
“Related Documentation” on page 11
In This Guide
This guide is organized into the following chapters and appendixes:

File Menu—explains the options available under the File main menu item.
Groups Menu—explains the options available under the Groups main menu item.
Devices Menu—explains the options available under the Devices main menu item.
Actions Menu—explains the options available under the Actions main menu item.
Results Menu—explains the options available under the Results main menu item.
Tools Menu—explains the options available under the Tools main menu item.
Options Menu—explains the options available under the Options main menu item.
Administration Menu—explains the options available under the Administration main menu
item.
Help Menu—explains the options available under the Help main menu item.
Conventions This Guide Uses
The following sections describe the conventions this guide uses, including notices, text
conventions, and command-line conventions.
9
Notices
Warning
Warnings advise the user that bodily injury might occur because of a physical hazard.
Caution
Cautions indicate potential equipment damage, equipment malfunction, loss of
performance, loss of data, or interruption of service.
Note
Notes provide information of special interest or recommendations.
Text Conventions
Table 1 describes the text conventions this guide uses.
Table 1 Text Conventions
Convention
Description
monospace font
Indicates command syntax, or represents computer or screen
output, for example:
Log error 12453
bold monospace font
Indicates text you enter or type, for example:
# configure nat
10
Key names
Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands
Menu commands are separated by a greater than sign (>):
Choose File > Open.
The words enter and type
Enter indicates you type something and then press the Return or
Enter key.
Do not press the Return or Enter key when an instruction says
type.
Italics
• Emphasizes a point or denotes new terms at the place where
they are defined in the text.
• Indicates an external book title reference.
• Indicates a variable in a command:
delete interface if_name
Related Documentation
Menu Items
Menu items in procedures are separated by the greater than sign.
For example, choose Actions > Device Management > Backup indicates that you first choose
Actions, then choose Device Management, then choose Backup from the menu.
Related Documentation
In addition to this guide, documentation for this product includes the following:

Nokia Horizon Manager v1.3 Getting Started Guide —Provides a description of the system
features and an overview of how to get your appliance up and running.
Nokia Horizon Manager v1.3.4 Quick Start Guide —Provides a quick introduction to NHM
features
Nokia Horizon Manager v1.3.4 User’s Guide —Provides detailed information on how to use
NHM.
Nokia Horizon Manager v1.3.4 and Check Point Guide —Provides information on how
NHM and Check Point work together.
11
12
Basic Operations
The basic operations that you can perform with Nokia Horizon Manager are accessible from the
main menu bar. To understand the basic operations of Horizon Manager, refer to the following
topics.
For information about the features
available through this Main Menu
item:
See this topic:
File
“File Menu” on page 13
Groups
“Groups Menu” on page 16
Devices
“Devices Menu” on page 32
Actions
“Actions Menu” on page 57
Results
“Results Menu” on page 176
Tools
“Tools Menu” on page 178
Options
“Options Menu” on page 184
Administration
“Administration Menu” on page 197
Help
“Help Menu” on page 213
File Menu
This section describes the basic operations under the File menu you can perform that involve
Horizon Manager sessions.
Topics:

“Logging Off and Logging In” on page 14
“Exiting Nokia Horizon Manager” on page 16
13
Basic Operations
Logging Off and Logging In
During a Nokia Horizon Manager session, you can log off the current user and log in as a new
user with the Login dialog box without restarting the client.
Login Dialog Box
This dialog box appears when you start Horizon Manager and when you log off during a session.
The server identification is listed in the title bar. The dialog box displays license information
from the license file, as well as the number of devices installed.
To log in as a new user
1. Type the User ID and Password for the new user.
2. Click OK.
Info required to complete login
In the case of RADIUS authentication, the RADIUS server responds with a challenge request for
authentication requests from the Network Access Server or NAS. The NAS displays the
challenge request message that it receives from the RADIUS server to the user. The NAS in turn,
collects the challenge response from the user and sends it back to the RADIUS server. The
number of challenges involved in an authentication and the challenge request messages are
dependent on how the authentication is implemented and configured.
Click on the procedure link for information on using password and token based authentication.
Info required to complete login dialog box
14
RADIUS challenge
Description
Enter a new PIN having from 4 to
8 digits
If you are configured in ACE server with
password based authentication and allow
change password at initial login, this RADIUS
challenge appears after you enter the initial
password
PIN Accepted
Wait for the token code to
change, then enter the passcode
This RADIUS challenge appears once you
enter a new PIN and it is accepted by the
ACE server.
File Menu
A new PIN is required.
Do you want the system to
generate your PIN? (y/n)
If you are configured with token based
authentication and you are a first time user,
you need to enter the user name and the
token displayed on the device as password.
You will then enter into New PIN mode.
If the system generated PIN option is enabled
and the User must set PIN option is not
selected in the ACE server, you will be
prompted on whether you want to use a
system generated PIN.
Wait for token to change, then
enter the new tokencode
If your account is in new token mode,
RADIUS server requests you to wait for the
token to change, and then enter the new
token code.
Note
The RADIUS challenge and the response you need to enter are under the control of the
local RADIUS administrator. The RADIUS challenges explained in the table are valid only for
certain cases.
To log in with user authentication
1. If you are configured with the ACE server for password based authentication and allow
change password at the initial login:

You will be presented with a RADIUS challenge after entering the initial password in the
Horizon Manager login dialog. Enter the new PIN as the challenge response.
If the new PIN is accepted by the ACE server, it throws another challenge to confirm the
password. See the RADIUS challenge table for more information.
2. If you are configured with the ACE server for token based authentication:

If you are a first time user, enter the user name and the token displayed on the device as a
password. You enter into the New PIN mode.
If the system generated PIN option is enabled and the user must set PIN option is not
selected in the ACE server, you will be prompted for going or not going for a system
generated PIN.
If you enter ‘y’, the system generates a PIN and sends back a RADIUS challenge that
you need to respond with ‘y’ to accept the system generated PIN. This conveys your
acceptance of the system generated PIN. If you select ‘n’, you go back to the user
generated PIN mode. The RADIUS challenge displayed is similar to entering a new PIN.
Once the new PIN is accepted by the ACE server, you will get another RADIUS
challenge to confirm the new PIN and a request to enter the passcode. Enter the new PIN
in your SecurID device and generate a passcode as a response for this RADUIUS
challenge.
15
Basic Operations

If your account is in New Token Mode, a RADIUS challenge appears requesting you to
wait for the token to change and then enter a new token code.
Exiting Nokia Horizon Manager
To exit Nokia Horizon Manager, click File > Exit. Horizon Manager saves current data, then
exits.
Note
Horizon Manager saves data continually during the user session and when you exit.
Groups Menu
After you add devices to Nokia Horizon Manager, the groups feature allows you to manage large
numbers of devices efficiently. You define groups by using any combination of device attributes.
A group can contain any number and combination of devices, with any combination of packages
and supported operating system releases. For example, you can create groups based on any of
the following criteria:

Customer accounts for ISPs and ASPs
Nokia device models
Geographical locations
Subnets within an enterprise network
All criteria necessary to customize and create filtered groups is available in the Create Filtered
Groups dialog box. Use the Groups > Create Filtered Groups command to create filtered groups.
Use the Groups > Create Unfiltered Groups command to create unfiltered groups. For more
information about creating groups, see “Creating Filtered Groups” on page 21 and “Creating
Unfiltered Groups” on page 26.
The Groups feature lets you organize your devices for easy access and manage multiple devices
from a single reference point. You can perform all actions on groups, just as you can on
individual devices.
Topics:

16
“About Groups” on page 17
“Creating Quick Groups” on page 18
“Creating Filtered Groups” on page 21
“Creating Unfiltered Groups” on page 26
“Editing Groups” on page 28
“Deleting Groups” on page 29
“Copying or Moving Groups” on page 30
“Importing Groups” on page 30
Groups Menu

“Exporting Groups” on page 31
“Deselecting Groups” on page 32
“Showing the Groups Pane Toolbar” on page 32
About Groups
Groups are logical groupings of multiple devices that reside on your network. You create groups
based on criteria appropriate for your environment, whether it is an Internet Service Provider
(ISP), Application Service Provider (ASP), or corporate enterprise network. Groups can contain
any combination and any number of devices.
Topics:

“Subgroups” on page 17
“Groups Pane” on page 17
“Group Types” on page 17
Subgroups
You can nest groups within other groups. Nokia Horizon Manager refers to nested groups as
subgroups. The Groups pane displays all groups and subgroups you create. When you expand a
group, you see the subgroups. When you select a group, the devices which are in the group or
met the filter criteria appear in the devices pane.
You can nest an unfiltered group within a filtered group and a filtered group within an unfiltered
group.
Groups Pane
The groups tree structure displayed in the Groups pane is similar to a directory structure. Groups
that exist at the same level in the structure must have unique names. Nokia Horizon Manager
displays an error message if you attempt to create a group with the same name as another group
in that same level of the structure.
When you first open Horizon Manager, the Groups pane contains two items: All Devices and
Ungrouped Devices. When you click All Devices, Horizon Manager lists all know devices in the
Devices pane. Ungrouped Devices is the default group and provides a location in the tree for
devices that you have not moved into groups. When you select a group, Horizon Manager
applies the group filtering feature.
Group Types
Nokia Horizon Manager supports three types of groups: quick, unfiltered and filtered. You can
create a quick group based on specified criteria, an unfiltered group (to which you manually add
devices) or a filtered group that automatically includes appropriate devices.
A filtered group is automatically populated with all devices that match the filter specification for
that group. To create a filtered group, design a filter that specifies the attributes for all members
of the group. The attributes are the columns used to describe devices in the Devices pane.
17
Basic Operations
As you add devices to the Devices pane that match the specification of any existing filtered
group, those devices are added to the filtered group that they match. See “To create a filtered
group” on page 22. Also, group membership changes as device attributes change. This means
that members of filtered groups are automatically managed by Horizon Manager based on the
filter criteria and the value of the attributes for each device in the Devices pane that is associated
with the filtered group.
Creating Quick Groups
The Quick Groups feature allows you to quickly add new sub-groups based on the column
definitions: Device Type, Disk Space Usage, Reachability, and Use Secure Connection.
You can also create a quick group based on boolean or selection list custom columns that you
have created using the Configure Table Views feature of Nokia Horizon Manager. A column that
you define as a selection list or boolean will automatically appear in the Quick Groups selection
list.
You can choose to create a hierarchy of groups using Quick Groups by selecting other column
items in subsequent descending order. For example, the column item Device Type may be
selected as a sub-group of All Devices from the Level 1 dropdown menu. You can then add
descending sub-groups as indicated by a Level 2 column selection. The resulting effect will be
new sub-groups added to the Groups menu, such as the addition of Device Type groups under
the All Devices group. Note that Horizon Manager prepends the name of the attribute to the
quick group value name and there is a maximum of five levels of Quick Groups supported.
Create Quick Filtered Groups Dialog Box
To access the Create Quick Filtered Groups dialog box, choose Groups > Create Quick Groups
or click the Create Quick Groups icon on the toolbar. The following table describes all the
options available in the Create Quick Filtered Groups dialog box.
18
Field or Button
Description or Instruction
Location
Specifies the location in the groups tree for the new quick
group.
...
Opens the Select Parent for New Groups dialog box. Allows
you to browse through existing groups to select a starting
point for the quick group.
Edit upon selection
When activated, this option lets you edit the filter attribute to
create subgroups as soon as you select it. Opens the Select
Subgroups to Create for <attribute> dialog box.
Level 1
Lets you choose from a drop-down list of the attributes:
Device Type, Disk Space Usage, Reachability, and Use
Secure Connection. You can also select any boolean or
selection list attribute that you have created previously using
the Configure Table Views feature. This attribute is the top
level of your quick group hierarchy.
Groups Menu
Field or Button
Level 2 to Level 5
These level specifications let you further refine your quick
group according to further attribute selections to be added
into the hierarchy.
To create quick groups
1. Choose Groups > Create Quick Groups or click the Create Quick Groups icon on the toolbar.
2. Click the browse button to find a starting group level for the quick group.
3. Click the check box to edit your attribute choice by way of a popup dialog after you click the
attribute. Editing the attribute means choose choosing states of the attribute to further define
subgroups.
4. Click Level 1, then select the top level attribute for the quick group.
5. Continue clicking additional levels to further define the quick group hierarchy.
6. Click Create to display the new group in the Groups pane.
Quick Groups Example
The example shows groups that will be created with the devices sorted by device type, then
reachability. Also, because the Edit upon selection box has been checked, a popup dialog lets
you edit the selection after you click another level.
19
Basic Operations
Editing Quick Groups
You can edit attributes that you select in each level of the quick group to create subgroups based
on the various states of the attribute. For example, when you select Reachability as an attribute,
you can create subgroups of reachability such as Unknown, Reachable, Unreachable, Checking,
or Rebooting. In addition you can choose whether to be prompted for editing upon selection or
by way of the Edit button.
Select Subgroups to Create for <attribute> Dialog Box
To access the Select Subgroups to Create for <attribute> dialog box, choose Groups > Create
Quick Groups > Edit. The dialog box displays a list of available attribute states for you to choose
for creation of subgroups.
If you clear all the attribute states, see “Confirm Removal of Quick Group Level Dialog” on
page 20.
Confirm Removal of Quick Group Level Dialog
When you clear all the attribute levels in a quick group, Nokia Horizon Manager prompts you to
make sure you know that this may cause a rearrangement of other quick group levels. Click
Clear to clear the level.
To create quick groups
1. Choose Groups > Create Quick Groups.
2. Choose an attribute level and click Edit.
3. Click the items in the list that you want to use for subgroups.
4. Click OK to return to the Create Quick Filtered Groups dialog box.
Creating Filtered Groups
To create filtered groups, use the Groups > Create Filtered Groups command located in the
Groups menu or click the Create Filtered Groups icon on the toolbar.
To create filtered groups, design a filter that specifies attributes for all members of the group.
Create filters based on the Device columns in the Devices pane. For example, you can create a
group that contains a specific subnet by filtering the Interface_IP_Addresses attribute.
Nested filtered subgroups are filtered based on the members of their parent group (the top level).
Each level of nested filtered groups further refines the membership of their immediate parent
group. For example: Group A might contain all devices for customer X. The Group A subgroups
could be filtered by model. Each subgroup would contain only the devices that are both
customer X and the specified model. Under each model group might be additional filtered
groups filtered by their operating system version. These subgroups would contain only the
devices for customer X, the model, and the operating system version specified.
Use the Create Filtered Groups dialog box to define your groups and filter values. For
information about filter criteria and values, see “Entering a Filter Value” on page 23.
20
Groups Menu
Create Filtered Group Dialog Box
To access Create Filtered Group dialog box, choose Groups > Create Filtered Groups or click the
Create Filtered Group icon on the toolbar. The following table describes all the options available
in the Create Filtered Groups dialog box.
Field or Button
Name
Enter a name for your new group. This name should
suggest the content of the group.
Location
Lets you choose a location for the new group in the group
hierarchy. Displays the location and lets you select where
you want to create your next group after this one is created.
...
Opens the Select Parent for New Group dialog box, which
lets you place the new group under a specific parent group
in the hierarchy.
Create next group
in parent group
Creates the next new group at the same level in the
hierarchy as the current group.
Create next group
in new group
Creates the next new group as a subgroup within the current
group being created.
Filter
Shows the criteria and associated attributes you can select
when constructing your filtered group. You can enter the
filter formula directly or use the Select Criteria and Select
Operation features to build the filter dynamically.
Criteria
Select the applicable criteria from the displayed list. To add
a criterion, double-click its name, or select the criterion
(single click), then click Select to display the Enter Filter
Value dialog box. In this dialog box, you enter the specific
parameters to include in the filter.
Operations
Click the appropriate Operator button to add that operator to
your filter criteria. The operators are AND, OR, NOT, and ( ).
To create a filtered group
1. In the Groups pane, select the parent group in which to create the first group. If no group is
selected, the location defaults to the top level of the group tree.
2. Choose Groups > Create Filtered Groups to display the Create Filtered Groups dialog box.
3. Type a name for the filtered group in the Name text box.
4. In the Location group box, you can view the currently selected location for the new group.
To change this location, click "..."
5. In the Select Parent for New Group dialog box, select the appropriate parent group in the
parent group hierarchy, then click OK.
21
Basic Operations
6. Click Create next group in parent group to create the group on the same level as the current
group or click Create next group in new group to create the group as a subgroup of the
current group.
7. Create your filter specification in the Specify Filter Criteria area of the dialog box.
You can enter your filter specification directly into the large text box by using the command
syntax or by using the Select Criteria and Select Operation boxes to create your filter. When
you highlight a criteria and click Select, the Enter Filter Value dialog box appears. Enter the
appropriate value and click OK. The criteria and value appear together in the Specify Filter
Criteria box. For more information about entering values for filters, see Enter Filter Value
dialog box.
8. At this point, you can:

Click Apply to create this group, display its name in the Groups pane, and then continue
creating other groups
or
Click OK to create this group and close the dialog box
or
Click Close to close the dialog box and not create the group.
Filtered Group Example
The example shows the specification for a group filtered for available IP30 devices. After you
enter the group name, click Available in the Criteria list, then Select. Click AND. Click Device
Type, then Select. Note that Nokia Horizon Manager inserts the parenthesis automatically.
22
Groups Menu
Entering a Filter Value
When you create a filtered group, you select criteria, enter a value for the criteria, then select an
operation. When you select a criteria in the list, Select becomes active. When you click Select,
the Enter Filter Value dialog box appears.
You can create new criteria by using the Configuring Table Views dialog box to add columns in
the Devices pane. Any columns you create automatically appear as criteria in the Specify
Criteria list. Depending on how you design the column, the Enter Filter Value dialog box could
contain a text box, a check box, an option, or a drop-down list.
Here are some notes about using filters:
1. Horizon Manager enforces parentheses around all comparisons, for example (Device_Type
= "Nokia Security Platform"). If you enter a filter the standard way (by double clicking on
an attribute title and using the pop-up dialog), Horizon Manager adds the parentheses
automatically. Also, if you load filters, Horizon Manager adds the parentheses.
2. The filter entry panel is color-coded based on context. AND and OR are displayed in green;
NOT is red, and quoted text is blue.
3. The filter panel contains some error-checking and lists some known errors when you click
OK or Apply.
4. The use of + in filters, for example (Device = "a*" + "b*" + "c*"), has been replaced by
multiple statements, for example ( ( Device = "a*" ) OR ( Device = "b*") OR ( Device =
"c*" ) ). Any + statements will be reparsed into proper format.
5. Horizon Manager treats dates as a text filter value for results filters.
Enter Filter Value Dialog Box
You can access the Enter Filter Value dialog box by choosing one of the following:

Groups > Create Filtered Group, then click Select. Select is located in the Criteria group
box.
Devices or Results > Table > Set Column Filter
Some of the attributes that appear in the Criteria list in the Create Filtered Group dialog box are
column titles in your Devices pane. Some of the attributes are icons. This list includes both
displayed and hidden columns, new columns that you created, and icon criteria. You select
criteria from the Criteria list, then apply values.The following table describes the Enter Filter
Value popup menus that appear for the attributes.
Field
Instruction
Unknown
Allows you to find inventories on devices that have not been
inventoried by Horizon Manager. You can schedule
inventories on any devices with unknown packages or
operating systems.
23
Basic Operations
Field
Text field
Instruction
Type a text string value that matches the text string in that
column in the Devices pane. (In other words, the value you
enter must be appropriate to the attribute. If you are unclear
what an appropriate value is, look at values for that column
in the Devices pane.) You can use an asterisk (*) as a multicharacter wildcard or a question mark (?) as a singlecharacter wildcard to allow for a range of values. You can
also use the following wildcards:
• backslash backslash (\\) to search one line at a time.
• backslash number backslash (\n\) to search within a
specified number of lines and so limit the scope of the
wildcard character.
• carrot (^) to represent one or more spaces.
Once you type the value, click OK or Cancel.
Case Sensitive
For text filters, this lets the filter recognize case-sensitive
lettering in the text string.
Search 1 lines at a
time
For text filters, this lets the filter search a specified number
of lines at a time.
Ignore multiple
spaces
For text filters, this lets the filter ignore extra spaces in the
text string.
Check box or
option
Click the appropriate selections, then click OK or Cancel.
For example, you might select whether the filter is case
sensitive or not. If it is case sensitive, the capitalization of
the text must match to meet the filter criteria.
You might also want to specify a search of more than one
line at a time (up to 50) or have Horizon Manager ignore
multiple spaces. In this case, Horizon Manager inserts the
character \n\, where n is the number of lines to search, and
the character ^ to ignore white space in a filter.
Drop-down list
Click the appropriate selections, then click OK or Cancel.
The following table provides a partial list of example definitions and instructions for some of the
device attributes.
24
Attribute
Instruction
Device
Type the host name or the IP address. You
can use wildcards.
Device Type
Select a device type. Current device types
are Nokia Security Platform, Nokia Small
Office Security Platform and Internet Traffic
Management.
Groups Menu
Use Secure Connection?
Check True to specify only secure devices.
Clear the box if you want to include any
device that is not secure.
Model
Type the Device model number. You can use
an asterisk (*) or question mark (?) as a
wildcard. For example, if you want all
devices of model IP 300 or IP 330, you can
type IP 3* in the text field.
Operating System Versions
Select the operating system version, then
select whether the version is installed,
active, or inactive.
Packages
Select the software package, then select
whether the version is installed, active, or
inactive.
Login
The system lets you enter this information
only if private data is unmasked (see the
Action Options dialog box). You can use
wildcards.
Password
The system lets you enter this information
only if private data is unmasked (see the
Action Options dialog box). You can use
wildcards.
To enter a filter value for a group
1. Choose Groups > Create Filtered Group.
2. Follow the procedure for creating a filtered group. See “To create a filtered group” on page
22.
3. Highlight a criteria, then click Select.
The Enter Filter Value dialog box appears.
4. Enter the criteria and operators for the filter.
5. Select the appropriate Case Sensitive button.
6. Click OK.
Creating Unfiltered Groups
Devices in unfiltered groups do not have a set of selection criteria applied to them before they
can become members of a group. Use the Create Unfiltered Groups dialog box to create groups
without selection criteria.
25
Basic Operations
Note
You can create an unfiltered subgroup within an existing filtered group.
Create Unfiltered Group Dialog Box
To access the Create Unfiltered Group dialog box, choose Groups > Create Unfiltered Groups or
click the Create Unfiltered Groups icon on the toolbar. The following table describes all the
options available in the Create Unfiltered Groups dialog box.
Field or Radio Button
Name
Enter a name for your new group. This can
be any name you like.
Location
Lets you choose a location for the new
group in the group hierarchy. It displays
the location and lets you select where you
want to create your next group after this
one is created.
...
Opens the Select Parent for New Group
dialog box, which lets you place the new
group under a specific parent group in the
hierarchy.
Create next group in parent group
Creates the next new group at the same
level in the hierarchy as the current group.
Create next group in new group
Creates the next new group as a subgroup
within the current group being created.
To create an unfiltered group
1. In the Groups pane, select the parent group in to create the first group. If no group is
selected, the location defaults to the top level of the group tree.
2. Choose Groups > Create Unfiltered Groups to display the Create Unfiltered Groups dialog
box.
3. Type a name for the unfiltered group in the Name text field.
4. In the Location group box, you can view the currently selected location for the new group.
To change this location, click "..."
5. In the Select Parent for New Group dialog box, select the appropriate parent group in the
parent group hierarchy, then click OK.
6. To control whether future groups are created at this same location or as a subgroup of this
group of this group being created, use the buttons. Click Create next group in parent group
to create the group on the same level as the current group or Create next group in new group
to create the group as a subgroup of the current group.
7. At this point, you can:
26
Groups Menu

Click Apply to create this group, display its name in the Groups pane, and then continue
creating other groups, or
Click OK to create this group and close the dialog box, or
Click Close to close the dialog box and not create the group.
8. When you finish creating the group and return to the main screen, you can add devices to the
group by using Devices > Add Devices to Groups.
Unfiltered Group Example
The example shows a group that is being created based on devices on which you want to perform
maintenance. In this case, you add the devices to the group manually from the Devices pane with
no filtering process.
Editing Groups
You can edit a group definition in the Edit Groups dialog box by:

Changing the group name
Changing the filter specification for a filtered group
If you have multiple copies of a group distributed in the group tree, the changes you make to one
copy do not affect the others.
Note
You cannot edit the All Devices group.
Edit Groups Dialog Box
To access the Edit Groups dialog box, choose Groups > Edit Group, click the Edit Groups icon
on the toolbar, or double-click the group name in the Groups pane.
27
Basic Operations
The fields of the dialog box are set to the current definition of the selected group. The Edit
Unfiltered Group dialog box allows you to change the group name only. To understand each
field in a filtered group and how to edit it, see the “Create Filtered Group Dialog Box” on page
21.
To edit a group
1. Select the group to edit from the Groups pane. You cannot edit the All Devices group in the
Groups pane.
2. Choose Groups > Edit Group, click its associated icon on the toolbar, or double-click the
group name in the groups pane. The Edit Group dialog box appears, showing the path to the
group in the Location group box.
3. For unfiltered groups, enter a new name for the group and click OK.
4. For filtered groups, follow the procedure described in “Creating Filtered Groups” on page
21.
Note
Changing any of the group member criteria listed in this section can change the roster or
membership of the group.
5. When you finish editing the group definition:

Click OK to assign the new definition to the group and close the dialog box
or
Click Cancel to close the dialog box and not change the group definition.
Deleting Groups
To delete groups from the Groups pane, use the Delete Groups command on the Groups menu,
or select the Delete Groups icon on the toolbar. If you have multiple copies of a group
distributed in the group tree, deleting one of them has no effect on the other copies.
Note
When you delete a group from the Groups pane, you are not deleting the devices in the
group from the Devices pane. However, when you delete a group, you are deleting all
subgroups that exist inside the group.
28
Groups Menu
Delete Groups Dialog Box
Use the Delete Groups dialog box to confirm the list of groups you select for deletion.
Field
Description
Are you sure you want to delete
the following groups and any of
their subgroups?
This is a final warning that the selected
groups will be deleted if you click OK.
To delete a group
1. Select the groups to delete from the Groups pane.
2. Choose Groups > Delete Groups, or click the Delete Groups icon in the tool bar to display
the Delete Groups dialog box.
This dialog box lists all the groups that you select to delete.

If you select a parent group, any nested subgroups within the group are not listed. All
nested subgroups are deleted when you delete a parent group.
If you explicitly select a nested subgroup, it is identified in the dialog box as a nested
subgroup. The top-level groups above it are shown in the path to the subgroup but are not
deleted.
3. Click Yes in the Delete Groups dialog box to confirm and complete deleting the groups or
click No to cancel deleting the groups. Either choice closes the dialog box and returns you to
the main screen.
Copying or Moving Groups
Once you create a group, you can make copies of the group, placing each in a different location
within the group tree structure in the Groups pane. To create copies of groups, add groups to
other groups. To copy or move the location of groups after you create them, use the Cut, Copy,
and Paste options in the Groups menu.
Note
Groups cannot have the same name at the same level of the group tree. Copies of groups
are fully independent. If you create a copy of a group, the changes you make to one group
are not reflected in the other group.
To copy or move groups
1. In the Groups pane, select one or more groups to move.
2. Choose Groups > Cut or Copy.
The system removes the group name or makes a copy of it.
3. To select the new location for the group, click the parent group name.
4. Choose Groups > Paste to create the copy and place it in the selected group location.
29
Basic Operations
If a group with the same name already exists in the location where you are creating the copy,
Nokia Horizon Manager displays the following warning message:
Could not create the group. Another group with the name {new_groupname} already
exists within {groupname}.
You must rename one of the groups to place the copy in that location.
Importing Groups
You can import all the groups that you created and exported by using the Import Groups dialog
box. Importing groups does not overwrite existing groups. Instead, the system displays a
message when a group was not imported because it already exists. When you import filtered
groups, you are really importing the filter criteria. Nokia Horizon Manager then uses these filters
to determine which of the existing devices to add to the new imported filtered group.
For filtered groups to function properly, columns must already exist for any columns used within
the filter specification. For unfiltered groups to be imported correctly, the devices in the groups
must already exist in Horizon Manager.
The import file format is xml.
Import Groups Dialog Box
To access the Import Groups dialog box, choose Groups > Import Groups. Use this command to
import predefined groups of devices to the program.
Field
Description
Import Groups from (text field)
Enter the name of the xml file to import or
click the browse button to locate the file on
the host or network.
To import groups
1. Choose Groups > Import Groups.
2. In the Import Groups From text box, type the file path or click Browse to select the xml file
from the appropriate directory.
3. Click OK.
The Groups pane is filled with the imported groups.
Exporting Groups
You can export the groups you created to a file, that can subsequently be imported, by using the
Export Groups dialog box. The Ungrouped Devices group cannot be exported. The export file
format is xml.
30
Devices Menu
Export Groups Dialog Box
To access the Export Groups dialog box, choose Groups > Export Groups. Use this command to
export groups of devices to files.
Field
Description
Export Groups from (text field)
Enter the name of the xml file to export to
or click the browse button to locate the file
on the host or network.
To export groups
1. Highlight the groups to export in the Groups pane.
2. Choose Groups > Export Groups.
3. In the Export Groups To text box, type the file path or click the browse button to select the
xml file from the appropriate directory.
4. Click OK. The group parameters are copied into the specified file.
Deselecting Groups
This item allows you to deselect groups that you have previously selected.
Showing the Groups Pane Toolbar
You can display or hide a toolbar at the top of the Groups pane that has groups-related icons.
Select Groups, then display the toolbar by checking the box next to Show Groups pane Toolbar.
Remove the checkmark to hide the toolbar.
Devices Menu
Managing Nokia security platforms is the primary function of Nokia Horizon Manager. In
addition to creating Devices and information about them, you can edit, delete, and group them
logically according to specified criteria.
Topics:

“Creating Devices” on page 32
“Editing Devices” on page 34
“Deleting Devices” on page 35
“Adding Devices to a Group” on page 36
“Removing Devices from Groups” on page 37
“Creating Groups from Devices” on page 38
“Importing Devices” on page 39
31
Basic Operations

“Exporting Devices” on page 43
“Working with Tables” on page 45
“Showing the Devices Pane Toolbar” on page 55
Creating Devices
To create or add devices in Nokia Horizon Manager, use one of the following methods:

Add Devices manually by entering information about the device by using the Devices >
Create Devices command. Nokia recommends this method if you are creating or adding
small numbers of devices.
You can also add devices by importing devices in a delimited text file or xml file by using
the Devices > Import Devices command. The text file must contain information that Horizon
Manager requires about one or more devices on your network. Nokia recommends this
method if you are creating large numbers of devices.
Create Devices Dialog Box
To access the Create Devices dialog box, choose Devices > Create Devices, or select the Create
Devices icon on the toolbar. Use this dialog box to enter multiple devices manually in the
Devices pane.
Note
The most efficient way to create a large number of devices is to create a delimited ASCII text
file and then import that file to the system, by using the Devices > Import Devices command.
The following table describes some default fields in the Create Devices dialog box. These are
the required fields. You can add other columns using the Configure Table Views feature.This list
varies according to how you have configured your Horizon Manager system.
Required Field
Description
Device Type
Select a device type from the drop-down list. Current device
types include:
Nokia Internet Traffic Management-ITM
Nokia security platform
Nokia Security Platform - Message Protector (IPSO-SX)
Nokia small office security platform-IP30
Nokia small office security platform-IP40
•
•
•
•
•
Device
32
Enter the device hostname or IP address.
Devices Menu
Required Field
Description
Use Secure
Connection
The Secure check box is selected by default. If you do not
want this feature selected, clear the Secure check box.
Horizon Manager uses the Secure attribute to communicate
with the associated device by using secure protocols
(HTTPS, SCP and SSH). If this box is not checked, Horizon
Manager communicates by using nonsecure protocols (FTP,
Telnet, and HTTP).
Login
Enter the username assigned to this device. Required for
Horizon Manager to communicate with the device.
Password
Enter the password assigned to the specified username.
Required for Horizon Manager to communicate with the
device.
To create devices
1. Choose Devices > Create Devices. The Create Devices dialog box appears.
2. Select a device type from the drop-down list.
3. Enter the information for the new device in the text fields.
4. Click Apply to create this device, and begin adding a new device by using the dialog box.
or
Click OK to create the new device and close the dialog box, or click Close to the close the
dialog box and create a new device based on the current field values.
Create Devices Example
The example shows the creation of a NSP device using secure connection.
33
Basic Operations
Requirements to Create ITM devices
To manage ITM devices from Nokia Horizon Manager, the user account must have both CLI and
Web full read/write permissions.
When you configure ITM v4.5 devices, the two permanent user accounts are root and admin.
Roles for these two accounts cannot be changed. The root account is a CLI account and the
admin account is a remote admin account with CLI and Web read/write permissions. To manage
the ITM device through Horizon Manager, use admin when you add an ITM device.
When you configure ITM v4.2 devices, the two user accounts are available, CLI and Web. The
root account is the permanent account for CLI access with full read/write permissions.
Create a Web account with the name “root” to provide a Web + CLI read/write permission
through Horizon Manager. You can create Web account “root” either through a CLI command or
through Web UI provided by Nokia ITM.
Editing Devices
Once you create devices in Nokia Horizon Manager, you can edit them by using the Edit
Devices dialog box. Some of the cells in the Device pane are editable, so you can access them by
double-clicking the cell.
Edit Devices Dialog Box
To access the Edit Devices dialog box, choose Devices > Edit Devices, or select the Edit Devices
icon on the toolbar. The fields in the dialog box vary according to how you configure your
Horizon Manager system, including what columns were created.
For field definitions, see “Create Devices Dialog Box” on page 33.
To edit devices
1. Choose Devices > Edit Device.
2. Enter the device name or IP address.
3. Click the Secure box for the host to communicate through secure protocols.
4. Enter a login name.
5. Enter a password.
6. Click OK.
Deleting Devices
When you delete devices from groups or from the Devices pane by using the Delete Devices
dialog box, it does not affect the presence or functionality of a device on your network.
34
Devices Menu
Note
You have to add the device back into a group after deleting it. Nokia Horizon Manager does
not track former group members.
Delete Dialog Box
To access this dialog box, select Devices > Delete Devices.
Field
Description
Are you sure you want to delete
the following devices?
List of devices you select for deletion. Delete
removes them permanently from Horizon
Manager. Cancel returns the focus to the
Devices pane.
Note
You cannot delete a newly added device until it is synchronized with the server or when any
action is in progress on that device.
To delete devices
1. Select the devices to delete.
2. Choose Delete Devices from the Devices menu or click the Delete Devices icon on the
toolbar to display the Delete Devices dialog box.
The dialog box lists the devices you select to delete.
3. Click Delete to delete the devices and close the dialog box,
or
Click Cancel to cancel the delete action, and close the dialog box.
Note
When you delete a device from the Devices pane, you also delete it from all of its associated
groups.
Adding Devices to a Group
You can add devices to an existing unfiltered group by selecting the devices from the Devices
pane and using the Select Group for Devices dialog box.
Select Group for Devices Dialog Box
To access the Select Group for Devices dialog box, choose Devices > Add Devices to Group.
35
Basic Operations
Field
Description
<List of Group Names>
Lists the names of all unfiltered groups you
defined in your Nokia Horizon Manager.
Select the name of the group to which to add
the selected devices.
Note
Filtered groups are not displayed in the Select Group for Devices dialog box because you
cannot add devices to filtered groups in this manner.
To add devices to a group
1. Select the devices to add to a group.
2. Choose Devices > Add Devices to Group or click the Add Devices to Group icon on the
toolbar to display the Select Group for Devices dialog box. This dialog box lists all the
available unfiltered groups.
3. In the Select Group for Devices dialog box, select the group to which to add the devices.
4. Click OK to add the devices to the group and close the dialog box, or click Cancel to stop the
procedure and close the dialog box.
Removing Devices from Groups
Note
You can remove devices manually from unfiltered groups only. Removing devices from a
group does not delete them from the Devices pane.
You cannot manually remove any devices from a filtered group. You can remove a device from a
filtered group by the following methods:

Change the filter specification to exclude the device.
Edit the information about the device in the Devices pane so that it does not match the filter
specification.
Delete the device from the Devices pane.
For more information on editing Filtered Groups, see “To create a filtered group” on page 22.
Select Group from which to Remove Devices Dialog Box
To access the Remove Devices from Group dialog box, select Devices > Remove Devices from
Groups.
36
Devices Menu
Field
Description
Are you sure you
want to remove each
of the following
devices from its
group?
List of devices you selected to remove from a group. Yes
removes them from the selected group. No returns the
focus to the Devices pane.
To remove devices from groups
1. Expand the groups in the Groups pane to show the attached devices, then select the devices
to remove from the selected group. You can remove devices from more than one group by
using this procedure.
Note
To select devices from a different group, press the Ctrl key while you make your device
selections.
2. Choose Devices > Remove Devices from Groups, or click its associated icon in the tool bar.
The Select Groups from which to Remove Devices dialog box appears, listing the selected
devices.
3. Click Yes to confirm and complete removing the selected devices from their groups, or click
No to cancel removing any devices from their groups. Either choice closes the dialog box
and returns you to the main screen.
Creating Groups from Devices
You can select devices from either the Groups pane or Devices pane and then create an unfiltered
group containing these devices. After selecting the devices, choose Devices > Create Group
from Devices. This opens the Select Parent for Group dialog box that lets you choose a location
for the new group of devices you selected. When you choose the location, the Create Group from
Devices dialog box opens and you create a name for your new unfiltered group.
You also select a parent group for the new group. See “Selecting a Parent for a New Group” on
page 38
Create Group from Devices Dialog Box
To access the Create Group from Devices dialog box, choose Devices > Create Group from
Devices.
Field
Description
Enter new group
name
After you select devices and specify a group location, this
text box allows you to enter a name for a new group of
devices.
37
Basic Operations
To create a group from devices
1. Select one or several devices in the Devices pane.
2. Choose Devices > Create Group from Devices.
3. In the Select Parent for Group dialog box, click a name under which the new group will be
added, then click OK.
4. In the Create Group from Devices dialog box, type the name of the new group, then click
OK.
The new group is added to the Groups pane.
Note
If no groups already exist, the new group name is added under All Devices.
Selecting a Parent for a New Group
When you create a group of devices, you select the location or parent for the group before you
create it using the Select Parent for New Group dialog box.
Select Parent for New Group Dialog Box
To access the Select Parent for New Group dialog box, choose Groups > Create Filtered Group.
The following table describes the option available in the Select Parent for New Group dialog
box.
Field
Description
Groups
Shows the hierarchy of defined parent and
subgroups under the Groups root node.
Select a different location for the new group
by selecting a parent group from this list.
To select a parent for a new group
1. Follow the procedure for creating a group from devices.
See “To create a group from devices” on page 38.
2. In the Select Parent for Group dialog box, click a group name under which the new group
will be added, then click OK.
Importing Devices
You can import many devices into Nokia Horizon Manager automatically by using a delimited
text file that has device information specified in column format. For information on how to
create this file, see Creating an ASCII Text File to Import Data to Nokia Horizon Manager in the
Nokia Horizon Manager User’s Guide
38
Devices Menu
Importing devices is a two-step process that includes specifying the file by using the Import
Devices dialog box and format to import, then specifying the columns of information fields to
import. See “Importing Device Information” on page 40.
Import Devices Dialog Box
To access the Import Devices dialog box, choose Devices > Import Devices. Enter the file name,
and select a suitable file format and delimiter (in the case of text files).
If you are adding a single device into the system, use the Create Devices command on the
Devices menu.
The following table describes the Import Devices dialog box fields:
Field
Description
File Name (text box)
Enter the name of the file to import, or click
the browse button to locate the file on the
server or network.
Field Delimiters
The recognized field delimiters are Tab,
Space, and Comma. Choose the button that
is appropriate for the ASCII text file you are
importing.
Note
When you create an
import file by using
space delimiters,
you must enclose
names that include
spaces within
quotes, for example,
"Nokia Security
Platform."
Use XML Format
Activate this option to import the file in XML
format rather than text format.
To import devices
1. Choose Devices > Import Devices to display the Import Devices dialog box.
Note
It is not necessary to include all information fields in the ASCII text file. See Creating an
ASCII Text File to Import Data to Nokia Horizon Manager in the Nokia Horizon Manager
User’s Guide
39
Basic Operations
2. Enter the name of the import file in the File Name text field or click the browse button to
locate the file.
3. Choose the type of delimiter used in the import file.
4. Click Use XML Format to import the file using XML rather than text format.
5. Click OK to display the Import Devices Information dialog box.
6. Select the appropriate options in the dialog box.
7. Click OK to initiate the Import File action, or click Cancel to close the dialog box without
importing the file.
After you click OK, the imported devices appears in the Devices pane.
Importing Device Information
You can specify individual information fields to be imported from the text file into Nokia
Horizon Manager by using the Import Device Information dialog box. You must import the
Device Type values or select a device type from the Device Type drop-down list because
Horizon Manager uses the device type of a device to display the appropriate information in the
Device table and to assign the appropriate actions for the device.
Import Device Information Dialog Box
To access the Import Device Information dialog box, choose Devices > Import Devices. After
you enter the file name and select a delimiter in the Import Devices dialog box, click OK and the
dialog box opens.
40
Field
Description
Columns to Import
The options in this column let you select column names for
the Devices table.
Choose from the drop-down list to select a name for each
column. Assign the values displayed in the Record Values
column to the column name. You must specify Device Type,
Device, Use Secure Connection, Login, and Password
entries in this column.
You can select the device type for all the devices in the
Device Type drop-down list. As an alternative for the other
names, you can select Skip, which attaches no column
name to the column.
Devices Menu
Field
Description
Record Values
Displays values from the import file that you specified.
These values appear according to how they are set up in
columns in the import file.
Note
The first record can contain the text header for the column in
the import file. You assign a column name for the values
under Columns To Import.
<< >>
Display the next and previous values for each record in the
import file.
First record
contains column
names. Do not
import.
Allows you to import the data, but not the column names,
contained in the import file.
Device Type
Displays all available device types. From this list, you can
choose the device type to be used for all imported devices.
To import device information
1. Choose Devices > Import Devices to display the Import Devices dialog box.
2. Enter the name of the import file in the File Name text box or click the browse button to
locate the file.
3. Click OK to display the Import Devices Information dialog box. This dialog box lists all the
record values from the import file used to describe devices in Horizon Manager.
4. Select a column name for each of the record values, or choose Skip. Required fields are
Device Type, Device, Use Secure Connection, Login, and Password.
Note
To communicate with devices, Horizon Manager requires information about the Device,
Device Type, Login, and Password fields.
5. Check the First record contains column names. Do not import it box. Checking this box
signals Horizon Manager to import record values without the column names, if your file
includes the column names in the first record. This is the most efficient method to import
device information.
6. Select a Device Type from the drop-down menu if all devices are the same type and the file
does not contain the device type field.
7. Click OK to initiate the Import File action, or click Cancel to close the dialog box without
importing the file.
After you click OK, the imported devices appear in the Devices table.
41
Basic Operations
Importing Device Information Example
The example show the device information for the device, Twain, ready to import into Horizon
Manager.
Exporting Devices
You can export device information into a delimited text or XML or HTML file from Nokia
Horizon Manager by using the Export Devices dialog box. You specify a name, file format and
delimiter type for the file. The field delimiters can be Tab, Space or a Comma. Horizon Manager
provides default column types to export to your devices, as follows: Device Type, Device, Use
Secure Connection, Login, Password. These attributes constitute the minimum information
required to import device information to Horizon Manager. See “Exporting Device Information”
on page 44.
Export Devices Dialog Box
To access the Export Devices dialog box, choose Devices > Export Devices or click the Export
icon on the toolbar. Use this dialog box to export device information to a delimited text file.
The following table describes the Export Devices dialog box.
42
Field
Description
File Name
Enters or assigns a unique name to your export
file.
Select Format to Export
Specifies whether you want to export as Text,
HTML or XML file.
Devices Menu
Field delimiter
Enables you to choose Tab, Space or Comma
as the field delimiter. This field is activated only
if you have selected text format above.
Summary
Creates a hyperlink to the data exported
Detailed
Puts data in the corresponding column
To export devices
1. In the Devices pane, highlight the devices to export.
2. Choose Devices > Export Devices or click the Export icon on the toolbar to display the
Export Devices dialog box.
3. Enter the path and name of the export file to create in the File Name text box, or click the
browse button to browse through available directories for the location of a file.
4. Select the file format to which the device information must be exported. The format can be
Text, HTML or XML.
If you choose HTML, you also need to select the data view you want - Summary or
Detailed. If you choose XML, you can directly click OK to proceed.
5. Select the type of delimiter character to use - Tab, Space or Comma. Click OK to proceed.
Note that the delimiters can be used only when you want to export to a text file.
6. Click Yes to proceed
7. The Export Devices Information window appears, where you can select the information you
want to export. Click OK once this is complete.
8. A success message appears indicating that device information has been exported.
Exporting Device Information
You can specify individual information fields to be exported from Nokia Horizon Manager by
using the Export Device Information dialog box.
Export Device Information Dialog Box
To access the Export Device Information dialog box, choose Devices > Export Devices. After
you enter the file name and select a delimiter in the Export Devices dialog box, click OK and the
dialog box appears.
Field
Description
Do Not Export
Displays the names of the columns that you
do not want to export.
Export
Displays the names of the columns that you
want to export.
43
Basic Operations
<<Add, Rem>>
Moves the column names between boxes.
Add moves a column name into the Export
box; Rem moves a column name to the Do
Not Export box.
Export Column Titles
Allows you to export the column names
along with the data.
Up, Down
Moves your selection up or down in the
Export column.
To export device information
1. Highlight the devices to export in the Devices pane.
2. Choose Devices > Export Devices or click the Export icon on the toolbar to display the
Export Devices dialog box.
3. Enter the path and name of the export file to create in the File Name text box, or click the
browse button to browse through available directories for the location of a file.
4. Select the type of delimiter character to use.
Click OK to display the Export Device Information dialog box.
5. Choose other columns to export aside from the default columns, by using the Add and Rem
buttons.
6. Choose whether to export column titles along with the data.
7. Click OK to create the export file and close the dialog box, or click Cancel to close the
dialog box without creating the export file.
Working with Tables
Information about devices and action results is presented in table format in the Devices and
Action Results panes. You can modify how categories of information are sorted and displayed
by using the Table feature of Nokia Horizon Manager.
Topics:

“Opening Cell Details” on page 45
“Configuring Table Views” on page 46
“Sorting the Table” on page 53
“Setting Column Filters” on page 54
“Selecting Columns” on page 54
Opening Cell Details
Nokia Horizon Manager allows you to view information contained in the individual cells of the
pane through the Table Cell Details dialog box.
44
Devices Menu
Table Cell Details Dialog Box
To access the Table Cell Details dialog box, choose Devices or Results > Table > Open Cell
Details. Use this dialog box to view individual cells in the Devices pane.
Field
Description
Text box
Displays the contents of the selected cell.
Move
Lets you move among cells in the table by
using the arrows and Tab key.
To view cell details
1. Select a cell in the Devices pane and choose Devices or Results > Table > Open Cell Details
or double-click the cell.
2. View the cell contents that appear in the text box.
3. Click the arrows and press the Tab key to move from cell to cell in the display.
4. Click OK to exit the dialog box.
Copying into Cells
Copying into cells refers to copying a single value into the same column for multiple devices.
Use this feature with custom columns to edit the same column of multiple devices to the same
value quickly by using the Copy into Selected Table Cells dialog box.
Copy into Selected Table Cells Dialog Box
To access the Copy Into Selected Table Cells dialog box, choose Devices > Table > Copy into
Cells, or select the Copy into Cells icon on the toolbar.
Note
You must select at least one cell (within a single column) in the Devices pane to activate this
command.
Field
Description
Enter a value to be copied.
Specific to the cell you select and lets you
enter the new information.
To copy into cells
1. Select all cells in a single column of the Device pane to set to the new value.
2. Choose Devices > Table > Copy into cells or the Copy into Cells icon on the toolbar.
45
Basic Operations
3. Enter the text, select the check box, or choose from the selection list to specify the
information to copy into the selected column cells.
Click OK to copy the value into the selected cells or click Cancel to close this dialog box without
changing any data the selected cells.
Configuring Table Views
The arrangement of columns within the device table is a table view. You can adjust the table
view in any of the following ways:

Adjust the width of any column except the Selected column by clicking on the edge of the
column title and dragging it to the desired size.
Rearrange the order of columns, except that you cannot move columns between the left and
right parts of the table. You can rearrange the order of the columns by clicking on the
column title and dragging it to the desired location, or by using the Configure Table Views
dialog box.
Show or hide any of the scrollable columns by using the Configure Table Views dialog box
Choose Devices or Results > Table > Table Views > Configure Table Views.
Create scrollable columns by using the Configure Table Views dialog box.
Delete or edit any scrollable column that a user creates by using the Configure Table Views
dialog box.
Topics:

“About Table Views” on page 47
“Default Table Views” on page 47
“Creating Table Views” on page 49
“Deleting Table Views” on page 50
“Creating Table Columns” on page 50
“Editing Table Columns” on page 52
“Deleting Table Columns” on page 52
About Table Views
Different table views might be more effective for different activities you perform. Nokia
Horizon Manager supports defining multiple table views, each tailored to a specific need. Once
you create the table views you need, you can easily select one with a single command.
Table views are individual to the user. However, since the columns define the attributes of
devices that affect how the devices are handled, any column creations, edits, or deletions affect
all users in Horizon Manager.
46
Devices Menu
Default Table Views
Horizon Manager provides a default view that you can modify or use to create other views.
Configure Table Views Dialog Box
To access the Configure Table Views dialog box, choose Devices or Results > Table > Table
Views > Configure Table Views. Use this dialog box to modify scrollable columns in the
Devices pane.
Note
Created columns become options automatically in all operations that involve columns.
Field
Description
Select View
Allows you to choose a view from the pull down list,
create a new view, or delete a view.
Default
Allows you to select the default view or any custom
view you have defined.
Create
Opens the Create dialog box, which allows you to enter
a name for your new view.
Delete
Deletes the view you selected in the drop-down list.
Configure Selected
View
Allows you to modify the selected view.
Hidden Columns
A list of columns that do not appear in the selected
view.
Shown Columns
A list of columns that appears in the selected view.
Show
When you select one or more columns in the Hidden
Columns list, this button activates and allows you to
move the columns to the Shown Columns list.
Hide
When you click one or more columns in the Shown
Columns list this button activates and allows you to
move the columns to the Hidden Columns list.
Create
Activates the Create Columns dialog box, which allows
you to add new column definitions.
Edit
Allows you to edit the column you selected in the list.
Delete
Allows you to delete the columns you selected in the
list.
Up
Moves the selected columns up in the list.
47
Basic Operations
Field
Down
Description
Moves the selected columns down in the list.
To configure table views
To create a new view of data from the existing devices
1. From the Table menu, choose Devices or Results > Table > Table Views > Configure Table
Views to display the Configure Table Views dialog box.
For detailed information on each drop-down menu, button, and list box, review the
Configure Table Views dialog box online documentation.
2. Click Create to display the Create dialog box, then enter a name for your new view.
To show columns in your view
1. Select one or more columns from the Hidden Columns list box to include in your new view.
2. Click Show to transfer the selected columns to the Show Columns list box.
3. Adjust the order or location of your columns by selecting one or more columns in the Show
Columns list box.
Click the Up or Down arrow to move the columns to the appropriate location in the list. This
determines the location of the column in the Table View of the Devices pane. The first
column in the list appears as the left-most column in the Table View area.
4. Click OK to complete the process.
To Hide Columns from Your View
1. Choose Devices or Results > Table > Table Views > Configure Table Views.
2. Select one or more columns to remove from the Show Columns list box.
3. Click Hide to move the columns label to the Hidden Columns list box.
4. Click OK to complete the process.
Configure Table Views Example
The example shows a new table view with name DeviceTypeView that will display all the
columns listed in the Shown Columns list.
48
Devices Menu
Creating Table Views
Table views consist of an arrangement of columns to suit a particular need. You create the new
table view by using the Create Table Views dialog box after you show, hide, edit, delete, or
create new columns.
Create Table Views Dialog Box
To access the Create Table Views dialog box, click Create in the Select View group box of the
Configure Table Views dialog box.
Field
Description
Enter view name
Enter the name of your new table view in this
text field.
To create table views
2. Make a change to existing columns or create new columns.
3. In the Select View group box, click Create.
The Create Views dialog box opens.
4. Enter a name for the new table view.
5. Click OK.
Deleting Table Views
Use the Confirm Table View Deletion dialog box to delete an arrangement of columns that you
configured and named in the Configure Table Views dialog box.
49
Basic Operations
Confirm Table View Deletion Dialog Box
To access the Confirm Table View Deletion dialog box, choose Devices or Results > Table >
Table Views > Configure Table Views, then select Delete in the Select View group box.
.
Field
Description
Delete this view
Deletes the view you selected from the
Select View drop-down list.
To delete table views
2. Select the name of the table view to delete from the drop-down list.
3. Click Delete.
4. In the Confirm Table View Deletion dialog box, click Delete.
Creating Table Columns
Horizon Manager supplies system-defined columns for table views. You can also create custom
columns for table views by using the Configure Table Views dialog box.
Create Columns Dialog Box
To access the Create Columns dialog box, choose Devices or Results > Table > Table Views >
Configure Table Views, then Create in the Configure Selected Views group box. Use this dialog
box to create a custom column for a table view.
Field
Description
Column Name
Enter the name of your new column in this text field.
Default Value
Enter the default value to appear in the column in this text
box. This is the value that appears first in the table.
Private
Click True if the column values are private data. This
allows you to mask the data and limits you to a Text box
type.
Type
50
Use this list to assign the type of field to appear for your
new column. The available types are:
• Text: standard text field (the only type available for
private data).
• Boolean: check box field (true or false).
• Selection List: selection menu of choices you create.
Devices Menu
Field
Description
Create Selection List
This group box is active only if you chose Selection List
from the Type list. The buttons associated with the
Selection List become active. They are:
Create: opens a text field dialog box where you enter a
list item.
Delete: deletes a selected list item from the list.
Up: move a selected item up in the list.
Down: move a selected item down in the list.
•
•
•
•
Create Selection
Enter the new selection and click Apply.
To create table columns
2. Click Create in the Configure Selected View group box to display the Create Columns
dialog box.
3. Enter the column name in the Column Name text field.
4. Enter the default value to display.
5. Click either True or False based on whether or not you want the column information to be
private (displayed as masked data).
6. Choose the Type drop-down menu and select the type of data the column is to display.
Note
The Create Selection List area only becomes active if you choose Selection List from
the Type drop-down me
7. Click Apply then OK to save your information and display the new column in the Table
View area of the Devices pane.
Creating Table Columns Example
The example shows the creation of a column named Last Maintained By with a text display type.
51
Basic Operations
Editing Table Columns
You can edit any table view that you create and that is not system defined.
Edit Column Dialog Box
To access the Edit Column dialog box, choose Devices or Results > Table > Table Views >
Configure Table Views, then select Edit in the Configure Selected Views group box. Use this
dialog box to edit a custom column for a table view. For an explanation of the fields, see “Create
Columns Dialog Box” on page 50.
Note
Some changes affect data already stored in the columns, such as changing the column type
or deleting an entry in a selection list. These changes are not allowed. To make this type of
change, you must delete the column and recreate it.
To edit table columns
2. Select a custom column in either the Hidden or Shown Columns list.
3. Click Edit in the Configure Selected View group box to display the Edit Column dialog box.
4. Make the appropriate changes to the column definition fields.
5. Click Apply, then OK to save your information and display the new column in the Table
View area of the Devices pane.
Deleting Table Columns
You can delete any column that you create in Horizon Manager. System-defined columns cannot
be deleted.
52
Devices Menu
Confirm Column Deletion Dialog Box
To access the Confirm Column Deletion dialog box, choose Devices or Results > Table > Table
Views > Configure Table Views, then choose Delete in the Configure Selected Views group box.
Use this dialog box to delete a custom column for a table view.
A warning appears that lists the groups that are filtered by the column, then asks you if you want
to delete them.
To delete table columns
1. Select a custom column in either the Hidden or Show Columns list.
2. Click Delete located in the Configure Selected View group box to display the Confirm
Column Deletion dialog box.
3. Make the appropriate changes to the column definition fields.
4. Click Delete to delete the column from the Configure Selected View lists and the Devices
pane.
Sorting the Table
Use the Configured Sort feature to select a column to use as the basis for sorting data in the table
view. The column you select is sorted alphanumerically and the data in other columns appears
accordingly.
Topics:

“Sorting the Table by a Selected Column” on page 53
“Resorting the Table” on page 53
“Configuring a Sort” on page 53
Sorting the Table by a Selected Column
Choose Devices or Results > Table > Sort by Selected to sort the Devices pane by a column that
you selected in the display.
Resorting the Table
Choose Devices or Results > Table > Configured Sort > Resort to resort the table according to
the last sorting scheme that you configured.
Configuring a Sort
You can set up a sorting scheme for default display in your Device table.
Configure Sort Dialog Box
To access the Configuring a Sort dialog box, choose Devices or Results > Table > Configured
Sort > Configure Sort.
53
Basic Operations
Use this dialog box to set up three levels of sorting for the default Device table view.
Field
Description
Primary Sort
Sets the column that provides the first level
of sorting in the display.
Secondary Sort
Sets the column that specifies sorting within
the primary sort.
Tertiary Sort
Sets the column that specifies sorting within
the secondary sort.
To configure a sort
1. Choose Devices or Results > Table > Configured Sort > Configure Sort.
2. Select a column name from the Primary Sort drop-down list to set the first level of sorting.
3. Select a column name from the Secondary Sort drop-down list to set the sorting within the
primary sort.
4. Select a column name from the Tertiary Sort drop-down list to set the sorting within the
secondary sort.
5. Click Sort.
The cells in the Device pane are sorted accordingly.
Sorting the Table by a Selected Column
Choose Devices or Results > Table > Sort by Selected to sort the Devices pane by a column that
you select in the display.
Setting Column Filters
You can set filters for each column in the Device and Action Results tables. When you choose
Devices or Results > Table > Set Column Filter, a list of currently active columns appears.
Choose a column name and the Enter Filter Value dialog box appears. The box lists the criteria
available for each column. You can enable and disable the criteria by clicking the box next to
each criteria. You can also select all the criteria, clear the column of a filter, and clear all filters.
You can also clear filters from menu selections.
Selecting Columns
You can select and deselect all cells in the Devices pane or you can select individual columns by
using the Table menu.
Topics:

54
“Selecting All Columns” on page 55
“Deselecting All Columns” on page 55
“Selecting Individual Columns” on page 55
Devices Menu
Selecting All Columns
Use Select All as a shortcut for selecting all devices in the Devices pane. Choose Devices or
Results > Table > Select All to select all the cells in the pane.
Deselecting All Columns
Use Deselect All as a shortcut for deselecting all devices in the Devices pane. Choose Devices or
Results > Table > Deselect All to clear any selected cells in the Devices pane.
Selecting Individual Columns
Use Select Columns to select an entire column in the table view. Select the column from the
Select Column submenu.
To select columns
1. Choose Devices or Results > Table > Select Column.
2. Click a column name in the popup list.
The column is selected in the Devices pane.
Showing the Devices Pane Toolbar
You can display or hide a toolbar at the top of the Device pane that has device-related icons.
Choose Devices, then display the toolbar by checking the box next to Show Devices pane
Toolbar. Remove the checkmark to hide the toolbar.
55
Basic Operations
56
Actions Menu
Actions Menu
An action is a task that you perform on all devices and groups of devices that you have selected
in either the Devices pane or the Groups pane, or both. All actions that you can perform in Nokia
Horizon Manager are listed in the Actions menu.
Topics:
•“About Actions” on page 58
•“Action Warnings” on page 58
•“Monitoring Progress and Results” on
page 175
Device Security
Application Management
•“Updating Device Passwords” on page 134
•“Configuring CP41 FireWall” on page 58
•“Uploading Public Keys” on page 136
•“Configuring CP NG (FP2) Firewall” on
page 65
General
•“Configuring CP NG (FP3) Firewall” on
page 73
•“Executing Commands” on page 147
•“Configuring CP NG with AI Firewall, CP
NG with AI (R55) FireWall, and CP NG
with AI (R55) for Nokia IPSO v3.8” on
page 92
•“Uploading Files” on page 148
•“Getting Check Point Licenses” on page
112
•“Rebooting Devices” on page 150
•“Implementing the Check Point License”
on page 112
•“Running Scripts” on page 150
•“Starting Check Point FireWall” on page
114
Inventory and Diagnostics
•“Stopping Check Point FireWall” on page
114
•“Performing a Hardware Inventory” on page 151
Device Configuration
•“Performing a Software Inventory” on page 153
•“Managing Configurations on Devices”
on page 121
•“Verifying Devices” on page 157
•“Extracting Configurations from Devices”
on page 130
OS and Package Management
Device Management
•“Applying Patches” on page 160
•“Backing Up Devices” on page 115
•“Selecting Operating System Versions” on page
162
•“Restoring Devices” on page 132
•“Selecting Packages” on page 164
Device License
•“Deleting Operating System Versions or
Packages” on page 166
•“Deploying Licenses” on page 141
•“Installing Operating Systems” on page 167
57
•“Downloading and Installing Device
Licenses” on page 146
•“Installing Packages” on page 171
•“Generating a Dossier” on page 145
•“Upgrading Packages” on page 173
About Actions
Before you begin using actions, understand the concepts and tools used in Nokia Horizon
Manager actions. See Performing Actions in the Nokia Horizon Manager v1.3.4 User’s Guide.
Action Warnings
When you start to perform an action, Nokia Horizon Manager identifies whether the action is
potentially destructive to devices. If the potential for device corruption exists, a warning
message appears before the action begins.
Warning Dialog Box
The Warning dialog box appears when you start an action that violates a constraint. Use this
dialog box to confirm that you want to run the action.
Field
Description
This action could corrupt the
device. Do you wish to continue?
Click Yes to continue the action or No to
discontinue the action and return to the
Action dialog box.
Don’t tell me about this again.
Check this box if you do not want to see this
warning before you run actions.
Configuring CP41 FireWall
Nokia Horizon Manager supports two releases of Check Point firewalls: CP 4.1 and CP NG
(FP2, FP3, NG with AI, NG with AI (R55), and NG with AI (R55) for Nokia IPSO v3.8). To
configure the latest version of Check Point CP41 FireWall software, choose Actions >
Application Management > Configure CP41 FireWall or click the Configure CP41 FireWall icon
on the toolbar. This command displays the dialog box to configure Check Point.
Caution
This action could corrupt devices if you edit the rules that describe compatibility among
packages and operating system versions that are referenced during installations and
upgrades.
58
Actions Menu
Configure CP41 Firewall Dialog Box
To access the Configure CP41 Firewall NSP dialog box, choose Actions > Application
Management > Configure CP41 FireWall or click the Configure CP41 FireWall icon on the
toolbar. This dialog box allows you to configure Check Point CP41 FireWall software on
devices. The inputs for the Configure CP41 FireWall dialog box are listed in the following table.
These entries map to a script that Horizon Manager runs.
Note
You must select a device from the Devices pane before you perform this action.
.
Field
Description
Backup
Enables a backup before you perform the
action. See “Backing Up Devices” on page
115. Running a backup might affect
performance on your other actions.
Configure CP 41 FireWall
Selected by default. Enables configurable
settings for standalone, enterprise
management and Gateway Server/Module,
enterprise management, and gateway/server
module.
Configure CP 41 FireWall as
Standalone
Configures Check Point 4.1 FireWall on a
device as both the management and
module. This device does not control remote
modules on other devices.
Enterprise Management and
Gateway/Sever Module
device as both the management and
module. This device controls remote
modules on other devices.
Enterprise Management
device to control remote modules on other
devices.
Gateway/Sever Module
remote module.
59
Field
Description
Module
Lets you select the type of module to
configure:
•Unlimited Hosts
•Limited Hosts
•Secure Server
This information is based on the kind of
license you purchased. For more
information, refer to Check Point 4.1 FireWall
documentation.
Masters
The master secret key. You will use this key
later in the following command:
fw putkey
Use the Import or Add buttons to add
management servers.
Administrators
Lets you creates administrator profiles in
Horizon Manager and specify their access
permissions. You can individually add the
information or import it from a file.
GUI Clients
Lets you specify the trusted hosts. Add or
import a list of hostnames or IP addresses of
the devices that are running GUI clients
which communicate with this server.
Interface
Lets you specify the name of the external
interface that lets you communicate with the
untrusted network of the outside world.
Remotes
Lets you specify the remote modules secret
key. You will use this key later in the
following command:
fw putkey
Use the Import or Add buttons to add remote
modules.
60
Actions Menu
Field
Description
SMTP (Simple Mail Transfer
Protocol) Timeout
Lets you accept or modify the number of
seconds after which the connection times
out. The default time is 900 seconds. You
can edit the time values.
Additional field definitions are as follows:
SMTP Scan Period—How frequently the
spool directory is to be scanned. The default
time is two seconds.
SMTP Resend Timeout—Number of
seconds to let pass before the SMTP
Security Server resends the message (after
it failed to deliver the message). The default
time is 600 seconds.
SMTP Abandon Time—Number of seconds
after which the SMTP Security Server
abandons attempts to resend the message.
The default time is 432,000 seconds.
SMTP Max Recipients—Maximum number
of recipients. The default number is 50.
SMTP Run Directory—Name of the directory
from which SMTP runs. SMTP Security
Server files are written at or below this
directory.
SMTP Postmaster—Name of the SMTP
postmaster to whom the error messages
should be sent.
SMTP Default Server—Name of the default
server.
SMTP Error Server—Name of the server to
be notified in the event of an error.
SNMP (Simple Network
Management Protocol)
Allows a Check Point module to activate the
SNMP daemon, which in turn exports device
status to external network management
tools. This option is selected by default.
Select the Do not activate option to prevent
this.
Group
Usually, a Check Point module is given
group permission for access and execution.
Specify the group name.
If you choose to use the Import function to import data about administrators or GUI clients from
files, the files must have the following formats:

Administrators files contain three fields: administrator, password, permissions. Only space
separated files are supported. Each record must end with a return character.
GUI clients files contain one field, the IP address of the GUI client. Each record must end
with a return character.
61
To configure a CP41 firewall
1. Select the devices or groups of devices for which to configure Check Point 4.1 FireWall
software.
You can view the full set of the devices you selected in the Devices pane.
2. Choose Actions > Application Management > Configure CP41 FireWall to display the
Configure CP41 FireWall dialog box.
3. Select the appropriate options from the selection list menu or enter the information in the
text fields.
For each type of configuration, certain fields are required.
4. When you enter all required data:

Click Start to perform the action.
Horizon Manager checks that all required fields are completed. If all required fields are not
completed, a system message appears that lists the fields that still require completion,
or
Click Cancel to close the dialog box without performing the selected action.
Warning messages might appear. Either click Yes to perform the action or No to return to the
dialog box.
Standalone Configuration of CP 41
1. Choose Module.
Select one of the following options:

Select limited hosts
Selected Unlimited hosts
Select SecureServer
2. Choose Administrators.
Use this setting to specify the administrators for each Check Point management server,
including administrator passwords and permissions. To add an administrator, choose Add
and enter the login name, password, and read or write permission for the administrator by
using the Add Administrator dialog box. You can also import a file with the same
information. Click Remove to remove an administrator from the selected device.
3. Choose Clients.
Use this setting to specify the clients that can connect to each management server. To add a
client, choose Add and enter the IP address for the client using the Add GUI Client dialog
box. You can also import a file with the same information. Click Remove to remove a client
from the selected device.
4. Choose Interface.
Type the name of the external interface that lets you communicate with the untrusted
network of the outside world.
5. Choose SMTP.
Edit to specify different SMTP server configuration parameters, if you do not want to accept
the default values.
62
Actions Menu
6. Choose SNMP.
Click the appropriate button to enable or disable SNMP daemon on the device.
7. Choose Group.
You can add the device to a specific group using this parameter. Enter the Group name in the
text box.
Enterprise Management and Gateway/Server Module Configuration of CP 41
1. Choose Module.

Select SecureServer
3. Choose Clients.
5. Choose Remotes.
Type the remote modules secret key. Add the hostnames or IP addresses of the devices with
the FireWall software installed that this server will manage. Or, import the information from
a file.
6. Choose SMTP.
the default values.
7. Choose SNMP.
8. Choose Group.
text box.
63
Enterprise Management Configuration of CP 41
2. Choose Clients.
3. Choose Remotes.
Type the remote modules secret key. Add the hostnames or IP addresses of the devices with
the FireWall software installed that this server will manage, or import the information from a
file.
4. Choose Group.
text box.
Gateway/Server Module Configuration of CP 41
1. Choose Module.

Select SecureServer
2. Choose Masters.
Type the masters secret key. Add the device that is acting as a management server for this
remote module.
4. Choose SMTP.
the default values.
5. Choose SNMP.
6. Choose Group.
text box.
64
Actions Menu
Configuring CP NG (FP2) Firewall
(FP2, FP3, NG with AI, NG with AI (R55) and NG with AI (R55) for Nokia IPSO v3.8). Once
you successfully install Check Point NG on your nokia security platform, you must configure
the software.
During initial CP NG configuration, Horizon Manager allows you to set parameters for both
management and enforcement modules. The management server or server maintains the security
policy. The enforcement module is the system on which the firewall is installed and enforces the
security policy. Likewise, to reconfigure the CP NG firewall, evaluate parameters on both
modules.
Horizon Manager provides an interface that allows you to move easily between the modules for
initial configuration, reconfiguration, and upgrade actions.
Caution
upgrades.
Note
You cannot upgrade from Check Point NG FP2 to Check Point NG with AI (R55).
Configure CP NG FP2 Firewall Dialog Box
To access the Configure CP NG FP2 Firewall dialog box, choose Actions > Application
Management > Configure CP NG(FP2) FireWall. Since Backup is checked by default, you must
scroll down to access the other options on this dialog box. You can select a configuration type by
clicking the two combo boxes just above the parameters pane. A new set of parameters appears
each time you choose Initial Configuration, Reconfiguration, or Upgrade and Enforcement
Module, Management Server, or Management and Module. For Upgrade, Autodetect is the only
selection. Autodetect indicates that the previous configuration is preserved during the upgrade
procedure. Horizon Manager provides a brief description of the parameter at the top of the pane
on the right.
Caution
The device could become corrupted if any network or communication failures occur
during the Configure Check Point NG FireWall actions. If this happens, delete and
reinstall your Check Point NG FireWall package again and reconfigure.
Note
You must select a device from the Device pane before you perform this action.
65
Check Point-Specific Terminology

66
One-time password—essential for establishing communications between different
components of the Check Point solution. The Check Point certificate authority generates a
certificate for Check Point components only in cases when the activation key (one-time
password) on both sides match. Used synonymously with activation key.
Random pool—a sequence of random key strokes with random intervals between. Used
whenever the Check Point application needs to generate random data.
Field
Instruction
Backup
Enables a backup before you perform the action. See
“Backing Up Devices” on page 115. Running a backup
might affect performance on your other actions.
Update CP NG (FP2)
FireWall default filter
The default filter must be updated to allow ICMP and
SSH traffic. Check the box to enable this
communication.
Configure CP NG (FP2)
FireWall
Enters the configuration parameters for the options that
follow.
Initial Configuration of
the CP NG FP2
Enforcement Module
Enables settings for High Availability, Licenses, Group,
Random Pool, One-Time Password, and Management
Server.
the CP NG FP2
Management Server
Enables settings for Licenses, Administrators, GUI
Clients, Group, Random Pool, and Domain Name.
the CP NG FP2
Management and
Module
Reconfiguration of the
CP NG FP2
Enforcement Module
Enables settings for Startup, High Availability,
Licenses, SNMP Daemon, Group, and SIC
Communication.
CP NG FP2
Management & Module
Enables settings for Startup, Licenses, Administrators,
GUI Clients, SNMP Daemon, Group, Random Pool,
and Domain Name.
CP NG FP2
Management Server
Upgrade of CP 4.1 to
CP NG FP2
Enables settings for Licenses, Random Pool, OneTime Password, and Domain Name.
Reboot
Reboots the device after the action completes.
Actions Menu
Field
Instruction
Defaults
Click Defaults at any time to restore the system default
selections of the Backup and Configuration options.
Import File Formats
If you choose to use the Import function to import data about licenses, administrators, or GUI
clients from files, the files must have the following formats:

In license files, each field is separated by a space. Files can contain multiple licenses on
separate lines. Each line must end with a return character.
To configure CP NG FP2 firewall
1. In the Configure CP NG dialog box, enable the Backup and/or Reboot settings to run.
2. Choose either Initial Configuration or Reconfiguration, then Enforcement Module,
Management Server, or Management and Module.
3. Click Start.
A warning dialog box might appear, stating that the action could corrupt the selected
devices.
4. Click either Yes to perform the action or No to return to the dialog box.
Initial Configuration of the CP NG FP2 Enforcement Module
1. Choose High Availability.
You must enable the high-availability feature for the device before it can become a member
of a high-availability group. Click the radio button to enable this feature for the device.
2. Choose Licenses.
Use this setting to specify the Check Point licenses for each of the management servers
using the standard Check Point licensing scheme. Only local licenses are supported from
this location, as you must use the Check Point pane to work with central licenses. For more
information about how to configure central licenses, see Managing CheckPoint Licenses in
the Nokia Horizon Manager User’s Guide
Using this method, you issue a license for the IP address of each gateway.
Using this method, you issue a license for each gateway or IP address for a management
server.
To add a license, choose Add and enter the IP address, Expiration Date, SKU/Features, and
Key for the device using the Add Device dialog box. You can also import a file with the
same information.
Click Remove to remove a license from the selected device.
67
3. Choose Group.
You can add the device to a specific group to enable permission for access and execution
among the group. Enter the Group name in the text box.
4. Choose Random Pool.
To support cryptography of your RSA keys, you can either let Horizon Manager choose your
seed or you can enter a string in the text box that will be used randomly on each selected
host.
5. Choose One-Time Password.
To deploy security certificates, enter and confirm in the One-Time Password text boxes the
Activation Key to establish communication between the device and the management server.
6. Choose Management Server.
You can use this parameter to specify a management server that controls the newly installed
Check Point component and establish secure internal communications with it.
a. Use the New Server Wizard to specify the Check Point management server. For more
information, see “Creating a Management Server with the Wizard” on page 111.
b. Select the Connect option from the drop-down box.
c. Click Test to test the secure internal communications.
7. To configure the selected systems, click Start.
Horizon Manager executes your configuration parameters.
Initial Configuration of the CP NG FP2 Management Server
1. Choose Licenses.
this location, as you must use the Check Point pane to work with central licenses.
Using this method, you issue a license for the IP address for each gateway or management
server. To add a license, choose Add and enter the IP address, Expiration Date, SKU/
Features, and Key for the device by using the Add Device dialog box. You can also import a
file with the same information. Click Remove to remove a license from the selected device.
Use this setting to specify the administrators for each management server. To add an
administrator, choose Add and enter the login name, password, and read or write permission
for the administrator by using the Add Administrator dialog box. You can also import a file
with the same information. Click Remove to remove an administrator from the selected
device.
3. Choose GUI Clients.
4. Choose Group.
text box.
68
Actions Menu
seed or you can enter a string to be used randomly on each selected host.
6. Choose Domain Name.
Type the Fully Qualified Domain Name of the management server.
Initial Configuration of the CP NG FP2 Management and Module
1. Choose Licenses.
this location, as you must use the Check Point pane to work with central licenses. For more
information about how to configure central licenses.
Using this method, you issue a license for the IP address for each gateway or management
server. To add a license, choose Add and enter the IP address, Expiration Date, SKU/
Features, and Key for the device using the Add Device dialog box. You can also import a file
with the same information. Click Remove to remove a license from the selected device.
with the same information. Click Remove to remove an administrator from the selected
device.
4. Choose Group.
You can add the device to a specific group by using this parameter. Enter the Group name in
the text box.
Reconfiguration of the CP NG FP2Enforcement Module
1. Choose Startup.
Click the Configure Startup box to activate the buttons. Click the appropriate button to
69
enable or disable the Autolaunch feature, which launches the firewall after the system
reboots.
Click Configure High Availability to activate the buttons. Click the appropriate button to
change the availability of the device.
3. Choose Licenses if you are adding licenses.
Only local licenses are supported from this location, as you must use the Check Point pane
to work with central licenses. For more information about how to configure central licenses.
To add or change licences, use Add, Remove, or Import to create a list of licenses to add or
revoke. They are not added or revoked until you click Start.
4. Choose SNMP Daemon.
Click Configure SNMP Daemon to activate the buttons. Click the appropriate button to
enable or disable SNMP monitoring of the device.
5. Choose Group.
Click Configure Group to activate the text field. Type the new group name in the text box.
6. Choose SIC Communications.
This setting enables or reenables communications between the management server and
module.
a. Check the Configure SIC Communications box to activate the text fields.
b. Enter and confirm the Activation Key in the One-Time Password text boxes to establish
communication between the device and the management server.
c. Select the management server for the device from the drop-down list, or create the record
for a new management server by using the New Server Wizard. For more information,
see “Creating a Management Server with the Wizard” on page 111.
d. Click Test SIC to make sure that Horizon Manager can communicate with the
management server.
Reconfiguration of the CP NG FP2Management Server
to work with central licenses.
To add or change an administrator, use the Add, Remove, or Import buttons to create a list of
administrators to add or remove. They are not added or removed until you click Start.
To add or change GUI clients, use the Add, Remove, or Import buttons to create a list of
GUI clients to add or remove. They are not added or removed until you click Start.
70
Actions Menu
4. Choose Group.
Click the Configure Group box to activate the text field. Type the new group name in the
text box.
Click Configure Certificate to activate the buttons. To support cryptography of your RSA
keys, you can either let Horizon Manager choose your seed or you can enter a string to be
used randomly on each selected host. Click the appropriate method of creating random data.
If by the user, type the new information in the text box.
Reconfiguration of the CP NG FP2 Management and Module
1. Choose Startup.
Click the Configure Startup box to activate the buttons. Click the button to enable the
Autolaunch feature, which launches the firewall after the system reboots.
To add or change an administrator, use the Add, Remove, or Import buttons to create a list of
To add or change GUI clients, use the Add, Remove, or Import buttons to create a list of
GUI clients to add or remove. They are not added or removed until you click Start.
6. Choose Group.
Click the Configure Group box to activate the text field. Type the new group name in the
text box.
9. To configure the selected systems, click Start
If the management server pane or SIC communication pane has data, Horizon Manager tries
71
to connect to the management server specified, logs on to the management server using the
administrator name and password specified, creates a record for the gateway in the
management server database, contacts the gateway using a one-time password, and deploys
certificates to enable secured communication between the management server and gateway.
Completing upgrade of CP 4.1 to CP NG FP2
1. Choose Licenses.
Note
In most cases, leave the FQDN field blank because the Check Point installation program
retrieves this name automatically. If you choose to specify the fully qualified domain name, it
should be on a single-host basis.
Import File Formats
To use the Import function to import data about licenses, administrators, or GUI clients from
files, the files must have the following formats:

72
Administrators files contain three fields: administrator, password, permissions. Only spaceseparated files are supported. Each record must end with a return character.
Actions Menu
Configuring CP NG FP2 Example
The example shows an initial configuration of an enforcement module to disable high
availability. Horizon Manager is set to update the default filter, as well.
Configuring CP NG (FP3) Firewall
(FP2, FP3, NG with AI, NG with AI (R55), and NG with AI (R55) for Nokia IPSO v3.8). Once
you have successfully installed CP NG on your Nokia Security Platform, you must configure the
software.
Note
Horizon Manager provides separate actions for configuring CP NG FP2 and CP NG with AI
actions, but not CP NG with AI (R55) and CP NG with AI (R55) for Nokia IPSO v3.8. You
need to use CP NG with AI action for configuring CP NG with AI (R55). Configuring CP NG
with AI FireWall section has more information.
During initial CP NG configuration, Horizon Manager allows you to set parameters for
management and enforcement modules, as well as for log server and log server and module, and
all legal combinations thereof. The management server maintains the security policy and the
enforcement module is the system on which the firewall has been installed and enforces the
73
security policy. You cannot have the primary management server and the secondary management
server on the same computer.
Caution
The initial configuration of CP NG (FP3) includes an automatic rebooting of the device
in the middle of some actions performed.
Initial configuration, reconfiguration, and upgrade actions are supported.
Caution
upgrades.
Configure CP NG FP3 Firewall Dialog Box
To access the Configure CP NG FP3 Firewall dialog box, choose Actions > Application
Management > Configure CP NG(FP3) FireWall. Since Backup is checked by default, you must
scroll down to access the other options on this dialog box. You can select a configuration type by
clicking the two combo boxes just above the parameters pane. A new set of parameters appears
each time you choose Initial Configuration, Reconfiguration, Upgrade and Enforcement
Module, Management Server, Management and Module, Log Server, or Log Server and Module.
For Upgrade, Autodetect is the only selection. Autodetect indicates that the previous
configuration is preserved during the upgrade procedure. Horizon Manager provides a brief
description of the parameter at the top of the pane on the right.
Caution
No Reboot option appears on this dialog box. However, the first time you run the initial
Check Point configuration action on that device, Horizon Manager can automatically
reboot it during an action and then complete the action as soon as the device is back
up and running.
Note

74
components of the Check Point solution. Check Point certificate authority generates a
Actions Menu
Field
Instruction
Backup
Update CP NG (FP3)
The default filter must be updated to allow ICMP, SSL,
and SSH traffic. Check the box to enable this
communication.
Caution
If you do not update the
default filter, Horizon
Manager can lose
connectivity with the device
mid-action.
Configure CP NG
(FP3) FireWall
follow.
the CP NG FP3
Enforcement Module
Enables settings for High Availability, Licenses, Random
Pool, One-Time Password, and Management Server.
the CP NG FP3
Primary Management
Server
Clients, Random Pool, and Domain Name.
the CP NG FP3
Secondary
Management Server
Enables settings for Licenses, Random Pool, One-Time
Password, and Management Server.
the CP NG FP3
Primary Management
and Module
Clients, Random Pool, and Domain Name.
the CP NG FP3
Secondary
Management and
Module
the CP NG FP3 Log
Server
Clients, Random Pool, and One-Time Password.
75
Field
Instruction
the CP NG FP3 Log
Server and Module
GUI Clients, Random Pool, and One-Time Password.
CP NG FP3
Enforcement Module
Enables settings for Startup, High Availability, Licenses,
SNMP Daemon, and Random Pool.
CP NG FP3 Primary
Management Server
Clients, SNMP Daemon, and Random Pool.
CP NG FP3
Secondary
Management Server
Enables settings for Licenses, Random Pool, SNMP
Daemon, and SIC Communications.
CP NG FP3 Primary
Management and
Module
GUI Clients, and SNMP Daemon.
CP NG FP3
Secondary
Management and
Module
Enables settings for Startup, Licenses, SNMP Daemon,
Random Pool, and SIC Communications.
CP NG FP3 Log
Server
Clients, SNMP Daemon, and Random Pool.
CP NG FP3 Log
Server and Module
GUI Clients, and SNMP Daemon.
Upgrade from CP 4.1
Password, and Domain Name.
Defaults
Import File Formats

76
Actions Menu

To configure CP NG FP3 firewall
1. In the Configure CP NG dialog box, enable the Backup setting to run.
2. Choose either Initial Configuration or Reconfiguration, then either Enforcement Module,
3. When you click Start, a warning dialog box might appear, stating that the action could
corrupt the selected devices. You must click either Yes to perform the action or No to return
to the dialog box.
Initial Configuration of the CP NG FP3 Enforcement Module
of a high-availability group. Click the button to enable this feature for the device.
2. Choose Licenses.
Use this setting to specify the Check Point licenses for each of the management servers that
use the standard Check Point licensing scheme. Only local licenses are supported from this
location, as you must use the Check Point pane to work with central licenses.
Using this method, you issue a license for each gateway or for the IP address of each
management server. To add a license, select Add Licenses tab, choose Add and enter the IP
address, Expiration Date, SKU/Features, and Key for the device using the Add Device
dialog box. You can also import a file with the same information.
Note
Run the Get Check Point License action to update the Licenses column in the Devices pane.
seed or you can enter a string in the text box to be used randomly on each selected host.
You can use this parameter to specify a management server that controls the new installed
77
Initial Configuration of the CP NG FP3 Primary Management Server
1. Choose Licenses.
Using this method, you issue a license for the IP address of each gateway. To add a license,
select the Add Licenses tab, choose Add and enter the IP address, Expiration Date, SKU/
Features, and Key for the device by using the Add License dialog box. You can also import a
file with the same information.
Note
Run the Get Check Point License action to update the Licenses column in the Devices pane.
for the administrator using the Add Administrator dialog box. You can also import a file
with the same information.
Click Remove to remove an administrator from the selected device.
client, choose Add and enter the IP address for the client by using the Add GUI Client dialog
box. You can also import a file with the same information.
Click Remove to remove a client from the selected device.
Note
Because the management server allows only one client in Read-Write mode, Nokia
recommends that you close the Check Point SmartDashboard NG FP3 when in ReadWrite mode before you run Horizon Manager actions.
78
Actions Menu
Initial Configuration of the CP NG FP3 Secondary Management Server
1. Choose Licenses.
select Add Licenses tab, choose Add and enter the IP address, Expiration Date, SKU/
Note
Run the Get Check Point License action to update the Licenses column in the Devices
pane.
Note
Initial Configuration of the CP NG FP3 Primary Management and Module
1. Choose Licenses.
79
Note
pane.
Note
Initial Configuration of the CP NG FP3 Secondary Management and Module
1. Choose Licenses.
80
Actions Menu
Note
pane.
Note
Initial Configuration of the CP NG (FP3) Log Server
1. Choose Licenses.
81
Note
pane.
Note
The record for the Log Server is created on the management server.
Initial Configuration of the CP NG (FP3) Log Server and Module
1. Choose Licenses.
82
Actions Menu
Note
Run the Get Check Point License action to have the Licenses column in the Devices
pane updated.
5. Choose One-Time Password. To deploy security certificates, enter and confirm in the OneTime Password text boxes the Activation Key to establish communication between the
device and the management server.
Note
The record for the Log Server and Module is created on the management server.
83
Reconfiguration of the CP NG FP3 Enforcement Module
1. Choose Startup.
Click Configure Startup to activate the buttons. Click the appropriate button to enable or
disable the autolaunch feature, which launches the firewall after the system reboots.
Note
pane.
module.
b. Enter and confirm in the One-Time Password text boxes the Activation Key to establish
for a new management server by using the New Server Wizard. See “Creating a
Management Server with the Wizard” on page 111for more information.
management server.
Reconfiguration of the CP NG FP3 Primary Management Server
84
Actions Menu
Note
pane.
To add or change an administrator, use Add, Remove, or Import to create a list of
To add or change GUI clients, use Add, Remove, or Import to create a list of GUI clients to
add or remove. They are not added or removed until you click Start.
Note
Reconfiguration of the CP NG FP3 Secondary Management Server
Note
pane.
85
module.
a. Check Configure SIC Communications to activate the text fields.
management server.
Note
Reconfiguration of the CP NG FP3 Primary Management and Module
1. Choose Startup.
Click Configure Startup to activate the buttons. Click the button to enable the autolaunch
feature, which launches the firewall after the system reboots.
Note
pane.
86
Actions Menu
Note
If the management server pane or the SIC communication pane has data, Horizon
Manager tries to connect to the management server specified, logs on to the
management server using the administrator name and password specified, creates a
record that describes the configuration you selected for this gateway in the management
server database, contacts the gateway using a one-time password, and deploys
certificates to enable secure communication between the management server and
gateway.
Reconfiguration of the CP NG FP3 Secondary Management and Module
1. Choose Startup.
Note
pane.
87
Note
gateway.
Reconfiguration of the CP NG FP3 Log Server
Use this setting to specify the Check Point licenses for each of the management servers by
this location, as you must use the Check Point pane to work with central licenses. Using this
method, you issue a license for the IP address of each gateway.
To add a license, select the Add Licenses tab, choose Add and enter the IP address,
Expiration Date, SKU/Features, and Key for the device by using the Add License dialog
Note
pane.
88
Actions Menu
module.
b. Enter and confirm the Activation Key in the One-Time Password text boxes to establish
management server.
Note
Reconfiguration of the CP NG (FP3) Log Server and Module
1. Choose Startup.
enable or disable the autolaunch feature, which launches the firewall after the system
reboots.
Note
pane.
89
module.
Management Server with the Wizard” on page 111 for more information.
management server.
8. To configure the selected systems, click Start. Horizon Manager executes your configuration
parameters.
Note
The records for the Log Server and Module are created on the management server.
Completing upgrade of CP 4.1 to CP NG FP3
Note
Depending on your upgrade scenario, certain information requested might not be
required.
1. Choose Licenses.
90
Actions Menu
Type the Fully Qualified Domain Name of the management server
Note
In most cases, leave the domain name blank because the Check Point installation program
retrieves this name automatically. If you choose to specify the FQDN, do not select multiple
hosts.
91
Configuring CP NG FP3 Example
The example shows a reconfiguration of the primary management server to disable the SNMP
daemon.
Configuring CP NG with AI Firewall, CP NG with AI (R55) FireWall,
and CP NG with AI (R55) for Nokia IPSO v3.8
(FP2, FP3, NG with AI, NG with AI (R55), and NG with AI (R55) for Nokia IPSO v3.8). Once
you have successfully installed CP NG on your Nokia Security Platform, you must configure the
software.
Note
Horizon Manager provides separate actions for configuring CP NG FP2, CP NG FP3 and
CP NG with AI, but not for configuring CP NG with AI (R55) and CP NG with AI (R55) for
Nokia IPSO v3.8. To configure CP NG with AI (R55) or CP NG with AI (R55) for Nokia IPSO
v3.8, use the same steps as you would normally, to configure CP NG with AI. Horizon
Manager verifies if the device it manages runs R55 or R54 package, and performs the
corresponding action.
During initial CP NG configuration, Horizon Manager allows you to set parameters for
Enforcement module, Primary management server, Secondary management server, Management
92
Actions Menu
& module or standalone, Secondary management and module, log server and log server module.
The management server maintains the security policy and the enforcement module is the system
on which the firewall has been installed and enforces the security policy. You cannot have the
primary management server and the secondary management server on the same computer.
Caution
The initial configuration of CP NG with AI and CP NG with AI (R55) includes an
automatic rebooting of the device in the middle of some actions performed.
Initial configuration, reconfiguration, and upgrade actions are supported.
Caution
upgrades.
Configure CP NG with AI Firewall Dialog Box
To access the Configure CP NG with AI Firewall dialog box, choose Actions > Application
Management > Configure CP NG with AI FireWall. Since Backup is checked by default, you
must scroll down to access the other options on this dialog box. You can select a configuration
type by clicking the two combo boxes just above the parameters pane. A new set of parameters
appears each time you choose Initial Configuration, Reconfiguration, Upgrade from CP 4.1 and
Enforcement Module, Primary Management Server, Management and Module or Standalone,
Log Server, Log Server and Module, Secondary Management Server and Secondary
Management Server and Module. For Upgrade from CP 4.1, Autodetect is the only selection.
Autodetect indicates that the previous configuration is preserved during the upgrade procedure.
Horizon Manager provides a brief description of the parameter at the top of the pane on the right.
Note
Standalone Configuration and Primary Management and Module configuration is commonly
referred to as Management and Module or Standalone.
Caution
No Reboot option appears on this dialog box. However, the first time you run the initial
Check Point configuration action on that device, Horizon Manager can automatically
reboot it during an action and then complete the action as soon as the device is back
up and running.
Note
93

components of the Check Point solution. Check Point certificate authority generates a
Import File Formats
Field
Instruction
Backup
Update CP NG with AI
The default filter must be updated to allow ICMP, SSL,
and SSH traffic. Check the box to enable this
communication.
Caution
If you do not update the
default filter, Horizon
Manager can lose
connectivity with the device
mid-action.
94
Configure CP NG with
AI FireWall
follow.
the CP NG with AI
Enforcement Module
Enables settings for High Availability, Licenses, Random
Pool, One-Time Password, and Management Server.
the CP NG with AI
Primary Management
Server
Clients, and Random Pool.
the CP NG with AI
Secondary
Management Server
the CP NG with AI
Management and
Module or Standalone
Clients, and Random Pool.
Actions Menu
Field
Instruction
the CP NG with AI
Secondary
Management and
Module
the CP NG with AI Log
Server
Clients, Random Pool, One-Time Password, and
Management Server.
the CP NG with AI Log
Server and Module
Clients, Random Pool, One-Time Password, and
Management Server.
CP NG with AI
Enforcement Module
Enables settings for Startup, High Availability, Licenses,
SNMP Daemon, Random Pool, and SIC
Communications.
CP NG with AI Primary
Management Server
Clients, SNMP Daemon, Random Pool, and Domain
Name.
CG NG with AI
Secondary
Management Server
Enables settings for Licenses, Random Pool, SNMP
Daemon, and SIC Communications.
CP NG with AI
Management and
Module or Standalone
GUI Clients, SNMP Daemon, Random Pool, and Domain
Name.
CP NG with AI
Secondary
Management and
Module
Enables settings for Startup, Licenses, SNMP Daemon,
Random Pool, and SIC Communications.
CP NG with AI Log
Server
Clients, SNMP Daemon, Random Pool, and SIC
Communications.
CP NG with AI Log
Server and Module
GUI Clients, SNMP Daemon, Random Pool, and SIC
Communications.
Upgrade from CP 4.1
Password, and Domain Name.
Defaults
95

To configure CP NG with AI FireWall or CP NG with AI (R55) FireWall
1. In the Configure CP NG dialog box, enable the Backup setting to run.
2. Choose either Initial Configuration or Reconfiguration, then either Enforcement Module,
3. When you click Start, a warning dialog box might appear, stating that the action could
corrupt the selected devices. You must click either Yes to perform the action or No to return
to the dialog box.
Note
The Initial Configuration and Reconfiguration procedures mentioned are applicable for
both CP NG with AI and CP NG with AI (R55) packages. Horizon Manager verifies the
package installed on the device (R55 or R54).
Initial Configuration of the CP NG with AI Enforcement Module
of a high-availability group. Click the button to enable this feature for the device.
2. Choose Licenses.
Using this method, you issue a license for each gateway or for the IP address of each
management server. To add a license, select Add Licenses tab, choose Add and enter the IP
address, Expiration Date, SKU/Features, and Key for the device using the Add Device
dialog box. You can also import a file with the same information.
Note
pane.
96
Actions Menu

Use the New Server Wizard to specify the Check Point management server. For more
Select the Connect option from the drop-down box.
Click Test to test the secure internal communications.
Initial Configuration of the CP NG with AI Primary Management Server
1. Choose Licenses.
Note
pane.
97
Note
recommends that you close the Check Point SmartDashboard NG with AI when in
Read-Write mode before you run Horizon Manager actions.
Initial Configuration of the CP NG with AI Secondary Management Server
1. Choose Licenses.
select Add Licenses tab, choose Add and enter the IP address, Expiration Date, SKU/
Note
pane.

98
Actions Menu
Note
Initial Configuration of the CP NG with AI Management and Module or Standalone:
1. Choose Licenses.
Note
pane.
99
Note
Note
You can configure Check Point NG with AI (R55) for Nokia IPSO v3.8 on IP2250 with
Enforcement Module only. The message “Action Not Supported on IP2250” appears if
you try other configurations.
Initial Configuration of the CP NG with AI Secondary Management and Module
1. Choose Licenses.
Note
pane.

100
Actions Menu
Note
Initial Configuration of the CP NG with AI Log Server
1. Choose Licenses.
Note
pane.

101

Note
Initial Configuration of the CP NG with AI Log Server and Module
1. Choose Licenses.
Note
Run the Get Check Point License action to have the Licenses column in the Devices
pane updated.
5. Choose One-Time Password. To deploy security certificates, enter and confirm in the OneTime Password text boxes the Activation Key to establish communication between the
device and the management server.

102
Actions Menu
Note
The record for the Log Server and Module is created on the management server.
Reconfiguration of the CP NG with AI Enforcement Module
1. Choose Startup.
Click Configure Startup to activate the buttons. Click the appropriate button to enable or
disable the autolaunch feature, which launches the firewall after the system reboots.
Note
pane.
module.

Check the Configure SIC Communications box to activate the text fields.
Enter and confirm in the One-Time Password text boxes the Activation Key to establish
Select the management server for the device from the drop-down list, or create the record
Management Server with the Wizard” on page 111for more information.
Click Test SIC to make sure that Horizon Manager can communicate with the
management server.
103
Reconfiguration of the CP NG with AI Primary Management Server
Note
pane.
Note
Reconfiguration of the CP NG with AI Secondary Management Server
104
Actions Menu
Note
pane.
module.

Check Configure SIC Communications to activate the text fields.
management server.
Note
Reconfiguration of the CP NG with AI Management and Module or Standalone:
1. Choose Startup.
Click Configure Startup to activate the buttons. Click the button to enable the autolaunch
feature, which launches the firewall after the system reboots.
105
Note
pane.
Note
gateway.
Reconfiguration of the CP NG with AI Secondary Management and Module
1. Choose Startup.
106
Actions Menu
Note
pane.
Note
gateway.
Reconfiguration of the CP NG with AI Log Server
Use this setting to specify the Check Point licenses for each of the management servers by
this location, as you must use the Check Point pane to work with central licenses. Using this
method, you issue a license for the IP address of each gateway.
To add a license, select the Add Licenses tab, choose Add and enter the IP address,
Expiration Date, SKU/Features, and Key for the device by using the Add License dialog
Note
pane.
107
module.

Enter and confirm the Activation Key in the One-Time Password text boxes to establish
management server.
Note
Reconfiguration of the CP NG with AI Log Server and Module
1. Choose Startup.
enable or disable the autolaunch feature, which launches the firewall after the system
reboots.
108
Actions Menu
Note
pane.
module.

Management Server with the Wizard” on page 111 for more information.
management server.
8. To configure the selected systems, click Start. Horizon Manager executes your configuration
parameters.
Note
The records for the Log Server and Module are created on the management server.
Completing upgrade of CP 4.1 to CP NG with AI
109
Note
Depending on your upgrade scenario, certain information requested might not be required.
1. Choose Licenses.
Type the Fully Qualified Domain Name of the management server
Note
In most cases, leave the domain name blank because the Check Point installation
program retrieves this name automatically. If you choose to specify the FQDN, do not
select multiple hosts.
Configuring CP NG with AI FireWall Example
The example shows a reconfiguration of the primary management server to disable the SNMP
daemon.
110
Actions Menu
Creating a Management Server with the Wizard
From the Configure Check Point NG (FP3) dialog box, you can create one or more management
servers by selecting Management Server and clicking New Server Wizard. For information
about creating a management server from the Check Point pane, see Adding a Check Point
Management Server in the Nokia Horizon Manager v1.3.4 and Check Point Guide..
Management Server Wizard
Field or Option
Description
Name
Name of the management server. The name does not
need to be the device name. But if you choose to give
the management server the name of the device on
which it is running, you can use automatic IP address
resolution.
IP address
IP address. You can use automatic IP address
resolution to fill the Name field automatically.
Resolve
Provides automatic IP address resolution.
Login
Administrator username to the management server.
Password
Administrator password to the management server.
Cancel
Closes the dialog box without submit the information.
111
Field or Option
Description
Next
Submits the information in the fields and clears them so
you can configure additional servers.
To use the Management Server Wizard to create a management server
1. From the Configure Check Point NG (FP3) dialog box, select Management Server and click
New Server Wizard.
The Create Management Server Wizard appears.
2. Type the Name, IP address, login, and password.
Click Resolve to fill the IP address field automatically.
3. Click Next to submit the information and create additional servers, or click Cancel.
4. You can click Test SIC to make sure that Horizon Manager can communicate with the
management server. This step is optional
Getting Check Point Licenses
The Get Check Point Licenses action allows you to retrieve information about the Check Point
license on a device after you have implemented the license. See “Implementing the Check Point
License” on page 112.
Get Check Point Licenses Dialog Box
To access the Get Check Point Licenses dialog box, choose Actions > Application Management
> Get Check Point Licenses. Use this dialog box to retrieve Check Point license information
about the device you have selected. The license information displays in the Devices pane.
Select a device in the Devices table, then click Start.
Implementing the Check Point License
The Check Point License feature lets you select and load the license file that contains the host
names and their Check Point licenses. Before you can use this option, you must obtain the
license string from Check Point and create the license file.
Note
You must have the license string before you can configure Check Point FireWall software.
Also, each device must have its own license. A license for one device does not work for
another device.
112
Actions Menu
License Check Point 41 FireWall Dialog Box
To access the License Check Point 41 FireWall dialog box, choose Actions > Application
Management > License Check Point 41 FireWall. Use this dialog box to back up your current
configuration, then load the Check Point license file.
Field
Description
Backup
Performs a backup before you load the Check Point
license file. See “Backing Up Devices” on page 115.
License Check Point 41
FireWall
Enables the load function for the Check Point file.
Check Point FireWall
License File
Verify that the name of the file to load is correct in this
field.
Note
This section is applicable only for Check Point FireWall v4.1. This action does not support
Check Point NG versions. Use Actions > Application Management > Configure CP NG xx to
apply license for NG FP2, NG FP3, NG with AI, NG with AI (R55), NG with AI (R55) for
Nokia IPSO v3.8, and NG with AI (R55W) versions.
To implement the Check Point license
1. Purchase the Check Point licenses for the desired devices. The Check Point User Center
offers local and central licenses. Horizon Manager supports both types of licenses. Deploy
local licenses by using the Configure Check Point or License Check Point actions.
Central licenses are managed through the Server Properties dialog box which you can
activate by using the button on the Check Point pane toolbar, after you initialize
communications with the management server. Check Point sends an email with the .lic file
attachment that contains your purchased license. Save this file for Horizon Manager to use.
Check Point sends you a license certificate in the mail. This certificate contains the
certificate key, a unique character string.
2. Visit the license.checkpoint.com Web site. While at the Web site:

Click the Licensing Center link.
Click the Permanent and Evaluation Licenses link.
3. Fill out the questionnaire according to the instructions.
Check Point emails you the license string that Check Point assigns to the device.
4. You can use two means to apply a local license to the management server or any managed
component:

Specify the license in the Configure Check Point Licenses page by either typing the license
string or by importing it from the saved .lic file.
113

Use the License Check Point FireWall-1 action and specify the saved .lic file as a parameter.
You can apply a central license to any Check Point component by using the Licenses page of the
Server Properties dialog box. Before you can access this dialog box, establish trusted communications between Horizon Manager and the Check Point management server and run the Rescan
action.For more information, see Nokia Horizon Manager v1.3.4 and CheckPoint Guide.
Applying a central license is a two-step process:
a. Add or import the license from the .lic file. The license is added to the Check Point
management server repository but is not attached to any devices.
b. Attach the license. For more information, see Nokia Horizon Manager v1.3.4 and
CheckPoint Guide.
Horizon Manager supports two file formats for Check Point licenses:

.lic used by Check Point
an internal format of one license per line and tabs to separate the fields within the
licenses.
Horizon Manager detects the file format automatically.
Starting Check Point FireWall
The Start Check Point FireWall action allows you to start the firewall software existing on a
device that you have selected. This action runs cpstart, which starts all Check Point services.
Start Check Point FireWall Dialog Box
To access the Start CheckPoint FireWall dialog box, choose Actions > Application Management
> Start Check Point FireWall. Use this dialog box to start the Check Point FireWall software
existing on a device.
Select a firewall associated with a device in the Devices table, then click Start. This starts the
firewall and all services.
Stopping Check Point FireWall
The Stop Check Point FireWall action allows you to stop the firewall software running on a
device that you have selected.
Stop Check Point Firewall Dialog Box
To access the Stop Check Point FireWall dialog box, choose Actions > Application Management
> Stop Check Point FireWall. Use this dialog box to stop a running Check Point FireWall.
Select a firewall associated with a device in the Devices table, then click Start.
114
Actions Menu
Note
The Stop Check Point Firewall action issues an fwstop command. This only stops the
firewall for both Check Point Firewall-1 and Check Point NG. For Check Point NG, since
cpstop is not issued, other shared components remain running.
Backing Up Devices
You can back up configuration files for selected devices by choosing Actions > Device
Management > Backup, or by clicking the Backup icon on the toolbar.
Note
This action backs up configuration files for the applications, not the applications themselves.
You can, outside of Nokia Horizon Manager, create a text file to contain a customized list of
pathnames that Horizon Manager can use for your custom backups. You can use this text file
instead of specifying each pathname in the Custom Backup Full Path Names text box every time
you back up. You can also use this text file in addition to specifying the pathnames in the text
box.
When you initiate a backup, the backup file is first created in the /var/backup directory on the
device, then this file is copied to the location specified in the “Actions Dialog Box” on page 191
backup directory setting. If the backup directory is not created, Horizon Manager attempts to
create the directory as part of the Backup action. To ensure write privileges (so that Horizon
Manager can create the backup directory and write to it), the Account Login and Password
option settings must be associated with the appropriate network privileges.
Horizon Manager does not automatically perform any maintenance of the Backup Sets directory.
Every time you run a Backup action a backup set is created in the specified directory. Because
the system never deletes any of these backup sets, disk space use increases each time you
perform a backup.
In addition to disk space storage, as you store a greater number of backup sets in the backup
directory, the storage takes longer, and the system requires more memory to read in the list of
backup sets each time you initiate a restore. To free up resources and maintain satisfactory
performance, periodically archive or delete unnecessary backup sets.
Backup Dialog Box
To access the Backup dialog box, choose Actions > Device Management > Backup or click the
Backup icon on the toolbar. Use this dialog box to back up selected groups or devices.
Field
Description
Backup Log Files
Backs up the log files (/var/log) residing on all selected
devices.
115
116
Field
Description
Backup Home
Directory
Backs up the home directory (/var/monitor and /var/
admin) for all selected devices.
Backup Set Name
Enter a name for the backup set you are creating. Note
that the backup set name will always be
MLMBackUpFile.tgz on the device. This name is for
recognition within Horizon Manager.
Append Date to Name
Add the current date to the name of the backup set
(Backup Set Name).
Backup Set
Comments
Enter any comments about the backup set. These
comments appear in the list of backup sets when you
perform a Restore action. Comments can help identify
particular characteristics about a backup set. You can
view comments about a backup set by positioning the
mouse over the backup set name.
Backup Package
Configuration
Select one of the following items to include in the backup
set. The configuration files are backed up, not source
code or executable files.
•None - backs up no configurations
•Active packages on device at time of backup - backs up
active packages at the time the backup is performed, not
when it is scheduled.
•All packages on device at time of backup - backs up all
packages at time backup is performed, not when it is
scheduled
Custom Backup Only
Select Yes to back up the files you specify.
Actions Menu
Field
Description
File Containing
Custom Backup Full
Path Names
Enter the filename that to contain a list of files for the
custom backup.
Note
All file paths must be absolute
and start with the slash character
(/).
File paths cannot be from the root directory. These files
are backed up through the regular backup operation.
Wildcards (*,?, and [ ]) are supported.
File paths normally specify individual files, but can be
whole directories with nested directories.
Example
This example shows correct use of each supported
character, as well as a directory that contains other
directories (/myweb/htdocs_dirs):
/var/admin/file[1-3]
/web/template/v?sen*
/var/admin/script_dirs
Custom Backup Full
Path Names
Enter the path names to all files specified for custom
backup. Wildcards (*,?, and [ ]) are supported.
Note
All file paths must be absolute and start with the slash
character (/).
File paths cannot be from the /config directory. These files
are backed up through the regular backup operation.
Wildcards (*,?, and [ ]) are supported.
File paths normally specify individual files, but can be
whole directories with nested directories.
Custom Backup Max.
Size KB
Enter a maximum size in kilobytes of the custom backup
file. The default size is 25000 KB.
To back up devices
1. Select one or more groups or devices from the Groups or Devices panes.
2. Choose Actions > Device Management > Backup to display the Backup dialog box.
3. Check the appropriate boxes or enter data in the applicable fields. Some fields are required.
117
Note
The Backup Log Files and Backup Home Directory take longer if the home directories
contain large files: The difference could be significant depending on the size of the home
directory. Make sure that enough space is available on the local host for your backup
files.
4. For a custom backup, enable Custom Backup Only and specify the pathnames for the files
you want to back up. You can save these files in a separate file and specify a size for the
backup set.
When you enter all required data, click Start to perform the action or click Cancel to close the
dialog box without performing the selected action.
To back up ITM devices
The following procedure initiates backup of the ITM device configuration.
1. Enter the Backup Set Name to back up.
2. Click Yes to append date to the Backup Set Name.
3. Enter any comments about the Backup Set.
The comments appear in the list of Backup sets when you perform a Restore action.
4. Click Yes to save only a configuration that can be replicated to other devices.
The backed up configuration can be restored on to a different ITM device.
5. Click Yes to perform only a custom backup.
6. Select the file that contains custom backup full pathnames.
7. Enter the Custom backup full pathnames
8. Enter the maximum size of the custom backup.
Backup Example
The example shows the specification a backup set named, Weekly Backup, that it set to have the
date appended to the name and only backup active packages when the action executes.
118
Actions Menu
NSOSP Backup Dialog Box
To access the Backup dialog box, choose Actions > Device Management > Backup or click the
Backup icon on the toolbar. Use this dialog box to back up selected groups or devices.
Field
Description
Backup Set
Name
Enter a name for the backup set you are creating. Note that the
backup set name will always be MLMBackUpFile.tgz on the
device. This name is for recognition within Horizon Manager.
Append Date
to Name
Add the current date to the name of the backup set (Backup Set
Name).
Backup Set
Comments
Enter any comments about the backup set. These comments
appear in the list of backup sets when you perform a Restore
action. Comments can help identify particular characteristics
about a backup set.
Runs on
Click on the Show devices button to display a list of devices on
which the Backup operation will be run.
Parallelism
Indicates the number of devices on which the action will run
simultaneously.
Close
Close the Device Management/Backup window.
119
Field
Description
Failure
cancels
pending
devices
Set parallelism to 1 and cancels the action on the rest of the
selected devices if it fails on a device. If you leave this box
unchecked, the action continues to execute on the rest of the
selected devices even if there is a failure. This is useful if you
want to try an action, then stop if any device rejects the action
(instead of breaking all the devices, for example).
Run this
action at
high priority
Checking this box allows you to run the action in high priority
mode, even if it is scheduled to run later. If the box is not
checked, the action runs at normal priority and starts in the order
in which it comes due.
Close
Close the Device Management/Backup Window
Copy To
Use this command to copy action results in to attribute columns
you have defined. Specify the column name and select Continue
to proceed.
Status
Messages
Provides status on the Backup action
To back up IP40 devices
1. Enter the backup set name to backup.
2. Click Yes to append date to the backup set name.
3. Click any comments about the Backup Set.
The comments appear in the list of Backup sets when you perform a Restore action.
4. Click the Show Devices button against the Runs on field to display a list of devices on which
the Backup action will run.
5. Choose the number of devices on which the action will run simultaneously by using the
drop-down menu against the Parallelism field.
6. Check the Failure cancels pending devices box to cancel the action on the rest of the selected
devices if the action on one of the devices fails.
7. Check the Run this action at high priority box to run the action in high priority mode, even if
it is scheduled to run later.
IP40 Backup Example
An example of Device Management/Backup action on IP40 is shown below:
120
Actions Menu
Managing Configurations on Devices
With the Horizon Manager configuration management feature, you can deploy configuration
data to selected devices automatically. Using a previously obtained configuration file as a
starting point or any Nokia IPSO operating system since version 3.5 as a template, you can
modify settings and deploy new software to the devices.
Horizon Manager displays the OS types/versions, software packages required as part of the
configuration, and a table with all configuration items (name/value pairs). Each entry in the table
has an enable/disable checkbox, that identifies whether that particular item is to be set on the
device or left as it is.
When you start the action, it performs the following for each selected device:
1. Checks the Constraint rules.
2. Installs a new OS, if required, as specified in the stored configuration.
3. Installs new packages, if required, as specified in the stored configuration.
4. Enables/Disables packages as specified in the configuration.
5. Sets all the configuration parameters.
The Configuration Deployment action also can download multiple files and run scripts and
commands in a sequence that you specify. These optional steps help the device administrator to
perform customization of the devices after OS and packages are installed.
Device Configuration/Configure and Deploy Dialog Box
To access the dialog box, choose Actions > Device Configuration > Configure and Deploy. Use
this dialog box to create or edit, then deploy a configuration to selected devices.
The changes you make using the Horizon Manager Configuration Management tool are to a
template that then is deployed to make configuration changes on the device. They are not direct
changes to the value of the record on the device. This model is useful, for example, when you
121
extract a configuration from one device and deploy it to another device (perhaps on a different
subnet) where original settings can not be applied, but after minimal editing, they become valid.
Note
The Configure and Deploy action filters the available operating system for upgrade based on
the template in use in the action.
122
Field
Description
Template
Displays the currently selected operating
system template.
New
Opens the Select OS version dialog box that
allows you to select a version of IPSO to use
as the configuration template. Available
IPSO versions are 3.5, 3.5.1, 3.6, 3.7, 3.7.1,
and 3.8.
Open
Opens the Select Configuration to Load
dialog box that allows you to select a
previously saved configuration template.
Save As
Saves the current configuration template
under a new name.
Info
Displays the configuration name,
configuration author, device type, and
description stored in the specified xml file.
See “Editing Configuration Management
Information” on page 125.
IPSO
Displays the OS Configuration Element Tree
with associated value pairs in table format.
The data is IPSO configuration information
from the stored IPSO templates or from the
template you have created previously. You
can enable and disable records and edit the
values associated with these records. See
“Managing IPSO Configurations” on page
126.
Actions Menu
Packages
Displays the software packages that are
available to be deployed from the Horizon
Manager installable files directory. The list
includes packages from a previously
extracted configuration. You can add
packages or delete packages from the
configuration. You can also set the
configuration to enable or delete the
packages on the selected devices. See
“Managing Package Deployment” on page
127.
Note
Packages to be
deleted must be
highlighted.
Check Point
Allows you to create a new configuration for
Check Point packages. You must add the
corresponding Check Point package to the
Packages tab list to deploy it.
Note
The Configure and
Deploy action for
Check Point
configurations can
be used for initial
deployment only. To
change existing
configurations, use
the Configure CP
Firewall actions
under Actions >
Application
Management.
See “Managing Check Point Configurations”
on page 128.
Post Actions
Allows the addition of post actions or
additional actions to be executed on the
device after the configuration has been
deployed. See “Using Post Actions after
Deployment” on page 130.
123
To manage and deploy configurations
1. Select devices for the action.
2. Choose Actions > Device Configuration > Configure and Deploy. Information about the
current configuration, if any, displays in the Info tab.
3. Click either New to use a standard IPSO template or Open to use a previously saved
template.
4. Click the IPSO tab to view and make changes to the IPSO configuration information.
5. Click Packages to set the template to delete or enable packages on the selected devices.
Click Add or Delete to add or delete packages to the configuration for deployment.
6. Click Check Point to initially configure Check Point packages. Note that the edited
configurations are deployed by adding them as packages to the Packages tab, then deploying
them.
7. You must specify an a password for the Check Point firewall administrator. In the Check
Point tab, click Primary Management Server > Administrators > Add.
8. In the Add Administrator dialog box, enter the login, password, and permission for the
administrator.
9. Click Post Actions to add actions will be executed after the configuration has been deployed.
10. Click Show Devices to verify the list of devices for the action.
11. Click Start to start the action or Schedule to run it at another time.
124
Actions Menu
Managing and Deploying Configurations Example
The example shows the IPSO tab with the OS Configuration Element Tree and value pairs table
displayed. Use this tab to edit, enable, and disable IPSO records in the configuration template.
Editing Configuration Management Information
The information in the Info tab of the Device Configuration/Configure and Deploy dialog box
provides the name, author, and description of the configuration. You can type this information
into the fields provided or, if you have opened a previously extracted configuration, you can edit
the displayed information.
125
Managing IPSO Configurations
You can create, edit, and deploy IPSO configuration templates using the IPSO tab of the Device
Configuration/Configure and Deploy dialog box.
IPSO Tab
To access the IPSO tab, choose Actions > Device Configuration > Configure and Deploy >
IPSO.
126
Field
Description
Configure IPSO
Select this option to enable changes to the
current template. Activates the OS
Configuration Element Tree.
This checkbox is checked by default. If you
are creating a new configuration file all of the
elements of the tree are unchecked. If you
are using an existing configuration file, then
the configuration elements are set according
to the information in that file.
Force IPSO upgrade to
Select this option to change the existing
IPSO version on the device to a version that
you specify. For new configurations, this
checkbox is unchecked by default, therefore
the OS will not be upgraded. For existing
configuration templates, this checkbox is set
according to the template. If this option is
enabled then the OS will be upgraded.
You also have to choose the actual image
file to use for the upgrade. You can either
enter the location and name of the file or
choose Browse. Browse opens the IPSO
Images in Repository dialog box in which
you select the image file. These files must
reside in the Installable Files directory.
Try to configure OS even if the
template version does not match
Select this option to attempt to configure a
device when the IPSO version on the device
and the IPSO version of the configuration
template do not match. The Action Results
will show which configuration elements
passed or failed. The default for this
checkbox is unchecked.
OS Configuration Element Tree
and Name Value Pair Table
This part of the tab displays the elements of
IPSO that are available for configuration.
Each entry in the tree has an enable/disable
checkbox, where you identify the element as
one that will change or not.
When you click an element, its associated
name value pair displays in table format. You
can change the values in the table.
Actions Menu
Notes about using the IPSO Tab

Click on the element name to display the associated name value pair.
Click the check box next to the element to enable it for change in the configuration template.
Some of the elements allow you to add records. For these elements, Add and Delete buttons
appear at the bottom of the tree. Click Add to display the names and values for the record.
Click Delete to delete the record.
Incorrect or missing information is highlighted in yellow and a red check mark appears next
to the element name in the tree.
Managing Package Deployment
You can specify software packages for deployment using the Packages tab of the Device
Packages Tab
To access the Packages tab, choose Actions > Device Configuration > Configure and Deploy >
Packages.
Field
Description
Deploy Packages
Select this option to choose software
packages as part of the configuration to be
deployed to a device. For new
configurations, this checkbox is unchecked.
If checked, it is based on the settings in the
existing configuration file.
The images of packages to be deployed
must be installed in the Installable Files
directory before deployment.
Deploy packages even if OS
version does not match
Select this option to deploy a package to a
device regardless of whether the operating
system on the device and in the
configuration template file are the same. The
default for new configuration files is
unchecked. If checked, it is set according to
the settings in the existing configuration file.
Remove existing packages
Select this option to delete all of the existing
packages residing on a device before
deploying new packages. The default for
new configurations files is unchecked. If
checked, it is set according to the settings in
the existing configuration file.
Packages Table
This part of the Packages tab displays the
available packages. Each package entered
has associated checkboxes, which allow you
to delete packages from a device or enable
packages on a device.
127
Add and Delete
You can add new packages to the
configuration by clicking Add and Remove
packages from the configurations by clicking
Delete.
When you click Add, the Packages in
Repository dialog box appears, from which
you select the packages to add.
The packages must reside in the Installable
Files directory.
Managing Check Point Configurations
You can configure and deploy Check Point packages using the Check Point tab of the Device
Check Point Tab
To access the Check Point tab, choose Actions > Device Configuration > Configure and Deploy
> Check Point.
Field
Description
Configure Check Point
Select this option to enable changes to the
configuration of CP NG FP2 or CP NG FP3
or CP NG with AI.
CP NG FP2
Select this option to make configuration
changes for Check Point NG FP2. See
“Configuring CP NG (FP2) Firewall” on page
65.
CP NG FP3
changes for Check Point NG FP3. See
“Configuring CP NG (FP3) Firewall” on page
73.
CP NG AI
changes for Check Point NG AI , Check
Point NG AI (R55), and Check Point NG AI
(R55) for Nokia IPSO v3.8. See “Configuring
CP NG with AI Firewall, CP NG with AI
(R55) FireWall, and CP NG with AI (R55) for
Nokia IPSO v3.8” on page 92.
Note
Nokia Horizon Manager detects the R55 wrapper package appropriately when you select
Actions > Device Configuration > Configure and Deploy > Packages > Add. Horizon
Manager lists all the packages with appropriate default values. When you select R55, NG
128
Actions Menu
with AI option is automatically selected in Actions > Device Configuration > Configure and
Deploy > Check Point tab.
Check Point NG with AI (R55) for Nokia IPSO v3.8 on IP2250: List of unsupported packages

Check Point VPN-1/FireWall-1.4.1 for backward compatibility
Check Point FloodGate-1
Check Point UserAuthority Server
Check Point SmartView Monitor
Check Point SmartView Reporter
For more information, see Check Point Enterprise Suite Next Generation with Application
Intelligence (R55) for IPSO 3.8 Release Notes document.
Note
When you use the Configure and Deploy action in the case of Check Point NG with AI (R55)
for Nokia IPSO v3.8 on IP2250 platform, ensure that you remove the list of unsupported
packages manually.Check Point NG with AI (R55) for Nokia IPSO v3.8 on IP2250 only
supports module related packages and configuration.
To Configure and Deploy Check Point Applications
1. Select the packages tab.
2. Click the Deploy Packages option.
3. Select the add button. A second window with a list of available packages appears.
4. Select the CP FP3 package, for example, and click OK. This adds the package to the list.
Now you can choose which of Check Point package to enable, disable, or delete. You have
the option to deploy this and not configure it.
5. If you also want to configure CP FP3 package, then you also must select the Check Point
tab.
6. Click Configure Check Point
7. Follow the procedures in “Configuring CP NG (FP3) Firewall” on page 73 to make changes. Note
that you cannot reconfigure Check Point here, you must deploy the new package.
Note
Check Point configuration will be performed only if Horizon Manager installs Check
Point packages in this action.
Note
The following fields are not available: domain name configuration, group configuration
for NG FP2, and the option to input your own random keys.
129
Using Post Actions after Deployment
After the deployment of IPSO and Check Point configuration information, you can specify
several actions for Horizon Manager to run. The actions are the same as the actions accessible
from the main menu. They run automatically after the configuration deployment. The post
actions are:

Add Command
Add Script
Add Upload
Add Command Dialog
To access the dialog box, choose Actions > Device Configuration > Configure and Deploy >
Post Actions > Add Command. Use the dialog to execute a command or commands for devices
for which you are deploying a configuration. Commands include executing resident applications
or shell commands on the device.
Enter a command line and click OK. The command string executes after the configuration
deployment.
Add Script Dialog
Post Actions > Add Script. Use the dialog to run a shell script file and parameters on devices for
which you are deploying a configuration. The script is downloaded to the devices, executed, and
then deleted.
Enter the location of the shell script file, then parameters (if required), and click OK. The file
will be executed after the configuration deployment.
Add Upload Dialog
Post Actions > Add Upload. Use the dialog to upload a file and parameters to devices for which
you are deploying a configuration. You can specify the location of the file on the destination
IPxxx device.
Enter the location of the file, then parameters (if required), and click OK. The file will be
uploaded after the configuration deployment.
Extracting Configurations from Devices
Using the Horizon Manager configuration blaster feature, you can extract configuration data
from selected devices automatically and store it in an XML file. Then optionally modify
information in the file and deploy it to specified devices.
Use ConfigExtract to do the following:

130
Specify a name and description for the extracted configuration.
Read OS and Applications installed.
Actions Menu

Read subset of platform and application configuration.
Check for validity of OS and applications.
Read the common configuration parameters (such as name, value pairs) of the platform and
store them in the Horizon Manager server as a XML file.
Add metadata for the configuration file.
The common configuration parameters include all parameters that are not specific to the
particular device and those that typically have the same value in a large deployment. Typical
examples are: Primary and secondary DNS server addresses, policies about whether telnet/ftp/
ssh is to be enabled or disabled on the device, etc.
Additionally, Horizon Manager checks whether the stored configuration is valid according to
Constraint rules. If not, the action fails. Note that the Constraint check is based only on the final
state of the device and not on the {initial, final} state, as with other actions.
Role based management allows only certain users with appropriate privileges to create/extract
configuration. The XML file can be edited using 3rd party editors.
Device Configuration/Extract Configuration Dialog Box
To access the dialog box, choose Actions > Device Configuration > Extract Configuration. Use
this dialog box to extract configurations from selected devices.
Field
Description
Destination XML Template File
Path and filename for the XML configuration
file.
Overwrite existing file on the device
Allows an existing configuration file to be
overwritten.
Configuration Name
Name attached to the current configuration
settings.
Configuration Author
Name of original configuration author.
Defaults
Returns to field default settings.
Devices
Opens a dialog that displays the list of
devices on which the deploy action will be
run
To extract configurations
1. Select one device for the action.
2. Choose Actions > Device Configuration > Extract Configuration.
3. Enter or verify the xml file name and information fields.
4. Click Start to start the action or Schedule to run it at another time.
131
Note
Establish SIC communication and perform rescan operation of the management server
from Check Point panel, before performing extract configuration action on a device with
Check Point package installed and configured as Primary Management Server or
Primary Management Server and Module.
Extract Configuration Example
The example shows a prefix, Twain, for the configuration, as well as additional information
about the configuration.
Restoring Devices
You can restore the configuration files for a device from a previously performed backup. When a
backup is performed, the system stores all software inventory information in a backup set. When
you restore a backup set, you can check whether the software inventory on the box changed from
the time the backup was performed.
Note
Do not try to restore configuration files for applications that no longer exist.
When you select Restore from the Actions menu, a tree listing all of the backup sets appears. If
you open up each of the branches in the tree, all of the devices that were part of that backup set
appear. The dialog box indicates whether the version of the operating system that is running now
is different than the version that was running then. If the operating system version is different,
the dialog box specifies that you cannot perform a restore. The dialog box also indicates
differences in the software packages. Each difference is listed as a separate node of the tree
under the associated device.
132
Actions Menu
See “Backing Up Devices” on page 115.
Restore Dialog Box
To access the Restore dialog boxes, choose Actions > Device Management > Restore or select
the associated icon on the toolbar. Use this action to restore previously backed-up devices.
Note
You must select a device from the Devices pane before you perform this action. Use SCP for
a secure restore. Use FTP for a non-secure restore. You can view comments entered when
the device was backed up by rolling the mouse over the backup set entry.
The following table describes the Backup Sets for Selected Nokia Security Platform Devices
dialog box.
Field
Description
Backups
This is a list of the standard backup sets and
devices that are available to be restored
Custom Backup Files
This is a list of the custom backup files and
devices that are available to be restored
The following table describes the Restore dialog box.
Field
Description
Restore File Name
This is the name of the backup set to be
restored. Note that the backup set name will
always be MLMBackUpFile.tgz on the
device. This name is for recognition within
Horizon Manager.
To restore devices
1. Choose Actions > Device Management > Restore from the Actions menu
Caution
You can restore devices from only one backup set at a time. You cannot restore
multiple backup sets or devices from more than one backup set in a single operation.
You overwrite all current configuration files on all selected devices when you initiate the
Restore action.
2. Select the backup set to restore in the Backup Sets for Selected Nokia Security Platform
Devices or NSOSP Devices dialog box.
3. Click OK.
133
4. Verify that the correct backup set displays in the Restore File Name text box or browse for
the correct backup set.
5. Click Start to perform the action or click Cancel to close the dialog box without performing
the selected action.
The following warning appears:
“This action could corrupt the device. Do you wish to continue?”
6. Click Yes to continue or No to close the warning, and return to the Restore dialog box.
When you click Yes, the system performs the action.
NSOSP Restore Example
A simple Restore screen for the NSOSP-IP40 device is shown.
Updating Device Passwords
You can update the password for the admin user for a selected group of devices by using the
Update Device Password action. This action changes the admin password to the password string
entered by you on all IPxxx devices in the group. Use group update with caution because of
security implications. During this action a temporary file is created that contains the old
password and the new password of the IPxxx device in clear text. The password update action
deletes the file as soon as the action completes, but the IPxxx device might keep the file if the
deletion fails. Also, running this action on a group of devices means that the passwords are the
same on all the selected devices. Normally, devices would not have the same password.
You can perform this action only if you have the appropriate privileges. Single quotation marks
are not supported characters.
For information about creating ITM devices, see “Requirements to Create ITM devices” on page
34.
134
Actions Menu
Note
Use group update with caution because of security implications.
Update Device Password Dialog Box
To access the Update Device Password dialog box, choose Actions > Device Security > Update
Device Password. Use this dialog box to change or update the password on the device. Single
quotation marks are not supported characters.
.
Field
Description
Login
Horizon Manager uses the login name stored
in Horizon Manager.
Old Password (only for NSP/ITM)
Horizon Manager uses the password stored
in Horizon Manager.
New Password
Enter the new password.
Reenter New Password
Enter the new password again.
To update a device password
1. Highlight the device or devices to update in the Devices pane.
2. Choose Actions > Device Security > Update Device Password.
3. Enter the old password (only for NSP and ITM devices)
4. Enter the new password.
5. Enter the password again.
6. Click Start to update the group of devices with the new password.
Note
Nokia Horizon Manager uses the login and password for the devices you selected. To
change the password for another account on the same device, enter the login name in
the Login text box and the old password. Then enter the new password as described.
Single quotation marks are not supported characters.
NSP Update Device Password Example
The example shows the creation of a new password for the device login, harrison.
135
NSOSP-IP40 Update Device Password Example
The example shows the creation of a new password.
Uploading Public Keys
Public-key authentication is considered a safe way to authenticate clients. Using public-key
authentication in the Nokia Horizon Manager environment allows you to:

Track and audit user actions on the device. This is difficult with password authentication,
since managed devices are usually accessed through a single account shared by multiple
users.
Remove device passwords from the Horizon Manager database to further improve security.
This action provides a one-step procedure for updating a public key for selected Horizon
Manager users on a set of devices. Devices use different key formats based on the SSH protocol
136
Actions Menu
version and the specific SSH implementation. IPSO appliances use RSA key pairs for SSH1 and
DSA key pairs for SSH2. Store the SSH2 keys on the device in OpenSSH format, in the ~/.ssh/
authorized_keys2 file. Message Protector and IP40 appliances use DSA key pairs for SSH2 and
store the SSH2 keys on the device in OpenSSH format.
Horizon Manager maintains both RSA and DSA key pairs for every Horizon Manager user. The
system uploads the keys by using settings described in “Upload Public Keys Dialog Box” on
page 137 for nokia security platform devices.
Note
Public key upload is also supported for NSOSP devices (IP40 only).
Topics:

“To upload public keys for the IP40 appliance:” on page 139
“Usage Suggestions for Updating Public Keys” on page 141
Upload Public Keys Dialog Box
To access the Upload Public Keys dialog box, choose Actions > Device Security > Upload
Public Keys. Use this dialog box to migrate the Horizon Manager Users Public Keys to the
device for key-based access to the device.
Field
Description
Select users with valid
key creation dates for
uploading
Lists the users and their key creation dates. Select one or
more before starting the upload action.
Select key type based
on SSH protocol
version
Lists the key types available for uploading.
The highest version
being used by Horizon
Manager to access
devices (or SSH2 if
none)
Uploads keys in the format consistent with the SSH
protocol version established while accessing the device. If
a device is being accessed through a nonsecure
connection (Telnet), Horizon Manager uploads and stores
the keys according to SSH2 requirements. Nokia
recommends using this option to set up public-key
authentication for the majority of cases.
SSH2 only
Uploads and stores keys according to SSH2
requirements regardless of the actual protocol version
being run by the device.
This is the recommended option for ITM Devices.
SSH1 only
Uploads and stores keys according to SSH1
requirements regardless of the actual protocol version
being run by the device
137
Field
Description
Remove public keys
for other versions of
SSH
Removes a public-key list stored on the device in another
format than the selected format. For example, if a SSH2
list is being uploaded, then the SSH1 list, if present, is
removed. Usually the SSH2 server remains backward
compatible with the SSH1 protocol, so removing an
outdated list for device access is a good security practice.
To update public keys or fingerprints for NSP and ITM devices
1. In the Devices pane, select the devices to update.
2. Choose Public Keys Upload from the Actions menu.
3. Select users from the list.
4. Select the key type.
5. Enable Remove public keys for other versions of SSH to remove a public-key list stored in
another format.
6. Click Start.
NSP and ITM Upload Public Keys Example
The example shows a specification update public keys to the admin user, to use SSH2 only, and
to remove public keys for other versions of SSH. This example corresponds to an NSP device.
138
Actions Menu
To upload public keys for the IP40 appliance:
2. Choose Upload Public Keys from Actions > Device Security.
4. Click Start.
NSOSP-IP40 Upload Public Keys Example
The example shows a specification update public keys to the admin user.
To upload public keys for Nokia Message Protector
2. Choose Upload Public Keys from Actions > Device Security.
4. Click Start.
Nokia SPSX Upload Public Keys Example
The example shows a specification update public keys to the admin user.
139
About Uploading Public Keys
When you update public keys, keep in mind the following information:

The set of keys being updated is for a single device account that Horizon Manager uses to
log in to the device.
The new set of keys created for selected users replaces the existing set on the device for
public-key-authenticated access for a given SSH protocol.
User private keys are stored in their respective account directories encrypted. Even the
administrator cannot decrypt keys of other users if every user has their own Horizon
Manager account and password.
A list of public keys being stored on devices that is retrieved during the Software Inventory
operation and can be viewed in the new device table column Uploaded Public Keys.
Horizon Manager generates user keys when users first log into their Horizon Manager
accounts. If valid keys existed in user accounts prior to the first login of the user, Horizon
Manager uses those keys for SSH public-key authentication. These keys are denoted as
imported in the Key Creation Date.
Once the keys for authorized users have been distributed, you may switch to public key
authentication mode through the SSH Authentication tab in the Administration > User
Security Administration dialog box. Subsequent updates to the public key lists do not
require switching to password authentication, if performed properly.
Note
As Horizon Manager accounts are created, an administrator is free to upload the
corresponding keys to the devices immediately, without having to wait for users to login at
least once.
140
Actions Menu
Usage Suggestions for Updating Public Keys
To benefit from this feature of Nokia Horizon Manager and further improve system and network
security, consider doing the following:

Upload public keys over a secure connection.
Remove device passwords from Horizon Manager database as soon as public keys have
been uploaded, and public key authentication access has been verified.
Do not use nonsecure access to the devices. Once the nonsecure access is not used, the FTP
server does not need to run on the Horizon Manager station. Once the FTP server is
disabled, set the following fields to blank in the Options > NHM Options > Actions tab:
Local FTP Server
Account login
Account Password
Use separate operating system accounts for all Horizon Manager users. Always login to
Horizon Manager from the same account.
Encourage users to use long and non-trivial operating system and Horizon Manager
passwords.
Disable password-authenticated access to managed devices or use long and non-trivial
passwords and do not disclose them to other Horizon Manager users.
Deploying Licenses
With a single action, you can deploy a device license to a single device or to many devices.This
action installs the device license on the devices that you have selected in the Devices pane.
You can perform this action only if you have a device license ready.
Nokia recommends that you perform a device reboot after deploying licenses.
Note
This action does not support ITM devices running v4.2 firmware. For more information about
licensing ITM devices running v4.2 firmware, see the steps following the ITM procedure “To
deploy a license to ITM devices” on page 142.
ITM Deploy License Dialog Box
To access the Deploy License dialog box, choose Actions > Device License > Deploy License.
Use this dialog box to enter the device Registration Keys.
Field
Description
Host
IP Address or the name of the device.
Registration Keys
Key issued by the vendor for the device.
141
Field
Description
License File
License key issued by the vendor for the
device.
Edit
Edit the License Key field of a selected
device from the License Information for IP30
devices table.
Remove
Removes the license key of a device from
the list of selected devices.
Defaults
Restore the default settings.
Note
This action does not support ITM devices running v4.2 firmware.
Deploy License Warning Dialog Box
If you have privileges for a particular device type only, such as IP30, and you import
another device type, such as IP40, then you try to perform an action on those devices,
Horizon Manager displays a warning message.
To deploy a license to ITM devices
1. Select the devices in the Devices pane.
2. Choose Actions > Device License > Deploy License.
3. Select the device in the License Information for ITM devices table.
4. To import a license from a file for an ITM device, click Edit.
5. The Edit License Information opens.
Browse to the license file and select it.
6. Click OK.
The availability of the license file appears in the License Information for ITM devices table.
7. To remove the license information of an ITM device on Horizon Manager, click Remove.
8. Click Start to deploy the licenses on the corresponding group of ITM devices.
Note
The Deploy License action does not support ITM devices running v4.2 firmware. See the
following procedure.
142
Actions Menu
On ITM devices running v4.2 firmware:
1. Select the device in the Devices pane.
2. Choose Actions > General > Execute Command and type the following command:
cp /config/bigip.license /config/bigip.license.bak
3. Choose Actions > File Upload.
4. In the Source File field, browse and select the license file on the hard drive of your
computer.
5. In the Destination File text box, type the following:
\config\bigip.license
6. Click Yes to overwrite the file on the ITM device.
7. Click Start.
8. Run the Reboot action.
The correct license is deployed to the selected device. Verify that the newly installed license
appears in the Device License column of the Devices pane.
NSOSP Deploy License Dialog Box
To access the Deploy License dialog box, choose Actions > Device License > Deploy License.
Use this dialog box to enter the License Keys.
Note
You must perform the Software Inventory action on the IPxx device before you update the
device license.
Field
Description
Host Name
MAC Address
MAC address is associated with the device
License Keys
License key issued by the vendor for the
device.
Edit
Edit the License Key field of a selected
device from the License Information for IP30
devices table.
Remove
Defaults
Restore the default settings.
143
To deploy license to NSOSP devices
2. Choose Actions > Device License > Deploy License.
3. Select the device in the License Information for NSOSP devices table.
4. To deploy a license to a device, click Edit.
The Edit License Information window opens. The Host name and MAC Address of the
device are displayed.
5. Enter the license key.
6. Click OK.
The license appears in the License Information for NSOSP devices table.
7. Click Start to deploy the license to the device.
8. To remove the License Information from Horizon Manager for the selected NSOSP device,
click Remove.
NSOSP-IP40 Deploy License Example
The example shows a sample Deployment License screen for IP40 devices.
NSOSP-IP30 Deploy License Example
The example shows a sample Deployment License screen for IP30 devices.
144
Actions Menu
Generating a Dossier
The Generate Dossier action allows you to generate a dossier file for the devices that you
selected in the Devices pane. To fetch the device licenses for the devices that you selected,
generate a dossier file that contains the Host ID and the registration keys for each of the devices.
You can perform this action only if you have the device registration keys and when Horizon
Manager is not connected to the Internet.
Generate Dossier Dialog Box
To access the Generate Dossier dialog box, choose Actions > Device License > Generate
Dossier. Use this dialog box to generate a dossier file. Using the dossier file, you can fetch the
device license.
Field
Description
Host
Registration Keys
Edit
Generates a Dossier file from a single device
at a time.
Remove
To generate a dossier
2. Choose Actions > Device License > Generate Dossier.
3. Select the device from the License Information for ITM devices table.
145
4. To generate a dossier file, click Edit.
The Enter Registration Keys window opens.
5. Enter the Registration keys for the device.
6. Click OK.
7. Select a location to save the dossier file.
8. Click Start to generate the dossier file.
Once you have the license, use the Deploy License action to update the device license. If
you want to remove the license key on a device from the list of selected devices, click Remove.
9. Upload the dossier file to a license server and fetch the license for the ITM device.
10. Use the Deploy license action to deploy the licenses on the corresponding group of ITM
devices. For more information, see “Monitoring Progress and Results” on page 175
Downloading and Installing Device Licenses
You can fetch the device licenses for a single device or a selected group of devices by
performing the Download and Install action.
This action fetches the device license for all the devices selected in the Devices pane.
If you have privileges for only a particular device type, such as IP30, you can only perform an
action on those devices. If you do not have privileges, a warning message is displayed.
You can perform this action only if you have the registrations keys and when Nokia Horizon
Manager is connected to the Internet.
Download and Install Dialog Box
To access the Download and Install dialog box, choose Actions > Device License > Download
and Install. Use this dialog box to enter the device registration keys.
146
Field
Description
Host
Registration Keys
Edit
Performs the device license update on a
single device at a time.
Remove
Choose License Server
Server where ITM device licenses are
stored. The default is activate.f5.com
Use Proxy Server to Connect
License Server
Proxy server used to connect to the Internet.
Actions Menu
To download and install a device license
2. Choose Actions > Device License > Download and Install.
3. Select the device from the License Information for ITM devices table.
4. To enter registration keys, click Edit.
The Enter Registration Keys window opens.
5. Enter the registration keys.
Separate multiple registration keys with a comma.
6. Select the License server.
The ITM devices default server is activate.f5.com.
7. Select Proxy server and enter the host name and port number if Nokia
Horizon Manager is connected to the Internet by using a Proxy server.
8. Click Start to deploy the ITM licenses.
9. To remove a device from the License Information for ITM devices table, click Remove.
10. Click Start to deploy the ITM licenses.
Executing Commands
Using a single line of command, you can execute a command or commands for devices that you
selected in the Devices pane. Commands include executing resident applications or shell
commands on the device. The results of the commands are displayed in the action results pane.
This action can be performed on IP40, ITM, NSP, and IPSO-SX device types.
For ITM devices, only SSH related commands are supported. For an example of a command to
execute, see “Execute Command Example” on page 148.
Execute Command Dialog Box
To access the dialog box, choose Actions > General > Execute Command.
Field
Description
Execute Command
Enter the command to execute on the
selected devices. You can enter multiple
commands separated by a semicolon (;).
Copy Result to Column
The result of Execute Command will be
copied to the column chosen. Only the
columns you have created will be displayed
in the list. The default list is None.
147
Note
You can only execute a single command on the IP40 device.
Caution
Do not use any command that can affect the communication between Horizon Manager
and the device. Commands like reboot, exit, show summary, set clienv prompt and set
interface should not be used.
To execute commands
1. Select a device in the Devices pane.
2. Choose Actions > General > Execute Command.
3. Enter a command.
You can also enter multiple commands separated by a semicolon (only for NSP).
4. Click Start.
Execute Command Example
This example shows the execution of the following command:
set checkpoint autofetch=enable
Uploading Files
File upload allows a file to be transferred from Nokia Horizon Manager to network devices. You
can specify the location of the file on the destination IPxxx device. Specify the source and
destination file paths in the selection boxes. You can perform this action only if you have the
appropriate privileges.
148
Actions Menu
File Upload Dialog Box
To access the dialog box, choose Actions > General > File Upload.
Field
Description
Source File
Enter the path name for the source file or
search for the file by using the browse
button.
Destination File
Enter the path name for the destination.
Overwrite existing file on the
device
Select the Yes button to allow an overwrite at
the destination if the files have the same
name.
Calculate checksum
Select the Yes button to calculate checksum.
To upload files
1. Choose Actions > General > File Upload.
2. Enter a path name for the source file.
3. Enter a path name for the destination.
4. Click the check box to allow the source file to overwrite the destination file.
5. Click Calculate checksum, if desired.
6. Click Start to upload the file.
Upload Files Example
The example shows the uploading of the Serverexceptions.log.
149
Rebooting Devices
The Reboot Device action allows you to shut down the operating system of selected devices and
restart them. You can also reboot devices by checking the Reboot Device check box on most
action dialog boxes.
Reboot Device Dialog Box
To access the Reboot Device dialog box, choose Actions > General > Reboot Device. Use this
dialog box to reboot selected devices.
Click OK on this dialog box to signal Horizon Manager to shut down the operating system of the
selected devices and restart them.
To reboot devices
1. Select the devices to reboot from the list.
2. Choose Actions > General > Reboot Device.
3. Click Start.
Running Scripts
You can download previously created shell scripts to devices and run them. The scripts are
downloaded to the devices, executed, and then deleted. The result of the scripts appears at the
top of the action results pane.
This action is supported on the following devices: NSP, ITM and NSOSP (IP40 only).
Run Scripts Dialog Box
To access the dialog box, choose Actions > General > Run Script.
150
Field
Instruction
Script File
Enter the pathname for the script or search
for the script by using the browse button.
Script Arguments (only for NSP
and ITM)
Enter any arguments that you want to attach
to the script file when it is run.
Copy Result to Column
The result of Execute Command will be
copied to the column chosen. Only the
columns you have created will be displayed
in the list. The default list is None.
Actions Menu
Caution
Do not use any script that can affect the communication between Horizon Manager and
the device. Scripts containing commands like reboot, exit, show summary, set clienv
prompt and set interface should not be used.
To run scripts
1. Choose Actions > General > Run Script.
2. Enter a pathname for the script.
3. Enter arguments for the script file (only for NSP and ITM).
4. Click Start to run the script.
Performing a Hardware Inventory
You can perform a simple hardware inventory of devices you selected in the Devices pane. The
inventory includes data such as physical interfaces, CPU number and type, RAM size, number
of disks, and modem. To access the data retrieved for each device, by double-click the device
cell in the Hardware Inventory column and read the information in the Cell Details dialog box
that appears.
Get Hardware Inventory Dialog Box
To access the dialog box, choose Actions > Inventory and Diagnostics > Get Hardware
Inventory.
To perform a hardware inventory
1. Select the devices to be inventoried in the Devices pane.
2. Choose Actions > Inventory and Diagnostics > Get Hardware Inventory.
3. Click Start.
NSP Hardware Inventory Example
The example shows a hardware inventory action set to run at high priority and to stop if there is
a failure on any device.
151
NSOSP-IP40 Hardware Inventory Example
The example shows a hardware inventory action set to run at normal priority and to continue
even if there is a failure in any device.
NSOSP-IP30 Hardware Inventory Example
The example shows a hardware inventory action set to run at normal priority and to continue
even if there is a failure in any device.
Nokia SPSX Hardware Inventory Example
The example shows a hardware inventory action set to run at high priority and to stop if there is
a failure in any device.
152
Actions Menu
Performing a Software Inventory
You perform a software inventory on devices to get a list of all operating systems and packages
installed on each selected device. This action also returns the following information about
devices:

Platform
Disk utilization
Operating system versions
Packages (version and state)
You can perform a software inventory action at any time while running the application.
Note
To use a selection list for an action in Horizon Manager, perform a software inventory to
obtain the most up-to-date data.
Get Software Inventory Dialog Box
The Get Software Inventory action performs a software inventory on the selected devices. The
action returns the operating system and packages that are installed. It also shows which packages
are enabled.
To access the Get Software Inventory dialog box, choose Actions > Inventory and Diagnostics >
Get Software Inventory or select the associated icon on the toolbar. You can perform a software
inventory on all selected devices using this dialog box.
Note
You must select a device from the devices pane before you perform this action.
153
To perform a software inventory
1. Select the devices for which you want a software inventory.
You can view the full set of the devices you selected in the Devices pane on the right side of
the Software Inventory dialog box.
2. Choose Actions > Inventory and Diagnostics > Get Software Inventory to display the Get
Software Inventory dialog box.
3. When you have entered all required data, click Start to perform the action or click Cancel to
close the dialog box without performing the selected action
When you click Start, the system performs the action.
After a successful Software Inventory action, the inventory of installed software for each device
appears in the operating system versions and packages (non-operating system software) columns
in the Devices pane. To view results for additional attributes (such as temperature and uptime),
you must choose Devices or Results > Table > Table Views > Configure Table Views to enable
these columns in the Devices pane.
Note
Some of the attributes are not available on all models.
NSOSP device software inventory information
This action queries each selected NSOSP series device and returns the firmware version
available.When completed, the OS Version column is updated for each selected NSOSP
device, including the following:
•Model number
•Support site
•OS version
•Contact info
•Login
•Config Summary
•Password
•Interface IP Addresses
•Device location
•Uptime
•Serial number
•Uptime Seconds
•Device license
•Upload Public Key (for IP40
only)
ITM device software inventory information
This action queries each selected ITM device and returns the firmware version available, as well
as all firewall packages. When completed, the columns are updated for each selected ITM
device.
154

Config Summary

Model number

Contact info

OS version

Device License

Password
Actions Menu

Device location

Serial number

Interface IP Addresses

Support site

Last Action Result

Uptime

Login
Nokia SPSX device software inventory information
This action queries each selected Nokia SPSX device and returns the firmware version and
Nokia Message Protector package details. When completed, the columns below are updated for
each selected Nokia SPSX device.

Login

Password

Interface IP Address

Uptime

Support Site

Use Secure
Connection

Model

OS Versions

Packages

Last action result

Configuration Summary

Uploaded public keys
NSP Software Inventory Example
The example shows a software inventory action set to run on all devices even if there is a failure
and to run at normal priority.
NSOSP-IP40 Software Inventory Example
155
NSOSP-IP30 Software Inventory Example
Nokia SPSX Software Inventory Example
156
Actions Menu
Verifying Devices
The Verify action verifies connectivity to selected devices. If a device is described as secure in
Nokia Horizon Manager, then Horizon Manager verifies the SSH and SCP interfaces. If a device
is not described as secure, verify Telnet, FTP, and HTTP connectivity. The Verify action also
contains an option (enabled by default) that instructs Horizon Manager to verify that the
currently enabled operating system version is compatible with the currently enabled packages on
the selected device.
The Verify action works by attempting to perform a login and a file transfer, then logs out from
each selected device by using the appropriate protocols.
Verify Dialog Box
To access the Verify dialog box, choose Actions > Inventory and Diagnostics > Verify. Use the
dialog box to verify communications with devices on your network. The following table
describes the options available in the Verify dialog box
Note
You must select a device from the Devices pane before you perform this action.To perform
one of the verifications only, make sure it is the only verification selected.
.
Field
Instruction
Verify HTTP port accessibility
Click Yes to verify if the device is accessible
by way of the HTTP port.
Verify HTTPS port accessibility
Click Yes to verify if the device is accessible
by way of the HTTPS port.
Verify Telnet (SSH for secure
devices)
Click Yes to verify access to the shell (Telnet
for nonsecure devices or SSH for secure
devices).
Verify Disk Space
Click Yes to verify the amount of available
disk space.
Verify File Upload
Click Yes to verify your File upload (through
FTP for nonsecure devices or through SCP
for secure devices).
Verify Package Configuration
When Yes is selected (and it is by default),
Horizon Manager verifies that the currently
enabled operating system version is
compatible with the currently enabled
software packages on the selected device.
Accept changed SSH server
authentication key
When Yes is selected (it is turned off by
default), the system accepts the changed
SSH server authorization key.
157
NSOSP Dialog Box
Verification of IP30 devices is done using SSL Certificates, and verification of IP40 devices is
done using SSH.
Note
Select HTTP only when accessing the device from a LAN and select HTTPS when
accessing from a WAN.
Field
Description
Verify HTTP (HTTPS for secure mode)
(IP30 only)
Click Yes to verify if the device is
accessible by way of the HTTP port (or
by way of the HTTPS port when using
secure mode.
Accept New SSL Certificate (IP30
only)
When you select Yes, the system
accepts the new SSL Certificate.
Verify Telnet (SSH for secure devices)
(IP40 only)
Click Yes to verify whether an attempt to
contact the device will succeed when
using Telnet.
authentication key (IP40 only)
When you select Yes, the system
accepts the changed SSH server
authentication key.
Nokia SPSX Dialog Box
This section provides an overview of Nokia SPSX Verify Dialog.
158
Field
Description
Verify HTTP port accessibility
accessible by way of the HTTP port.
Verify HTTPS port accessibility
accessible by way of the HTTPS port.
Verify SSH
Click Yes to verify access to the shell
(SSH for secure devices).
Verify Disk Space
Click Yes to verify the amount of
available disk space.
Actions Menu
Field
Description
Verify Package Configuration
When Yes is selected (and it is by
default), Horizon Manager verifies that
the currently enabled operating system
version is compatible with the currently
enabled software packages on the
selected device, as specified by
Constraints.
authentication key
When Yes is selected (it is turned off by
default), the system accepts the
changed SSH server authorization key.
ITM Devices Dialog Box
ITM devices are verified by using SSL certificates.
Field
Description
Verify HTTPS port
accessibility
Click Yes to verify if the device is accessible by way of
the HTTPS port.
Verify SSH
Click Yes to verify access to the shell (SSH for secure
devices).
Verify File Upload
Click Yes to verify your File upload (through FTP for
nonsecure devices or through SCP for secure devices).
Accept changed SSH
server authentication
key
When Yes is selected (it is turned off by default), the
system accepts the changed SSH server authorization
key.
Accept New SSL
Certificate
When you select Yes, the system accepts the new SSL
certificate.
To verify devices
1. Select the devices to verify.
2. Choose Actions > Inventory and Diagnostics > Verify to display the Verify dialog box.
3. Click Yes or No for all the Verify options.
4. When you enter all required data, click Start to perform the action or click Cancel to close
the dialog box without performing the selected action.
159
Applying Patches
You can update the device software, such as the Check Point firewall and IPSO operating
system, between major releases using the Apply Patch action. This action groups together
several of the other Nokia Horizon Manager actions to facilitate the update process.
Apply Patch Dialog Box
To access the Apply Patch dialog box, choose Actions > OS and Package Management > Apply
Patch. Use the dialog box to update software on devices in your network. The following table
describes the options available in the Apply Patch dialog box.
Note
You must select a device from the Devices pane before you perform this action. The
operations are performed in the order displayed in the dialog box. You can deselect any
operation. Nokia constraints do not apply to this action.
After performing an Apply Patch action, the ITM device is rebooted automatically. This might
result in the unavailability of Reboot action.
Field
Description
Backup
See “Backing Up
Stop Check Point FireWall
See “Stopping Check Point FireWall” on
page 114.
Upload
See “Uploading Files” on page 148.
Execute Command
See “Executing Commands” on page 147
Start Check Point FireWall
See “Starting Check Point FireWall” on page
114.
Reboot
See “Rebooting Devices” on page 150.
Devices” on page 115.
To apply patches
1. Select devices.
2. Choose Actions > OS and Package Management > Apply Patch to display the Apply Patch
dialog box.
3. Choose the operations and options to perform.
To apply patches in ITM devices
Use the Apply Patch action to upgrade a Product Temporary Fix (PTF) that is specific to Nokia
ITM devices.
160
Actions Menu
To upgrade an ITM Device, do the following:
1. Back up the configuration if needed (Optional).
2. Create a memory file system, by typing the command in the first Execute the following
command:
mount_mfs -s 200000 /mnt
It provides over 90 MB of temporary space on /mnt. The partition and .im file are deleted
upon rebooting.
3. Upload the PTF installation .im file to /mnt directory on the Nokia ITM through SCP. The
option to file transfer is provided in the Apply Patch GUI.
To install PTF, execute command:
im
/mnt/<uploaded_filename>.im
Note
Once the PTF installation completes, the ITM device reboots automatically. Hence there
is no reboot option in Apply Patch action dialog box.
PTF files can be obtained from the Nokia support center.
Applying a Patch Example
161
Selecting Operating System Versions
You can enable a specific version of operating system software on selected devices.
Caution
upgrades.
OS Version Selection Dialog Box
To access the OS Version Selection dialog box, choose Actions > OS and Package Management
> Change Active OS.
Note
When activating or deactivating IPSO v3.7/v3.7.1, you must run the Verify action after
selection with the Accept Changed SSH Server Key option enabled to allow communication
with the device from Horizon Manager.
The following table describes the available options.
Field
Instruction
OS Version
Check this box if you are enabling an operating system
version.
Enable Version
Select the version of operating system to enable. The list
shows all versions of operating systems found on all the
selected devices. Check individual devices for valid
(installed) versions.
Reboot
Check this box to reboot the device after a successful
version selection. The reboot occurs only after a main
action is successful.
To select an operating system version
1. Select the devices to enable. You can view the full set of the devices you selected on the
Selected tab.
2. Choose Actions > OS and Package Management > Change Active OS to display the
operating system Change Active OS dialog box.
3. Select the IPSO Version checkbox.
4. Select the IPSO version you are enabling from the list of installed versions in the Enable
Version selection by clicking the appropriate button.
162
Actions Menu
Note
All listed versions of IPSO might not be installed on each device selected for this action.
Check each device in the Devices pane for available versions of operating system.
5. The Reboot check box is selected by default to reboot the selected devices (required to
activate the selected operating system version).
If you do not want to reboot, clear the check box.
6. When you have entered all required data, click Start to perform the action or click Cancel to
close the dialog box without performing the selected action.
7. After you click Start, the following warning dialog box appears
Caution
Performing this action can corrupt a device if the parameters are not set correctly. Some
software packages might not be compatible with the versions of the operating system
you turn on or off.
8. Click Yes to continue the IPSO version selection, or click No to return to the IPSO Version
Selection dialog box. When you click Yes, the system performs the action.
9. For an upgrade to IPSO v3.7, choose Actions > Inventory and Diagnostics > Verify.
10. Enable the Accept changed SSH server authentication key option.
11. Click Start to run the Verify on the selected devices.
Select Operating System Example
A screen showing OS and Package Management/Change Active OS is given below.
163
Selecting Packages
The Select Packages feature allows you to enable or disable non-operating system software
packages on selected devices.
Caution
upgrades.
Change Package Selection Dialog Box
To access the Change Package Selection dialog box, choose Actions > OS and Package
Management > Change Package Selection or click its associated icon on the toolbar.
Note
The following table describes the check boxes and Action Dialog Box buttons associated with
this dialog box:
Field
Instruction
Package Selection
Check this option to activate the Package
Selection function.
Set Packages
Shows a list of all installed software
packages. Check the box for a package to
change its state. Click the button to select
the state.
Reboot
Check to reboot all selected devices as part
of the action.
To select packages
1. Select the devices that have software packages to turn on or off.
2. Choose Actions > OS and Package Management > Change Package Selection or the toolbar
icon to display the Change Package Selection dialog box.
The dialog box displays all available packages.
3. Make sure Package Selection is checked.
4. Check the box for each package to turn on or off in the Enable Package list.
Unchecked packages are not affected by this action.
164
Actions Menu
Note
The Enable Package list displays all available device software inventories. Each unique
software package found on all the devices on the network appears once in this list. Not
all selections are valid for all devices. View the operating system versions and Packages
fields in the Devices pane to view software packages for each device.
5. Select On or Off for each package you checked in the Enable Packages list.
6. Check Reboot to reboot all the selected devices as part of the action. Most software
packages require that the device be rebooted for any change to take effect.
You can view a list of the devices selected for this action in the Devices pane.
the dialog box without performing the selected action
Clicking Start displays the following warning:
Caution
Performing this action can corrupt a device if the parameters are not set correctly.
Some software packages might not be compatible with the version of the operating
system you turn on or off.
8. Click Yes to continue or No to close the warning, and return to the Package Selection dialog
box.
Select Package Example
The example shows a list of packages installed on the device where some are turned off.
165
Deleting Operating System Versions or Packages
Use Delete to remove operating system versions and packages from the devices you select.
Caution
If you select a package to delete while the software is running, Nokia Horizon Manager
closes the package and proceeds with its removal.
The following options are available when deleting packages:

Delete operating system versions
Delete Package
Delete Package or OS Dialog Box
To access the Delete dialog box, choose Actions > OS and Package Management > Delete
Package or OS or the associated toolbar icon.
Note
The following table describes the Delete dialog box.
Field
Description
Uninstall Operating System versions
List of operating system versions that you
can uninstall.
Uninstall Packages
List of packages that you can uninstall.
To delete an operating system version or package
1. Select the devices from which you want to remove the software. You can view the full set of
the devices you selected on the Selected tab.
2. Choose Actions > OS and Package Management > Delete Package or OS to display the
Delete dialog box.
3. Check the operating system versions and software packages to remove.
166
Actions Menu
Installing Operating Systems
Use Install OS to install operating system software on selected devices. The system displays the
Install OS dialog box where you can check one of the following options:

Backup
Install—installs the operating system software image on the selected devices.
Reboot—reboots the selected devices to activate the new operating system software image.
To perform all operations on the selected devices, check all associated check boxes. The
operations are enabled by default; deselect an operation if you do not want to perform it.
Caution
This action could corrupt devices if you edit the rules describing compatibility among
packages and operating system versions (referenced during installations and
upgrades).
You must import the .tgz firmware files before you proceed with the Install OS action. To import
firmware files, choose View > Installable Files > Import. Import the firmware files to the
installable files.
Install OS Dialog Box
To access the Install OS dialog box, choose Actions > OS and Package Management > Install
OS. Use the dialog box to install operating system software packages on your network of
devices.
Note
When activating or deactivating IPSO 3.7/IPSO 3.7.1, you must run the Verify action after
installation with the Accept Changed SSH Server Key option enabled to allow
communication with the device from Nokia Horizon Manager.
The following table describes the dialog box text boxes and buttons.
Field
Instruction
Backup
See “Backing
Install the following
versions of operating
system
Check this box if you want Horizon Manager to install one
of the displayed operating system versions on the
previously selected devices.
Install
Select the button that corresponds to the operating
system version you intend to install.
Activate after Reboot
Check this button to install the new operating system
version on the next device reboot.
Up Devices” on page 115.
167
Field
Instruction
Reboot
Check this box to reboot the device. Horizon Manager
reboots after installing the software.
To install operating systems on NSP Devices
1. Select the devices on which to update the operating system.
2. Choose Actions > OS and Package Management > Install OS to display the OS and Package
Management/Install OS dialog box.
3. Click Backup to run a backup before the action.
4. Check the Install check box is checked to install the operating system software after you
download it.
5. Select the operating system version to install.
The selection list derives from the images in the Versions directory of the Horizon Manager
installation.
6. Check Activate after Reboot to install the operating system software the next time the device
is rebooted.
7. Select the Reboot check box to reboot the device immediately after you download the
operating system software.
the dialog box without performing the selected action. Clicking Start displays the following
warning:
Warning
Performing this action can corrupt a device if the parameters are not set correctly. Some
software packages might not be compatible with the version of the operating system you
turn on or off.
9. For an upgrade to IPSO v3.7, choose Actions > Inventory and Diagnostics > Verify.
10. Enable the Accept changed SSH server authentication key option.
11. Click Start to run the Verify on the selected devices.
12. Click Yes to continue the installation or click No to return to the Devices Install/Upgrade
dialog box.
NSOSP Install OS Dialog Box
To access the Install OS dialog box, select the NSOSP devices on which you wish to install the
OS and choose Actions > OS and Package Management > Install OS. Use the dialog box to
install operating system software on NSOSP devices.
168
Actions Menu
The following table describes the dialog box text boxes and buttons.
Field
Instruction
Install
Select the button that corresponds to the operating
system version you intend to install.
The following table shows the HTTPS status after different operating system installations for the
IP30 appliance only.
Existing Version
New Version
HTTPS State
Before
Installation
2.0.39.5N
4.0.49N
Enabled for all
Enabled for all
3.0.23N
4.0.49N
Enabled for all
Enabled for all
3.0.34N
4.0.49N
Enabled for all
Enabled for all
3.0.37N
4.0.49N
Enabled for all
Enabled for all
4.0.39N
4.0.49N
Enabled for all
Enabled for all
2.0.39.5N
4.0.39N
Enabled for all
Enabled for all
3.0.23N
4.0.39N
Enabled for all
Enabled for all
3.0.34N
4.0.39N
Enabled for all
Enabled for all
3.0.37N
4.0.39N
Enabled for all
Enabled for all
2.0.39.5N
3.0.37N
Enabled for all
Disabled for all
3.0.23N
3.0.37N
Enabled for all
Enabled for all
3.0.34N
3.0.37N
Enabled for all
Enabled for all
2.0.39.5N
3.0.34N
Enabled for all
Disabled for all
3.0.23N
3.0.34N
Enabled for all
Enabled for all
2.0.39.5N
3.0.34N
Enabled for a
range of IPs
Disabled for all
3.0.23N
3.0.34N
Enabled for a
range of IPs
Enabled for a range of
IPs
HTTPS State After
Installation
169
Existing Version
New Version
HTTPS State
Before
Installation
2.0.39.5N
3.0.23N
Enabled for all
In the user interface, it
shows as disabled, but
it allows
communication.
2.0.39.5N
3.0.23N
Enabled for a
range of IPs
In the user interface, it
shows as disabled, but
it allows
communication.
HTTPS State After
Installation
Note
When you upgrade the firmware of the IP30 device (of any license) from 2.0.39.5N to
4.0.39N or 4.0.49N, the upgraded device has the FireWall 5 license.
ITM Devices Install OS Dialog Box
Field
Description
Backup
Click on the checkbox to backup the device
OSInstall
This operation will upgrade the OS image of Internet
Traffic Management (ITM) device.
Note
Only an operating system upgrade is supported.
To install operating systems on NSOSP Devices
1. Select the devices on which to install or upgrade the operating system.
3. Select the operating system version to install or upgrade.
Note
Horizon Manager supports Nokia IP30 v2.0.39.5N or greater.
170
Actions Menu
4. Click Start.
5. Run the Verify action after installation.
To install operating systems on ITM Devices
Note
You must import the .tgz firmware files of both 4.2 ptf01 and 4.5 ptf01 before you proceed
with the Install OS action.
1. Select the devices on which to update the operating system.
3. Select the operating system version to upgrade.
The selection list derives from the images in the Versions directory of the Horizon Manager
installation.
Upgrading ITM devices from v4.2 to v.4.5 requires that you also reconfigure user access to the
ITM devices in order for Horizon Manager to contact the device.
To manage ITM devices from Horizon Manager, user account must have both CLI + WEB Full
Read/Write permissions.
Note
Installing an operating system on ITM devices can take ten minutes or longer. During that
time, Horizon Manager might appear to be unresponsive, but it is working on the installation
process.
Installing Packages
Use Package Install to install all packages, including third-party software and operating system
documentation packages.
Caution
upgrades.
Package Install Dialog Box
To access the Package Install dialog box, choose Actions > OS and Package Management >
Install Package.
171
Note
The following table describes the Package Install dialog box.
Field
Description
Backup
Select this box to enable a backup before
you perform the action. Running backup
might affect performance of other actions.
Install
Check this box to activate the Package
install process.
Install (from list)
Click the appropriate check box that
identifies which package to install. You can
install multiple packages in a single
operation.
Reboot Device
Check this box to reboot the device. Horizon
Manager reboots after installing the
software.
To install packages
1. Select the devices to which you want to download the software.
You can view the full set of the devices you selected on the Selected tab.
2. Choose Actions > OS and Package Management > Install Package or the associated toolbar
icon to display the Package Install dialog box.
3. Check Backup to run a backup before the action.
4. Check Install, then check the package to install. The selection list is derived from the
packages for the imported installable files. The installable files table displays a complete list
of the full name and filepath of the installable files.
5. To reboot the devices after you install the software, check Reboot. Some software requires
that you reboot the device to activate it.
You can view a list of the devices selected for the action in the Devices pane.
Clicking Start displays the following warning
Caution
Performing this action can corrupt a device if the parameters are not set correctly.
Some software packages might not be compatible with the version of the operating
system you turn on or off.
172
Actions Menu
7. Click Yes to continue or No to close the warning, and return to the Package Install dialog
box.
Install Package Example
A simple Install Package example is shown below.
Upgrading Packages
Use the Package Upgrade feature to upgrade previously installed software.
Caution
upgrades.
Select the devices or group of devices for which you want to upgrade a previously-installed
software package, including Check Point 4.1 FireWall software. Any packages you installed on
your devices must be contained in the Packages directory for Horizon Manager to access them.
The Package Upgrade dialog box includes only the packages you placed in this directory
Note
Any new packages you add to the Packages folder during the current session of Horizon
Manager does not appear in the Package Upgrade dialog box until you close Horizon
Manager and start a new session.
173
Package Upgrade Dialog Box
To access the Package Upgrade dialog box, choose Actions > OS and Package Management >
Upgrade Package or select the associated toolbar icon
Note
The following table provides describes the Upgrade Package dialog box.
Field
Description
Package Upgrade
Must be checked to perform Package
Upgrade.
Package Upgrade
Activates the Package Upgrade process.
Upgrade
Lists all installable packages and the
packages from which they can be upgraded.
Check the packages to upgrade.
Reboot
Reboots the device. Horizon Manager
reboots after upgrading the software.
To upgrade packages
1. Select the devices for which you want to perform a software upgrade.
2. Choose Actions > OS and Package Management > Upgrade Package or the associated
toolbar icon to display the Upgrade Package dialog box.
3. Check Package Upgrade, then select the package to upgrade from and the package to
upgrade to.
Caution
If you select an incompatible package to upgrade to, the system installs the new
package.
174
Actions Menu
Upgrade Package Example
A simple Upgrade Package example is shown below:
Warning
When you try to upgrade Nokia SAS v1.0 to a higher version (such as Nokia SAS v1.0.2 or
Nokia SAS v1.1 or Nokia SAS v1.2 or Nokia SAS v2.0) and click on the Start button, the
following warning message appears: ‘Reboot is recommended before starting the device’. In
this case, it is recommended to reboot the device for the Nokia SAS package upgrade to
take effect.
Monitoring Progress and Results
The Action Results pane displays the status of an action, both graphically (using icons) and in a
textual format, for each device within the action log. The Action Results pane maintains these
action results for viewing until you delete the log entry.
The Action Progress pane displays a graph during the action and for one minute after the action
is completed. To modify the display period, use the User Options dialog box. For more
information, see “User options Dialog Box” on page 195.
175
Results Menu
The Results Menu allows access to the following functions of NHM:

“Deleting Action Results” on page 176
“Stopping Actions” on page 177
“Reviewing Actions” on page 177
“Rerunning Actions” on page 177
“Creating a Group of Devices from Action Results” on page 178
“Working with the Results Table” on page 178
“Show Toolbar” on page 178
Deleting Action Results
To limit file system and disk use and to maintain optimal performance, the system can save only
a limited number of action results (up to a total of 5000 device entries) within the Action Results
pane. This number is based on the number of device entries in each log. The more actions you
run on a large number of devices (for instance, 1000), the fewer action results the system can
store. Conversely, the more actions you run on a small number of devices, the more action
results the system can store.
To avoid reaching the system limit, use this option to delete action results when you no longer
need them. If a new action causes the system limit to be exceeded, a dialog box appears that
allows you to delete the oldest action results or cancel the action.
Delete Action Results Dialog Box
To access the Delete Action Results dialog box, choose Results > Delete Action Results. Use
this dialog box to confirm the deletion of the selected action results.
Note
You must select one or more action result entries in the Action Results pane before you
activate the Delete Action Results command from the Actions menu. Also, you must wait for
an action to be completed or stop it before you can delete its results.
To delete action results
1. In the Action Results pane, select one or more action results to delete. To select all action
results, click the Action Results entry at the top of the tree.
2. Choose Results > Delete Action Results. The system asks you to confirm your instruction to
delete the selected results.
176
Results Menu
3. Click Delete to delete the selected results or click Cancel to cancel.
Stopping Actions
You can stop an action by right-clicking the progress indicator bar in the Action Results pane as
the action is running and clicking Stop. You can also stop any action that is still in process by
clicking Stop.
Caution
Clicking Stop abruptly halts an action without undoing its effects. It can leave the
devices on which the process was stopped in an unknown state. Clicking Stop does not
reverse the action for any devices on which the action was completed.
While no action is running, Stop is grayed out (unavailable). Once you initiate an action (by
clicking Start), Stop is active (available). When the system completes the action, the button
becomes unavailable and is grayed out.
To cancel an action, follow these steps:
1. Right-click the progress indicator bar in the Action Results pane.
2. Click Stop to stop the action.
Note
You can also stop an action from the Action Results pane.
The system cancels the action for the devices it had not reached yet during the current action.
While an action is in progress, the progress indicator bar rises graphically, displaying the percent
complete.
You can click Review to review the parameters used for the action. See “Reviewing Actions” on
page 177.
Reviewing Actions
The Review button is located in the toolbar of the Action Results pane. Click this button to
review the parameters used for the action. While the action is still running, the Review button is
grayed out (unavailable). Once the system completes the action, the Review button becomes
active (available).
Rerunning Actions
After you execute an action, you can review the results, select devices on which to rerun the
action, then rerun the action. The Rerun button is disabled if an action is not complete or if no
device was selected in the Action Results pane.
177
To rerun an action
1. In the Action Results pane, select the devices on which to rerun the action.
To select all failed devices, first sort by the status column for easier selection.
2. Click Rerun. A new Action dialog box appears to rerun the action.
3. Click Start to rerun the action.
Creating a Group of Devices from Action Results
You can organize devices that belong to your action results into unfiltered groups and display
them in the Groups pane. You must select one or more devices in the Action Results pane to
activate Create Group. Also, Create Group is disabled if an action is not completed.
To create a group of devices from action results
1. In the Action Results pane, select the devices to form into a group.
2. Click Create Group from Devices. The Create Group from Devices dialog box opens.
3. Enter a name for the new group, then click OK. The new group appears in the Groups pane.
Working with the Results Table
The options available in the Results > Table menu are the same as those available in the Devices
> Table menu. See “Working with Tables” on page 45.
Show Toolbar
This selection enables or disables the display of the Show Action Results Pane toolbar.
Tools Menu
Nokia Horizon Manager offers a high degree of customization through its Tools menu. Toolbars
are customizable and you can set options for actions, system, and users. In addition, you can
organize security privileges into user roles, then apply them to users.
Topics:

178
“Locking Nokia Horizon Manager” on page 179
“Managing Toolbars” on page 179
“Changing Passwords” on page 182
“Masking Private Data” on page 183
“Deleting Backup Sets” on page 183
Tools Menu
Locking Nokia Horizon Manager
Click Tools > Lock NHM to lock Nokia Horizon Manager and require the current password of
the user to unlock it.
Unlock Nokia Horizon Manager Dialog Box
This dialog box prompts you to enter your password to unlock Horizon Manager. When you
click OK, the Verify Password Dialog box opens in which you enter your password to regain
access to Horizon Manager.
Verify Password Dialog Box
When you lock Horizon Manager, a dialog box appears with the message, Enter password
to unlock NHM. Click OK and the Verify Password dialog box appears. The dialog box
displays your license parameters and your user ID. Enter your password and click OK to unlock
Horizon Manager.
Managing Toolbars
The toolbar feature in Nokia Horizon Manager allows you to hide and show toolbar buttons and
organize them into groups.
Topics:

“Showing or Hiding Individual Toolbars” on page 179
“Configuring Toolbars” on page 180
“Showing or Hiding the Desktop Toolbar Pane” on page 182
Showing or Hiding Individual Toolbars
To show or hide one of the individual toolbars quickly on the desktop toolbar pane, choose Tools
> Toolbars. Check or clear the box beside the toolbar to show or hide. To show or hide several
individual toolbars, use the Show/Hide Toolbars dialog box.
Show/Hide Toolbars Dialog Box
To access the Show/Hide Toolbars dialog box, choose Tools > Toolbar > Show/Hide Toolbars.
Check the box beside each item to appear on the main menu.
To show or hide toolbars
You can select toolbars in two ways. The first is to choose Tools > Toolbar to display the Toolbar
menu. The menu has a check box next to each of the toolbar names. Click the menu to add or
remove a check mark and show or hide that specific toolbar in the desktop toolbar pane.
The second method is to choose Tools > Toolbar > Show/Hide Toolbars. This dialog box allows
you to select or deselect those toolbars to show or hide.
179
Configuring Toolbars
Most Nokia Horizon Manager menu commands have a toolbar button. You can display any or all
of the buttons on the toolbar. To create, store, and access multiple toolbar configurations, choose
the Tools > Toolbar > Configure Toolbar dialog box. You can also create special toolbars to
perform specific sets of actions.
The Configure Toolbar dialog box provides more detailed information on the buttons, fields, and
lists associated with this command and dialog box.
You can edit any of the previously created toolbars by selecting one of them from the drop down
menu located in the upper-left corner of the Configure Toolbar dialog box. The associated
buttons automatically appear in the Toolbar Button list box. You can then click Add or Remove
to enable buttons to customize the toolbar for your specific needs.
Horizon Manager allows you to show or hide any or all of the default or created toolbars.
Horizon Manager comes with a toolbar defined for each menu that appears in the menu bar.
These toolbars can be customized, shown, or hidden, but they cannot be deleted.
Configure Toolbars Dialog Box
To access the dialog box, choose Tools > Configure Toolbar. Almost every menu command in
Horizon Manager has an associated toolbar button. Use this dialog box to create or customize
the displayed toolbar to provide quick access to the command buttons you use repeatedly.
Remove command buttons that you use rarely during a typical Horizon Manager session. This
dialog box allows you to create and store multiple toolbars. The following table describes the
fields and buttons on the dialog box.
180
Field or Button
Description
Select Toolbar Drop-down
list
Allows you to select the toolbar configuration to
modify from a drop-down list.
Create Button
Opens a dialog box where you type a name for a new
toolbar configuration. The command buttons from the
selected toolbar are copied to this new toolbar and its
name is added to, and selected in, the Select Toolbar
selection list.
Delete Button
Opens a confirmation dialog box asking if you are
sure you want to delete the toolbar selected in the
selection list.
Hidden Buttons list box
Shows all available command buttons that you can
show on the selected toolbar. Select one or more
command buttons, then click Show to move the
buttons to the bottom of the Shown button list box.
Shown Buttons list box
Shows all available command buttons that you can
hide on the selected toolbar. Select one or more
command buttons, then click Hide to move the
buttons to the bottom of the Hidden button list box.
Tools Menu
Field or Button
Description
Show Button
Moves one or more selected command buttons from
the Hidden Buttons List to the Shown Button list. All
additions are automatically entered at the bottom of
the Shown Button list.
Hide Button
Removes one or more selected command buttons
from the Shown Button list back to the Hidden button
list.
Space Button
Add a space to the bottom of the Toolbar button list
box.
Up Button
Moves up one or more selected command buttons
on the Toolbar Button list.
Down Button
Moves down one or more selected command buttons
down on the Toolbar Button list.
OK Button
Saves any new or changed toolbars.
Cancel
Closes the dialog box without saving any of your
changes.
To configure toolbars
1. Choose Tools > Toolbar > Configure Toolbars to open the Configure Toolbar dialog box.
2. Select an existing toolbar that most closely resembles the new one to create.
3. Click Create to display the Create dialog box.
4. Enter a name for your new toolbar in the Enter configuration name text field; then click OK.
Note
The name you enter is automatically listed in the Tools > Toolbar menu option and in
the drop-down menu located in the upper-left corner of the Configure Toolbar dialog box.
The new toolbar contains the same set of buttons as the toolbar that you selected before
clicking OK.
With the name of your new toolbar displayed in the drop-down menu, select any buttons in the
Shown list box that you do not want and hide them.
Select multiple buttons in one of the following ways:

To select adjacent buttons, click the first button, then move your cursor to the last adjacent
button and Shift-Click.
To select random buttons, hold down the Ctrl key and click only those buttons to remove.
181
5. Select any additional toolbar buttons to show from the Hidden list box; then click Show to
move them to the Shown list box. Remember that you can select multiple buttons by using
the shift and Ctrl keys as previously described.
To rearrange the display or location of a particular toolbar button on your toolbar, use the Up and
Down buttons at the bottom of the Shown list box.
To cluster several buttons into a group, use the Space button to add a separator between groups
of buttons.
6. Click OK to save your new toolbar.
To delete toolbars
1. Choose Tools > Toolbar > Configure Toolbars to open the Configure Toolbar dialog box.
2. In the Select Toolbar box, select the toolbar for deletion, then click Delete.
3. In the Confirm Menu Deletion dialog, click Delete.
Showing or Hiding the Desktop Toolbar Pane
Click Tools > Toolbar, then check the Show Toolbar box to display the desktop toolbar pane.
Remove the check mark to hide the toolbar pane.
Changing Passwords
You can change your password while you are running Nokia Horizon Manager by using the
Change Password feature.
Change Password Dialog Box
To access the Change Password dialog box, choose Tools > Change Password.
Field
Description
Enter current password
Password that you used to log on to the current
session.
Enter new password
New password.
Re-enter new password
New password entered a second time.
To change a password
1. Choose Tools > Change Password.
2. Type your current password.
3. Type your new password.
4. Re-type the new password.
182
Tools Menu
Masking Private Data
Check this box to mask the display of all private data in the Nokia Horizon Manager GUI.
Private data includes login and password, in addition to any other device attribute columns that
you created and designated as private data. You must have View Private Data privileges to use
this feature. To access this feature choose Tools > Mask Private Data.
Deleting Backup Sets
The Delete Backup Sets dialog box shows all backup sets. The dialog box shows backup sets in
the Backup Directory specified in the System Options dialog. To delete backup sets in a previous
backup directory (for example, if you do backups, then change the backup directory), you must
reset the directory in the System Options dialog before you can see those sets in the dialog box.
Users with privileges to access the delete backup sets dialog box, can delete backup sets.
Delete Backup Sets Dialog Box
To access the Delete Backup Sets dialog box, choose Tools > Delete Backup Sets. Use it to
select individual backup sets for deletion
Note
You can view comments entered when the device was backed up by rolling the mouse over
the backup set entry.
Field
Description
Size of Backup Directory
Size of the entire backup directory.
Selected for deletion
Total amount of disk space occupied by the
backup sets selected for deletion. This
value increments as you select backup sets.
Backups
Lists all backup sets in the backups
directory. As you place the mouse pointer
over each backup set you see the size of
the backup set and any comments
associated with it.
To delete backup sets
1. Choose Tools > Delete Backup Sets.
2. Expand the tree list to display the backup sets you want to delete.
3. Check the box next to each backup set to delete.
4. Click Delete.
183
Options Menu
Nokia Horizon Manager allows you to review information about the software packages available
on the system, constraints about the compatibility of the various packages and operating system
versions, and the results of actions you perform with the system.
Topics:

“Viewing and Managing Installable Files” on page 184
“Viewing Constraints” on page 187
“Setting Nokia Horizon Manager Options” on page 189
Viewing and Managing Installable Files
Use the installable files feature to define all operating systems and packages to be available for
the Nokia Horizon Manager Server to install on your network devices. You can use the
Installable Files dialog box to view, import and delete images. See “Importing Installable Files”
on page 186 and “Removing Installable Files” on page 187.
Installable Files Dialog Box
To access installable files, choose Options > Installable Files. The following table describes the
options available on the Installable Files dialog box.
184
Column
Description
Delete
Allows you to remove the file or files that you have
selected from the display.
Import
Opens Import Installable Files dialog box.
check mark
Click this column to select the entire row.
Type
Device type of the device on which to install files.
Full Name
Full name of the package or operating system image.
Packages listed are imported using the installable
files function or found on devices during software
inventory actions.
This field is read-only.
Installable
Flag indicating whether the named package exists on
the system on which Horizon Manager is running,
and whether or not the package is available to be
downloaded.
Options Menu
FilePath on Server
Location (on the Horizon Manager server) where the
package *.tgz file is stored. This information is
retained even if the package *.tgz file is deleted
between instances of Horizon Manager. The file path
indicates where the package *.tgz file is or was last
found.
To view installable files
1. Choose Options > Installable Files.
2. Move the slide bar at the bottom of the dialog box to view the full range of information.
185
Installable Files Example
The example shows IPSO 3.5 and Check Point NG FP3 available to be installed.
Importing Installable Files
You can import installable files to the Nokia Horizon Manager server for distribution to network
devices. Select a file or a directory to import then start the import process by using the Import
Installable Files dialog box.
Import Installable Files Dialog Box
To access the Import Installable Files dialog box, choose Options > Installable Files, then click
Import. Use this dialog box to select a file or a directory of installable files for importing. The
File Name field indicates the name of the file to import.
Importing Installable Files Dialog Box
To access this dialog box, choose Options > Installable Files, then click Import. The dialog box
appears when you click OK. Use it to start or stop the import process and view results.
186
Field
Description
Text Box
Lists the files that are imported and files that
cannot be imported.
Importing
Shows the progress of the import as a
completion percentage.
Stop
Stops the import procedure.
Resume
Starts the import procedure after it stops.
Options Menu
To import installable files
1. Choose Options > Installable Files.
2. Click Import.
3. Enter a pathname to the file or files to import, or browse for the files.
4. Click OK.
5. In the Importing Installable Files dialog box, the files are listed as they are imported.
6. Click Stop to stop the process and Resume to start it again, if necessary.
7. The import process is complete when the Importing progress bar reaches 100 percent.
Removing Installable Files
You can remove files that you have imported into Nokia Horizon Manager. The system lists the
files that you selected before removal.
Note
After you remove the file from the installable files table, the list of installable packages is not
updated in the package and Install OS actions until your next login.
Remove Installable Files Dialog Box
To access the Remove Installable Files dialog box, choose View > Installable Files, then click
Remove. Use this dialog box to view a file or files that you selected from the displayed list and
then remove it from the display. The file remains in the system and can be imported again, as
required.
Field
Description
Remove the following from the
table?
Lists the files for your review before
removing them.
To remove installable files
1. Choose Options > Installable Files > Remove.
2. Select one or several files in the Installable Files dialog box.
3. Click Delete.
Viewing Constraints
Use the Constraints feature to show qualification constraints that Nokia Horizon Manager uses
when you start to perform an action. The constraints are filters that are run against device
187
attributes to test for selectability, installability, operating system compatibility, and
upgradeability. Constraints apply to all device types: ITM, NSP, IP30, IP40 and Nokia SPSX.
Constraints Dialog Box
To access Constraints dialog box, choose Options > Constraints. Use this dialog box to view
existing Nokia-supplied constraints and to manage customer constraints.
188
Column
Description
Check mark symbol
Click this column to select all the cells in the row.
Name
Displays the title of the constraint.
Device Type
The device type, such as an NSP, affected by the constraint.
Justification
Specifies the reason for the constraint such as installability,
upgradeability, or operating system compatibility.
On
A check mark in this column indicates that the constraint
enabled. No check mark indicates that the constraint is off
and cannot be applied. If you turn off a Nokia-defined
constraint, Horizon Manager displays a warning message
stating that turning off this constraint invalidates any
guarantees from Nokia regarding Do No Harm constraints.
Qualify Before
Filter
Displays the constraint filter that verifies as valid the state of
device attributes before an action is performed.
Qualify After Filter
device attributes after an action is performed.
Qualify Both Filter
device attributes before and after an action is performed.
Require Before
Filter
Displays the constraint filter applied to require specific
device attributes before an action is performed.
Require After Filter
device attributes after an action is performed.
Require Both Filter
device attributes before and after an action is performed.
Reject Before Filter
Displays the constraint filter applied to ensure device
attributes do not exist before an action is performed.
Reject After Filter
attributes do not exist after an action is performed.
Reject Both Filter
attributes do not exist before and after an action is
performed.
Options Menu
To view constraints
1. Choose Options > Constraints.
2. Move the slide bar at the bottom of the panes to view the full range of information.
Setting Nokia Horizon Manager Options
After you complete the initial Nokia Horizon Manager installation and launch the application,
you must set or modify several configuration options in the NHM Options dialog box. For
information about the three categories of options in Horizon Manager, refer to the following
topics:

“Setting Action Options” on page 189
“Setting System Options” on page 194
“Setting User Options” on page 195
Note
For the initial installation and setup procedures, see the Horizon Manager Getting Started
Guide.
Invalid Preferences Dialog Box
If Horizon Manager detects that any options have become invalid, it displays the Invalid
Preferences dialog box. Make the appropriate changes to the options displayed.
Setting Action Options
Action options refers to the settings that you can specify to control how Nokia Horizon Manager
performs your actions.
Show all known choices in Action Panel
Ensures that the options associated with any of the selected devices are available. If this option is
disabled, only the options that are associated with all the selected devices are shown.
This option affects all actions where lists of Packages, operating systems, or package upgrade
options are presented.
Parallel Operations
The Parallel Operations value controls how many operations Horizon Manager can perform at
the same time. The optimal setting for this parameter depends on several factors:

How much network traffic a Horizon Manager action generates. Downloading files to
multiple devices generates more traffic, for example, than performing a software inventory.
How long it takes to complete the actions. Actions that involve large numbers of
applications or much data take longer to complete.
Workload on the Horizon Manager host.
189
For best system and network performance, set the number of parallel operations to a lower value
when you perform resource-intensive actions.
Horizon Manager schedules operations as follows:

The first action in the queue receives the maximum number of operations (unless fewer
devices are in the action than there are possible operations).
Any following action starts with one operation. As operations are released by actions, any
operations beyond the first one split the remaining available operations until all are used.
As a result, the maximum number of operations is always running, with the potential of one
additional operation per additional action also running. If you specify parallelism of 5, then
run 10 concurrent actions on 5 or more devices (the first action uses all the operations), then
14 [5 + (10-1)*1] actions are running.
Session Timeout
The Session Timeout value tells Horizon Manager how long to wait for a response from a device
when performing certain actions (such as conducting a software inventory). In setting this value,
consider the latency of the network Horizon Manager is using to communicate with the devices.
Backup Directory
You can tell Horizon Manager where to store backup copies of device configuration files. To do
so you must have privileges that allow you to create and edit files on the network and the host
system. See “Backing Up Devices” on page 115.
Note
During installation, Horizon Manager creates the default directory, BackUpSets, for backup
files. Use the following procedure only if you want to change this directory.
FTP Server
Note
Horizon Manager uses Telnet and FTP to communicate with devices. Nokia strongly
recommends that you mark all devices as Secure, because Telnet and FTP send logins,
passwords, commands, and responses in plain text.
Horizon Manager must also know the hostname or IP address of the FTP server.
Note
The host running Horizon Manager must be the same as the host providing FTP services.
190
Options Menu
Account Login and Password
Horizon Manager requires that you enter a username from the same UNIX group during the
installation procedure. These fields are not required for secure mode. Leave blank for secure
mode.
Nokia also requires you to create a separate user account for Horizon Manager on the host
computer or determine an existing user account on the Horizon Manager host. This account
should be a member of the same UNIX group as other users who use Horizon Manager. Horizon
Manager applies the group privileges associated with the username entered during installation to
all Horizon Manager files, subdirectories, and executable files.
This account information is required for:

Running Backups—for the backup procedure to run, the user must be logged into the
system using the account login and password for Horizon Manager. This allows Horizon
Manager to write the backup files to the local host directory.
Running FTP—Horizon Manager requires its own account on the host computer so that the
device can communicate by FTP with the host running Horizon Manager.
Running SCP—Horizon Manager uses a local host Telnet to provide a terminal from which
to run SSH and SCP.
This requires an account on the local host with adequate privileges. This account is used to
generate RSA keys and storing the output files to be uploaded to the devices.
Note
You must have local-host Telnet enabled for Horizon Manager to use SSH and SCP, even if
you do not use Telnet and FTP for any other purpose.
Actions Dialog Box
To access the Action dialog box, choose Options > NHM Options > Actions or select the
associated icon on the toolbar. You should not need to change the default values contained in this
dialog box other than to set the local FTP server, account login, and account password at startup
Note
Users must have edit system privileges to modify action options. Also, you must have edit or
view system privileges to view information in this dialog box.
The following table describes all configuration parameters.
191
Field
Description
Show all known choices in
Actions panel
Enabled by default. Ensures that the options
associated with any of the selected devices are
available. If this option is disabled, only the options
that are associated with all the selected devices are
shown.
If you choose No, only choices relevant to at least
one of the selected devices appear in the Action
dialog box. If you select some devices, and then
open the Change Package Selection action, only
changes relevant to those devices appear.
If you choose Yes, all known possibilities are
presented to cover scheduling of an action on
groups where device membership might change
after the action is scheduled.
192
Parallel Operations
Number of actions that the program can perform in
parallel.
•Range: 1 to 10
•Default: 10
Session Timeout (seconds)
Timeout period in seconds based on network latency.
Horizon Manager uses other internal timeout values
when performing certain operations.
•Minimum: 5
•Maximum: 300
•Default: 20
Allow SSH1 Connections in
Secure Mode
Turns the SSH1 client on or off. If all managed
devices support SSH2, you can disable the SSH1
client to improve the security level of
communications.
Backup Directory
Directory where all device backup files are stored.
Default: /opt/nhm13/server/BackupSets/ or
C:\Nokia\NHM13\Server\BackupSets.
Local FTP Server
Host name or IP address of the FTP server. Must be
the same as the Horizon Manager host name. Not
required for secure mode. Leave blank for secure
mode.
Account Login
User account on the Horizon Manager server that is
part of the Horizon Manager group. Not required for
secure mode. Leave blank for secure mode. For
FTP/SCP, this login cannot be the Horizon Manager
admin login because it is not a UNIX login account.
Options Menu
Field
Description
Account Password
Password for the Horizon Manager account on the
host computer. Not required for secure mode. Leave
blank for secure mode.
To set action options
Changes to Action options should not be necessary after startup.
1. Choose Options > NHM Options > Actions.
2. Enable the Show all known choices in Action Panel option to ensure that the options
associated with any of the selected devices are available. Disable the option to display only
the options that are available to all devices.
3. Enter a new parallel operations value (from 1 to 10).
4. Enter a session timeout value (from 5 seconds to 300 seconds).
5. Enable or disable the SSH1 client.
6. Enter the new path for the backup directory by typing the path in the text field or, if the
directory already exists, by using the browse button to locate the directory.
7. Select the IP address or host name assigned to your FTP server, if using nonsecure mode.
The IP address should be the same as the host name or IP address of the host on which
Horizon Manager is running.
8. Enter the username and password, if using nonsecure mode.
9. Click OK.
193
Action Options Example
Setting System Options
System options refers to the settings that you can modify at the system level in Nokia Horizon
Manager.
System Options Dialog Box
To access the System Options dialog box, choose Options > NHM Options > System.
Note
Users must have edit system privileges to modify system options. Also, you must have edit
or view system privileges to view information in this dialog box.
194
Field
Description
Enable Periodic Device Polling
Choose yes to have a daemon thread run in
the background to poll the devices
periodically to determine if Horizon Manager
can communicate with the device.
Minimum time between polls
(minutes)
You can set the minimum interval between
execution times of the thread.
Options Menu
Wait until device reboot completes
before continuing
This option allows you to specify that
rebooting of devices must complete before
Horizon Manager will continue with other
activity. This option is turned off by default.
Maximum number of action results
and their devices
This option allows you to specify an upper
limit for the total number of action results
that Horizon Manager stores to help manage
system performance.
Sort groups based on filter type
Enables sorting for groups based on filters
created with the Set Column Filter feature
To set system options
1. Choose Options > NHM Options. The NHM Options dialog box appears.
2. Click the System tab.
3. Enable periodic device polling to test communication regularly.
4. Enter a value for Minimum Time Between Polls to set the interval for the device polling.
5. Click Yes or No in the Wait until device reboot completes before continuing field.
6. Set a limit for the number of action results stored in Horizon Manager.
7. Enable sorting for groups based on a filter you have specified with the Set Column Filter
feature.
8. Click OK.
Warning
Set the value for ‘Maximum number of action results and their devices’ to a sufficiently high
value. Setting to a low value such as 50 deletes the action results if the number of actions
and their devices are more than 50.
Setting User Options
User options are the settings you can specify for individual users.
User options Dialog Box
To access the User Options dialog box, choose Options > NHM Options, then the User tab.
Field
Description
Text Size
Select a size from this drop-down menu for the text
displayed in Horizon Manager.
195
Field
Description
Device Table Refresh Rate
Select a value for the amount of time between
refreshes of the Device pane. As often as you
specify, Horizon Manager will update the device
pane list of devices based on the current
membership of the selected groups. If a device has
entered or left the selected groups, it will be added to
or removed from the device pane.
You can also choose to not refresh the device pane
To set user options
1. Choose Options > NHM Options. The NHM Options dialog box opens.
2. Click the User tab.
3. Select a text size from the drop-down menu.
4. Select an amount of time for Horizon Manager to refresh the Device pane.
5. Click OK.
Setting Device Options
You can change the SSH port setting on NSP devices using the Device Options menu item.
Settings changes will not affect actions in progress.
Device Options Dialog Box
To access the Device Options dialog box, choose Options > Device Options. Use this dialog box
to change the SSH port setting on NSP devices.
Column
Description
Device SSH Port
Number
Displays the current number for the SSH port.
To set device options
1. Choose Options > Device Options.
2. Enter a number in the Device SSH Port Number field for the SSH port.
3. Click OK. The port number updates without affecting actions in progress.
196
Administration Menu
Topics:

“Managing User Security Administration Tasks” on page 197
“Installing the Nokia Horizon Manager License File” on page 212
Managing User Security Administration Tasks
Each Nokia Horizon Manager user is defined by a name, password, default user role, and list of
user roles. In most cases, the user role is the user default user role. When Horizon Manager first
starts, two user roles are defined, Administrator and System Defaults, and one user is defined as
admin.
The Administrator user role has all privileges enabled and can not be edited.
The System Default user role is initially set to the most likely Horizon Manager privileges to be
granted to users along with no privileges to perform any of the Actions. The System Defaults
user role is editable and should immediately be tailored to the policies of your organization.
Topics:

“Disabled Fields” on page 199
“Importing Security Information” on page 199
“Exporting Security Information” on page 200
“Managing User Roles” on page 200
“Managing Users” on page 204
“Selecting an Authentication Method” on page 207
“RADIUS and Internal Database Authentication” on page 208
User Security Administration Dialog Box
To access the User Security Administration dialog box, choose Administration > User Security
Administration. This dialog box allows you to set all privileges for Horizon Manager. It is
available only to users with administration privileges. Use this dialog box to manage users, user
roles, and authentication methods.
Field
Description
Users
Manage user names, passwords, default user roles, and
access. See “Managing Users” on page 204.
197
Field
Description
User Roles
Manage the configuration and action privileges that
define user roles. See “Managing User Roles” on page
200.
SSH Authentication
Select password or public key authentication. See
“Selecting an Authentication Method” on page 207.
NHM Authentication
Choose the authentication method. See “RADIUS and
Internal Database Authentication” on page 208.
Create
Opens a separate dialog box for each tab that allows you
to create new information for users, user roles.
Edit
to edit existing information for users and user roles.
Save As
to save information for users and user roles under a
different name.
Delete
to delete information for users and user roles.
Suspend
Temporarily interrupts the users access to Horizon
Manager. As the administrator, you may want to
temporarily suspend the privileges for a user without
permanently deleting the user from the system. For
example, the user may be on temporary leave or the
user may be undergoing an investigation for misuse of
the system.
Activate
Restores access to Horizon Manager for a previously
suspended user.
Import
Imports security information for each tab. See “Importing
Security Information” on page 199.
Export
Exports security information for each tab. See “Exporting
Security Information” on page 200.
To modify user security
Once you initially enter your license code and create your administrator password, the
recommended setup process is as follows:
1. Import or export security information
2. Setup user roles
3. Add users
4. Set authentication method
198
Administration Menu
Remember that the user admin is automatically granted administrator user role access.
Once the system security is initialized and Horizon Manager is in use, adjustments might be
needed to the users or user roles. A modification to one usually requires modifications to the
others. For example, you might want to add a new user role because it needs to be assigned to
new users as their default user role.
To add a new user role in this way, use the bottom group box on the User Dialog Box or User
Roles tab, which allows all related data to be modified in the context of a single display.
Disabled Fields
To prevent Nokia Horizon Manager from reaching an undefined state, certain fields are disabled
under certain conditions.
On the User Tab, the user admin can never be deleted. In the User Dialog Box, when editing the
user admin, only the password fields are enabled.
On the User Roles tab:

The system default and administrator user roles cannot be deleted.
The administrator user role cannot be edited.
The user, admin, cannot be removed from the Administrator user role, nor added to any
other user role.
A user cannot be removed from the system default by clearing the checkbox.
Importing Security Information
Security information includes information about users, user roles, security, and authentication
methods. You can import this information from one Nokia Horizon Manager system to another
by using the Import Security Information feature. For security reasons, user passwords are not
imported. Horizon Manager user passwords are imported through secure digital signatures for
user accounts that do not exist at the time of the import operation. Passwords are initialized to
imported when they are imported.
Import Security Information Dialog Box
To access the Import Security Information dialog box, choose Administration > User Security
Administration, then click Import. Use this dialog box to import security information from one
Horizon Manager system to another.
Field
Description
Overwrite System Default
Check this box to overwrite the system
default security information but no other
existing data.
Overwrite Any Information
Check this box to be able to import and
overwrite any duplicate security information.
199
Import Security Information from
Enter the name of the file to import from or
click the browse button to locate the file on
the host or network.
To import security information
1. Choose Administration > User Security Administration.
2. Click Import.
3. Click Overwrite System Default to replace the system default security information and
import any unique data without allowing any other existing data to be overwritten.
4. Click Overwrite Any Information to import new data and overwrite any duplicate security
information.
5. In the Import Security Information from text field, type the file path or click the browse
button to select the import file from the appropriate directory.
6. Click OK.
Exporting Security Information
You can export security information about users and user roles from Nokia Horizon Manager by
using the Export Security Information dialog box. For security reasons, device passwords are not
exported. Horizon Manager application passwords are exported through secure digital
signatures.
Export Security Information Dialog Box
To access the Export Security Information dialog box, choose Administration > User Security
Administration, then click Export. Use this dialog box to export security information from an
Horizon Manager system.
Field
Description
Export Security Information to
Name of the file to export to or click the
browse button to locate the file on the host
or network.
To export security information
1. Choose Administration > User Security Administration, then click Export.
2. In the Export Security Information to text field, type the file path or click the browse button
to select the export file from the appropriate directory.
Managing User Roles
User roles provide a set of privileges that fully define your users ability to take advantage of
Horizon Manager capabilities. Each user role is made up of two types of privileges. They are:
200
Administration Menu

NHM Configuration: Horizon Manager privileges restrict the ability of the user to configure
Horizon Manager, including such things as creating and editing devices and Groups,
importing and exporting data, and so on.
Actions: Action privileges restrict which Actions the user is allowed to perform.
Topics:

“Creating User Roles” on page 202
“Editing User Roles” on page 202
“Saving a User Role under a Different Name” on page 203
“Deleting a User Role” on page 203
User Role Dialog Box
To access the dialog box, choose Administration > User Security Administration, then select the
User Roles tab.
Field
Description
User Roles
Lists your user roles and allows you to
create, edit, save, and delete them.
Create
Opens the Create User Role dialog box,
which allows you to define new user roles.
Edit
Opens an existing user role for editing.
Save As
Saves an existing user role under a different
name.
Delete
Deletes a user role.
Users Defaulting to User Role
Selected Above
When you select a user role, a check mark
appears next to users in this list for whom
this user role is assigned as their default.
Created on
Shows the date and time when the user role
is created.
To manage user roles
1. Select the Tools menu, then choose Administration > User Security Administration to
display the User Security Administration dialog box.
2. Select the User Roles tab.
3. Select System Default from the User Roles list box, then click Edit to display the Edit User
Role dialog box.
4. In the NHM Configuration tab, click all the check-boxes associated with the privileges to
grant, then click OK. For more information regarding the listed privileges, see “Editing User
Roles” on page 202. Clicking OK returns you to the User Security Administration dialog
box.
201
5. Select the Actions tab and click all the check-boxes associated with the privileges you want
to grant, then click OK.
6. From the User Security Administration dialog box, click Create to display the Create User
Role dialog box and to create new user roles appropriate to your business needs. (To create a
user role similar to another, select the similar user role, then click Save As).
Creating User Roles
You can create user roles, including privileges for Horizon Manager configuration tasks and
specific actions that can be performed.
Create User Roles Dialog Box
To access the Create User Roles dialog box, choose Administration > User Security
Administration, then select Create in the User Roles tab.
Field
Description
Name
Enter the name for the new user role.
Privileges for this User
Role
Specifies which privileges are enabled for this user role.
NHM Configuration
Apply to controlled operations of Horizon Manager that
are not Actions. Click the check box next to each
operation to be enabled for this user User Role.
Actions
Apply to the Horizon Manager Actions. Click the check
box next to each Action to be enabled for this user role.
To create a user role
1. Verify that you have Administrator privileges.
3. Click the User Roles tab.
4. Click Create.
5. Enter a name for the user role.
6. Check the box of each Horizon Manager configuration privilege to assign.
7. Click the Actions tab.
8. Check the box of each Horizon Manager action privilege to assign.
9. Click OK.
Editing User Roles
You can edit user roles that you previously created.
202
Administration Menu
Edit User Role Dialog Box
To access the Edit User Role dialog box, choose Administration > User Security Administration,
then select Edit in the User Roles tab.
Field
Description
Name
Name for the new user role.
Privileges for this user role
Specifies which privileges are enabled for
this user role.
NHM Configuration
These privileges apply to controlled
operations of Horizon Manager that are not
actions. Click the check box next to each
operation to be enabled for this user role.
Actions
Apply to the Horizon Manager Actions.
Click the check box next to each action to
be enabled for this user role.
To edit a user role
3. Click the User Roles tab.
4. Click Edit.
5. Make the necessary changes to privileges that are assigned for the user role.
6. Click OK.
Saving a User Role under a Different Name
You can save user roles under a different name to facilitate the creation of a new user role that
uses most of the same settings.
Save User Role As Dialog Box
To access the Save User Role As dialog box, choose Administration > User Security
Administration, then select Save As in the User Roles tab.
To change the name, select a user role and click Save As. Enter the new name in the Enter new
user role name field and click OK.
Deleting a User Role
You can delete user roles that you have created. You can not delete the System Default and
Administrator user roles.
203
Delete User Role Dialog Box
To access the Delete User Role dialog box, choose Administration > User Security
Administration, then select Delete in the User Roles tab.
To delete a user role, select it and click Delete.
Delete User Roles Warning Dialog Box
This warning dialog appears if you try to delete the System Default or Administrator roles.
Managing Users
Use this feature to manage user access to the Nokia Horizon Manager.
Topics:

“Creating Users” on page 205
“Editing Users” on page 206
“Saving a User under a Different Name” on page 206
“Deleting a User” on page 206
Users Dialog Box
To access the Users dialog box, choose Administration > User Security Administration, then the
Users tab. This tab is only accessible to users with administration privileges. Use this dialog box
to view and manage all users of the system and their assigned privileges.
204
Field
Description
Name
Name of the user. This must be the same
name as the UNIX user account.
Default User Role
Identifies the default user role for the user.
Created on
Shows the date and time on which the data
was created.
Create
Opens the Create User dialog box, which
allows you to define new users.
Edit
Opens the Edit User dialog box to allow you
to edit settings for an existing user.
Save As
Opens the Save As dialog box to allow you
to save a copy of an existing user under a
different name.
Delete
Deletes a user.
Administration Menu
To manage users
1. Choose Administration > User Security Administration, and then click the Users tab.
2. View the users defined in the system along with each user default privilege access rights.
3. Click Create to display the Create User dialog box. For existing users, click Edit.
4. Type a name in the Name text box
5. Type a password in the Password text box
6. Retype the password in the reenter Password text box to verify the password.
7. Select a User Role from the drop-down menu to be the user default user role.
8. If the user role is different than the user default user role, select the appropriate user role
from the associated drop-down menu.
9. Click one of the following:

Click Apply when creating multiple users, and click OK or Apply followed by Close when
you finish entering users.
Click OK or Close to return to the User Security Administration dialog box.
Click Close without clicking Apply to cancel the process without saving data entered since
the last Apply and close the dialog box.
Creating Users
You can create users by using the User Security Administration dialog box. You create a user by
assigning a user name, password, and user role for each user.
Create User Dialog Box
To access the Create User dialog box, choose Administration > User Security Administration,
then select Create in the Users tab.
Field
Description
User Authentication
Specifies the name and password for the
user.
Name
Type the user name.
Password
Type the user password.
Re-enter Password
Type the user password again to verify it.
User Default User Role
List of user roles available to be assigned to
the user. Select a default user role for the
user from the drop-down list.
205
To create a user
1. Verify that you have administrator privileges.
3. Click the Users tab.
4. Click Create.
5. Type a name and password for the user.
6. Assign a user role from the drop-down menu.
7. Click OK.
Editing Users
You can edit the settings for an existing user.
Edit User Dialog Box
To access the Edit User dialog box, choose Administration > User Security Administration, then
select Edit in the Users tab. Use this dialog box to change settings for existing users. See “Create
User Dialog Box” on page 205.
To edit a user
3. Click the Users tab.
4. Click Edit.
5. Make the necessary changes to settings that are assigned to the user.
6. Click OK.
Saving a User under a Different Name
You can save users under a different name to facilitate the creation of a new user that has most of
the same settings.
Save User As New Name Dialog Box
To access the Save User As New Name dialog box, choose Administration > User Security
Administration, then select Save As in the Users tab.
To change the name, select a user and click Save As. Type the new name in the Enter new user
name text box and click OK.
Deleting a User
You can delete users that you create. You cannot delete the user admin.
206
Administration Menu
Delete Users Dialog Box
To access the Delete Users dialog box, choose Administration > User Security Administration,
then select Delete in the Users tab.
To delete a user, select it and click Delete.
Selecting Viewable Groups for a User
You can specify the groups that users can view in the Viewable Groups section of the Create
User dialog.
Select Groups Viewable by User Dialog Box
To access the Select Groups Viewable by User dialog box, choose Administration > User
Security Administration, then select a group name and click Select.
Select the names of all the groups that you want the user to be able to view and click OK.
You can specify the access policy for users in the User Access Policies section of the Create User
dialog.
Create User Access Policy Dialog Box
To access the Create User Access Policy dialog box, choose Administration > User Security
Administration, then select a user name and click Create.
Make the necessary changes in the Create User Access Policy dialog and click OK.
Editing Access Policy for a User
You can specify the access policy for users in the User Access Policies section of the Create User
dialog.
Edit User Access Policy Dialog Box
To access the Edit User Access Policy dialog box, choose Administration > User Security
Administration, then select a user name and click Edit.
Make the necessary changes in the Edit User Access Policy dialog and click OK.
Deleting Access Policy for a User
You can delete the access policy for users in the User Access Policies section of the Create User
dialog.
To access the Delete User Access Policy dialog box, choose Administration > User Security
Administration, then select a user name and click Delete.
In the Delete User Access Policy dialog, click Delete.
Selecting an Authentication Method
You can select the user login authentication method for SSH logins to devices in the network.
The authentication method can be either password or RSA based.
207
SSH Authentication Dialog Box
To access SSH Authentication dialog box, choose Administration > User Security
Administration, then the SSH Authentication tab.
Note
To improve overall security, consider disabling password-based access on the devices. Also
consider disabling telnet access to the devices.
Field
Description
Use password to authenticate
Authenticates users for SSH logins by user
password.
Use public key to authenticate
Authenticates users for SSH logins by public
key.
To select an authentication method
1. Verify that you have administrator privileges.
3. Click the SSH Authentication tab.
4. Click either Use password to authenticate or Use public key to authenticate.
5. Click OK.
RADIUS and Internal Database Authentication
You can use this dialog to choose the authentication method for Horizon Manager users. Use the
pull down menu in the first line of the dialog to select either Internal Database or RADIUS
authentication method. You need not configure any settings if you select Internal Database; a
dialog box with fields shows up when you select RADIUS.
NHM Authentication Dialog Box
To access NHM Authentication dialog box, click on Administration > User Security
Administration and select the NHM Authentication tab.
208
Field
Description
NAS-IP-Address
This is a required attribute for RADIUS
exchange. The system administrator needs to
be certain as to which IP address on the multihomed NAS (Nokia Horizon Manager) server
will appear in the RADIUS request page.
Administration Menu
NAS-Port
This is a required attribute for RADIUS
exchange. The system administrator needs to
know this number to configure the RADIUS
server. The default value is derived from the
Horizon Manager server configuration file (the
RMI registry port).
1st RADIUS Server, 2nd
RADIUS Server, 3rd RADIUS
Server
Nokia Horizon Manager allows for entering
three RADIUS servers - Primary, Secondary,
and Tertiary. If you select the RADIUS
method, the primary server along with all
other fields in the primary RADIUS server
frame must be specified. Specifying the other
RADIUS servers is optional. Once the
Configure It checkbox is selected, the
relevant fields become editable and you must
fill in these fields completely. If the checkbox
is deselected, the fields are cleared and
become disabled.
RADIUS Server IP
IP or Host name of the RADIUS server
Shared Secret
A password used by NAS to communicate
with the RADIUS server.
Port
This field is pre-filled with the default port
number of 1812 for all servers.
Retry Timeout (sec)
This field specifies the number of seconds to
wait before retrying authentication request.
This field is pre-filled with a default value of 30
for all servers.
Max # of Retries
This field specifies the maximum number of
unsuccessful retransmissions before Nokia
Horizon Manager declares that the current
authentication attempt either failed or
attempts to contact the next server, if it exists.
Out of Service Recovery
Enable capability to Switch to Local
Authentication database for admin
authentication if RADIUS servers fail or are
unreachable. Recovery requires restart of
server with command line argument
UserAuth_Recover to access Horizon
Manager via local authentication, rather than
RADIUS.
Suffix for user name (aka
@ABC)
This field allows better integration with
corporate user databases. The default value
is blank.
Test RADIUS button
The Test RADIUS button validates the
configuration before applying and storing it.
209
Test RADIUS Button:
The Test RADIUS button validates the configuration before applying and storing it. For
RADIUS, you will get a report as to the list of servers that Horizon Manager was able to contact
and the list of servers that Horizon Manager was not able to contact. No changes are applied
without successfully contacting at least one server. Horizon Manager uses an arbitrary string
NHM_TEST_AUTH_SERVER as an account name for testing.
Out of Service Recovery:
This feature (ON by default) allows for restarting the Horizon Manager server with a command
line argument UserAuth_Recover so that Horizon Manager switches to the Internal Database
authentication method. This is the only recovery for the following scenarios:

Authentication servers are down
IP address of authentication servers have changed
Shared secret has changed
Only the Admin is allowed to login using the local Horizon Manager password and restore
Horizon Manager authentication settings to a viable state. You need to restart the server to allow
normal logins.
Unchecking the Out of Service Recovery checkbox is not a recommended operation. This
indicates that you are disabling the ability to use the local authentication database for admin
authentication if RADIUS servers fail or are unreachable. Without this mechanism, an
unrecoverable RADIUS problem, such as forgotten pre-shared secret will require a partial reinstall of Horizon Manager to restore administrative access and results in lost data.
Follow the steps below before proceeding to disable the RADIUS failure recovery option:

Configure more than one authentication server
Verify that Nokia Horizon Manager can communicate with all of them by clicking the Test.
RADIUS button.
Leave the Recovery option ON, log out of Horizon Manager, and attempt to log back in.
Ensure that the RADIUS pre-shared secret is archived appropriately.
If you are satisfied with the results, then disable the Recovery option.
To authenticate using RADIUS or Internal Database
1. From the Authentication Method for NHM Users pull down menu, select your
authentication method - Internal Database or RADIUS.
2. If you select Internal Database, no further settings need to be configured.
3. If you select RADIUS, a dialog box opens up. Complete the NAS-IP Address, NAS-Port,
RADIUS Server IP, Shared Secret fields. You can retain the default values for Port, Retry
Timeout (sec), and Max # of Retries or change them if you wish to an appropriate value
depending on your requirement.
4. The Out of Service Recovery checkbox will remain checked.
210
Administration Menu
Warning
If you uncheck the ‘Out Of Service Recovery’ checkbox, you disable the ability to use
the local authentication database in Horizon Manager if RADIUS servers fail or are not
reachable. Follow the steps listed in the warning dialog to proceed.
5. Click on the Test RADIUS button to validate the configuration before applying and storing
it.
The message: “RADIUS REJECT for NHM_TEST_AUTH_SERVER Cause: Access
Denied” appears in the RADIUS server log after clicking the Test RADIUS button. This
message appears since Horizon Manager checks the availability of the RADIUS server by
trying to authenticate the dummy user: NHM_TEST_AUTH_SERVER.This message can be
ignored.
Note
Nokia Horizon Manager attempts to authenticate you with the second, and then the third
server only if RADIUS communication could not be established with the previous server,
including issues related to shared secret. Horizon Manager will not make these attempts
if the previous server rejects an authentication request.
Note
Once switched to external authentication, internal passwords are never used except
when the administrator switches to the Internal Database, or in a recovery mode.
NHM Authentication Example
The screen below shows an NHM authentication example using RADIUS authentication.
211
Changing the Nokia Horizon Manager License
A copy of Nokia Horizon Manager is included with new versions of IPSO or you can download
a copy from the Nokia Support Web site. A 5-device license file is issued after you provide the
appropriate registration information. To request a new license file as you support additional
devices, contact your sales distributor.
When you log in to Horizon Manager for the first time, Horizon Manager looks for the file,
which must have a .lic extension, in one of the following directories /opt/nhm13/server/data/
licenses for Solaris or C:\Nokia\NHM13\Server\Data\Licenses for Windows. If Horizon
Manager does not locate the file, the Login dialog box prompts you for the location of the
license file.
As the number of devices that you are supporting increases, you can purchase licenses in an
additive fashion. For example, if you have an existing installation of 20 devices and need to add
50 devices, you can purchase a 50-device license that allows you to manage your existing
devices, as well as the new devices. The existing devices are added under the new license. You
can also buy combinations of the license counts listed that add up to any device count you
choose.
As you add devices, you are reminded of the number of devices currently in use. Horizon
Manager does not allow you to add devices beyond the license number.
Horizon Manager supports licensing for the following numbers of devices:
5-device license
500
10
1000
20
1500
50
2000
100
2500
250
Installing the Nokia Horizon Manager License File
During a Nokia Horizon Manager session you can install a new license. Choose Administration
> Install New License. Enter the license file name or browse to locate the file, then click OK.
You must log out and log on for the license to take effect.
This dialog also appears when you have logged in for the first time after installation and you
have not copied the license file to the correct location. Browse for the file, click OK, and
Horizon Manager copies the file to the correct location, thereby allowing you to use Horizon
Manager.
212
Help Menu
Help Menu
Nokia Horizon Manager provides user assistance in the form of online help and a printable
online document in PDF format.
Topics:

“Using Nokia Horizon Manager Help” on page 213
“About Help” on page 213
“About Nokia Horizon Manager” on page 213
“About the Nokia Horizon Manager License” on page 213
Using Nokia Horizon Manager Help
To access Help from the Main menu bar, press the F1 key, or click the Help button in any Nokia
Horizon Manager dialog box.
When you access Help in this way, the first topic that appears is a description of all the fields and
buttons in the dialog box. You can access an overview of the dialog box function or a list of steps
necessary to complete the dialog box by clicking the Overview or Procedure links under the
topic title.
The online document version of Help is available in PDF format on your installation CD and on
the TAC Support Web site. You can navigate through the PDF file with hyperlinks or obtain a
hardcopy version by printing the file.
About Help
The About Help dialog box provides some basic information about using the Help system.
About Nokia Horizon Manager
The About NHM dialog box provides information about the following:

Version and build number for client and server
Horizon Manager Constraints version number
Copyright
Number of devices allowed for management under your current Horizon Manager license
About the Nokia Horizon Manager License
The About License dialog box provides information about the following:

Name of the person or organization that owns the Horizon Manager license.
Number of devices currently installed under this license and the total number that can be
installed under the Nokia additive licensing arrangement.
213

214
Serial numbers of each license that comprise the additive license.
Serial numbers for each Configuration Extraction/Deployment license.
Index
A
about the NHM license 213
account login and password 191
ACE 14
action results 175
creating groups from 178
deleting 176
actions
rerunning 177
reviewing 177
stopping 177
using 57
warnings of consequences 58
activating users 198
add command dialog 130
add script dialog 130
add upload dialog 130
administrators 60
applying patches 160
authentication 208
methods 207
B
backing up
devices 115
files 191
backup action 115
C
changing
passwords 182
Check Point firewalls
configuring and deploying 128
default filter 94
license 112
NG with AI, configuring enforcement module 96
NG with AI, configuring log server 101
NG with AI, configuring module and standalone 99
NG with AI, configuring primary management
server 97
NG with AI, configuring secondary management and
module 100
NG with AI, configuring secondary management
server 98
NG with AI, reconfiguring 92
NG with AI, reconfiguring log server and module 107
NG with AI, reconfiguring the enforcement
module 103
NG with AI, reconfiguring the primary management
module and standalone 105
NG with AI, reconfiguring the primary management
server 104
NG with AI, reconfiguring the secondary management and module 106
NG with AI, reconfiguring the secondary management server 104
NG with AI, upgrading to 109
VPN-1/FireWall-1 v4.1, configuring 58
Check Point tab 128
closing 16
columns
selecting 54
commands 147
configuration
extracting from devices 130
files, backup 190
management information, editing 125
configuring
and deploying Check Point applications 129
Check Point VPN-1/FireWall-1 v4.1 58
CP NG FP2 enforcement module 67
CP NG FP2 firewall 65
CP NG FP2 management module 69
CP NG FP2 management server 68
CP NG FP3 firewall 73
CP NG FP3 primary management module 79
CP NG FP3 primary management server 78
CP NG FP3 secondary management module 80
CP NG FP3 secondary management server 79
devices 121
sorts 53
table views 46
toolbars 180
constraints 187
copying groups 30
CP NG import file formats 60, 67, 72, 76, 94
CP NG with AI 92
CP NG with AI (R55) 92
creating
devices 32
quick groups 18
Index - 215
table views 49
unfiltered groups 26
creating quick groups 20
D
Database 208
database 197
default
filter, Check Point 94
table views 47
default filter 66, 75
defining groups 16
deleting
action results 176
backup sets 183
devices 35
groups 29
operating system versions 166
packages 166
table columns 52
table views 50
deploying
configurations to devices 121
packages 127
devices
adding to groups 36
and results table 45
backing up 115
configuring and deploying 121
creating 32
creating groups from 38
deleting 35
editing 34
exporting 43
importing 39
managing 32
menu toolbar 55
pane 45
passwords to 134
rebooting 150
removing from groups 37
restoring 132
setting options 196
verifying 157
disabled fields 199
documentation
conventions 9
structure 9
documentation, related 11
downloading
Index - 216
and installing device licenses 146
E
editing
device profiles 34
groups 28
table columns 52
user roles 202
users 206
executing commands 147
exiting 13, 16
exporting
devices 43
groups 31
security information 200
extracting configurations
from devices 130
F
fields, disabled 199
files
uploading 148
viewing 184
filter values 23
filtered groups
creating 21
FTP (file transfer protocol) 191
G
generating a dossier 145
get Check Point licenses 112
groups
about 17
adding devices to 36
copying 30
creating from devices 38
defining 16
deleting 29
editing 28
exporting 31
importing 30
moving 30
parent 38
removing devices from 37
subgroups 17
types of 17
unfiltered 26
groups pane 17
showing toolbar 32
H
hardware inventory 151
hardware inventory, running a 151
devices 32, 121
masking private data 183
moving groups 30
I
N
importing
devices 39
files 186
groups 30
security information 199
info required 14
info required to complete login 14
installable files
importing 186
removing 187
viewing 184
installing
NHM license file 212
packages 171
interface 60
internal database 197
inventory of software on devices 153
IP2250 129
IPSO 126
configurations, managing 126
tab 126, 127
ITM devices 34
NHM actions 57
Nokia small office security platform os install dialog
box 170
L
license
file, installing 212
for Check Point software 112
for NHM, changing 212
local database 208
locking the application 179
logging in 14
logging off 13, 14
logging on 14
M
management server wizard
cancel field 111
IP address field 111
login field 111
name field 111
next field 112
password field 111
resolve field 111
managing
O
operating system
deleting 166
installing 167
selecting versions 162
options
setting 189
user 195
OS install 167
OS version selection 162
out of service 210
out of service recovery 210
P
package selection 164
packages 129
deleting 166
deploying 127
installing 171
selecting 164
tab 127
upgrading 173
packages tab 127
panes
groups 17
parallel operations 189, 190
parent group 38
passwords
changing 182
devices, updating 134
patches
applying 160
post actions 130
progress of actions 175
proxy server 146
public keys upload 136
Q
quick groups 18, 20
Index - 217
quitting 16
R
R55 92
RADIUS 197, 208, 210
RADIUS and Internal Database Authentication 197
radius authentication 208
reboot device 150
rebooting devices 150
reconfiguring
CP NG FP2 management server 70
CP NG FP3 log server or log server and module 88
CP NG FP3 primary management module 86
CP NG FP3 primary management server 84
CP NG FP3 secondary management module 87
CP NG FP3 secondary management server 85
CP NG management module 71
recovery 210
registration keys 146
related documentation 11
remote modules 60
remove installable files 187
requirements to create ITM devices 34
rerunning actions 177
restore 132
restoring devices 132
results of actions 175
reviewing actions 177
RSA 14
run scripts 150
running
backups 191
FTP 191
hardware inventory 151
scripts 150
SSH/SCP 191
S
scripts, running 150
Secure Copy software (SCP) 191
Secure Shell software (SSH) 191
SecurID 14
security
administration tasks 197
information, exporting 200
information, importing 199
methods 207
selecting
Index - 218
columns 54
packages 164
setting
action options 189
column filters 54
device options 196
parallel operations 190
system options 194
showing toolbars 32
SMTP
abandon time 61
default server 61
error server 61
max recipients 61
postmaster 61
resend timeout 61
run directory 61
Timeout 61
SNMP 61
software
inventories 153
sorting data 53
sorts, configuring 53
start Check Point firewall 114
stop Check Point firewall 114
stopping actions 177
subgroups 17
subnets
groups of 16
suspending users 198
T
table cell details 45
table columns
creating 50
deleting 52
editing 52
table sorting 53
table views
about 47
configuring 46
creating 49
default 47
deleting 50
taking software inventories 153
Test RADIUS 210
to 14
toolbars
configuring 180
devices pane 55
groups pane 32
managing 179
showing and hiding 179, 182
tools, using 178
U
unfiltered groups 26
unsupported 129
unsupported packages 129
upgrading
CP NG 72, 90
packages 173
uploading
files 148
fingerprints 136
public keys 136, 140
usage suggestions for updating public keys 141
user options, setting 195
user roles 200
editing 202
users
editing 206
managing 204
using post actions 130
V
verify 157
verifying devices 157
viewing 187
installable files 184
W
warnings 58
Index - 219
Index - 220