Installing Novell BorderManager 3.8

To install Novell BorderManager 3.8 on the server:

  1. Run INETCFG before you install Novell BorderManager 3.8.

  2. Unzip Novell BorderManager 3.8 on a drive that is accessible from your server.

    or

    If you are using a product CD, mount the Novell BorderManager 3.8 CD on the server by entering CDROM at the server console.

  3. On the server side, go to the X-Server Graphical Console. If the X-Server Graphical Console is not loaded, enter STARTX at the server console.

    If STARTX is already loaded, press Ctrl+Esc and select the option for X-Server Graphical Console.

  4. Click the Novell logo, then select Install to display the list of currently installed products.

  5. Click Add, then browse to the root of the Novell BorderManager 3.8 directory and select product.ni, which is displayed in the right frame.

  6. On the Welcome page, click Next.

  7. Read the license agreement. If you accept the terms of the agreement, click I Accept.

    The next page shows the Novell BorderManager 3.8 services that will be installed. The services are:

    • Novell BorderManager Firewall/Caching Services
    • Novell BorderManager VPN Services
    • Novell Modular Authentication Services (NMAS). This will be installed by default.

    Trial Licenses are selected by default.

  8. Select either the Shipping License or select the Skip License Install check box and click Next so that the licenses can be installed later.

    Trial and Shipping licenses are located in the licenses directory at the root of the CD. You can install the system files without installing the license; however, Novell BorderManager 3.8 services will not load until a valid license is installed.

    NOTE:  You can install the trial license only once per tree.

  9. The Minimum Requirements page displays Review the Results column to verify whether the minimum system requirements are met, then click Next to proceed.

    Figure 1
    Sample Minimum Requirements Page. NetWare 6.5. For NetWare 5.1 and NetWare 6, the rows display the respective requirements.

    If any of the minimum requirements except TCPIP modules or iManager 2.0 is not met, the install will abort. Meet the requirements according to the table above and restart the installation. If the base requirements for the TCPIP modules are not met, a warning is displayed. You can ignore the warning and install, but you need to copy the right TCP/IP modules later (see TCP/IP (Only for VPN)) if you want to use VPN services.

    If iManager 2 is not installed, the plug-ins for Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration are not installed. If that is the case, install iManager 2 after Novell BorderManager installation to automatically install the Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration plug-ins.

  10. In the login dialog box, log in to the eDirectory tree with a fully distinguished name (FDN, with administrative rights).

    Either provide the FDN or provide only the name and then the context in the Context field.

    You must have administrative rights to the root of the eDirectory tree. This requirement applies to any user who is a trustee with Supervisor rights at a container at the same level as the server. Administrative rights are required to extend the eDirectory schema, install product licenses, and configure Novell BorderManager 3.8 for the first time.

  11. Select the NMAS login methods you want to install, then Click Next.

  12. Radius components and ConsoleOne® snap-ins for NMAS are installed by default. For an upgrade you might select Migrate Radius Components and fill in the details.

    If this is an upgrade, the next page prompts you to provide details for the VPN services. Skip to Step 22 or continue with the next step.

  13. If you are installing Novell BorderManager firewall/caching services or Novell BorderManager VPN services, review the list of network interfaces and their IP bindings. Specify each interface as public, private, or both for proxy and firewall services.

    For firewall and caching services, you must specify a public IP address to secure the network border. Public IP addresses specify server interfaces to a public network, typically the Internet. Private IP addresses specify server interfaces to a private network or intranet.

    1. Select either a public IP address or a private IP address or both.

    2. Specify the default gateway.

    3. By default, the iManager snap-ins for Firewall are selected. Deselect the check box if you do not want to install the snap-ins.

  14. Click Next

  15. Select the check boxes for the services that you want to enable. Filter exceptions for these services will be created on the public interface. Click Next.

    Figure 2
    Novell BorderManager Services and Filter Exceptions

    On a single interface machine, filter exceptions are created but the filters are not enabled. Filter exceptions corresponding to the selected services are created on the public interface. Filter exceptions are activated along with the filters if IP Packet Filtering is selected. IP packet filtering is not enabled if only one interface is available. If this is an upgrade, existing filters are preserved. Deny All Filters is not set on public interfaces.

  16. (Optional) If you selected Mail, select either or both of the External/Internal check boxes in order to set appropriate filter exceptions, depending on whether you want to proxy internal mail servers, external mail servers, or both. Specify the name of one domain for the mail proxy.

    NWAdmn displays only the DNS name of the mail proxy. See "Mail Proxy for more details.

  17. (Optional) NetWare 6.5 provides the facility to create cache volumes automatically. If HTTP, FTP, HTTP Transparent is selected in the Proxy and Filter Exception page, click Create Volume and provide the required details to create traditional volumes for caching. You can also use existing traditional volumes for caching.

    If you do not create a volume or select a traditional volume for caching, the sys:\etc\proxy\cache directory is used.

    HINT:  If you do not create a volume or select a traditional volume for caching, the sys:\etc\proxy\cache directory is used.

    To create a new cache volume follow these steps:

    • Copy the directory CCRT from the UNSUPPORTED directory of the NBM 3.8 CD into the sys: volume of a NetWare server.
    • On the console prompt type sys:\CCRT\ccrt
    • Follow the directions that appear on the screen.

    In case there is no free space available in the system, and there are volumes/partitions which you want to delete to recover space, follow the steps below:

    • Open Novell Remote Manager (NRM) and from a browser type https://IPAddress:8009
    • After logging in, the left panel shows Partition Disks under Manage Server.
    • Click on Partition Disks.
    • Delete the partitions/volumes which are not required. To delete a partition, dismount the volumes in the partition first > then delete the volumes in the partition > delete the partition and restart the server before running the utility.

    NOTE:   If any partition label has non-ascii characters in it, this utility will not work. Free space will be shown as 0 even if there is free space on the server. Labels can have non-ascii characters if some disk imager is used to restore disk images. The partition label can be seen through NSSMU on the server. (Load NSSMU.NLM > Partitions > Partition Information - Label) Partiton label can be viewed/modfied using NRM. Open https://IpAddress:8009 from a browser. Manager server > Partition Disks. On the right panel all the partition and volumes will be shown. Partition labels are shown against the partition names. Click on an existing label to change it.

  18. The check box for Access Control is enabled by default. We recommend that you accept the default. Access control enforces additional security by denying all proxy services traffic.

    Access control rules can be set using the NetWare Administrator utility. Access rules are used to allow or deny access from any source or to any destination. This option comes up only if you selected Proxy Services on the previous page.

  19. Specify a unique DNS domain name for your network, then click Next.

  20. Click Add to specify at least one or up to three DNS server IP addresses. By default the existing DNS entry is used.

  21. If you selected VPN, select the Allow Clear Text Password option so the VPN schema extension can use clear text passwords. Or to use SSL to encrypt your password, select Use SSL for Schema Extension.

    To enable clear text passwords, log in to ConsoleOne, double-click the context of the server on which you are installing Novell BorderManager 3.8, then select LDAP Group Object and right-click > Properties. As applicable, either select Allow Clear Text Password (for eDirectory 8.6.2) or deselect Required TLS for Simple Bind with Password (for eDirectory 8.7.1).

    To use SSL: For Schema Extension to succeed in this mode, you must have a valid Server Trusted Certificate, usually a DER file present in the sys:\public directory of your server. Browse to the file or enter its name in the field.

    Figure 3
    Enabling Clear Text Passwords in ConsoleOne.

    By default the iManager snap-ins for VPN are selected. Deselect the box if you do not want the snap-ins to be installed.

    If the install is an upgrade from BMEE 3.6 or Novell BorderManager 3.7, the Migrate VPN Configuration option is selected. Deselect this option if you do not want to migrate the VPN configuration.

    Do not change the port on which LDAP is listening unless LDAP is listening on a non-standard port.

    If nldap.nlm is not loaded, a message box will pop up asking you to configure the LDAP server.

  22. Click Finish if you are done, or click Back to return to previous pages and modify your selections.

  23. Do one of the following:

    • Click Reboot for Novell BorderManager 3.8 services to come up.
    • Click Close to complete the installation and return to the GUI screen.
    • Click Readme to view the Readme.

    The install summary is available in sys:\ni\data\nbm_instlog.csv. The Readme is available at the root of the CD under Documents > ReadMes > enu.

    NOTE:  Novell BorderManager 3.8 provides the option to recover from a failed install. The Install program pops up an option after the authentication dialog box (Step 10). To recover from a failed install, select the Fresh Install Option or select the Upgrade option. Continuing with the Fresh Install option with a working Novell BorderManager 3.8 server may give unexpected results, particularly with existing filter exceptions. After using this option, review your NWAdmn settings and filter exceptions.