Installing Novell BorderManager 3.8 on NetWare 6.0 SP 3 or NetWare 5.1 SP6 or NetWare 6.5

To install Novell BorderManager 3.8 on the server:

  1. Run INETCFG before you install Novell BorderManager 3.8.

  2. Make sure Novell BorderManager 3.8 is unzipped on a drive that is accessible from your server.

    Or

    If it is a product CD, mount Novell BorderManager 3.8 CD from server by typing CDROM on server console.

  3. On the server side, go to the X-Server Graphical Console. If the X-Server Graphical Console is not loaded, type STARTX on the server console.

    If STARTX is already loaded, press Ctrl-Esc and select the X-Server Graphical Console.

  4. Click the Novell logo, then select Install to display the currently installed products.

  5. Click Add, then browse to the root of the Novell BorderManager 3.8 directory and select product.ni, which is displayed in the right frame.

  6. On the Welcome page click Next.

  7. Read the license agreement. If you accept the terms of the agreement, click I Accept.

  8. The next page shows the Novell BorderManager 3.8 services that will get installed.

  9. Trial Licenses are selected by default. You could select the Shipping License or check the Skip License Install check box and click Next so that the licenses can be installed later.

    Trial and Shipping licenses are located in the LICENCES directory in the root of the CD. You can install the system files without installing the license; however, Novell BorderManager 3.8 services will not load until a valid license is installed. For more information on moving from trial to production version see Moving from Trial to Production.

    NOTE:  You can install trial license only once per tree.

  10. The Minimum Requirements screen will be displayed. On this screen see the Results column to verify whether the minimum system requirements are met or not. Click Next to proceed.

    NOTE:  If any of the base requirements except TCPIP modules or iManager 2.0 is not met, the install will abort (Check the help for more details). Fulfill the requirements according to the table appearing on the page and re-start the installation. If the base requirements for the TCPIP modules is not met a warning will be displayed. You can ignore the warning and install, however you would need to copy the right TCPIP modules later (see TCPIP (Only for VPN)) if you want to use VPN services.

    If iManager 2 is not installed the plugins for Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration will not be installed. If that is the case, install iManager 2 after Novell BorderManager installation and this will automatically install the Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration plugins.

  11. In the login dialog box, log in to the eDirectory tree with a fully distinguished name (FDN, with administrative rights).

    Either provide the FDN or provide only the name and then the context in the Context field.

    You must have administrative rights to the root of the eDirectory tree. This requirement applies to any user who is a trustee with Supervisor rights at a container at the same level as the server. Administrative rights are required to extend the eDirectory schema, install product licenses, and configure Novell BorderManager 3.8 for the first time.

  12. Select the NMAS login methods you want to install, then Click Next.

  13. Radius components and ConsoleOne® snap-ins for NMAS will be installed by default. Incase of upgrade you might select Migrate Radius Components and fill in the details.

    NOTE:  If this is an upgrade the next screen will prompt you to provide details for the VPN services. See Step 22. Else continue with the next step.

  14. If you are installing Novell BorderManager firewall/caching services or Novell BorderManager VPN services, review the list of network interfaces and their IP bindings. Specify each interface as public, private, or both for proxy and firewall services.

    For firewall and caching services, you must specify a public IP address to secure the network border. Public IP addresses specify server interfaces to a public network, typically the Internet. Private IP addresses specify server interfaces to a private network or intranet.

    1. Check either a public IP address or a private IP address or both.

    2. Specify the default gateway.

    3. By default the iManager snap-ins for Firewall are checked. Uncheck the box if you do not want to install the snap-ins.

  15. Click Next

  16. Check the check boxes for the services that you want to enable. Filter exceptions for these services will be created on the public interface. Click Next.

    NOTE:  On a single interface machine filter exceptions will be created but the filters will not be enabled. Filter exceptions corresponding to the checked services will be created on the public interface. Filter exceptions along with the filters get activated if IP Packet Filtering is selected. IP packet filtering will not be enabled if only one interface is available. If this is an upgrade, existing filters are preserved. Deny all filters are not set on public interfaces.

  17. (Optional) If you selected Mail, check either or both of the External/Internal boxes in order to set appropriate filter exceptions, depending on whether you want to proxy either an internal mail server(s)/external mail server(s) or both. Enter the name of one domain for the mail proxy.

  18. (Optional) If HTTP, FTP or HTTP Transparent are selected in the Proxy and Filter Exception screen in NetWare 6.5, click Create Volume and provide the required details in the pop-up screen to create traditional volumes for caching. You can also use existing traditional volume(s) for caching.

    NOTE:   If you do not create a volume or select a traditional volume for caching, the sys:etc\proxy\cache directory will be used for caching.

  19. The check box for Access Control is enabled by default. We recommend that you accept the default. Access control enforces additional security by denying all proxy services traffic.

    Access control rules can be set using the NetWare Administrator utility. Access rules are used to allow or deny access from any source or to any destination. This option comes up only if you select Proxy Services on the previous page.

  20. Specify a unique DNS domain name for your network, then click Next.

  21. Click Add to specify at least one or up to three DNS server IP addresses. By default the existing DNS entry is used.

  22. If you selected VPN, select the Allow Clear Text Password option so the VPN schema extension can use Clear Text Passwords. Else to use SSL to encrypt your password, select the option Use SSL for Schema Extension.

    By default the iManager snap-ins for VPN would be checked. Uncheck the box if you do not want the snap-ins to be installed.

    If the install is an upgrade from BMEE 3.6 or NBM 3.7, the option Migrate VPN Configuration is checked. Uncheck this option if you do not want to migrate the VPN configuration.

    Do not change the Port on which LDAP is listening setting unless LDAP is listening on a non-standard port.

    In case nldap.nlm is not loaded a message box will pop up asking you to configure the LDAP server.

    NOTE:  To enable Clear Text Passwords, log in to ConsoleOne, then select LDAP Group Object > Properties. As applicable, either check the Allow Clear Text Password box (for eDirectory 8.6.2) or uncheck the Required TLS for Simple Bind with Password (for eDirectory 8.7.1).

    To use SSL: For Schema Extension to succeed in this mode, you must have a valid Server Trusted Certificate, usually a DER file present in the sys:\public directory of your server. Browse to the file or enter its name in the box.

  23. Click Finish if you are done or click Back to return to previous windows and modify your selections.

  24. Do one of the following:

    The install summary is available in sys:\ni\data\nbm_instlog.csv. The readme is available at the root of the CD under Documents > ReadMes > enu.

    NOTE:  Novell BorderManager 3.8 provides the option to recover from a failed install. Install pops up an option after the authentication dialog (Step 11). To recover from a failed install select the Fresh Install Option. Else select the Upgrade option. Continuing with the Fresh Install option with a working NBM 3.8 server may give unexpected results, particularly with existing filter exceptions. After using this option review your NWAdmn settings and filter exceptions.