Installing Novell BorderManager 3.8

  1. If not previously run, run INETCFG on the server to transfer all the LAN driver, protocols, and remote access commands to INETCFG and restart the server.

  2. Insert the Novell BorderManager 3.8 with SP3 CD into the server's CD-ROM drive.

  3. On the X-Server Graphical Console screen, click Novell > Install.

    If the X-Server Graphical Console is not loaded, enter STARTX at the server console.

    If STARTX is already loaded, press Ctrl+Esc and select the option for X-Server Graphical Console.

  4. Click Add, then browse to the root of the Novell BorderManager 3.8 with SP3 CD (NBM38wSP3), and then select product.ni, which is displayed in the right panel and click OK > OK.

    File copying should begin.

  5. On the Welcome to Novell BorderManager 3.8 Install page, click Next.

  6. Read the license agreement and click I Accept to accept the terms of the agreement.

    The next page shows the Novell BorderManager 3.8 services that will get installed. The services are:

    • Novell BorderManager Firewall/Caching Services
    • Novell BorderManager VPN Services
    • Novell Modular Authentication Services (NMAS). This will be installed by default.

  7. In the Enter a license location path field, select Shipping License, or check the Skip License Install check box and click Next so that the licenses can be installed later.

    Trial Licence is selected by default. Trial and shipping licenses are located in the licences folder in the root of the CD. You can install the system files without installing the license; however, Novell BorderManager 3.8 services will not load until a valid license is installed.

    NOTE:  You can install trial license only once per tree.

  8. On the Minimum Requirements Check screen, check the Results column to verify whether the minimum system requirements are met or not. Then click Next.


    Sample Minimum Requirements Screen for Installing BorderManager on NetWare.

    If any of the minimum requirements except TCPIP modules or iManager 2 is not met, the install will abort. Fulfill the requirements according to the information in the figure above and restart the installation. If the base requirements for the TCPIP modules are not met, a warning is displayed. You can ignore the warning and install; however, you would need to copy the right TCPIP modules later (see Prerequisites for Installing Novell BorderManager 3.8) if you want to use VPN services. The correct files needed for this installation are located on the Novell Small Business Suite 6.6 NetWare 6.5 CD 1 Operating System with SP3 CD. For procedures, see Prerequisites for Installing Novell BorderManager 3.8.

    If iManager 2 is not installed the plug-ins for Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration will not be installed.

  9. In the login dialog box, log in to the eDirectoryTM tree with a fully distinguished name (FDN) that has administrative rights. Usually user Admin.

    Either provide the FDN or provide only the name and then the context in the Context field.

    You must have supervisor rights to the root of the eDirectory tree. This requirement applies to any user who is a trustee with the Supervisor right at a container at the same level as the server. The Supervisor right to the root of the tree is required to extend the eDirectory schema, install product licenses, and configure Novell BorderManager 3.8 for the first time.

  10. Select the NMAS login methods you want to install, then Click Next.

    Radius components and ConsoleOne® snap-ins for NMAS are installed by default.

  11. (Conditional) Radius is installed by default. If you want to load the radius.nlm after the server reboot, check the Load RADIUS on Reboot check box.

    If this is an upgrade, select Migrate Radius Components and fill in the details.

  12. (Conditional) If this is an upgrade, now skip to Step 21 to provide details for the VPN services.

  13. (Conditional) If you are installing Novell BorderManager firewall/caching services or Novell BorderManager VPN services, review the list of network interfaces and their IP bindings and then do the following:

    1. Check either a public IP address, a private IP address, or both.

      For firewall and caching services, you must specify a public IP address to secure the network border. Public IP addresses specify server interfaces to a public network, typically the Internet. Private IP addresses specify server interfaces to a private network or intranet.

    2. Specify the default gateway.

    3. (Conditional) If you do not want to install the default iManager plug-ins for the firewall, deselect that option.

  14. Click Next

  15. Select the services that you want to enable, then click Next.


    Novell BorderManager Services and Filter Exceptions

    On a single interface machine, filter exceptions will be created but the filters will not be enabled. Filter exceptions corresponding to the checked services will be created on the public interface. Filter exceptions along with the filters get activated if IP Packet Filtering is selected. IP packet filtering will not be enabled if only one interface is available. If this is an upgrade, existing filters are preserved. Deny all filters are not set on public interfaces.

  16. (Conditional) If you selected Mail in Step Step 15, check either or both of the External/Internal boxes in order to set appropriate filter exceptions, depending on whether you want to proxy either an internal mail server/external mail server or both, then specify the name of one domain for the mail proxy.

  17. (Conditional) If HTTP, FTP, or HTTP Transparent are selected in Step 15, click Create Volume and provide the required details in the pop-up screen to create traditional volumes for caching.

    You can also use existing traditional volumes for caching.

    If you do not create a volume or select a traditional volume for caching, the sys:etc\proxy\cache directory will be used for caching.

  18. (Conditional) Accept the Access Control default.

    Access control enforces additional security by denying all proxy services traffic. Access control rules can be set using the NetWare Administrator utility. They are used to allow or deny access from any source or to any destination. This option is available only if you select Proxy Services.

  19. Specify a unique DNS domain name for your network, then click Next.

  20. (Optional) Click Add to specify one to three DNS server IP addresses.

    By default the existing DNS entry is used.

  21. (Conditional) If you selected VPN in Step 15, do one of the following:

    • Select the Allow Clear Text Password and then browse to or type the proxy username so the VPN schema extension can use Clear Text Passwords.

      To enable Clear Text Passwords, log in to ConsoleOne, double-click the context of the server on which you are installing Novell BorderManager 3.8, then select LDAP Group Object and right-click > Properties. As applicable, either check the Allow Clear Text Password box (for eDirectory 8.6.2) or uncheck the Required TLS for Simple Bind with Password (for eDirectory 8.7.1).

    • Select the Use SSL for Schema Extension option to encrypt your password.

      To use SSL: For Schema Extension to succeed in this mode, you must have a valid Server Trusted Certificate, usually a DER file present in the sys:\public directory of your server. Browse to the file or enter its name in the box.


    The screen shows how Clear Text Password can be enabled in ConsoleOne.

  22. (Conditional) Uncheck the iManager plug-ins check box for VPN box if you do not want the plug-ins to be installed.

  23. If the install is an upgrade from BMEE 3.6 or Novell BorderManager 3.7 and the option Migrate VPN Configuration is checked. Uncheck this option if you do not want to migrate the VPN configuration.

  24. Do not change the Port that LDAP is listening on unless LDAP is listening on a nonstandard port.

  25. (Conditional) If nldap.nlm is not loaded, a prompt will appear asking you to configure the LDAP server.

  26. Click Finish.

    Click Back to return to previous windows and modify your selections.

  27. Do one of the following:

    • To load Novell BorderManager 3.8 services, click Reboot.
    • To complete the installation and return to the GUI screen; click close.
    • To view the Readme, click ReadMe.

    The install summary is available in sys:\ni\data\nbm_instlog.csv. The Readme is available at the root of the CD under Documents > ReadMes > enu.

    NOTE:  Novell BorderManager 3.8 provides the option to recover from a failed install. Install pops up an option after the Login dialog box (Step 9). To recover from a failed install, select the Fresh Install option or the Upgrade option. Continuing with the Fresh Install option with a working Novell BorderManager 3.8 server might give unexpected results, particularly with existing filter exceptions. After using this option, review your NetWare Administrator settings and filter exceptions.