This section provides instructions for installing the Novell
BorderManager 3.8 software.
Before installing Novell BorderManager 3.8 you need to go through
the End User License Agreement (EULA). The EULA is present in the relevant
language directory at the root of the product directory > \EULA.
Review this list of items and record information as required to
complete the installation:
- Location of license diskettes or path
to the license file
- Public and private interfaces and their
IP address bindings
- Domain Name System host name
- IP addresses for up to three DNS name
servers on the network
- Domain Name for Mail Proxy and whether
you want to proxy an internal mail server or external mail server or both
- Server certificates if secure LDAP is
to be used for schema extension
- Default gateway
- Certificate names and concerned trusted
root container and objects
Novell International Cryptography Infrastructure 2.6 is present
in the Companion CD at nici\nwserver. To install NICI 2.6:
Create a local copy of NICI 2.6 on the server on
which you are installing Novell BorderManager 3.8 (Unzip the nici_u0.exe on
that server) .
Go to NWCONFIG, Product Options and select
Install A Product Not Listed and then enter the path where you have copied NICI
Restart server after installation.
Check if you have version 5.5.8 dated June 04, 2003 on your machine. This version is
required to start NMAS 2.2. If your server does not have the minimum required
version of this NLM, copy the netnlm32.nlm from the directory NETNLM32 on the
Companion CD to sys:\system directory of your server.
The latest version of the NLM can be downloaded from support.novell.com. Download and extract nwlib5.exe on the
server. The DSAPI directory will be available in the extract. Copy netnlm32.nlm
from the DSAPI directory to the sys:\system directory.
TCPIP is available on the Companion CD and can be installed by
running a perl script (tinstall.pl) on the server.
1.7.1 Installing TCPIP from CD:
Insert and mount the Companion CD.
At the server console enter
Provide the -f option if you have null
encryption versions of these nlms on the server.
Restart the server.
1.7.2 Installing TCPIP from Web:
Unzip Novell BorderManager 3.8 Companion CD on a
drive that is accessible from your server.
On the server console enter
perl <Companion CD
Path>\TCPIP\tinstall.pl [-f] [-p path]
Provide the -f option if you have null encryption
versions of these nlms on the server.
Provide the -p option to give the name
of the directory where the Companion CD is unzipped.
Restart the server.
To install Novell BorderManager 3.8 on the server:
Run INETCFG before you install Novell
Make sure Novell BorderManager 3.8 is unzipped
on a drive that is accessible from your server.
If it is a product CD, mount Novell
BorderManager 3.8 CD from server by typing CDROM on server console.
On the server side, go to the X-Server Graphical
Console. If the X-Server Graphical Console is not loaded, type STARTX
on the server console.
If STARTX is already loaded, press
Ctrl-Esc and select the X-Server Graphical Console.
Click the Novell logo, then select Install to
display the currently installed products.
Click Add, then browse to the root of the Novell
BorderManager 3.8 directory and select product.ni, which is displayed in the
On the Welcome page click Next.
Read the license agreement. If you accept the
terms of the agreement, click I Accept.
The next page shows the Novell BorderManager 3.8
services that will get installed.
Trial Licenses are selected by default. You
could select the Shipping License or check the Skip License Install check box
and click Next so that the licenses can be installed later.
Trial and Shipping licenses are located
in the LICENCES directory in the root of the CD. You can install the system
files without installing the license; however, Novell BorderManager 3.8
services will not load until a valid license is installed. For more information
on moving from trial to production version see 1.9 Moving
from Trial to Production .
NOTE: You can install trial
license only once per tree.
The Minimum Requirements screen will be
displayed. On this screen see the Results column to verify whether the minimum
system requirements are met or not. Click Next to proceed.
NOTE: If any of the base
requirements except TCPIP modules or iManager 2.0 is not met, the install will
abort (Check the help for more details). Fulfill the requirements according to
the table appearing on the page and re-start the installation. If the base
requirements for the TCPIP modules is not met a warning will be displayed. You
can ignore the warning and install, however you would need to copy the right
TCPIP modules later (see "TCPIP" on page 5) if you want to use
If iManager 2 is not installed the
plugins for Novell BorderManager Firewall Configuration and Novell
BorderManager VPN Configuration will not be installed. If that is the case,
install iManager 2 after Novell BorderManager installation and this will
automatically install the Novell BorderManager Firewall Configuration and
Novell BorderManager VPN Configuration plugins.
In the login dialog box, log in to the
eDirectory tree with a fully distinguished name (FDN, with administrative
Either provide the FDN or provide only
the name and then the context in the Context field.
You must have administrative rights to
the root of the eDirectory tree. This requirement applies to any user who is a
trustee with Supervisor rights at a container at the same level as the server.
Administrative rights are required to extend the eDirectory schema, install product
licenses, and configure Novell BorderManager 3.8 for the first time.
Select the NMAS login methods you want to
install, then Click Next.
Radius components and ConsoleOne® snap-ins for NMAS will be installed by
default. Incase of upgrade you might select Migrate Radius Components and fill
in the details.
NOTE: If this is an upgrade the
next screen will prompt you to provide details for the VPN services. See
Step 22 on page 6. Else continue with the next step.
If you are installing Novell BorderManager firewall/caching
services or Novell BorderManager VPN services, review the list of network
interfaces and their IP bindings. Specify each interface as public, private, or
both for proxy and firewall services.
For firewall and caching services, you
must specify a public IP address to secure the network border. Public IP
addresses specify server interfaces to a public network, typically the
Internet. Private IP addresses specify server interfaces to a private network
Check either a public IP address or a private IP
address or both.
Specify the default gateway.
By default the iManager snap-ins for Firewall
are checked. Uncheck the box if you do not want to install the snap-ins.
Check the check boxes for the services that you
want to enable. Filter exceptions for these services will be created on the
public interface. Click Next.
NOTE: On a single interface
machine filter exceptions will be created but the filters will not be enabled.
Filter exceptions corresponding to the checked services will be created on the
public interface. Filter exceptions along with the filters get activated if IP
Packet Filtering is selected. IP packet filtering will not be enabled if only
one interface is available. If this is an upgrade, existing filters are
preserved. Deny all filters are not set on public interfaces.
(Optional) If you selected Mail, check either or
both of the External/Internal boxes in order to set appropriate filter
exceptions, depending on whether you want to proxy either an internal mail
server(s)/external mail server(s) or both. Enter the name of one domain for the
(Optional) If HTTP, FTP or HTTP Transparent are
selected in the Proxy and Filter Exception screen in NetWare 6.5, click Create
Volume and provide the required details in the pop-up screen to create
traditional volumes for caching. You can also use existing traditional
volume(s) for caching.
NOTE: If you do not create a
volume or select a traditional volume for caching, the sys:etc\proxy\cache
directory will be used for caching.
The check box for Access Control is enabled by
default. We recommend that you accept the default. Access control enforces
additional security by denying all proxy services traffic.
Access control rules can be set using
the NetWare Administrator utility. Access rules are used to allow or deny
access from any source or to any destination. This option comes up only if you
select Proxy Services on the previous page.
Specify a unique DNS domain name for your
network, then click Next.
Click Add to specify at least one or up to three
DNS server IP addresses. By default the existing DNS entry is used.
If you selected VPN, select the Allow Clear Text
Password option so the VPN schema extension can use Clear Text Passwords. Else
to use SSL to encrypt your password, select the option Use SSL for Schema
By default the iManager snap-ins for VPN
would be checked. Uncheck the box if you do not want the snap-ins to be
If the install is an upgrade from BMEE
3.6 or NBM 3.7, the option Migrate VPN Configuration is checked. Uncheck this
option if you do not want to migrate the VPN configuration.
Do not change the Port on which LDAP is
listening setting unless LDAP is listening on a non-standard port.
In case nldap.nlm is not loaded a
message box will pop up asking you to configure the LDAP server.
NOTE: To enable Clear Text
Passwords, log in to ConsoleOne, then select LDAP Group Object > Properties.
As applicable, either check the Allow Clear Text Password box (for eDirectory
8.6.2) or uncheck the Required TLS for Simple Bind with Password (for
To use SSL: For Schema Extension to
succeed in this mode, you must have a valid Server Trusted Certificate, usually
a DER file present in the sys:\public directory of your server. Browse to the
file or enter its name in the box.
Click Finish if you are done or click Back to
return to previous windows and modify your selections.
Do one of the following:
- Click Reboot for
Novell BorderManager 3.8 services to come up.
- Click Close to
complete the installation and return to the GUI screen.
- Click ReadMe to view
The install summary is available in
sys:\ni\data\nbm_instlog.csv. The readme is available at the root of the CD
under Documents > ReadMes > enu.
NOTE: Novell BorderManager 3.8
provides the option to recover from a failed install. Install pops up an option
after the authentication dialog (Step 11 on page 5). To recover from
a failed install select the Fresh Install Option. Else select the Upgrade
option. Continuing with the Fresh Install option with a working NBM 3.8 server
may give unexpected results, particularly with existing filter exceptions.
After using this option review your NWAdmn settings and filter exceptions.
If you want to move from the trial Novell BorderManager 3.8
product to the production version, you need not re-install Novell BorderManager
3.8. Follow these steps:
Install the Production License from the
licenses\regular directory on the product CD using NWAdmn or iManager.
Un-install the trial VPN Client. Install the
production version of VPN Client from the product CD
Un-install trial NCF. Install the production
version of NCF from the product CD (CL_INST\NCF\NCFInstall.exe)