Table of Contents
Advertisement
ISG 2000 User's Guide
Before Beginning
NOTE:
2
Before Beginning
Before setting up the ISG 2000, you must make a few preparations.
1. Consider the network topology and the resources that you want to protect so
that you can decide where to put the ISG 2000. You want to make sure that all
traffic on which you want to enforce policies flows through the device. (A typical
network topology showing where to put the ISG 2000 is shown in Figure 1 on
page v, and on Figure 5 on page 4.)
2. Plan out the IP addresses and—where applicable—host.domain names that you
want each host to use. The devices in this guide use the following addresses:
ISG 2000
Untrust zone interface (ethernet1/1): 1.1.1.1/30
DMZ zone interface (ethernet1/2): 1.2.2.1/29
Trust zone interface (ethernet2/1): 10.1.1.1/24
MGT zone interface (MGT): 10.2.2.1/28
HTTP server: 1.2.2.2, www.jnpr.net
Mail relay server: 1.2.2.3, smtp.jnpr.net/pop3.jnpr.net
Trust zone hosts dynamically receive their addresses and DNS settings
from a stand alone DHCP server. Their default gateway is 10.1.1.1.
Network security administrators make an out-of-band connection to the
MGT interface on the ISG 2000. Their workstations are in the 10.2.2.0/28
subnet, completely separate from the rest of the network.
3. Obtain the IP addresses of the default gateway and external Domain Name
System (DNS) servers from the ISP. This guide uses the following addresses:
Default gateway: 1.1.1.2
Primary DNS server: 2.2.2.5
Secondary DNS server: 2.2.2.6
4. Communicate the IP addresses and host.domain names of the mail and web
servers to your ISP. After an ISP administrator adds this information to its DNS
servers, they can then answer DNS queries for them.
5. Ensure that the hosts in the Trust zone use 10.1.1.1 as their default gateway,
and that the servers in the DMZ use 1.2.2.1.
6. This guide assumes you configure the ISG 2000 through a console connection
from the serial port on your workstation to the console port on the ISG 2000.
You need the following:
VT100 terminal emulator such as Hilgraeve HyperTerminal installed on
your workstation (HyperTerminal is provided on all Windows operating
systems.)
The RJ-45 straight-through ethernet cable and DB9 adapter that ship with
the ISG 2000
Documentation CD that ships with the ISG 2000
For other device configuration methods, see the Administration volume in the
NetScreen Concepts & Examples ScreenOS Reference Guide.
You must use NetScreen-Security Manager to configure Intrusion Detection and
Prevention (IDP) on the ISG 2000. See "Minimum Configuration for a
NetScreen-Security Manager Connection" on page 15.
Advertisement
Table of Contents
Related Manuals for Juniper ISG 2000
Related Products for Juniper ISG 2000
- Juniper IDP 8200
- Juniper IDP 250
- Juniper IDP 800
- Juniper IGP - CONFIGURATION GUIDE V11.1.X
- Juniper IP - CONFIGURATION GUIDE V11.1.X
- Juniper IPV6 - CONFIGURATION GUIDE V11.1.X
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31
- Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - REV1