1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Security System
  5. ISG 2000
  6. User manual

Interface Modes - Juniper ISG 2000 User Manual

Hide thumbs
Table of Contents

Advertisement

The interface names that appear in the get interface output depend on the type
NOTE:
of interface modules installed in the ISG 2000. Most likely the output you see
differs from that shown here.
Before you can make use of an interface, you must bind it to a security zone. The
interface then becomes a point of ingress and egress for traffic to and from that
zone. You can bind a single interface to only one security zone, although that one
zone can support multiple different interfaces. To bind an interface to a zone, use
the following command:
in which interface and zone are the names of the objects you want to bind together.
For example:
Figure 9: Interfaces Bound to Security Zones

Interface Modes

An ISG 2000 security zone interface can operate in one of three modes: NAT mode,
Route mode, or Transparent mode. NAT mode and Route mode operate at the
Network Layer (Layer 3) in the OSI Model. Transparent mode operates at the Data
Link Layer (Layer 2). Although some interfaces can function in NAT mode while
others concurrently function in Route mode—both modes operating at Layer 3—
the ISG 2000 does not support different interfaces operating concurrently at Layer 3
and Layer 2.
Layer 3 (Route mode and NAT mode) – When you bind an interface to a Layer 3
security zone and give it an IP address, it can operate in either NAT or Route mode.
When an interface is in NAT mode, the NetScreen device translates the source IP
address and source port number on all packets arriving at that interface. When an
interface is in Route mode, the NetScreen device performs Layer 3 routing
operations without modifying the source IP address or port number.
set interface interface zone zone
set interface ethernet1/1 zone untrust
set interface ethernet1/2 zone dmz
set interface ethernet2/1 zone trust
save
Untrust Zone
ethernet1/1
PWR
ALARM
TEMP
STA TUS
HA
ISG 2000
FAN
MOD1
MOD2
MOD3
FLASH
ethernet2/1
Trust Zone
DMZ Zone
ethernet1/2
Note: The rook icon represents
a security zone interface.
Security Zones and Interfaces
Chapter 1: Configuring
9

Advertisement

Table of Contents
loading

Related Manuals for Juniper ISG 2000

Related Content for Juniper ISG 2000

Table of Contents