1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Security System
  5. ISG 2000
  6. User manual

Configuring Interfaces; Untrust Zone Interface - Juniper ISG 2000 User Manual

Hide thumbs
Table of Contents

Advertisement

ISG 2000 User's Guide
NOTE:

Configuring Interfaces

10
Security Zones and Interfaces
When you bind an interface to a Layer 2 security zone, it does not have an IP
address and operates in Transparent mode. The NetScreen device forwards traffic
arriving at an interface in Transparent mode essentially like a Layer 2 bridge. That
is, the NetScreen device uses the MAC address in the Layer 2 header to forward
traffic out onto another segment in the same broadcast domain.
By default, no ISG 2000 security zone interfaces have IP addresses and all are in the
Null zone. The Null zone is a function zone that holds interfaces until you bind them
to a security zone. To make a security zone interface operational, you must bind it
to a security zone and, if it is a Layer 3 security zone, assign it an IP address.
For more information about interface modes, see the chapter on interface modes
in the Fundamentals volume in the NetScreen Concepts & Examples ScreenOS
Reference Guide.
After you bind an interface to a security zone, you can assign it an IP address. and
configure other settings for that interface. To assign an IP address to an interface,
use the following command:
set interface interface ip ip_addr/netmask
where interface is the name of the interface, and ip_addr/netmask is the IP address
and netmask that you assign it.
To set management options on an interface, use the following command:
set interface interface manage [ ident-reset | ping | snmp | ssh | ssl | telnet | web ]
in which you can specify one or none of the options following the keyword
manage. If you enter just set interface interface manage, the command enables all
the interface options except ident-reset. If you want to enable a subset of all the
options, you can repeatedly enter the command, each time specifying a different
management option.

Untrust Zone Interface

In our example, ethernet1/1 is bound to the Untrust zone. The ISP provided the
address for this interface: 1.1.1.1/30. Because this interface is going to face
unknown and potentially malicious entities in the public network, you do not
enable any management options on this interface.
set interface ethernet1/1 ip 1.1.1.1/30
save
To review the settings for ethernet1/1, enter the following command:
get interface ethernet1/1
This command produces the following output:
Interface ethernet1/1:
number 7, if_info 57400, if_index 0, mode route
link up, phy-link up/full-duplex

Advertisement

Table of Contents
loading

Related Manuals for Juniper ISG 2000

Related Content for Juniper ISG 2000

Table of Contents