1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Security System
  5. ISG 2000
  6. User manual

Dmz Interface; Trust Zone Interface; Mgt Interface - Juniper ISG 2000 User Manual

Hide thumbs
Table of Contents

Advertisement

vsys Root, zone Untrust, vr trust-vr
*ip 1.1.1.1/30 mac 0010.db58.bb87
*manage ip 1.1.1.1, mac 0010.db58.bb87
route-deny disable
ping disabled, telnet disabled, SSH disabled, SNMP disabled
web disabled, ident-reset disabled, SSL disabled
webauth disabled, webauth-ip 0.0.0.0
OSPF disabled BGP disabled RIP disabled
bandwidth: physical 100Mbps, configured 0Mbps
DHCP-Relay disabled

DMZ Interface

In our example, ethernet1/2 is bound to the DMZ. The ISP also provided you with a
range of addresses to use with the jnpr.net domain. This interface leads to the
public-facing web server and mail relay server, so you do not enable any
management options on this interface either.
set interface ethernet1/2 ip 1.2.2.1/29
save
In the same way that you reviewed the settings for ethernet1/1, you can use the get
interface ethernet1/2 command to review these settings also.

Trust Zone Interface

In our example, ethernet2/1 is bound to the Trust zone. The Trust zone uses private
IP addresses. These addresses cannot be used on a public network such as the
Internet. Therefore, when hosts in this zone initiate traffic to a public network, the
ISG 2000 uses network address translation (NAT) to translate their private addresses
to a public address in the IP packet header. In our example, the ISG 2000 translates
the private addresses to the address of the Untrust zone interface. Use the following
commands:
set interface ethernet2/1 ip 10.1.1.1/24
set interface ethernet2/1 nat
save
NOTE:
ScreenOS offers several approaches to address translation. To learn about the
available options, refer to the NetScreen Concepts & Examples ScreenOS Reference
Guide.
You can enter get interface ethernet2/1 to review the Trust zone interface settings.

MGT Interface

The MGT interface is prebound to the MGT zone. This zone is a function zone
different from a security zone. The MGT interface receives management traffic
exclusively, unlike a security zone interface that can receive management traffic
while receiving and forwarding network user traffic. Because the MGT interface is
completely separate from network user traffic, it is more secure and reliable. Even
during times when network user traffic is heavy, you can maintain connectivity for
your management traffic by keeping it completely separate, or out-of band.
Chapter 1: Configuring
Security Zones and Interfaces
11

Advertisement

Table of Contents
loading

Related Manuals for Juniper ISG 2000

Related Content for Juniper ISG 2000

Table of Contents