Table of Contents
Advertisement
About This Guide
NOTE:
Figure 1: Example Configuration
ISP
Default GW: 1.1.1.2
DNS #1: 2.2.2.5
DNS #2: 2.2.2.6
MGT Zone
10.2.2.0/28
MGT
10.2.2.1/28
This guide describes how to install, configure, and service the ISG 2000. It presents
an example of a basic installation and configuration that secures resources in the
Trust and DMZ security zones, sets up a MGT zone for device administrators, and
defines a route-based VPN tunnel between the ISG 2000 and a remote peer (see
Figure 1). You can use this example as a reference as you perform similar tasks.
Intrusion Detection and Prevention (IDP) requires the installation of at least one
security module, an advanced license key, and an IDP license key. To configure
IDP on the ISG 2000, you must use NetScreen-Security Manager.
Untrust Zone
Internet
ISP
ethernet1/1
1.1.1.1/30
Policies
PWR
ALARM
TEMP
STA TUS
HA
ISG 2000
FAN
MOD1
MOD2
MOD3
FLASH
ethernet2/1
10.1.1.1/24
NAT mode
LAN
10.1.1.0/24
Trust Zone
This guide makes the following assumptions:
You are adding the ISG 2000 to an existing network.
You have an account with an Internet service provider (ISP) that has provided
you with two sets of IP addresses:
An outside address in the ISP's domain (1.1.1.1 in our example)
A range of addresses in your domain (such as 1.2.2.1–1.2.2.6)
You have a registered domain name (such as "jnpr.net").
LAN
10.2.2.0/24
Remote Peer
1
2
3
4
UNTRUSTED
POWER
STA TUS
LINK/ACTIVIT
Y
®
10/100
VPN
Tunnel
ethernet1/2
1.2.2.1/29
DMZ
LAN
1.2.2.0/29
HTTP Server
Mail Relay Server
www.jnpr.net
smtp.jnpr.net
1.2.2.2:80
1.2.2.3:25
Note: The rook icon represents
a security zone interface.
v
Advertisement
Table of Contents
