Juniper SSG 5 Serial Hardware Installation
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Hardware
  5. SSG5
  6. Hardware installation

Juniper SSG 5 Serial Hardware Installation

Hide thumbs Also See for SSG 5 Serial:
Table of Contents

Advertisement

Quick Links

Download this manual
Security Products
SSG 5 Hardware Installation and Configuration Guide
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-015647-01, Revision 03

Advertisement

Table of Contents
loading

Related Manuals for Juniper SSG 5 Serial

Summary of Contents for Juniper SSG 5 Serial

  • Page 1 Security Products SSG 5 Hardware Installation and Configuration Guide Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-015647-01, Revision 03...
  • Page 2 Copyright © 2006 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners.

  • Page 3: Table Of Contents

    Table of Contents About This Guide Organization ....................6 WebUI Conventions ..................6 CLI Conventions....................7 Obtaining Documentation and Technical Support ..........8 Chapter 1 Hardware Overview Port and Power Connectors ................9 Front Panel ....................10 System Status LEDs ................. 10 ........................
  • Page 4 SSG 5 Hardware Installation and Configuration Guide Basic Device Configuration ................29 Root Admin Name and Password ............29 Date and Time..................30 Bridge Group Interfaces ................30 Administrative Access ................31 Management Services................31 Hostname and Domain Name ..............32 Default Route...................

  • Page 5: About This Guide

    About This Guide The Juniper Networks Secure Services Gateway (SSG) 5 device is an integrated router and firewall platform that provides Internet Protocol Security (IPSec) virtual private network (VPN) and firewall services for a branch office or a retail outlet.

  • Page 6: Organization

    SSG 5 Hardware Installation and Configuration Guide Organization This guide contains the following sections: Chapter 1, “Hardware Overview,” describes the chassis and components for an SSG 5 device. Chapter 2, “Installing and Connecting the Device,” describes how to mount an SSG 5 device and how to connect it to your network.

  • Page 7: Cli Conventions

    About This Guide Figure 1: Navigational Path and Configuration Settings CLI Conventions The following conventions are used to present the syntax of CLI commands in examples and in text. In examples: Anything inside square brackets [ ] is optional. Anything inside braces { } is required. If there is more than one choice, each choice is separated by a pipe ( | ).

  • Page 8: Obtaining Documentation And Technical Support

    SSG 5 Hardware Installation and Configuration Guide Obtaining Documentation and Technical Support To obtain technical documentation for any Juniper Networks product, visit www.juniper.net/techpubs/. For technical support, open a support case using the Case Manager link at http://www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (outside the United States).

  • Page 9: Hardware Overview

    Chapter 1 Hardware Overview This chapter provides detailed descriptions of the SSG 5 chassis and its components. It contains the following sections: “Port and Power Connectors” on page 9 “Front Panel” on page 10 “Back Panel” on page 13 Port and Power Connectors This section describes and displays the location of the built-in ports and power connectors.

  • Page 10: Front Panel

    SSG 5 Hardware Installation and Configuration Guide Port Description Connector Speed/Protocol ISDN Enables the ISDN line to be used as the untrust or RJ-45 B-channels at 64 Kbps backup interface. (S/T) Leased line at 128 Kbps Antenna A & B Enables a direct connection to workstations in the RPSMA 802.11a (54 Mbps on 5GHz radio band)
  • Page 11 Table 2: Status LED Descriptions Type Name Color State Description POWER Green On steadily Indicates that the system is receiving power. Indicates that the system is not receiving power. On steadily Indicates that the device is not operating normally. Indicates that the device is operating normally.

  • Page 12: Port Descriptions

    SSG 5 Hardware Installation and Configuration Guide Port Descriptions This section explains the purpose and function of the following: Ethernet Ports Console Port AUX Port Ethernet Ports Seven 10/100 Ethernet ports provide LAN connections to hubs, switches, local servers, and workstations. You can also designate an Ethernet port for management traffic.

  • Page 13: Aux Port

    AUX Port The auxiliary (AUX) port is an RJ-45 serial port wired as data terminal equipment (DTE) that can be connected to a modem to allow remote administration. We do not recommend using this port for regular remote administration. The AUX port is typically assigned to be the backup serial interface.

  • Page 14: Radio Transceiver

    SSG 5 Hardware Installation and Configuration Guide Radio Transceiver The SSG 5-WLAN devices contain two wireless connectivity radio transceivers, which support 802.11a/b/g standards. The first transceiver (WLAN 0) uses the 2.4 GHz radio band, which supports the 802.11b standard at 11 Mbps and the 802.11g at 54 Mbps.
  • Page 15 To transfer files between the USB storage device and an SSG 5, perform the following steps: 1. Insert the USB storage device into the USB port on the security device. 2. Save the files from the USB storage device to the internal flash storage on the device with the save {software | config | image-key} from usb filename to flash CLI command.
  • Page 16 SSG 5 Hardware Installation and Configuration Guide Back Panel...

  • Page 17: Installing And Connecting The Device

    “Connecting the Power” on page 20 “Connecting a Device to a Network” on page 20 For safety warnings and instructions, refer to the Juniper Networks Security NOTE: Products Safety Guide. Before working on any equipment, you should be aware of the hazards involved with electrical circuitry and familiar with standard practices for preventing accidents.

  • Page 18: Before You Begin

    SSG 5 Hardware Installation and Configuration Guide Before You Begin The location of the chassis, the layout of the mounting equipment, and the security of your wiring room are crucial for proper system operation. WARNING: To prevent abuse and intrusion by unauthorized personnel, install the SSG 5 device in a secure environment.

  • Page 19: Connecting Interface Cables To A Device

    6. To install a second SSG 5 device, repeat steps 1 through 5, then continue. Figure 6: SSG 5 Rack-mount Power Supply Holder Power Supply Holder 7. Mount the tray on the rack with the provided screws. 8. Plug in the power supply to the power outlet. To desk-mount an SSG 5 device, perform the following steps: 1.

  • Page 20: Connecting The Power

    SSG 5 Hardware Installation and Configuration Guide Connecting the Power To connect the power to a device, perform the following steps: 1. Plug the DC-connector end of the power cable into the DC-power receptacle on the back of the device. 2.

  • Page 21: Ethernet Ports

    Figure 8: Basic Networking Example Callouts Untrust Zone SSG 5 TX/RX LINK TX/RX LINK TX/ R X LINK TX/RX LINK TX/ R X LINK TX/ R X LINK TX/RX LINK POWER 802.11A TX /RX STATUS B /G 10 /100 10 /100 10/ 1 00 10/ 1 00 WLAN...

  • Page 22: Connecting A Device To An Internal Network Or Workstation

    SSG 5 Hardware Installation and Configuration Guide Connecting a Device to an Internal Network or Workstation You can connect your local area network (LAN) or workstation with the Ethernet and/or wireless interfaces. Ethernet Ports An SSG 5 device contains seven Ethernet ports. You can use one or more of these ports to connect to LANs through switches or hubs.

  • Page 23: Configuring The Device

    After you configure a device and verify connectivity through the remote network, NOTE: you must register your product at www.juniper.net/support/ so certain ScreenOS services, such as Deep Inspection Signature Service and Antivirus (purchased separately), can be activated on the device. After registering your product, use the WebUI to obtain the subscription for the service.

  • Page 24: Accessing A Device

    NetScreen-Security Manager: NetScreen-Security Manager is a Juniper Networks enterprise-level management application that enables you to control and manage Juniper Networks firewall/IPSec VPN devices. For instructions on how to manage your device with NetScreen-Security Manager, refer to the NetScreen-Security Manager Administrator’s Guide.

  • Page 25: Using The Webui

    3. Launch a serial terminal-emulation program on your workstation. The required settings to launch a console session are as follows: Baud rate: 9600 Parity: None Data bits: 8 Stop bit: 1 Flow Control: None 4. If you have not yet changed the default username and password, enter at both the login and password prompts.

  • Page 26: Using Telnet

    SSG 5 Hardware Installation and Configuration Guide Figure 11: WebUI Login Prompt 4. If you have not yet changed the default login for the admin name and password, enter netscreen at both the login and password prompts. (Use lowercase letters only. The login and password fields are both case-sensitive.) Using Telnet To establish a Telnet connection, perform the following steps: 1.

  • Page 27: Default Device Settings

    Default Device Settings This section describes the default settings and operation of an SSG 5 device. Table 4 shows the default zone bindings for ports on the devices. Table 4: Default Physical Interface to Zone Bindings Port Label Interface Zone 10/100 Ethernet ports: ethernet0/0 Untrust...
  • Page 28 SSG 5 Hardware Installation and Configuration Guide To unset ethernet0/3 from bgroup0 and assign it to the Trust zone with a static IP address of 192.168.3.1/24, use the WebUI or CLI as follows: WebUI Network > Interfaces > List > Edit (bgroup0) > Bind Port: Deselect ethernet0/3, then click Apply.

  • Page 29: Basic Device Configuration

    Basic Device Configuration This section describes the following basic configuration settings: Root Admin Name and Password Date and Time Bridge Group Interfaces Administrative Access Management Services Hostname and Domain Name Default Route Management Interface Address Backup Untrust Interface Configuration Root Admin Name and Password The root admin user has complete privileges for configuring an SSG 5 device.

  • Page 30: Date And Time

    SSG 5 Hardware Installation and Configuration Guide Date and Time The time set on an SSG 5 device affects events such as the setup of VPN tunnels. The easiest way to set the date and time on the device is to use the WebUI to synchronize the device system clock with the workstation clock.

  • Page 31: Administrative Access

    unset interface bgroup0 port ethernet0/3 unset interface bgroup0 port ethernet0/4 set interface bgroup1 port ethernet0/3 set interface bgroup1 port ethernet0/4 set interface bgroup1 port wireless0/2 set interface bgroup1 zone DMZ set interface bgroup1 ip 10.0.0.1/24 save Administrative Access By default, anyone in your network can manage a device if they know the login and password.

  • Page 32: Hostname And Domain Name

    SSG 5 Hardware Installation and Configuration Guide Hostname and Domain Name The domain name defines the network or subnetwork that the device belongs to, while the hostname refers to a specific device. The hostname and domain name together uniquely identify the device in the network. To configure the hostname and domain name on a device, use the WebUI or CLI as follows: WebUI Network >...

  • Page 33: Backup Untrust Interface Configuration

    Backup Untrust Interface Configuration The SSG 5 device allows you to configure a backup interface for untrust failover. To set a backup interface for untrust failover, perform the following steps: 1. Set the backup interface in the Null security zone with the unset interface interface [ port interface ] CLI command.
  • Page 34 SSG 5 Hardware Installation and Configuration Guide NOTE: If you are operating the SSG 5-WLAN device in a country other than the United States, Japan, Canada, China, Taiwan, Korea, Israel, or Singapore, then you must use the set wlan country-code CLI command or set it on the Wireless > General Settings WebUI page before a WLAN connection can be established.
  • Page 35 Table 6: Wireless Authentication and Encryption Options Authentication Encryption Open Allows any wireless client to access the device Shared-key WEP shared-key WPA-PSK AES/TKIP with pre-shared key AES/TKIP with key from RADIUS server WPA2-PSK 802.11i compliant with a pre-shared key WPA2 802.11i compliant with a RADIUS server WPA-Auto-PSK Allows WPA and WPA2 type with pre-shared key...
  • Page 36 SSG 5 Hardware Installation and Configuration Guide 1. Set the WLAN country code and IP address. set wlan country-code { code_id } set interface wireless_interface ip ip_addr/netmask 2. Set the SSID. set ssid name name_str set ssid name_str authentication auth_type encryption encryption_type set ssid name_str interface interface (optional) set ssid name_str key-id number 3.

  • Page 37: Wan Configuration

    WAN Configuration This section explains how to configure the following WAN interfaces: ISDN Interface V.92 Modem Interface ISDN Interface Integrated Services Digital Network (ISDN) is a set of standards for digital transmission over different media created by the Consultative Committee for International Telegraphy and Telephone (CCITT) and International Telecommunications Union (ITU).

  • Page 38: Modem Interface

    Init String: AT&FS7=255S32=6 Active Modem setting Inactivity Timeout: 20 set interface serial0/0 zone untrust set interface serial0/0 modem isp isp_juniper account login juniper password juniper set interface serial0/0 modem isp isp_juniper primary-number 1234567 set interface serial0/0 modem idle-time 20 set interface serial0/0 modem settings mod1 init-strings AT&FS7=255S32=6 set interface serial0/0 modem settings mod1 active For information on how to configure the V.92 modem interface, refer to the...

  • Page 39: Basic Firewall Protections

    ScreenOS, see the Attack Detection and Defense Mechanisms volume in the Concepts & Examples ScreenOS Reference Guide. Verifying External Connectivity To verify that workstations in your network can access resources on the Internet, start a browser from any workstation in the network and enter the following URL: www.juniper.net. Basic Firewall Protections...

  • Page 40: Resetting A Device To Factory Defaults

    SSG 5 Hardware Installation and Configuration Guide Resetting a Device to Factory Defaults If you lose the admin password, you can reset the device to its default settings. This action destroys any existing configurations but restores access to the device. WARNING: Resetting the device deletes all existing configuration settings and disables all existing firewall and VPN services.

  • Page 41: Chapter 4 Servicing The Device

    “Required Tools and Parts” on this page “Upgrading Memory” on this page For safety warnings and instructions, refer to the Juniper Networks Security NOTE: Products Safety Guide. The instructions in the guide warn you about situations that could cause bodily injury.
  • Page 42 SSG 5 Hardware Installation and Configuration Guide 4. Use a phillips screwdriver to remove the screws from the memory-card cover. Keep the screws nearby for use when securing the cover later. 5. Remove the memory-card cover. Figure 13: Bottom of Device 6.
  • Page 43 Figure 15: Removing Module Slots 8. Insert the 256 MB DIMM DRAM into the slot. Exerting even pressure with both thumbs upon the upper edge of the module, press the module downward until the locking tabs click into position. Figure 16: Inserting the Memory Module 9.
  • Page 44 SSG 5 Hardware Installation and Configuration Guide Upgrading Memory...

  • Page 45: Appendix A Specifications

    Appendix A Specifications This appendix provides general system specifications for the SSG 5 device. It contains the following sections: “Physical” on this page “Electrical” on this page “Environmental Tolerance” on page 46 “Certifications” on page 46 “Connectors” on page 47 Physical Table 7: SSG 5 Physical Specifications Description...

  • Page 46: Environmental Tolerance

    SSG 5 Hardware Installation and Configuration Guide Environmental Tolerance Table 9: SSG 5 Environmental Tolerance Description Value Altitude No performance degradation to 6,600 ft (2,000 m) Relative humidity Normal operation ensured in relative humidity range of 5 to 90 percent, noncondensing Temperature Normal operation ensured in temperature range of 32°F (0°C) to 104°F (40°C) Nonoperating storage temperature in shipping carton: -40°F (-40°C) to 158°F (70°C)

  • Page 47: Etsi

    ETSI European Telecommunications Standards Institute (ETSI) EN-3000386-2: Telecommunication Network Equipment. Electromagnetic Compatibility Requirements; (equipment category-Other than telecommunication centers) Connectors Figure 17 shows the location of the pins on the RJ-45 connector. Figure 17: RJ-45 Pinouts 1 2 3 4 5 6 7 8 Table 10 lists the RJ-45 connector pinouts.
  • Page 48 SSG 5 Hardware Installation and Configuration Guide Figure 18 shows the location of the pins on the DB-9 female connector. Figure 18: DB-9 Female Connector Table 11 provides the DB-9 connector pinouts. Table 11: DB-9 Connector Pinouts Name Description Carrier Detect Receive Data Transmit Data Data Terminal Ready...

  • Page 49: Appendix B Initial Configuration Wizard

    Appendix B Initial Configuration Wizard This appendix provides detailed information about the Initial Configuration Wizard (ICW) for an SSG 5 device. After you have physically connected your device to the network, you can use the ICW to configure the interfaces that are installed on your device. This section describes the following ICW windows: 1.

  • Page 50: Rapid Deployment Window

    SSG 5 Hardware Installation and Configuration Guide 1. Rapid Deployment Window Figure 19: Rapid Deployment Window If your network uses NetScreen-Security Manager (NSM), you can use a Rapid Deployment configlet to automatically configure the device. Obtain a configlet from your NSM administrator, select Yes, select Load Configlet from:, browse to the file location, then click Next.

  • Page 51: Wlan Access Point Window

    3. WLAN Access Point Window If you are using the device in the WORLD or ETSI regulatory domain, you must choose a country code. Select the appropriate option, then click Next. Figure 21: Country Code Window 4. Physical Interface Window On the interface-to-zone bindings screen, you set the interface to which you want to bind the Untrust security zone.

  • Page 52: Isdn Interface Windows

    SSG 5 Hardware Installation and Configuration Guide 5. ISDN Interface Windows If you have one of the ISDN devices, a Physical Layer tab window similar to the following is displayed. Figure 23: ISDN Physical Layer Tab Window Table 12: Fields in ISDN Physical Layer Tab Window Field Description Switch Type...
  • Page 53 If you have the ISDN device, you will see the Leased Line Mode and Dial Using BRI checkboxes. Selecting one or both checkbox(es) displays a window similar to the following: Figure 24: Leased-Line and Dial Using BRI Tabs Window Table 13: Fields in Leased-Line and Dial Using BRI Tabs Window Field Description PPP Profile Name...

  • Page 54: Modem Interface Window

    SSG 5 Hardware Installation and Configuration Guide 6. V.92 Modem Interface Window If you have one of the V.92 devices, the following window is displayed: Figure 25: V.92 Modem Interface Window Table 14: Fields in V.92 Modem Interface Window Field Description Modem Name Sets the name for the modem interface...

  • Page 55: Eth0/0 Interface (Untrust Zone) Window

    7. Eth0/0 Interface (Untrust Zone) Window The Untrust zone interface can have a static or a dynamic IP address assigned via DHCP or PPPoE. Insert the necessary information, then click Next. Figure 26: Eth0/0 Interface Window Table 15: Fields in Eth0/0 Interface Window Field Description Dynamic IP via DHCP...

  • Page 56: Eth0/1 Interface (Dmz Zone) Window

    SSG 5 Hardware Installation and Configuration Guide 8. Eth0/1 Interface (DMZ Zone) Window The DMZ interface can have a static or a dynamic IP address assigned via DHCP. Insert the necessary information, then click Next. Figure 27: Eth0/1 Interface Window Table 16: Fields in Ethernet0/1 Interface Window Field Description...
  • Page 57 Figure 28: Bgroup0 Interface Window Table 17: Fields in Bgroup0 Interface Window Field Description Dynamic IP via DHCP Enables the device to receive an IP address for the Trust zone interface from a service provider. Static IP Assigns a unique and fixed IP address to the Trust zone interface. Enter the Trust zone interface IP address and netmask.

  • Page 58: Wireless0/0 Interface (Trust Zone) Window

    SSG 5 Hardware Installation and Configuration Guide 10. Wireless0/0 Interface (Trust Zone) Window If you have one of the SSG 5-WLAN devices, you must set a Service Set Identifier (SSID) before the wireless0/0 interface can be activated. For detailed instructions about configuring your wireless interface(s), refer to the Concepts &...
  • Page 59 Table 18: Fields in Wireless0/0 Interface Window Field Description Wlan Mode Sets the WLAN radio mode: 5G (802.11a) 2.4G (802.11b/g) Both (802.11a/b/g) SSID Sets the SSID name. Authentication and Encryption Sets the WLAN interface authentication and encryption: Open authentication, the default, allows anyone to access the device.

  • Page 60: Interface Summary Window

    SSG 5 Hardware Installation and Configuration Guide 11. Interface Summary Window Check your interface configuration, then click Next when ready to proceed. The Physical Ethernet DHCP Interface window appears. 12. Physical Ethernet DHCP Interface Window Select Yes to enable your device to assign IP addresses to your wired network via DHCP.

  • Page 61: Wireless Dhcp Interface Window

    13. Wireless DHCP Interface Window Select Yes to enable your device to assign IP addresses to your wireless network via DHCP. Enter the IP address range that you want your device to assign to clients using your network. 14. Confirmation Window Confirm your device configuration and change as needed.
  • Page 62 SSG 5 Hardware Installation and Configuration Guide...

  • Page 63: Index

    Index antennae ..............22 using the default interface backup interface to Untrust zone ........22 ........33 cables basic network connections ........20 configuration admin name and password ........29 administrative access ..........31 backup untrust interface .........33 bridge groups (bgroup) ..........30 date and time ............30 default route .............32 host and domain name...
  • Page 64 SSG 5 Hardware Installation and Configuration Guide Index...

This manual is also suitable for:

Ssg 5 serial-wlanSsg 5 v.92Ssg 5 v.92-wlanSsg 5 isdnSsg 5 isdn-wlan

Table of Contents