Table of Contents
Advertisement
Quick Links
Download this manual
See also:
User Manual
Advertisement
Table of Contents
Related Manuals for Juniper NetScreen-5000 Series
Summary of Contents for Juniper NetScreen-5000 Series
- Page 1 Security Products NetScreen-5000 Series Hardware Installation and Configuration Guide Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 093-1698-000, Revision E...
- Page 2 Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
-
Page 3: Table Of Contents
Installing and Connecting an AC Power Supply ..........25 Installing and Wiring a DC Power Supply ............26 Establishing a High Availability Connection............27 Connecting the NetScreen-5000 Series to a Router or Switch......28 Chapter 3 Configuring the Device Operational Modes..................30 Transparent Mode ................... - Page 4 NetScreen-5000 Series Hardware Installation and Configuration Guide Configurable Interfaces................33 Performing Initial Connection and Configuration ........... 33 Establishing a Terminal Emulator Connection ......... 33 Upgrading the Firmware During the Startup Process ....... 35 Changing Your Admin Name and Password ..........36 Setting Port and Interface IP Addresses ...........
-
Page 5: About This Guide
Because the modules can work in many combinations, you can customize the NetScreen-5000 Series to accommodate the specific requirements of your organization. The NetScreen-5000 Series also employs a switch fabric for data exchange and a separate multi-bus channel for control information, thus delivering scalable performance for the most demanding environments. -
Page 6: Guide Organization
Chapter 2, “Installing the Device,” details how to rack mount the NetScreen-5000 Series, connect the power supplies, and connect the modules to the network in addition to providing desktop site requirements and guidelines for rack mounting. -
Page 7: Command Line Interface Conventions
For technical support, open a support case using the Case Management link at http://www.juniper.net/customers/support/ or call 1-888-314-JTAC (from the United States, Canada, or Mexico) or 1-408-745-9500 (from elsewhere). If you find any errors or omissions in this document, contact Juniper Networks at techpubs-comments@juniper.net. Command Line Interface Conventions... - Page 8 NetScreen-5000 Series Hardware Installation and Configuration Guide Technical Documentation and Support...
-
Page 9: Overview
Chapter 1 Overview This chapter provides detailed descriptions of the NetScreen-5000 Series devices, modules, power supplies, and fan assemblies. It includes the following sections: “NetScreen-5000 Series” on page 9 “NetScreen-5200” on page 9 “NetScreen-5400” on page 10 “Power Supplies” on page 11 “NetScreen-5200 Power Recommendations”... - Page 10 NetScreen-5000 Series Hardware Installation and Configuration Guide Figure 1 shows a NetScreen-5200 with a management module in slot 1 (top) and an SPM in slot 2 (bottom). Figure 1: NetScreen-5200 Front Panel Management Module Fan Module in Slot 1 SPM in Slot 2...
-
Page 11: Power Supplies
Overview Power Supplies The NetScreen-5000 Series can use AC or DC power supplies. The slots for these power supplies are located in the back of the NetScreen-5200 and on the front of the NetScreen-5400. You can order a NetScreen-5000 Series that runs on DC power. For DC-powered NOTE: units, the power supply has a DC terminal block with three sockets. -
Page 12: Ac Power Supply
NetScreen-5000 Series Hardware Installation and Configuration Guide Figure 3 shows the NetScreen-5200 DC power supply. Figure 3: NetScreen-5200 DC Power Supply Thumbscrew Power DC Power Terminal Blocks Grounding Screw Power Switch AC Power Supply The AC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a male power outlet, and a cooling fan vent. -
Page 13: Fan Modules
The NetScreen-5000 Series systems support two module types: NetScreen-5000 management modules NetScreen-5000 Secure Port Modules (SPMs) Table 1 shows the modules supported by each slot. Table 1: Modules Supported by Each Slot in a NetScreen-5000 Series Device Device Slot 1 Slot 2... -
Page 14: Management Modules
NetScreen-5000 Series Hardware Installation and Configuration Guide Management Modules The management module provides general-purpose CPU delivery and contains dedicated high availability (HA) and management interfaces. It handles tasks such as management access, session setup and termination, and Internet Key Exchange (IKE) negotiation. -
Page 15: Secure Port Modules
SPMs also provide encryption, decryption, Network Address Translation (NAT), and session lookup features. When packets require processing beyond that provided by an SPM, the NetScreen-5000 Series hands them off to the management module for further processing. -
Page 16: 5000-2Xge And 5000-2Xge-G4 Spms
NetScreen-5000 Series Hardware Installation and Configuration Guide Table 4: Capacities and Management Modules, 5000-8G, 5000-8G2 and 5000-8G2-G4 SPMs SPM Type Firewall Interface Aggregation Management module Capacity Capacity 5000-8G 4 Gbps 2 Gbps 4 aggregate interfaces of 5000-M or 5000-M2 up to 2 ports each... -
Page 17: 5000-2G24Fe Spm
Overview Figure 7: 5000-2XGE Secure Port Module (5000-2XGE-G4 Similar) Two 10-Gigabit XFP Power LED Link LED Sockets Status LED Transmit/Receive LED Table 6 shows the transceivers that are available with the 5000-2XGE SPM. Table 6: Available Transceivers for NetScreen-5000-2XGE SPM Part Number Description Distance... - Page 18 NetScreen-5000 Series Hardware Installation and Configuration Guide NetScreen-5000 Modules...
-
Page 19: Installing The Device
Chapter 2 Installing the Device This chapter describes how to install a NetScreen-5000 Series in an equipment rack or on a desktop and how to configure the device on a network. This chapter includes the following sections: “General Installation Guidelines” on page 19 “Equipment Rack Installation Guidelines”... -
Page 20: Equipment Rack Installation Guidelines
NetScreen-5000 Series Hardware Installation and Configuration Guide NOTE: Although you can place the NetScreen-5000 Series on a desktop for operation, we do not recommend deploying it in this manner. To prevent abuse and intrusion by unauthorized personnel, it is extremely important to install the security device in a locked-room environment. -
Page 21: Mounting The Netscreen-5000 Series
Installing the Device Mounting the NetScreen-5000 Series The following sections describe how to rack-mount the NetScreen-5000 Series: “NetScreen-5200 Front-and-Rear Mount” on page 21 “NetScreen-5200 Center-Mount” on page 23 “NetScreen-5400 Front-Mount” on page 24 NetScreen-5200 Front-and-Rear Mount To mount the NetScreen-5200 with support from the front and rear, you need four fitted screws, a phillips screwdriver, the rear slide kit, and brackets. - Page 22 NetScreen-5000 Series Hardware Installation and Configuration Guide 2. Use the screws to attach the rear mount bracket to the rear rack posts. 3. Slip the slides into the rear mount brackets, then push the NetScreen-5200 forward until the left and right brackets contact the front rack posts, as shown in Figure 10.
-
Page 23: Netscreen-5200 Center-Mount
Figure 11. Figure 11: Installing NetScreen-5200 Rack Brackets for Center Mounting 2. Use the screws to attach the left and right brackets to the rack, as shown in Figure 12. Figure 12: Center-mounting the NetScreen-5200 Mounting the NetScreen-5000 Series... -
Page 24: Netscreen-5400 Front-Mount
NetScreen-5000 Series Hardware Installation and Configuration Guide NetScreen-5400 Front-Mount To front-mount the NetScreen-5400, you need four fitted screws, a phillips screwdriver, and brackets. To front-mount the device: 1. Use the screws to attach the front-mount bracket to the front of the chassis as shown in Figure 13. -
Page 25: Installing And Connecting An Ac Power Supply
Figure 14: Rack Mounting the NetScreen-5400 Installing and Connecting an AC Power Supply To install and connect an AC power supply to the NetScreen-5000 Series device: 1. On the NetScreen-5200, slide the power supply into one of the power compartments in the back of the system. -
Page 26: Installing And Wiring A Dc Power Supply
6. Turn the power switches on. If there are multiple power supplies in the NetScreen-5000 Series system and any NOTE: of them are off, then the Alarm LED on the management module glows red. This alarm indicates that maximum system stability requires all installed power supplies to be operational. -
Page 27: Establishing A High Availability Connection
3. Fasten the screws over the connectors. 4. Turn the power switches on. If there are multiple power supplies in the NetScreen-5000 Series system and any NOTE: of them are off, then the Alarm LED on the management module glows red. This alarm indicates that maximum system stability requires all installed power supplies to be operational. -
Page 28: Connecting The Netscreen-5000 Series To A Router Or Switch
NetScreen-5000 Series Hardware Installation and Configuration Guide Connecting the NetScreen-5000 Series to a Router or Switch You can establish a high-speed connection to a router or switch, and provide firewall and general security for your network, by connecting a Secure Port Module (SPM) to a fiber-optic or copper wire backbone. -
Page 29: Configuring The Device
Chapter 3 Configuring the Device This chapter describes how to perform initial configuration on the NetScreen-5000 Series once you have mounted it in a rack or desktop, plugged in the necessary cables, and turned the power on. Topics in this chapter include: “Operational Modes”... -
Page 30: Operational Modes
However, the device can still perform firewall, VPN, and traffic management according to configured security policies. Route Mode In Route mode, a NetScreen-5000 Series system operates at Layer 3. Because you can configure each interface using an IP address and subnet mask, you can configure individual interfaces to perform NAT. -
Page 31: Netscreen-5000 Interfaces
Configuring the Device NetScreen-5000 Interfaces Each Secure Port Module (SPM) for the NetScreen-5000 Series system provides 2, 8, or 26 physical Ethernet ports. Each of these ports can serve as a physical interface. In addition, you can configure the Ethernet ports to host multiple virtual (logical) interfaces. -
Page 32: Netscreen-5400 Interfaces
NetScreen-5000 Series Hardware Installation and Configuration Guide NetScreen-5400 Interfaces A NetScreen-5400 contains one management module (in slot 1) and up to three SPMs. In Figure 16, the device contains three 5000-8G SPMs. Not all SPMs are supported by every management module. See Table 3, NOTE: “Netscreen 5000-series Management Modules,”... -
Page 33: Configurable Interfaces
HA ports Performing Initial Connection and Configuration To establish the first console session with the NetScreen-5000 Series system, use a vt100 terminal emulator program through the provided RJ-45/DB9 serial port connector. - Page 34 NetScreen-5000 Series Hardware Installation and Configuration Guide Figure 17: Console Connection, NetScreen-5200 (NetScreen-5400 Similar) 3. Launch a CLI session between your workstation and the NetScreen-5000 Series system using a standard serial terminal emulation program such as Hilgraeve HyperTerminal (provided with the Microsoft Windows operating system). The...
-
Page 35: Upgrading The Firmware During The Startup Process
NOTE: If you do not interrupt the NetScreen-5000 Series system in time, it proceeds to load the firmware saved in flash memory. 7. At the Boot File Name prompt, enter the filename of the ScreenOS firmware you want to load. -
Page 36: Changing Your Admin Name And Password
NetScreen-5000 Series Hardware Installation and Configuration Guide Entering yes instructs the NetScreen-5000 Series system to start running the new ScreenOS firmware. Changing Your Admin Name and Password Because all Juniper Networks security products use the same admin name and password (netscreen), it is highly advisable to change your admin name and password immediately. -
Page 37: Setting The Ip Address For The Trust Zone Interface
Setting the IP Address for the Trust Zone Interface The NetScreen-5000 Series system usually communicates with your protected network through an interface bound to the Trust zone. To allow an interface to communicate with internal devices, you must assign it the IP address and subnet mask for your protected network. -
Page 38: Allowing Outbound Traffic
4. (Optional) To confirm the new interface settings, use the following command: get interface ethernet2/3 Allowing Outbound Traffic By default, the NetScreen-5000 Series system does not allow inbound or outbound traffic, nor does it allow traffic to or from the DMZ. To permit (or deny) traffic, you must create access policies. -
Page 39: Starting A Console Session Using Dialup
To prevent any automatic termination, specify a value of 0. Starting a Console Session Using Dialup Each NetScreen-5000 Series system provides a modem port that allows you to establish a remote console session using a dialup connection through a 9600 bps modem. -
Page 40: Configuring The Chassis Alarm
The ScreenOS WebUI application window appears. Configuring the Chassis Alarm The NetScreen-5000 Series system allows you to configure the chassis alarm, an audible warning that sounds when a system failure or hazardous event occurs. To determine which failures and events trigger the chassis alarm: 1. -
Page 41: Configuring Aggregate Interfaces
Configuring the Device Configuring Aggregate Interfaces The NetScreen-5000 Series system allows you to combine two or more physical ports on an SPM into a single virtual port. This virtual port is known as an aggregate interface. Only Secure Port Modules (SPMs) support this feature. Table 8 describes the aggregate interfaces supported on the various SPMs. -
Page 42: Using Cli Commands To Reset The Device
By default, the device recovery feature is enabled. You can disable it with the following CLI command: unset admin device-reset. 1. At the login prompt, enter the serial number of the NetScreen-5000 Series system. 2. At the password prompt, enter the serial number again. The following message... - Page 43 Configuring the Device 3. Press y. The following message appears: !! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command.
- Page 44 NetScreen-5000 Series Hardware Installation and Configuration Guide Using CLI Commands to Reset the Device...
-
Page 45: Servicing The Device
“Removing and Installing SFP and XFP Transceivers” on page 55 Removing and Reseating Modules Although NetScreen-5000 Series modules are preinstalled before shipping, you may find it necessary to remove or reseat modules to suit the special security needs of your network. - Page 46 Swing levers outward 3. Gently slide the module card out of the chassis. To install a module in a NetScreen-5000 Series system: 1. Be sure the module is right-side-up and the ejector/injector levers are extended. 2. Slide the module into the appropriate slot of the chassis, until it is seated in the backplane.
-
Page 47: Replacing A Dc Power Supply
Servicing the Device Figure 19: Inserting a NetScreen-5200 Module (NetScreen-5400 Similar) Swing levers inward Tighten screws 4. Tighten the screws using a phillips screwdriver. Replacing a DC Power Supply WARNING: Before replacing a power supply, you must shut off current to the DC feed wires that lead to the power supply. -
Page 48: Replacing An Ac Power Supply
When a fan or fan module fails, the Fan LED glows red, and the system generates an event alarm and a SNMP trap. Although a NetScreen-5000 Series system can operate with a fan out of service, it is advisable to replace the fan module as soon as possible. -
Page 49: Netscreen-5200 Fan Module
NOTE: During the one-year warranty period, you can obtain a replacement fan module by contacting Juniper Networks Technical support. After the warranty period, contact the Juniper Networks Sales department to renew your support contract. Depending on the working environment where the device is located, we recommend changing the fan filter every six months. -
Page 50: Netscreen-5200 Fan-Tray Filter
NetScreen-5000 Series Hardware Installation and Configuration Guide Figure 21: Removing a NetScreen-5200 Fan Module 3. Insert the new fan module in the fan bay, then push it straight in. 4. Secure the fan module in place by pushing the fan lever flat against the front panel. - Page 51 Servicing the Device 4. Push the wooden ruler toward the back of the chassis, gently lifting the filter as you proceed. 5. Once the filter is separated from the Velcro backing, use your fingers to pull the filter out of the fan-tray slot. Figure 23: Removing a NetScreen-5200 Fan-Tray Filter 6.
-
Page 52: Netscreen-5400 Fan Module
NetScreen-5000 Series Hardware Installation and Configuration Guide NetScreen-5400 Fan Module Figure 24: NetScreen-5400 Fan Module Front View Side View To replace the fan module on a NetScreen-5400: 1. Loosen the top and bottom thumbscrews with a phillips screwdriver, turning them counterclockwise. -
Page 53: Netscreen-5400 Fan-Tray Filter
Servicing the Device Figure 26: Inserting a NetScreen-5400 Fan Module 4. Secure the fan module in place by tightening the thumbscrews clockwise. NetScreen-5400 Fan-Tray Filter To replace the fan-tray filter: 1. Remove the fan tray (see “NetScreen-5400 Fan Module” on page 52). 2. -
Page 54: Connecting And Disconnecting Gigabit Ethernet Cables
NetScreen-5000 Series Hardware Installation and Configuration Guide Figure 28: Removing the NetScreen-5400 Fan-tray Filter 4. Replace the filter. 5. Align the new fan module in the fan bay, and then push it straight in. 6. Secure the fan module in place by tightening the thumbscrews clockwise. -
Page 55: Removing And Installing Sfp And Xfp Transceivers
Servicing the Device Removing and Installing SFP and XFP Transceivers To remove an SFP or XFP transceiver from a module: 1. Push in the black ejector (located on the underside of the transceiver) until it locks into place, disengaging the transceiver. 2. - Page 56 NetScreen-5000 Series Hardware Installation and Configuration Guide Removing and Installing SFP and XFP Transceivers...
-
Page 57: Appendix A Specifications
Appendix A Specifications This appendix provides general system specifications for the NetScreen-5000 Series security devices. “Physical” on page 57 “Electrical” on page 58 “Environmental” on page 58 “Certifications” on page 58 “Connectors” on page 59 Physical Table 9 lists the physical specifications for NetScreen-5000 Series devices. -
Page 58: Electrical
NetScreen-5000 Series Hardware Installation and Configuration Guide Electrical Table 10 lists the electrical specifications for the NetScreen-5000 Series device. Table 10: NetScreen-5000 Series Electrical Specifications Item Specification AC voltage 100-240 VAC +/- 10% AC Watts DC Watts Fuse Rating AC: 3.15 Amps/240 Volts... -
Page 59: Connectors
The mini-Gigabit transceivers are compatible with the IEEE 802.3z Gigabit Ethernet standard. Table 13 lists the 1-Gigabit media types and distances for the different types of connectors used with the NetScreen-5000 Series systems. Table 13: One-Gigabit Media Types and Distances for NetScreen-5000 Series Connectors Standard Media Type Mhz/Km... - Page 60 NetScreen-5000 Series Hardware Installation and Configuration Guide Connectors...
-
Page 61: Appendix B Port Descriptions And Led Status
“Status LED States” on page 62 “Power Supply LEDs” on page 64 “Fan LED” on page 65 Module Port Descriptions Table 15 details the ports on the 5000-M, 5000-M2, and 5000-MGT3 management modules. Table 15: NetScreen-5000 Series Management Module Ports Port Description Type Speed/Protocol Console Enables a serial connection, to establish terminal sessions with the system. -
Page 62: Module Led Descriptions
10 Gbps/Gigabit Ethernet throughput of 10 Gbps. Module LED Descriptions This section provides descriptions of the LEDs on NetScreen-5000 Series modules. Two types of LEDs exist on the modules: Status LEDs. These LEDs reflect certain conditions that exist on the system at large and do not explicitly refer to a given port. -
Page 63: Interpreting Status Leds For The Secure Port Module
Port Descriptions and LED Status Table 17: Management Module Status LEDs (Page 2 of 2) Color Meaning POWER Green The system is receiving power. The system is not receiving power. The power has a problem. STATUS Blinking green The system is operational. Blinking amber The system is booting up. -
Page 64: Interpreting Ethernet Port Status Leds For All Modules
NetScreen-5000 Series Hardware Installation and Configuration Guide Interpreting Ethernet Port Status LEDs for All Modules The port Status LEDs indicate whether any of the ports on the modules are operating properly. Table 19 describes the status possibilities for each. Table 19: Port Module Status LEDs... -
Page 65: Fan Led
Port Descriptions and LED Status Table 21: LED Behaviors As Affected by Power Supplies (NetScreen-5400) Power Power Power Supply 1 Supply 2 Supply 3 Present Present Present Power LED Alarm LED Green Yes (not Green functioning or turned off) Green Yes (not Green functioning or... - Page 66 NetScreen-5000 Series Hardware Installation and Configuration Guide Fan LED...
-
Page 67: Index
Index Numerics 5000-2G24FE high availability, establishing an HA connection ..............17 ..27 5000-2XGE ..............16 5000-2XGE-G4 ...............16 5000-8G ................15 installation guidelines ............19 5000-8G2 ................16 center-mount rack ...........23 5000-8G2-G4 ..............64 front-and-rear rack ..........21 5000-M ................62 5000-M2 .................62 5000-MGT3 ..............62 LED status ...............62 LED status types ............62 logging in ................39... - Page 68 NetScreen-5000 Series Hardware Installation and Configuration Guide port settings, viewing ............ 36 port status LEDs ............. 64 power supplies connecting to the system ........12 installing ..............25 recommendations ........... 11 replacing AC ............48 replacing DC ............47 power supplies, AC description ...............