NetScreen Technologies 5GT User Manual page 14

Chapter 2 Configuring the Device
Restricting Management
By default, anyone in your network can manage the NetScreen device if they know the
login and password. You can configure the NetScreen device to be managed only from a
specific host on your network. (And you can choose which services — for example, WebUI,
Telnet, ping — you want enabled on the NetScreen device.) Refer to the "Administration"
chapter in Volume 3 of the NetScreen Concepts & Examples ScreenOS Reference Guide.
Operational Mode
The operational mode is the way an interface on a NetScreen device processes traffic
between zones. By default, the NetScreen-5GT operates in Route mode with network
address translation (NAT) enabled on the Trust interface. This means that when devices
in the Trust zone send traffic to the Internet, the NetScreen device replaces the original
source IP addresses with the IP address of the Untrust interface. While the NetScreen
device assigns "private" IP addresses to the devices in your network, these addresses
remain hidden to computers outside your network.
If all devices in your network have public IP addresses, you can configure the NetScreen
device for Transparent mode or Route mode without NAT enabled. In Transparent mode,
the NetScreen device forwards traffic without checking IP addresses. In Route mode
without NAT enabled, the NetScreen device routes traffic by checking IP addresses. For
more information about configuring the device for Transparent mode or Route mode
without NAT enabled, refer to the "Interface Modes" chapter in Volume 2 of the NetScreen
Concepts & Examples ScreenOS Reference Guide.
Trust Interface Address
You can change the IP address and netmask of the Trust interface if necessary.
(Remember that the IP addresses of devices in your network are never seen by computers
outside your network; outside computers see only the IP address of the Untrust interface.)
For example, you might need to change the Trust interface to match the IP addresses that
already exist on your network. If you change the IP address and netmask of the Trust
interface, you also need to change either the range of addresses that the NetScreen device
assigns via DHCP to devices in the network, or disable the DHCP server on the Trust
interface.
To assign a different IP address and netmask to the Trust interface, refer to the
"Interfaces" chapter in Volume 2 of the NetScreen Concepts & Examples ScreenOS
Reference Guide.
To change the DHCP settings for the NetScreen device, refer to the "System Parameters"
chapter in Volume 2 of the NetScreen Concepts & Examples ScreenOS Reference Guide.
10 User's Guide