Download
Share
Print this page
  1. Manuals
  2. Brands
  3. NetScreen Technologies Manuals
  4. Firewall
  5. NetScreen-10 Series
  6. Installer's manual

NetScreen Technologies NetScreen-10 Series Installer's Manual

Hide thumbs

Advertisement

Quick Links

Download this manual
1
6
(7
&5((1
,QVWDOOHU·V *XLGH
Wr…†v‚Ã!$
QIÃ("#!
Sr‰Ã6

Advertisement

loading
Need help?

Need help?

Do you have a question about the NetScreen-10 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for NetScreen Technologies NetScreen-10 Series

Summary of Contents for NetScreen Technologies NetScreen-10 Series

  • Page 1 &5((1 ,QVWDOOHU·V *XLGH Wr…†v‚Ã!$ QIÃ("#! Sr‰Ã6...

  • Page 2: Copyright Notice

    1. License Grant. This is a license, not a sales agreement, other countries. Hyperterminal is a registered trademarks of between you, the end user, and NetScreen Technologies, Inc. Hilgaeve Corporation. All other brands and their products (“NetScreen”). The term “Firmware” includes all NetScreen...
  • Page 3 Q … ‚q ˆ p‡ ÃGvp r † r Ã6 t… rr € r  ‡ 6. Limited Warranty. For a period of one (1) year after FIRMWARE. IN NO EVENT WILL NETSCREEN'S OR ITS LICENSORS' AGGREGATE LIABILITY CLAIM BY YOU, delivery to Customer, NetScreen will repair or replace any OR ANYONE CLAIMING THROUGH OR ON BEHALF OF defective product shipped to Customer, provided it is...
  • Page 4 v‰ Ir‡Tp…rr   ÃÃÃ...
  • Page 5 7DEOH RI &RQWHQWV :KR 6KRXOG 5HDG WKLV 0DQXDO"  YLL 0DQXDO 2UJDQL]DWLRQ YLL 5HODWHG 3XEOLFDWLRQV YLLL &KDSWHU  +DUGZDUH DQG 6RIWZDUH 'HVFULSWLRQ   +DUGZDUH 'HVFULSWLRQ   *HQHUDO /D\RXW RI WKH 1HW6FUHHQ $GPLQLVWUDWLRQ 7RROV   &KDSWHU  &RQQHFWLQJ WKH 1HW6FUHHQ WR WKH 1HWZRUN   *DWKHULQJ WKH 1HFHVVDU\ 7RROV   &RQQHFWLQJ WKH 1HW6FUHHQ WR 1HWZRUNV DQG 'HYLFHV   &KDSWHU  &RQILJXULQJ WKH 1HW6FUHHQ IRU WKH )LUVW 7LPH  ...
  • Page 6 ,QVWDOODWLRQ :DUQLQJ  $ 3RZHU 'LVFRQQHFWLRQ :DUQLQJ $ 1R 8VHU6HUYLFHDEOH 3DUWV :DUQLQJ $ &LUFXLW %UHDNHU $ :DUQLQJ $ 6(/9 &LUFXLW :DUQLQJ  $ /LJKWQLQJ $FWLYLW\ :DUQLQJ  $ /LWKLXP %DWWHU\ :DUQLQJ  $ 3URGXFW 'LVSRVDO :DUQLQJ $ *HQHUDO 6LWH 5HTXLUHPHQWV  $ 2QVLWH 3UHFDXWLRQV $ (TXLSPHQW 5DFN 0RXQWLQJ *XLGHOLQHV  $ &RPSOLDQFH 6SHFLILFDWLRQV  $...
  • Page 7 3UHIDFH ™ ™ The NetScreen-10 and NetScreen-100 are network security devices that protect your Ethernet local area network (LAN) when connecting to the Internet. Using a NetScreen-10/100 firewall, you can configure access policies that control inbound and outbound network and VPN traffic. $18$/ 5*$1,=$7,21 This manual has 3 chapters and one appendix.
  • Page 8 Q… r s hp rà NetScreen CLI Reference Guide (P/N 093-0011-000, Revision C) NetScreen WebUI Reference Guide (P/N 093-0040-000, Revision A) NetScreen Concepts & Examples ScreenOS Reference Guide (P/N 093-0039-000, Revision A) ‰vvv Ir‡Tp…rr   ÃÃÃ...
  • Page 9 8uhƒ‡r…à +DUGZDUH DQG 6RIWZDUH 'HVFULSWLRQ This chapter provides illustrations and descriptions of the NetScreen-10/100 front and back panels and an introduction to the Web user interface (WebUI). +DUGZDUH 'HVFULSWLRQ Before you install your NetScreen device, you should unpack it onsite and verify the contents against the packing slip.
  • Page 10 8u hƒ ‡r … à ÃC h…q  h…r à hq ÃT ‚ s ‡ h… r Ã9 r† p… vƒ ‡v ‚ • Console Port: DB25 serial port connector for local configuration and administration. • Trusted Port: Connect the NetScreen-10/100 using a twisted pair cable with RJ45 connectors.
  • Page 11 Ch… q h… r Ã9r †p … vƒ‡ v‚  The back panel of the NetScreen-10/100 is shown in Figure 1-3. Figure 1-3 Back Panel of the NetScreen-10/100 • Product Label: The model number is either NS-10x or NS-100x, where x=a, e, or f.
  • Page 12 8u hƒ ‡r … à ÃC h…q  h…r à hq ÃT ‚ s ‡ h… r Ã9 r† p… vƒ ‡v ‚  $ (1(5$/ $<287 2) 7+( &5((1 '0,1,675$7,21 22/6 The Web Administration Tools page consists of two main sections: the menu column and the central display area: •...
  • Page 13 B r r …h yÃGh’ ‚ ˆ ‡Ã‚ s Ç u r ÃIr ‡ T p… r r   Ã6 q€ v v †‡ …h‡ v‚  ÃU ‚‚ y† • A central display area, shown in Figure 1-5, lists the information for each of the menu items above, in either a tabular or graphical format.
  • Page 14 8u hƒ ‡r … à ÃC h…q  h…r à hq ÃT ‚ s ‡ h… r Ã9 r† p… vƒ ‡v ‚ Ir‡Tp…rr  à à Ã...
  • Page 15 8uhƒ‡r…Ã! &RQQHFWLQJ WKH 1HW6FUHHQ WR WKH 1HWZRUN Follow the instructions in this chapter to connect the NetScreen-10/100 device to the network and to configure the software for the first time. For further configuration options, see the NetScreen Concepts & Examples ScreenOS Reference guide, on the product CD.
  • Page 16 8u hƒ ‡r … Ã! Ã8‚  r p ‡ vt Ç u r ÃIr ‡ T p …r r   Ç ‚ Ç u r ÃIr ‡  ‚… x &  211(&7,1* 7+( &5((1 (7:25.6 $1' (9,&(6 Note that if you are configuring multiple NetScreen-10/100 devices, you should install and configure them one at a time.
  • Page 17 8‚  r p ‡v t Ç u r ÃIr ‡ T p… r r   Ç‚ ÃIr ‡ ‚ … x †Ãh qÃ9r ‰v p r† 5. Turn on the NetScreen-10/100 and any other network devices that you had turned off.
  • Page 18 8u hƒ ‡r … Ã! Ã8‚  r p ‡ vt Ç u r ÃIr ‡ T p …r r   Ç ‚ Ç u r ÃIr ‡  ‚… x Figure 2-4 Sample Configuration Using DMZ Port Ir‡Tp…rr  à à Ã...
  • Page 19 8‚  r p ‡v t Ç u r ÃIr ‡ T p… r r   Ç‚ ÃIr ‡ ‚ … x †Ãh qÃ9r ‰v p r† Figure 2-5 Sample Configuration in a redundant group for High Availability (NetScreen-100 only) Note: You may have to supply additional cables, depending on your particular configuration.
  • Page 20 8u hƒ ‡r … Ã! Ã8‚  r p ‡ vt Ç u r ÃIr ‡ T p …r r   Ç ‚ Ç u r ÃIr ‡  ‚… x Ir‡Tp…rr  à à Ã...
  • Page 21 8uhƒ‡r…Ã" &RQILJXULQJ WKH 1HW6FUHHQ IRU WKH )LUVW 7LPH This chapter shows you how to configure your NetScreen-10/100 in Transparent mode and allow internal users to access the Internet while denying internal access from the Internet. You do this by setting the System IP address and creating an Access Policy that permits outgoing traffic.
  • Page 22 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r 8VLQJ WKH :HE8, To perform the initial configuration through the WebUI, you need to change the IP address of the management workstation to the same subnet as the NetScreen- 10/100 default system IP address, which is 192.168.1.1.
  • Page 23 The Enter Network Password dialog box appears, as shown in Figure 3-1. Figure 3-1 Enter Network Password Dialog Box 5. In the dialog box, type netscreen for both the user name and password, and then click OK. Note: The user name and password are case-sensitive. After configuring the NetScreen device for the first time, you should change the default user name and password as described in “Changing the Administrator Login Name and Password”...
  • Page 24 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r 6. Enter the IP address and netmask for administration of the NetScreen-10/100, and then click OK.
  • Page 25 Figure 3-4 Enter Network Password Dialog Box 2. In the dialog box, type netscreen for both the user name and password, and then click OK. (Remember that the user name and password are case- sensitive.) The Access Policies pages appear, with the Outgoing Access Policies page displayed, as shown in Figure 3-5 “Access Policies Pages”.
  • Page 26 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r $OORZLQJ 2XWERXQG 7UDIILF By default, the NetScreen-10/100 does not allow inbound or outbound traffic. You need to create an outgoing Access Policy to permit outbound traffic to traverse the firewall.
  • Page 27 – Action: Permit (Allows the traffic defined by the Access Policy to traverse the firewall.) – Leave the rest of the options at their default values, and click the OK button. The Outgoing Access Policies page now has one Access Policy that permits any inside traffic to pass through the firewall and access the Internet, as shown in Figure 3-7 “Access Policies Page”.
  • Page 28 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r &KDQJLQJ WKH $GPLQLVWUDWRU /RJLQ 1DPH DQG 3DVVZRUG Because all NetScreen units come with the same default name and password, it is highly recommended that you change the default Admin Login name and Password.
  • Page 29 V †v t Ç u r Ã8 GD Note: For more information and examples on other configuration options, please refer to the NetScreen Concepts & Examples ScreenOS Reference Guide. &/, 6,1* 7+( The following section provides information on how to configure the device using the command line interface (CLI).
  • Page 30 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r &RQQHFWLQJ YLD 7HOQHW Telnet operates over TCP/IP networks. It allows you to configure the device using the command line interface (CLI).
  • Page 31 V †v t Ç u r Ã8 GD &KDQJLQJ WKH $GPLQLVWUDWRU /RJLQ 1DPH DQG 3DVVZRUG Because all NetScreen units come with the same default name and password, it is highly recommended that you change the default Admin Login name and Password.
  • Page 32 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r ,QWHUIDFH 6HWWLQJV DQG 2SHUDWLRQDO 0RGHV The NetScreen-10/100 device supports three operational modes: Transparent mode, NAT (Network Address Translation) mode, and Route mode.
  • Page 33 V †v t Ç u r Ã8 GD ,QWHUIDFH 6HWWLQJV For Transparent mode, define the following interface settings, where <a.b.c.d> and <e.f.g.h> represent numbers in an IP address, <A.B.C.D> represents the numbers in a subnet mask, and <number> represents the bandwidth size in kbps: Trusted IP: 0.0.0.0 Subnet Mask: 0.0.0.0...
  • Page 34 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r 1HWZRUN $GGUHVV 7UDQVODWLRQ 0RGH When in Network Address Translation (NAT) mode, the NetScreen device translates two components in the header of an outgoing IP packet traversing the firewall from the Trusted side: its source IP address and source port number.
  • Page 35 V †v t Ç u r Ã8 GD ,QWHUIDFH 6HWWLQJV For NAT mode, define the following interface settings, where <a.b.c.d>, <e.f.g.h>, and <i.j.k.l> represent numbers in an IP address, <A.B.C.D> represents the numbers in a subnet mask, and <number> represents the bandwidth size in kbps: Trusted IP: <a.b.c.d>...
  • Page 36 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r 5RXWH 0RGH In Route mode, the NetScreen device routes traffic between different interfaces without performing NAT;...
  • Page 37 V †v t Ç u r Ã8 GD Virtual MGT (NetScreen-100) IP: <a.b.c.d.> Netmask: <A.B.C.D.> Default Gateway: <e.f.g.h.> Bind to Port: <Trusted, Untrusted, DMZ> a. Optional setting for traffic shaping b. Selecting Route for the Trusted interface defines the mode as Route. Selecting NAT de- fines the mode as NAT.
  • Page 38 8u hƒ ‡r … Ã" Ã8‚  s vtˆ … v tÇ u r ÃI r‡ T p …r r    à s‚ … Ç u r ÃA v …†‡ ÃU v € r " ' Ir‡Tp…rr  à à Ã...
  • Page 39 6ƒƒrqv‘ $SSHQGL[ $ 6DIHW\ 5HFRPPHQGDWLRQV DQG :DUQLQJV Before supplying power to the NetScreen-10/100, follow these safety guidelines: • Look carefully for possible hazards in the work area, such as moist floors, ungrounded power extension cables, and missing safety grounds. • Locate the emergency power-off switch for the area where you are working. Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
  • Page 40 6ƒƒ r qv ‘à 6) ÃT h sr ‡ ’à S r p‚ € € r  qh‡ v‚  †Ãh qà Xh…  v t† &LUFXLW %UHDNHU $ :DUQLQJ Caution The NetScreen-10/100 relies on the building’s installation for short-circuit (over-current) protection.
  • Page 41 Br  r …h yÃT v‡ rÃS r „ˆ v …r € r  ‡† (1(5$/ (48,5(0(176 For the safe installation and operation of your NetScreen device, ensure that your site is properly prepared before beginning the hardware installation. • Check the power at your site to ensure that you are receiving “clean” power (free of spikes and noise).
  • Page 42 6ƒƒ r qv ‘à 6) ÃT h sr ‡ ’à S r p‚ € € r  qh‡ v‚  †Ãh qà Xh…  v t† When planning your site layout and equipment locations, follow the precautions described below to help avoid equipment failures and reduce the possibility of environmentally caused shutdowns.
  • Page 43 8‚ € ƒy vh p r ÃT ƒr pv s vp h‡ v‚ † & 203/,$1&( 3(&,),&$7,216 Parameter Specification Safety Certification UL, CUL EMI/RFI FCC Part 15, Class A Standards Compliance IEEE 802.3, Ethernet IPSec Compliance: RFC 2401 (Security Architecture for the Internet Protocol) RFC 2402 (IP Authentication Header) RFC 2403 (The Use of HMAC-MD5-96...
  • Page 44 6ƒƒ r qv ‘à 6) ÃT h sr ‡ ’à S r p‚ € € r  qh‡ v‚  †Ãh qà Xh…  v t† Ir‡Tp…rr  à à Ã...
  • Page 45 ÃD qr ‘ ,QGH[ See DCE Data Communications Equipment Access Policies See DCE outgoing 3-1 Data Terminal Equipment Admin name 3-8 See DTE Administration requirements 3-1 DB25 serial port connector 1-2 DCE 1-2 Diagnostics 1-1 Back panel 1-1 DMZ 1-2 DMZ port 2-4 &...
  • Page 46 ÃD qr ‘ IP address 3-4 Outgoing access policies 3-5 change 3-2 conflicts 2-2 default 3-2 Password management 3-2 changing 3-8 3-12 management workstation 3-2 forgetting 3-8 system 3-1 3-11 initial use 3-3 PCMCIA flash card slot 1-1 PCMCIA PC card 1-1 LAN 1-vii Ports LEDs 1-2...
  • Page 47 ÃD qr ‘ Ventilation A-3 TCP/IP 1-vii Telnet 3-10 Terminal emulator 3-1 Warnings A-1 Transparent mode 3-1 Web administration tools 1-5 Trusted port 1-2 Web browser 1-vii requirements 3-1 Web user interface Untrusted port 1-2 See WebUI User name WebUI 1-vii initial use 3-3 Workstation requirements 3-1 D†‡hyyr…·†ÃBˆvqr...
  • Page 48 ÃD qr ‘ DY# Ir‡Tp…rr   ÃÃÃ...

This manual is also suitable for:

Netscreen-100 series