Juniper NetScreen-50 Installer's Manual

Hide thumbs Also See for NetScreen-50:

User manual (36 pages)

page of 46

/ 46
Bookmarks

Quick Links

Download this manual

&5((1

,QVWDOOHU·V *XLGH

Version 4.0

P/N 093-0578-000

Rev.E

Need help?

Do you have a question about the NetScreen-50 and is the answer not in the manual?

Questions and answers

Summary of Contents for Juniper NetScreen-50

Page 1 &5((1 ,QVWDOOHU·V *XLGH Version 4.0 P/N 093-0578-000 Rev.E...
Page 2 15 of Technologies, Inc. NetScreen-5XP, NetScreen-5XT, NetScreen-25, the FCC rules. These specifications are designed to provide NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, reasonable protection against such interference in a residential NetScreen-500, NetScreen-1000, NetScreen-5200, NetScreen- installation.
Page 3 7DEOH RI &RQWHQWV 3UHIDFH Y *XLGH 2UJDQL]DWLRQ Y &RPPDQG /LQH ,QWHUIDFH &/, &RQYHQWLRQV Y &/, &RPPDQG 9DULDEOHV Y 9DULDEOH 1RWDWLRQ Y &RPPRQ &/, 9DULDEOH 1DPHV YL &/, &RPPDQG 6\QWD[ YLL 'HSHQGHQF\ 'HOLPLWHUV YLL 1HVWHG 'HSHQGHQFLHV YLLL $YDLODELOLW\ RI &/, &RPPDQGV DQG )HDWXUHV YLLL 1HW6FUHHQ 3XEOLFDWLRQV L[ +RZ 7R *HW 0RUH ,QIRUPDWLRQ L[ 2YHUYLHZ ...
Page 4 7DEOH RI &RQWHQWV &RQILJXULQJ WKH 'HYLFH 2SHUDWLRQDO 0RGHV 7UDQVSDUHQW 0RGH 5RXWH 0RGH 7KH 1HW6FUHHQ ,QWHUIDFHV &RQQHFWLQJ WKH 'HYLFH WR D 1HWZRUN (VWDEOLVKLQJ DQ +$ &RQQHFWLRQ %HWZHHQ 'HYLFHV 3HUIRUPLQJ ,QLWLDO &RQILJXUDWLRQ 8VLQJ WKH &/, &RQQHFWLQJ 8VLQJ D 97 7HUPLQDO (PXODWRU 6HWWLQJ DQ ,3 $GGUHVV IRU 0DQDJLQJ WKH 'HYLFH &RQQHFWLQJ 8VLQJ 7HOQHW ...
Page 5 The NetScreen-50 device provides security for small-and medium-sized companies, as well as enterprise branch and remote offices. The NetScreen-50 device offers 170 Mbps of firewall and 50 Mbps of 3DES VPN, protecting your LANs as well as public servers, such as mail, web, or FTP.
Page 6 3UHIDFH set arp ip_addr mac_addr interface age number | always-on-dest | no-cache where • ip_addr represents an IP address. • mac_addr represents a MAC address. • interface represents a physical or logical interface. • number represents a numerical value. Thus, the command might take the following form: ns->...
Page 7 &RPPDQG /LQH ,QWHUIDFH &/, &RQYHQWLRQV name_str The name of an item, such as an address book entry. number A numeric value, usually an integer, such as a threshold or a maximum. pol_num A policy number. port_num A number identifying a logical port. pswd_str A password.
Page 8 3UHIDFH • The [ and ] symbols denote an optional feature. Features enclosed by these symbols are not essential for execution of the command, although omitting such features might adversely affect the outcome. • The | symbol denotes an “or” relationship between two features. When this symbol appears between two features on the same line, you can use either feature (but not both).
Page 9 1HW6FUHHQ 3XEOLFDWLRQV &5((1 8%/,&$7,216 To obtain technical documentation for any NetScreen product, visit www.netscreen.com/ support/manuals.html. To access the latest NetScreen documentation, see the Current Manuals section. To access archived documentation from previous releases, see the Archived Manuals section. To obtain the latest technical information on a NetScreen product release, see the release notes document for that release.
Page 10 3UHIDFH ,QVWDOOHU·V *XLGH...
Page 11 8uhƒ‡r…Ã 2YHUYLHZ This chapter provides detailed descriptions of the NetScreen-50 chassis. Topics explained in this chapter include: • “The Front Panel” on page 2 – “Power and Status LEDs” on page 2 – “Configuration Reset Pinhole” on page 4 –...
Page 12 A Compact Flash card slot, for storage of system images, configuration files, keys, and logs. • Four Ethernet ports, for connecting the NetScreen-50 device to your LAN or local workstations and to the Internet. Ethernet Ports Power and Status LEDs...
Page 13 7KH )URQW 3DQHO The LEDs are as follows: Purpose Color Meaning Power Power Status green Power is functioning correctly. The device is not receiving power. Alarm System Alarm Critical alarm—failure of hardware component or software module (such as a cryptographic algorithm) amber Major alarm:...
Page 14 &KDSWHU 2YHUYLHZ &RQILJXUDWLRQ 5HVHW 3LQKROH The configuration reset pinhole is a switch that resets the device to its original default settings. To use this switch, insert a stiff wire (such as a straightened paper clip) into the pinhole. Warning! Because resetting the device restores it to the original factory default configuration, any new configuration settings are lost, and the firewall and all VPN service become inoperative.
Page 15 LED indicates network traffic activity and the right LED indicates if the link is up (the port is connected to an active device). $1(/ The rear panel of the NetScreen-50 device contains the power outlet and on/off switch. Power Outlet On/Off Switch You can order the NetScreen-50 device with either an AC or DC power supply.
Page 16 &KDSWHU 2YHUYLHZ ,QVWDOOHU·V *XLGH...
Page 17 8uhƒ‡r…Ã! ,QVWDOOLQJ WKH 'HYLFH This chapter describes how to install a NetScreen-50 device in an equipment rack or on a desktop. Topics in this chapter include: • “General Installation Guidelines” on page 8 • “Desktop Installation Guidelines” on page 9 •...
Page 18 • The product should be installed in a restricted area to prevent personal injury from exposure to DC voltage. Warning! To prevent abuse and intrusion by unauthorized personnel, install the NetScreen-50 device in a locked-room environment. ,QVWDOOHU·V *XLGH...
Page 19 48,30(17 $&. 2817,1* The NetScreen-50 device comes with accessories for mounting the device in a standard 19- inch equipment rack. (TXLSPHQW 5DFN ,QVWDOODWLRQ *XLGHOLQHV The location of the chassis, the layout of the equipment rack, and the security of your wiring room are crucial for proper system operation.
Page 20 1 Phillips-head screwdriver • 4 screws to match the rack (if the thread size of the screws provided in the NetScreen-50 product package do not fit the thread size of the rack) • The included rack mount bracket kit. 1HW6FUHHQ 5DFN 0RXQW To rack mount the NetScreen-50 device: Screw the rack mount brackets to each side of the chassis, as shown below.
Page 21 8uhƒ‡r…Ã" &RQILJXULQJ WKH 'HYLFH This chapter describes how to connect a NetScreen-50 device to your network and perform initial configuration on the device. Topics in this chapter include: • “Operational Modes” on page 12 – “Transparent Mode” on page 12 –...
Page 22 However, the device can still perform firewall, VPN, and traffic management according to configured security policies. 5RXWH 0RGH In Route mode, the NetScreen-50 device operates at Layer 3. Because you can configure each interface using an IP address and subnet mask, you can configure individual interfaces to perform NAT.
Page 23 7KH 1HW6FUHHQ ,QWHUIDFHV , &5((1 17(5)$&(6 Each NetScreen-50 device provides ethernet interfaces for access and connectivity. In addition, there are logical (non-physical) interfaces that perform special Layer-2 or management functions. The configurable interfaces available on a NetScreen-50 device are as follows:...
Page 24 “Equipment Rack Mounting” on page Make sure that the power switch on the device is turned OFF. Connect the power cable, included in the product package, to the NetScreen-50 power outlet at the rear of the device and to a power source.
Page 25 NetScreen devices in a redundant cluster. The devices propagate all network, configuration and session information to each other. Should one device fail, the other takes over the traffic processing. The following diagram shows a typical HA setup for NetScreen-50 devices. Internet Router...
Page 26 &KDSWHU &RQILJXULQJ WKH 'HYLFH To cable two NetScreen-50 devices together for HA and connect them to the network: Note: The cabling instructions given below reproduce the configuration shown here. However, this is not the only possible HA configuration. In addition, the instructions assume that all physical ports and interfaces are still set at their default settings.
Page 27 3HUIRUPLQJ ,QLWLDO &RQILJXUDWLRQ 8VLQJ WKH &/, & &/, (5)250,1* 1,7,$/ 21),*85$7,21 6,1* 7+( There are two ways to establish a console session with the NetScreen-50 device: ® ® • Using a VT100 terminal emulator, such as Hilgraeve Hyperterminal hrough an RJ-45 serial cable connected to the console port.
Page 28 To establish a Telnet session with the NetScreen-50 device: Connect an RJ-45 cross-over cable from the Trust zone interface on the NetScreen-50 device to the internal switch, router, or hub in your LAN (see “Connecting the Device to a Network” on page 14).
Page 29 $FFHVVLQJ WKH 'HYLFH :LWK WKH :HE8, $OORZLQJ 2XWERXQG 7UDIILF By default, the NetScreen-50 device does not allow inbound or outbound traffic, nor does it allow traffic to or from the DMZ. You need to create access policies to permit specified kinds of traffic in the directions you want.
Page 30 &KDSWHU &RQILJXULQJ WKH 'HYLFH Enter netscreen in both the User Name and Password fields, then click OK. (Use lowercase letters only. The User Name and Password fields are both case sensitive.) The NetScreen WebUI application window appears. (6(77,1* 7+( (9,&( 72 $&725<...
Page 31 5HVHWWLQJ WKH 'HYLFH WR )DFWRU\ 'HIDXOW 6HWWLQJV !!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration, keys and settings. Would you like to continue? y/[n] Press the y key. The following message appears: !! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased.
Page 32 &KDSWHU &RQILJXULQJ WKH 'HYLFH When the device resets, the Status LED will turn amber for one-half second and then return to the blinking green state. The serial console message states “Configuration Erase sequence accepted, unit reset.” The system generates SNMP and SYSLOG alerts to configured SYSLOG or SNMP trap hosts.
Page 33 8uhƒ‡r…Ã# 5HSODFLQJ WKH )XVH The NetScreen-50 device uses a 2.5 amp slow-blow fuse rated for 250 volts. To replace a failed fuse on the NetScreen-50 device: Take the device off-line, turn the power switch off, and disconnect the power cable.
Page 34 &KDSWHU 5HSODFLQJ WKH )XVH ,QVWDOOHU·V *XLGH...
Page 35 6ƒƒrqv‘Ã6 6SHFLILFDWLRQV This appendix provides general system specifications for the NetScreen-50 device. • “NetScreen-50 Attributes” on page 2 • “Electrical Specification” on page 2 • “Environmental” on page 2 • “Safety Certifications” on page 2 • “EMI Certifications” on page 2 •...
Page 36 $SSHQGL[ $ 6SHFLILFDWLRQV $ &5((1 775,%87(6 Height: 1.73 inches Depth: 10.8 inches Width: 17.5 inches Weight: 8 pounds /(&75,&$/ 3(&,),&$7,21 AC voltage: 100-240 VAC +/- 10% DC voltage: -36 to -60 VDC Maximum AC Watts: 45 Watts Maximum DC Watts: 50 Watts Fuse Rating: 2.5A / 250V 19,5210(17$/ Temperature...
Page 37 $SSHQGL[ $ 6SHFLILFDWLRQV & 211(&7256 The RJ-45 twisted-pair ports are compatible with the IEEE 802.3 Type 10/100 Base-T standard. The following table media type and distance for these connectors. Standard Media Type Mhz/Km Rating Maximum Distance 100Base-TX Category 5 and higher 100 meters Unshielded Twisted Pair (UTP) Cable...
Page 38 $SSHQGL[ $ 6SHFLILFDWLRQV 1HW6FUHHQ...
Page 39 6ƒƒrqv‘Ã7 &RQILJXUDWLRQ IRU &RPPRQ &ULWHULD ($/ All NetScreen devices are designed to meet the Common Criteria requirements, and are currently under evaluation for Common Criteria, EAL2. However, there are certain configuration actions that are required for a security administrator to properly secure the device to be in compliance with the Common Criteria EAL2 security target.
Page 40 $SSHQGL[ % &RQILJXUDWLRQ IRU &RPPRQ &ULWHULD ($/ 523(5 7(36 72 (&85( $ &5((1 (9,&( )25 & & ($/ & 20021 5,7(5,$ 203/,$1&( To configure a NetScreen device to operate securely, and in conformance with the requirements outlined in NetScreen’s Security Target for Common Criteria EAL2, the following actions must be taken: •...
Page 41 $SSHQGL[ % &RQILJXUDWLRQ IRU &RPPRQ &ULWHULD ($/ To disable this default policy on the NetScreen-5XP and -5XT, enter the following CLI command: unset policy id 0 • NetScreen devices must be configured to prevent all types of Denial of Service (DoS) and attack signatures on every security zone to prevent these types of attacks from occurring on the LAN.
Page 42 For each NetScreen device, you must enter the following commands: NetScreen-5XP: unset interface trust manage NetScreen-5XT: unset interface trust manage NetScreen-25: unset interface ethernet1 manage NetScreen-50: unset interface ethernet1 manage NetScreen-100: unset interface trust manage NetScreen-204: unset interface ethernet1 manage NetScreen-208: unset interface ethernet1 manage...
Page 43 $SSHQGL[ % &RQILJXUDWLRQ IRU &RPPRQ &ULWHULD ($/ When creating a policy, always make sure that counting and logging are enabled. This ensures that all traffic matching the policy is logged appropriately. When creating a policy, always use specific source IP, destination IP, source zone, destination zone, protocol, and service when feasible.
Page 44 $SSHQGL[ % &RQILJXUDWLRQ IRU &RPPRQ &ULWHULD ($/ The event log shows the following events: Log setting is modified to {enable|disable} level-name level by admin name where level-name is the same as the level-name in the issued command and name is the person making the change.
Page 45 ,QGH[ ,QGH[ asset recovery 20 LEDs Alarm 3 & Flash 3 HA 3 Cables Power 3 RJ-45 connectors 4, 13 Session 3 twisted pair 13 Status 3 cabling login name power supply 16 changing 19 connecting network interfaces 14, 18 connecting power 14 console changing timeout 17, 18...
Page 46 ,QGH[ ,QVWDOOHU·V *XLGH...

Juniper NetScreen-50 Installer's Manual

Quick Links

Need help?

Questions and answers

Related Manuals for Juniper NetScreen-50

Summary of Contents for Juniper NetScreen-50