Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Juniper SSG 500 Series
Summary of Contents for Juniper SSG 500 Series
- Page 1 Security Products Secure Services Gateway (SSG) 500 Series Hardware Installation and Configuration Guide ScreenOS Version 5.4.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-015646-01, Revision C...
- Page 2 Copyright © 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners.
-
Page 3: Table Of Contents
Connecting DC Power to the Device .............. 15 Powering the Device On and Off..............16 Connect the Device to a Network..............17 Connect an SSG 500 Series Device to an Untrusted Network....17 Connecting Ethernet Ports ..............18 Connecting Serial AUX/Console Ports..........18 Connect WAN PIMs to an Untrusted Network.......... - Page 4 SSG 500 Series Hardware Installation and Configuration Guide Chapter 3 Configuring the Device Access the Device ..................22 Using a Console Connection ..............22 Using the WebUI ..................23 Using Telnet .................... 23 Default Settings....................24 Configuring the Device................... 25 Changing the Admin Name and Password..........26 Administrative Access ................
- Page 5 Table of Contents Index..........................IX-I Table of Contents...
- Page 6 SSG 500 Series Hardware Installation and Configuration Guide Table of Contents...
-
Page 7: About This Guide
SSG 520 SSG 550 Both of the SSG 500 series devices support universal storage bus (USB) storage and six physical interfaces modules (PIM) slots that can hold any of the PIMs. The devices also provide conversions between local area networks (LANs) and wide area networks (WANs). -
Page 8: Document Conventions
SSG 500 Series Hardware Installation and Configuration Guide Document Conventions This document uses several types of conventions, which are introduced in the following sections: “CLI Conventions” on this page “Naming Conventions and Character Types” on page ix “WebUI Conventions” on page x... -
Page 9: Naming Conventions And Character Types
About This Guide Naming Conventions and Character Types ScreenOS employs the following conventions regarding the names of objects—such as addresses, admin users, auth servers, IKE gateways, virtual systems, VPN tunnels, and zones—defined in ScreenOS configurations: If a name string includes one or more spaces, the entire string must be enclosed within double quotes;... -
Page 10: Webui Conventions
IP/Netmask: (select), 10.2.2.5/32 Zone: Untrust Figure 1: Navigational Path and Configuration Settings Juniper Networks Documentation To obtain technical documentation for any Juniper Networks product, visit www.juniper.net/techpubs/. For technical support, open a support case using the Case Manager link at http://www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (outside the United States). -
Page 11: Chapter 1 Hardware Overview
It includes the following topics: “Front Panel” on this page “Back Panel” on page 8 Front Panel The front panel of an SSG 500 series device contains the following components: System Status LEDs Power Button Reset Config Button NOTE: The reset configuration is currently not supported. -
Page 12: System Status Leds
SSG 500 Series Hardware Installation and Configuration Guide Figure 2: Front Panel of a Secure Services Gateway Device Slot 4 Slot 1 Slot 5 Slot 2 Slot 6 Slot 3 PORT 0 PORT 1 PORT 0 PORT 1 STATUS STATUS... -
Page 13: Power Button
The power button is located on the left side of the front panel. You can use the power button to power an SSG 500 series device on and off. When you power on the device, ScreenOS boots up as the power supply completes its startup sequence. -
Page 14: Built-In Gigabit Ethernet Ports
SSG 500 Series Hardware Installation and Configuration Guide Built-in Gigabit Ethernet Ports Four built-in 10/100/1000 Gigabit Ethernet ports provide LAN connections to hubs, switches, local servers, and workstations. You can also designate an Ethernet port for management traffic. When configuring one of these ports, you reference the interface name that corresponds to the location of the port. -
Page 15: Aux Port
Universal serial bus (USB) ports are not supported in this release. Physical Interface Modules All SSG 500 series devices have six PIM slots. Table 4 shows the PIM types you can install in the slots of an SSG 520. Table 5 on page 5 shows the PIM types you can install in the slots of an SSG 520. -
Page 16: Ethernet Pims
Ethernet PIMs There are four built-in 10/100 Gigabit Ethernet ports on an SSG 500 series device, and you can also add additional Ethernet ports by installing Ethernet PIMs. For an SSG 520 device, you can install up to two Ethernet PIMs in slots 3 and 6. For an SSG 550 device, you can install up to four Ethernet PIMs in slots 2, 3, 5, and 6. - Page 17 PORT 0 PORT 1 Table 7 lists the cables that you can order from Juniper Networks to connect to a port on the serial PIM. The device to which you are connecting and the serial interface type determine which cable you need.
-
Page 18: Back Panel
SSG 500 series devices have a single fixed-mounted three-fan tray. Power Supplies Power supplies are located at the right side of the rear panel of an SSG 500 series device: The SSG 520 is equipped with a single permanently-installed AC or DC power supply unit (PSU). -
Page 19: Ac Power Supply
The input power light on the faceplate of an SSG 550 AC or DC PSU indicates the power and system status. Table 8 describes the LED states: Table 8: Input Power LED Descriptions Color Status Description Green On steadily Input power is On and system is On Amber On steadily Input power is On and system is Off... -
Page 20: Dc Power Supply
SSG 500 Series Hardware Installation and Configuration Guide DC Power Supply The DC PSU faceplate contains two DC power terminal blocks that connect to power cables. Figure 13: SSG 550 DC Power Supply Faceplate Ejector tab Input power light -48V... -
Page 21: Installing And Connecting The Device
Chapter 2 Installing and Connecting the Device This chapter describes how to install an SSG 500 series device in a standard 19-inch equipment rack and how to connect cables and power to the device. Topics in this chapter include: “Before You Begin” on page 12 “Equipment Rack Installation”... -
Page 22: Before You Begin
Equipment Rack Installation You can mount an SSG 500 series device into a standard 19-inch equipment rack. The device is shipped with mounting brackets. If you are installing multiple devices in one rack, install the lowest one first and NOTE: proceed upward in the rack. -
Page 23: Connecting The Interface Cable To The Device
There are two ways to rack mount an SSG 500 series device: Mid-mount: attach the left and right mounting brackets to the middle of each side of the chassis. Front-mount: attach the left and right mounting brackets to the front of each side of the chassis. -
Page 24: Chassis Grounding
Chassis Grounding To meet safety and electromagnetic interference (EMI) requirements, and to ensure proper operation, an SSG 500 series device must be adequately grounded before power is connected. A two-hole grounding lug is provided on the rear of the chassis to connect the device to earth ground (see Figure 10 on page 8). -
Page 25: Connecting Dc Power To The Device
Connecting DC Power to the Device Each DC power supply has a single DC input (–48 VDC and return) that requires a dedicated 15 A (–48 VDC) circuit breaker. If your device includes an optional redundant DC power supply, CAUTION: connect each of the two power supplies to different input power sources. -
Page 26: Powering The Device On And Off
NOTE: If included, make sure this switch is in the ON position. To power off an SSG 500 series device, press the power button and hold it for more than 5 seconds. To remove power completely from the device, unplug the power cord. The power button on an SSG 500 series device is a standby power switch. -
Page 27: Connect The Device To A Network
Connect the Device to an Internal Network or a Workstation Connect an SSG 500 Series Device to an Untrusted Network You can connect your SSG 500 series device to the untrusted network in one of the following ways: Connecting Ethernet Ports... -
Page 28: Connecting Ethernet Ports
Connecting Ethernet Ports To establish a high-speed connection, connect the provided Ethernet cable from the Ethernet port marked 0/0 on an SSG 500 series to the external router. The device autosenses the correct speed, duplex, and MDI/MDIX settings. Connecting Serial AUX/Console Ports You can connect to the untrusted network with an RJ-45 straight through serial cable and external modem. -
Page 29: Connect The Device To An Internal Network Or A Workstation
You can connect your local area network (LAN) or workstation with the Ethernet and/or wireless interfaces. An SSG 500 series device contains four built-in Ethernet ports. You can use one or more of these ports to connect to LANs through switches or hubs. - Page 30 SSG 500 Series Hardware Installation and Configuration Guide Connect the Device to a Network...
-
Page 31: Configuring The Device
Chapter 3 Configuring the Device ScreenOS software is preinstalled on SSG 500 series devices. When the device is powered on, it is ready to be configured. While the device has a default factory configuration that allows you to initially connect to the device, you need to perform further configuration for your specific network requirements. -
Page 32: Access The Device
SSG 500 Series Hardware Installation and Configuration Guide Access the Device You can access, configure, and manage an SSG 500 series device in several ways: Console: The console port on the device allows you to access the device through a serial cable connected to your workstation or terminal. To configure the device, you enter ScreenOS command line interface (CLI) commands on your terminal or in a terminal-emulation program on your workstation. -
Page 33: Using The Webui
3. Launch a serial terminal emulation program on your workstation. The required settings to launch a console session with the device are as follows: Baud rate: 9600 Parity: None Data bits: 8 Stop bit: 1 Flow Control: None 4. If you have not yet changed the default username and password, enter at both the login and password prompts. -
Page 34: Default Settings
Internal Switch DMZ Switch DMZ LAN Trusted LAN Table 9 describes the default zone bindings for ports on an SSG 500 series device. The cable connections shown in Figure 17 use the default settings of some of the ports. Default Settings... -
Page 35: Configuring The Device
This section describes the basic configurations that you need to perform to allow an SSG 500 series device to connect LAN users to a remote network. For more detailed information about ScreenOS features and how to configure them, see the Concepts &... -
Page 36: Changing The Admin Name And Password
Administrative Access By default, anyone in your network can manage an SSG 500 series device if they know the login and password. To configure an SSG 500 series device to be managed only from a specific host on your network, use the WebUI or CLI: WebUI Configuration >... -
Page 37: Domain Name System Server
Setting the Date and Time The time set on an SSG 500 series device affects events such as the setup of virtual private network (VPN) tunnels. The easiest way to set the date and time on the device is to use the WebUI to synchronize the system clock on the device with the clock on your workstation. -
Page 38: Hostname And Domain Name
The ethernet0/0 port has the default IP address 192.168.1.1/24 and is configured for management services. If you connect the ethernet0/0 port on an SSG 500 series device to a workstation, you can configure the device from a workstation in the 192.168.1.1/24 subnetwork using a management service such as Telnet. -
Page 39: Ethernet0/0 Ip Address
A serial cable connects the DCE to a telephony network where, ultimately, a link is established with data terminal equipment (DTE). DTE is typically where a link terminates. SSG 500 series serial WAN PIMs support the following serial standards: TIA/EIA 530 V.35 X.21... -
Page 40: The T1 Interface
SSG 500 Series Hardware Installation and Configuration Guide To configure serial interface characteristics, use the WebUI or CLI: WebUI Network > Interfaces > List > Edit (WAN Interface) > WAN: Select the following, then click Apply: DTE Options Select your options set interface interface serial-options dte-options { ... -
Page 41: The T3 Interface
The T3 Interface T3, also known as data signal 3 (DS3), is a high-speed data-transmission medium formed by multiplexing 28 DS1signals into seven separate DS2 signals, and combining the DS2 signals into a single DS3 signal. T3 links operate at 43.736 Mbps. -
Page 42: Basic Firewall Protections
Concepts and Examples ScreenOS Reference Guide for ScreenOS 5.4.0. SSG 500 series devices provide various detection methods and defense mechanisms to combat probes and attacks aimed at compromising or harming a network or network resource: ScreenOS Screen options secure a zone by inspecting, and then allowing or denying, all connection attempts that require crossing an interface to that zone. -
Page 43: Verify External Connectivity
To verify that workstations in your network can access resources on the Internet, start a browser from any workstation in the network and enter the following URL: www.juniper.net. Resetting a Device to Factory Defaults If you lose the admin password, you can reset the device to its default settings. This action destroys any existing configurations but restores access to the device. - Page 44 SSG 500 Series Hardware Installation and Configuration Guide 2. At the Password prompt, enter the serial number again. The following message appears: !!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n] 3.
-
Page 45: Servicing The Device
Tools and Parts Required To replace a component on an SSG 500 series device, you need the following tools and parts: Electrostatic bag or antistatic mat... -
Page 46: Replacing A Physical Interface Module
Make sure the device is powered off before removing PIMs. PIMs are not hot-swappable. The PIMs are installed in the front panel of an SSG 500 series device. A PIM weighs less than 1 pound (0.5 kilogram). Removing a Blank Faceplate To maintain proper airflow through the device, blank faceplates should remain over slots that do not contain PIMs. -
Page 47: Installing A Physical Interface Module
6. If necessary, arrange the cables to prevent them from dislodging or developing stress points: Secure the cable so that it is not supporting its own weight as it hangs to the floor. Place excess cable out of the way in a neatly coiled loop. Use fasteners to maintain the shape of cable loops. -
Page 48: Replacing Power System Components (Ssg 550 Devices Only)
SSG 500 Series Hardware Installation and Configuration Guide 4. Tighten the screws on each side of the PIM faceplate using a 1/8-inch slotted screwdriver. 5. Insert the appropriate cables into the cable connectors on the PIM. 6. If necessary, arrange the cables to prevent them from dislodging or developing... - Page 49 4. With your thumb, slide the metal ejector tab on the power supply faceplate to the right and hold it in place, to unlock the power supply. Figure 19: Sliding AC/DC Power Supply Ejector Tab Metal ejector tab 5. Grasp the handle on the power supply faceplate, and pull firmly to start removing the power supply.
-
Page 50: Installing An Ac Power Supply
SSG 500 Series Hardware Installation and Configuration Guide Installing an AC Power Supply To install an AC power supply in an SSG 550 device, perform the following steps: 1. Attach an ESD grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the SSG device is disconnected from earth ground. -
Page 51: Removing A Dc Power Supply
Removing a DC Power Supply Before removing a DC power supply, you must shut off current to the WARNING: DC feed wires that lead to the power supply. To remove a DC power supply from a device, perform the following steps: 1. -
Page 52: Upgrading Memory
6. Turn on the current to the DC feed wires. Upgrading Memory You can upgrade an SSG 500 series device that has a single 256 MB SIMM DRAM memory module to two 512 MB modules (1 GB of memory). NOTE:... - Page 53 Figure 21: Memory Module Slots Slot 1 (256 MB memory module installed) Slot 2 Slot 3 Slot 4 Install 512 MB memory modules in either slots 1 and 3, or in slots 2 and 4. Do not NOTE: install memory modules in adjacent slots. 6.
-
Page 54: Replacing A Filter
SSG 500 Series Hardware Installation and Configuration Guide Replacing a Filter The front panel of an SSG 500 series device includes a cooling air vent. To prevent foreign particles from entering the device, the air vent includes a protective cover, and, in some cases, a filter. -
Page 55: Installing A Filter
3. Remove the filter. Figure 24: Removing/Installing Filter Installing a Filter To install a filter into the device, do the following: 1. Place the new filter into the opening over the air vent on the front of the chassis as shown in Figure 24. 2. - Page 56 SSG 500 Series Hardware Installation and Configuration Guide Replacing a Filter...
-
Page 57: Appendix A Specifications
Device weight SSG 500 series device minimum configuration (no PIMs): 23lb (10.4 kg) SSG 500 series device maximum configuration (six PIMs): 25.3 lb (11.5 kg) Electrical Specifications Table 11: Secure Services Gateway 500 Series AC Electrical Specifications... -
Page 58: Environmental Specifications
SSG 500 Series Hardware Installation and Configuration Guide Environmental Specifications Table 13: Secure Services Gateway 500 Series Environmental Tolerance Description Value Altitude No performance degradation to 10,000 ft (3048 m) Relative humidity Normal operation ensured in relative humidity range of 5% to 90%,... -
Page 59: Emc Immunity
EMC Immunity EN 55024 EN-61000-3-2 Power Line Harmonics EN-61000-3-3 Voltage Fluctuations and Flicker EN-61000-4-2 ESD EN-61000-4-3 Radiated Immunity EN-61000-4-4 EFT EN-61000-4-5 Surge EN-61000-4-6 Low Frequency Common Immunity EN-61000-4-11 Voltage Dips and Sags European Telecommunications Standards Institute (ETSI) ETSI EN-300386-2: Telecommunication Network Equipment. Electromagnetic Compatibility Requirements (equipment category Other than telecommunication centers) T1 Interface... -
Page 60: Connectors
SSG 500 Series Hardware Installation and Configuration Guide Connectors Figure 26 shows the location of the pins on the RJ-45 connector. Figure 26: RJ-45 Pinouts 1 2 3 4 5 6 7 8 Table 14 lists the RJ-45 connector pinouts. - Page 61 Figure 27 shows the location of the pins on the DB-9 female connector. Figure 27: DB-9 Female Connector Table 15 provides the DB-9 connector pinouts. Table 15: DB-9 Connector Pinouts Name Description <– Carrier Detect <– Receive Data –> Transmit Data –>...
- Page 62 SSG 500 Series Hardware Installation and Configuration Guide Table 17 lists the cables that you can order from Juniper Networks to connect to a port on the serial PIM. The device to which you are connecting and the serial interface type determine which cable you need.
- Page 63 ..........10, 14 console, using ..............22 connecting cables ............13 connecting power ............14 equipment rack ............12 date and time ..............27 installing a PIM ...............37 DC power supply ............10 installing ..............41 removing ..............41 Juniper serial cables ............7 default IP address ............25 IX-I Index...
- Page 64 SSG 500 Series Hardware Installation and Configuration Guide LAN port LEDs upgrading memory ..............4 ............42 LED dashboard ..............2 descriptions ............3, 9 LEDs WAN PIMs .................6 LAN ports ..............4 WebUI, using ..............23 PIMs ................ 5, 6 weight of device ...............1...
Need help?
Do you have a question about the SSG 500 Series and is the answer not in the manual?
Questions and answers