Example: Configuring A Loopback Interface (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

Example: Configuring a Loopback Interface (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
For Zone, select Trust.
Click OK to save your changes.
5.
Setting Interface Properties Using the General Properties Screen on page 53
Interface Network Address Translation Methods on page 62
Example: Configuring an Aggregate Interface (NSM Procedure) on page 77
A loopback interface emulates a physical interface on a security device. However, unlike
a physical interface, a loopback interface is always in the up state as long as the device
on which it resides is up. You might want to use a loopback interface as:
The management interface—You can manage the device using either the IP address
of a loopback interface or the manage IP address that you assign to a loopback
interface.
A virtual security interface (VSIs) for NSRP—The physical state of the VSI on the
loopback interface is always up. The interface can be active or not, depending upon
the state of the VSD group to which the interface belongs.
A source interface for specific traffic (such as syslog packets) that originates from the
device—When you define a source interface for an application, the specified source
interface address is used instead of the outbound interface address to communicate
with an external device.
Loopback interfaces are named loopback.id_num, where id_num is a number greater than
or equal to 1 (the maximum id_num value you can specify is platform-specific) and
denotes a unique loopback interface on the device. Like a physical interface, you must
assign an IP address to a loopback interface and bind it to a security zone.
NOTE: You cannot bind a loopback interface to a HA zone, nor can you
configure a loopback interface for Layer 2 operation or as a
redundant/aggregate interface. You cannot configure the following features
on loopback interfaces: NTP, DNS, VIP, secondary IP, track IP, or WebAuth.
After defining a loopback interface, you can then define other interfaces as members of
its group. Traffic can reach a loopback interface if it arrives through one of the interfaces
in its group. Any interface type can be a member of a loopback interface group—physical
interface, subinterface, tunnel interface, redundant interface, or VSI.
In this example, you create the loopback interface loopback.1, bind it to the Untrust zone,
and assign the IP address 1.1.1.27/24 to it.
To configure a loopback interface:
Add a device.
1.
Chapter 3: Network Settings
79