Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 281

Copyright © 2010, Juniper Networks, Inc.
Next, bind the interfaces. Configure ethernet1/1 in the shared internal zone, assign IP
address 10.1.0.1/16, and select NAT mode. Configure ethernet1/2 in the shared untrust
zone and assign it IP address 210.1.1.1/24. Finally, configure the default gateway in the
untrust zone as 210.1.1.250.
Add an ISG2000 security device running ScreenOS 5.2 as the root system, and then
1.
configure the network module:
Double-click the device to open the device configuration. In the device navigation
tree, select Network > Slot.
Double-click slot 1 to display the slot configuration dialog box. For Card Type, select
8 Interfaces (10/100).
Click OK to save the slot configuration.
2.
Add the following vsys devices (all use default virtual router):
3.
vsys1
vsys2
vsys3
In the device navigation tree, select Network > Virtual Routers, and then double-click
trust-vr. Ensure that Shared Virtual Router is selected, and then click OK.
In the device navigation tree, select Network > Zones. Click the Add icon and select
4.
New Security Zone. In the Zone General Properties, configure the following settings:
For Name, enter internal.
For Virtual Router, select trust-vr.
Select Shared. When selected, the option IP Classification appears in the zone
navigation tree.
In the zone navigation tree, select IP Classification, and then configure the following
settings:
Select Enabled.
Right-click in the IP Classification screen and select New. The New IP Classification
5.
list appears. Configure the following settings, and then click OK:
For Vsys, select vsys1.
Select Subnet.
For IP Address and Netmask, enter 10.1.1.0/24.
Right-click in the IP Classification screen and select New. The New IP Classification
list appears. Configure the following settings, and then click OK:
For Vsys, select vsys2.
Chapter 8: Configuring VPNs
257