1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Firewall
  5. NetScreen-204
  6. User manual

Juniper NetScreen-204 User Manual

Netscreen-200 series
Hide thumbs Also See for NetScreen-204:
Table of Contents

Advertisement

Quick Links

1
6
 6
(7
&5((1
(5,(6
8VHU·V *XLGH
Version 5.0
P/N 093-1253-000
Rev. A

Advertisement

Table of Contents
loading

Related Manuals for Juniper NetScreen-204

Summary of Contents for Juniper NetScreen-204

  • Page 1  6 &5((1 (5,(6 8VHU·V *XLGH Version 5.0 P/N 093-1253-000 Rev. A...
  • Page 2 NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and registered trademarks are the property of their respective companies.
  • Page 3 &RQWHQWV 3UHIDFHY *XLGH 2UJDQL]DWLRQ Y &RPPDQG /LQH ,QWHUIDFH &/, &RQYHQWLRQV  YL -XQLSHU 1HWZRUNV 1HW6FUHHQ 3XEOLFDWLRQV  YL &KDSWHU  2YHUYLHZ   1HW6FUHHQ 6\VWHPV  1HW6FUHHQ 'HYLFH   1HW6FUHHQ 'HYLFH   7KH )URQW 3DQHO  6\VWHP 6WDWXV /(' 'LVSOD\   $VVHW 5HFRYHU\ 3LQKROH  &RQVROH DQG 0RGHP 3RUWV  &RPSDFW )ODVK &DUG 6ORW  ...
  • Page 4 Contents (VWDEOLVKLQJ D 7HUPLQDO (PXODWRU &RQQHFWLRQ  &KDQJLQJ <RXU $GPLQ 1DPH DQG 3DVVZRUG   6HWWLQJ 3RUW DQG ,QWHUIDFH ,3 $GGUHVVHV   9LHZLQJ &XUUHQW ,QWHUIDFH 6HWWLQJV  6HWWLQJ WKH ,3 $GGUHVV RI WKH 0DQDJHPHQW ,QWHUIDFH  6HWWLQJ WKH ,3 $GGUHVV IRU WKH 8QWUXVW =RQH ,QWHUIDFH  $OORZLQJ 2XWERXQG 7UDIILF  &RQILJXULQJ WKH 'HYLFH IRU 7HOQHW DQG :HE8, 6HVVLRQV  6WDUWLQJ D &RQVROH 6HVVLRQ 8VLQJ 7HOQHW  ...
  • Page 5 The NetScreen-200 Series includes the following device models: • The NetScreen-204, which has four 10/100 Base-T interface ports and performs firewall functions at 400 Mbps • The NetScreen-208, which has eight 10/100 Base-T interface ports and performs...
  • Page 6 To obtain the latest software version, visit: www.netscreen.com/services/download_soft. Select a category of software product from the dropdown list, then follow the displayed instructions. (You must be a registered user to download Juniper Networks Netscreen software.) If you find any errors or omissions in the following content, please contact us at the e-mail address below: techpubs@netscreen.com...

  • Page 7: Table Of Contents

    This chapter provides detailed descriptions of the NetScreen-200 Series system devices and their components. Topics in this chapter include: • “NetScreen-200 Systems” on page 2 – “NetScreen-204 Device” on page 2 – “NetScreen-208 Device” on page 2 • “The Front Panel” on page 3 –...

  • Page 8: Netscreen-204 Device

    This NetScreen-200 Series currently includes the NetScreen-204 device and the NetScreen-208 device. 1HW6FUHHQ 'HYLFH The NetScreen-204 is a chassis-based, rack-mountable network security device with four ethernet 10/100 Base-T interface ports. The figure below shows a NetScreen-204 device. System Status LEDs Asset Recovery Console Modem...

  • Page 9: The Front Panel

    The Front Panel 5217 $1(/ The features shared in common by NetScreen-204 and NetScreen-208 devices include: • A System Status LED display • An Asset Recovery Pinhole • A Console port • A Modem port • A Compact Flash Card Slot •...
  • Page 10 Chapter 1 Overview Alarm System Alarm Critical alarm: • Failure of hardware component or software module (such as a cryptographic algorithm). • Firewall attacks detected. amber Major alarm: • Low memory (less than 10% remaining). • High CPU utilization (more than 90% in use). •...
  • Page 11 The Front Panel &RQVROH DQG 0RGHP 3RUWV The Console port is an RJ-45 serial console port connector, for vt100 terminal emulator programs to perform local configuration and administration. The Modem port is an RJ-45 serial console port connector, for establishing remote console sessions using dialup connections through a 9600 bps modem connected via an RS-232 cable.
  • Page 12 Chapter 1 Overview (WKHUQHW ,QWHUIDFHV Each Ethernet port is a 10/100 auto-sensing interface with two link LEDs. The left LED indicates network traffic, and the right LED indicates an active network link. Network Traffic: Network Link: Blinking = link activity On = link is up Off = link is down $1(/...

  • Page 13: The Rear Panel

    The Rear Panel 3RZHU )XVH Each NetScreen-200 Series device uses a 2.5 Amp, slow-blow power fuse rated for 250 Volts. To replace a fuse on a NetScreen-200 Series device: Take the device off-line by turning the power switch OFF and disconnecting the power cable.
  • Page 14 Chapter 1 Overview User’s Guide...
  • Page 15 8uhƒ‡r…Ã! ,QVWDOOLQJ WKH 'HYLFH This chapter describes how to install a device in an equipment rack or on a desktop, and how to connect the device to other devices. Topics in this chapter include: • “General Installation Guidelines” on page 10 •...
  • Page 16 Chapter 2 Installing the Device (1(5$/ 167$//$7,21 8,'(/,1(6 Observing the following precautions can prevent injuries, equipment failures and shutdowns. • Never assume that the power supply is disconnected from a power source. Always check first. • Room temperature might not be sufficient to keep equipment at acceptable temperatures without an additional circulation system.
  • Page 17 Connecting the Power There are two ways to rack-mount the NetScreen-200 Series: • Front mount • Mid-mount )URQW 0RXQW To front mount the NetScreen-200 Series device on your equipment rack: Screw the front mount bracket to the side of the chassis. Screw the front mount bracket to the rack, as shown below.
  • Page 18 Chapter 2 Installing the Device '& 3 ,5,1* $ 2:(5 833/< The DC power supply, ON/OFF switch, grounding screw, and terminal blocks, are located in the back of the chassis of the power supply unit. Power Switch Grounding Screw DC Power Terminal Blocks Warning: You must shut off the current to the DC feed wires before connecting the wires to...
  • Page 19 (9,&(6 To connect the device, use the ethernet interfaces (ethernet1 through ethernet4 on the NetScreen-204, or ethernet1 through ethernet8 on the NetScreen-208). The purpose of each interface depends upon the security zone to which it is bound. By default, the zone and interface bindings are as follows: •...
  • Page 20 Chapter 2 Installing the Device User’s Guide...
  • Page 21 Initial Configuration Wizard appears when you log in to the WebUI. This Wizard guides you through the configuration described in this chapter. For more information about starting the Initial Configuration Wizard, refer to the Juniper Networks NetScreen-200 Series Getting Started Guide.
  • Page 22 Chapter 3 Configuring the Device 3(5$7,21$/ 2'(6 The NetScreen-200 Series device supports two device modes: Transparent mode and Route mode. The default mode is Route. 7UDQVSDUHQW 0RGH In Transparent mode, the NetScreen-200 device operates as a Layer-2 bridge. Because the device cannot translate packet IP addresses, it cannot perform Network Address Translation (NAT).

  • Page 23: The Netscreen-200 Series Device Interfaces

    • ethernet3 Bound to the Untrust security zone by default. Connect this interface using a twisted pair cable with RJ-45 connectors. • ethernet4 On NetScreen-204, bound to HA zone by default. On NetScreen- 208, bound to the Null zone by default.
  • Page 24 Chapter 3 Configuring the Device & 211(&7,1* 7+( (9,&( $6 $ ,1*/( (&85,7< $7(:$< There are many ways to connect a NetScreen-200 Series device to your network system. In most cases, the device serves as a single security gateway that protects at least one LAN (usually connected to the device from a switch or a hub).

  • Page 25: Connecting The Device As A Single Security Gateway

    Trust Zone DMZ Zone 3HUIRUPLQJ 'HYLFH &RQQHFWLRQ The NetScreen-204 device has four ethernet interfaces and the NetScreen-208 has eight. The default vlan1 IP address and subnet mask of these interfaces is 192.168.1.1/24. Note: If you have multiple NetScreen-200 Series devices, install and configure them one at a time.
  • Page 26 Should one device fail, the other takes over the traffic processing. Note: For the NetScreen-204, the default HA interface is ethernet4. For the NetScreen-208, the default HA interface is ethernet8. (Each is bound to the HA security zone.) The following diagram shows a typical HA setup for NetScreen-208 devices.

  • Page 27: Establishing An Ha Connection Between Devices

    If one power source fails, the other source might still be operative. If your device is a NetScreen-204, connect a 10/100 Base-T cable from the ethernet4 on Device 1 to the ethernet4 port on Device 2.
  • Page 28 Chapter 3 Configuring the Device 6ZLWFKHV Cable together the switches labeled “Switch 3” and “Switch 4.” Cable together the switches labeled “Layer 3 switch 1” and “Layer 3 switch 2.” Cable the switches labeled “Layer 3 switch 1” and “Layer 3 switch 2” to routers. Note: The switch ports must be defined as 802.1Q trunk ports, and the external routers must be able to use either Hot Standby Router Protocol (HSRP) or...

  • Page 29: Performing Initial Connection And Configuration

    Performing Initial Connection and Configuration At the password prompt, type netscreen. Note: Use lowercase letters only. Both login and password are case-sensitive. (Optional) By default, the console times out and terminates automatically after 10 minutes of idle time. To change this timeout interval, execute the following command: set console timeout number where number is the length of idle time in minutes before session termination.
  • Page 30 Chapter 3 Configuring the Device 6HWWLQJ WKH ,3 $GGUHVV RI WKH 0DQDJHPHQW ,QWHUIDFH To make an interface work as the management interface, you must set the IP address and subnet mask to the same address range as your computer (or LAN). Use the CLI save command to save your configuration changes.

  • Page 31: Configuring The Device For Telnet And Webui Sessions

    Configuring the Device for Telnet and WebUI Sessions $OORZLQJ 2XWERXQG 7UDIILF By default, the NetScreen-200 Series device does not allow inbound or outbound traffic, nor does it allow traffic to or from the DMZ. To permit (or deny) traffic, you must create access policies.
  • Page 32 Chapter 3 Configuring the Device (Optional) By default, the console times out and terminates automatically after 10 minutes of idle time. To change this timeout interval, execute the following command: set console timeout number where number is the length of idle time in minutes before session termination. To prevent any automatic termination, specify a value of 0.
  • Page 33 Configuring the Device for Telnet and WebUI Sessions The NetScreen WebUI application window appears. Note: NetScreen-Security Manager 2004 (NSM) and NetScreen Rapid Deployment (RD): If you are using NSM, you can optionally configure NetScreen appliances with RD. Refer to the Rapid Deployment Getting Started Guide for more information.
  • Page 34 Chapter 3 Configuring the Device 66(7 (&29(5< If you lose the admin password, you can use one of the following procedures to reset the NetScreen device to its default settings. This destroys any existing configurations, but restores access to the device. Warning: Resetting the device will delete all existing configuration settings, and the firewall and VPN service will be rendered inoperative.

  • Page 35: Asset Recovery

    Asset Recovery 8VLQJ WKH $VVHW 5HFRYHU\ 3LQKROH WR 5HVHW WKH 'HYLFH You can also reset the device and restore the factory default settings by pressing the asset recovery pinhole. To perform this operation, you need to make a console connection, as described in “Establishing a Terminal Emulator Connection”...
  • Page 36 Chapter 3 Configuring the Device User’s Guide...
  • Page 37 6ƒƒrqv‘Ã6 6SHFLILFDWLRQV This appendix provides general system specifications for the NetScreen-200 Series devices. • “NetScreen-200 Attributes” on page A-II • “Electrical Specification” on page A-II • “Environmental” on page A-II • “Safety Certifications” on page A-II • “EMI Certifications” on page A-II NetScreen-200 Series...
  • Page 38 Appendix A Specifications  $ &5((1 775,%87(6 Height:1.73 inches (4.4 cm) Depth:10.8 inches (27.4 cm) Width:17.5 inches (44.5 cm) Weight: 8 pounds (36 hg) /(&75,&$/ 3(&,),&$7,21 AC voltage:100-240 VAC +/- 10% DC voltage:-36 to -60 VDC AC Watts:45 Watts DC Watts:50 Watts Fuse Rating:2.5Amps / 250Volts 19,5210(17$/ Temperature...
  • Page 39 RJ45 connectors 5, multiple devices twisted pair 13, cabling network interfaces power supply NetScreen Publications changing login and password NetScreen-204/208 changing timeout 23, about compact flash card slot connecting configuration, multiple devices connecting power supply password...
  • Page 40 Index session transparent mode establishing using a dialup connection ventilation viewing port settings IX-II User’s Guide...

This manual is also suitable for:

Netscreen-208

Table of Contents