N
ET
S
CREEN
-200 S
ERIES
User’s Guide
Version 5.0
P/N 093-1253-000
Rev. C
Page 1: ...NETSCREEN 200 SERIES User s Guide Version 5 0 P N 093 1253 000 Rev C ...
Page 2: ...ications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to correct the interference at their own expense The following information is for FCC compliance of Class B devices The equipment described in this manual generates and may radiate radio frequency energy If it is not installed in accordance with NetScreen s instal...
Page 3: ...hapter 2 Installing the Device 9 General Installation Guidelines 10 Performing Equipment Rack Installation 10 Equipment Rack Installation Guidelines 10 Front Mount 11 Mid Mount 11 Connecting the Power 11 Wiring a DC Power Supply 12 Connecting the NetScreen 200 Device to Other Devices 13 Chapter 3 Configuring the Device 15 Operational Modes 16 Transparent Mode 16 Route Mode 16 The NetScreen 200 Ser...
Page 4: ... Outbound Traffic 25 Configuring the Device for Telnet and WebUI Sessions 25 Starting a Console Session Using Telnet 25 Starting a Console Session Using Dialup 26 Establishing a GUI Management Session 26 Asset Recovery 28 Using CLI Commands to Reset the Device 28 Using the Asset Recovery Pinhole to Reset the Device 29 Appendix A Specifications A I NetScreen 200 Attributes A II Electrical Specifica...
Page 5: ...e T interface ports and performs firewall functions at 550 Mbps All NetScreen 200 Series 10 100 Base T ports perform auto speed sensing and auto polarity correction GUIDE ORGANIZATION This manual has three chapters and one appendix Chapter 1 Overview provides a detailed overview of the system and its components Chapter 2 Installing the Device describes how to rack mount the NetScreen 200 systems a...
Page 6: ... the get system command to display the serial number of a NetScreen device JUNIPER NETWORKS NETSCREEN PUBLICATIONS To obtain technical documentation for any Juniper Networks NetScreen product visit www juniper net techpubs For technical support open a support case using the Case Manager link at http www juniper net support or call 1 888 314 JTAC within the United States or 1 408 745 9500 outside t...
Page 7: ...ge 3 Asset Recovery Pinhole on page 4 Console and Modem Ports on page 5 Compact Flash Card Slot on page 5 Ethernet Interfaces on page 6 The Rear Panel on page 6 Power Supplies on page 6 Power Fuse on page 7 Note For safety warnings and instructions please refer to the NetScreen Safety Guide The instructions in this guide warn you about situations that could cause bodily injury Before working on an...
Page 8: ...ase T interface ports The figure below shows a NetScreen 204 device NetScreen 208 Device The NetScreen 208 is a chassis based rack mountable network security device with eight ethernet 10 100 Base T interface ports The figure below shows a NetScreen 208 device System Status LEDs Asset Recovery Pinhole Console Port Modem Port Compact Flash Card Slot Ethernet Interfaces System Status LEDs Asset Reco...
Page 9: ...ntains six LEDs The information revealed by each LED is as follows LED Name Purpose Color Meaning Power Power Supply green Power supply is functioning correctly off The device is not receiving power Status System Status amber At initial power up green At startup and while performing diagnostics blinking green Normal operation blinking red Error detected HA High Availability Status green Unit is th...
Page 10: ... Low memory less than 10 remaining High CPU utilization more than 90 in use Session full Maximum number of VPN tunnels reached HA redundant group member not found off No alarms Status Session Utilization amber Session utilization is between 70 and 90 red Session utilization is greater than 90 off Normal operation Flash Memory Card Status green The card is installed blinking green Read write activi...
Page 11: ... connection definitions To employ a standard UART port both the console and the modem ports use this configuration Compact Flash Card Slot The NetScreen 200 Series supports CompactFlash cards with a variety of memory capacities NetScreen has tested SanDisk 96MB and 512MB cards The NetScreen device automatically detects the presence of a flash card and records the system log to it DB9 Signal Abbrev...
Page 12: ...device can have an AC power supply or a DC power supply The DC power supply can operate on one or two DC feeds ranging from 36V to 60V When you use two feeds they share the load If one feed fails the other automatically assumes the full load The internal fuse for the DC power supply is a 3 15A 250V fast acting fuse This is not replaceable Note Certain export restrictions may apply to international...
Page 13: ...Series device 1 Take the device off line by turning the power switch OFF and disconnecting the power cable 2 Using a screwdriver separate the lid of the external fuse cover from the surface of the power outlet 3 Gently remove the fuse assembly 4 Slide the new fuse into the opening until the fuse clicks into place 5 Replace the power cable then turn the device power switch ON ...
Page 14: ...Chapter 1 Overview 8 User s Guide ...
Page 15: ...llation Guidelines on page 10 Front Mount on page 11 Mid Mount on page 11 Connecting the Power on page 11 Wiring a DC Power Supply on page 12 Connecting the NetScreen 200 Device to Other Devices on page 13 Note For safety warnings and instructions please refer to the NetScreen Safety Guide The instructions in this guide warn you about situations that could cause bodily injury Before working on any...
Page 16: ...ck or wiring room are crucial for proper system operation Use the following guidelines while configuring your equipment rack Enclosed racks must have adequate ventilation An enclosed rack should have louvered sides and a fan to provide cooling air When mounting a chassis in an open rack ensure that the rack frame does not block the intake or exhaust ports If you install the chassis on slides check...
Page 17: ...ssis 2 Screw the front mount bracket to the rack as shown below Mid Mount To mid mount the NetScreen 200 Series device on your equipment rack 1 Screw the mid mount bracket to the side of the chassis 2 Screw the mid mount bracket to the rack as shown below CONNECTING THE POWER To connect the power supply to the NetScreen 200 Series device 1 Plug the female end of a power cable into the male power r...
Page 18: ...NetScreen 200 Series devices can operate on one or two feeds To connect DC power feeds to the terminal blocks 1 Strip the ends of the power cables 2 Loosen the three screws in the top of the block These are captive screws which you cannot completely remove 3 Insert the 48V DC power feed wires into the two outside receptacles of the terminal block 4 Insert the 0V DC feed wires into the center recep...
Page 19: ...lows ethernet1 is bound to the Trust security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet2 is bound to the DMZ security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet3 is bound to the Untrust security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet...
Page 20: ...Chapter 2 Installing the Device 14 User s Guide ...
Page 21: ... WebUI Sessions on page 25 Starting a Console Session Using Telnet on page 25 Starting a Console Session Using Dialup on page 26 Establishing a GUI Management Session on page 26 Asset Recovery on page 28 Note You must register your product at www juniper net support so that certain ScreenOS services such as the Deep Inspection Signature Service can be activated on the device After registering your...
Page 22: ...gement according to configured security policies Route Mode In Route mode the NetScreen 200 device operates at Layer 3 Because you can configure each interface using an IP address and subnet mask you can configure individual interfaces to perform NAT When the interface performs NAT services the device translates the source IP address of each outgoing packet into the IP address of the untrusted por...
Page 23: ...ce using a twisted pair cable with RJ 45 connectors ethernet2 Bound to the DMZ security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet3 Bound to the Untrust security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet4 On NetScreen 204 bound to HA zone by default On NetScreen 208 bound to the Null zone b...
Page 24: ... single security gateway that protects at least one LAN usually connected to the device from a switch or a hub Connectivity Examples In the following example a NetScreen 208 device connects to the protected LAN through ethernet1 bound to the Trust security zone The device connects externally to a router through ethernet3 bound to the Untrust security zone Router Internet ethernet3 Untrust Zone eth...
Page 25: ...00 Series network connections 1 Place the NetScreen 200 Series device in a rack or on a desktop 2 Confirm that the power connection to the device is turned OFF 0 pressed in 3 Connect the provided power cable from the power outlet to the power supply 4 Connect the device to the network see examples above 5 Turn the NetScreen 200 device power switch ON then turn the other network device power switch...
Page 26: ...ch other Should one device fail the other takes over the traffic processing The following diagram shows a typical HA setup for NetScreen 208 devices Note For the NetScreen 204 the default HA interface is ethernet4 For the NetScreen 208 the default HA interface is ethernet8 Each is bound to the HA security zone Router Router Layer 3 Switch 2 Layer 3 Switch 1 To ethernet3 To ethernet3 To ethernet2 T...
Page 27: ...Device 1 connect a 10 100 Base T cable from ethernet2 to the switch labeled DMZ 7 On Device 1 connect a 10 100 Base T cable from ethernet3 to the switch labeled Layer 3 switch 1 Device 2 8 On Device 2 connect a 10 100 Base T cable from ethernet1 to the switch labeled Switch 4 9 On Device 2 connect a 10 100 Base T cable from ethernet2 to the switch labeled DMZ 10 On Device 2 connect a 10 100 Base T...
Page 28: ... cable into the serial port of your computer Be sure that the DB 9 is seated properly by screwing in the thumbscrews 2 Plug the RJ 45 end of the cable into the Console port of the NetScreen 200 Series device Be sure that the RJ 45 clip snaps into the port and is seated properly 3 Launch a Command Line Interface CLI session between your computer and the NetScreen 200 device using a standard serial ...
Page 29: ...to change your admin name and password immediately Enter the following commands set admin name name_str set admin password pswd_str save For information on creating different levels of administrators see Administration in the NetScreen Concepts Examples ScreenOS Reference Guide Setting Port and Interface IP Addresses Through the CLI you can execute commands that set IP address and subnet mask valu...
Page 30: ... interface by executing the following command set interface ethernet1 manage 4 Optional To confirm the new interface settings execute the following command get interface ethernet1 Setting the IP Address for the Untrust Zone Interface The NetScreen 200 Series device usually communicates with external devices through an interface bound to the Untrust zone such as ethernet3 To allow an interface to c...
Page 31: ...Screen 200 Series device In addition you can start management sessions using the NetScreen WebUI a web based GUI management application Starting a Console Session Using Telnet To establish a Telnet session with the NetScreen 200 Series device 1 Connect an RJ 45 cable from ethernet1 to the internal switch router or hub in your LAN see Connecting the Device as a Single Security Gateway on page 18 2 ...
Page 32: ...n Establishing a GUI Management Session To access the NetScreen 200 Series device with the WebUI management application 1 Connect your computer or your LAN hub to the ethernet1 port using a Category 5 Ethernet cable 2 Launch your browser enter the IP address of the ethernet1 interface in the URL field and then press Enter For example if you assigned the ethernet1 interface an IP address of 10 100 ...
Page 33: ...27 The NetScreen WebUI application window appears Note NetScreen Security Manager 2004 NSM and NetScreen Rapid Deployment RD If you are using NSM you can optionally configure NetScreen appliances with RD Refer to the Rapid Deployment Getting Started Guide for more information ...
Page 34: ...e will be erased In addition a permanent counter will be incremented to signify that this device has been reset This is your last chance to cancel this command If you proceed the device will return to factory default configuration which is System IP 192 168 1 1 username netscreen password netscreen Would you like to continue y n 4 Press the y key to reset the device You can now login in using nets...
Page 35: ...ks green The serial console message now reads Waiting for 2nd confirmation 2 Release the button for one second 3 Push the button again for four to six seconds A serial console message states Second push has been confirmed The Status LED lights amber for one half second then returns to the blinking green state Continue to press the button until the message Configuration Erase sequence accepted unit...
Page 36: ...Chapter 3 Configuring the Device 30 User s Guide ...
Page 37: ...is appendix provides general system specifications for the NetScreen 200 Series devices NetScreen 200 Attributes on page A II Electrical Specification on page A II Environmental on page A II Safety Certifications on page A II EMI Certifications on page A II ...
Page 38: ...250Volts ENVIRONMENTAL The maximum normal altitude is 0 12 000 ft 0 3 660 m NEBS CERTIFICATIONS Level 3 NetScreen 208 with DC power GR 63 Core NEBS Environmental Testing GR 1089 Core EMC and Electrical Safety for Network Telecommunications Equipment SAFETY CERTIFICATIONS UL CUL CSA CB Austel CE EMI CERTIFICATIONS FCC class A BSMI CE class A C Tick VCCI class A Temperature Operating Non operating N...
Page 39: ...y wiring 12 dialup connection 26 G guide organization v H high availability establishing an HA connection 20 I installation guidelines 10 IP address conflicts 19 L LEDs 6 link lights 6 19 logging on 26 login changing 23 M management port setting an IP address 23 management session 26 mounting rear and front rack installation 11 multiple devices 19 N NetScreen Publications vi NetScreen 204 208 abou...
Page 40: ...Index IX II User s Guide S session establishing 22 using a dialup connection 26 T transparent mode 16 V ventilation 10 viewing port settings 23 ...
