background image

Chapter 3 Configuring the Device

12

User’s Guide

2

3(5$7,21$/

0

2'(6

The NetScreen-50 device supports two operational modes: Transparent and Route mode. 
The default mode is Route.

7UDQVSDUHQW0RGH

In Transparent mode, the NetScreen-50 device operates as a Layer-2 bridge. Because the 
device cannot translate the IP addresses of packets, it cannot perform Network Address 
Translation (NAT). Consequently, for the device to access the Internet, any IP address in 
your trusted (local) networks must be routable and accessible from untrusted (external) 
networks.

In Transparent mode, the IP addresses for Trust and Untrust zones are 0.0.0.0, thus 
making the NetScreen device invisible to the network. However, the device can still 
perform firewall, VPN, and traffic management according to configured security policies.

5RXWH0RGH

In Route mode, the NetScreen-50 device operates at Layer 3. Because you can configure 
each interface using an IP address and subnet mask, you can configure individual 
interfaces to perform NAT.

When the interface performs NAT services, the device translates the source IP 
address of each outgoing packet into the IP address of the untrusted port. It also 
replaces the source port number with a randomly-generated value.

When the interface does not perform NAT services, the source IP address and 
port number in each packet header remain unchanged. Therefore, to reach the 
Internet your local hosts must have routable IP addresses.

For more information on NAT, see the NetScreen Concepts & Examples ScreenOS 
Reference Guide
.

Important:  

Performing the setup instructions below configures your device in Route 

mode. To configure your device in Transparent mode, see the NetScreen Concepts & 
Examples ScreenOS Reference Guide.

Summary of Contents for NetScreen-50

Page 1: ...1 76 5 1 8VHU V XLGH Version 5 0 P N 093 1249 000 Rev A...

Page 2: ...ications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to correct the interference at their own expense The following i...

Page 3: ...LHV DQG 5HTXLUHG 7RROV 1HW6FUHHQ 5DFN 0RXQW KDSWHU RQILJXULQJ WKH HYLFH 2SHUDWLRQDO 0RGHV 7UDQVSDUHQW 0RGH 5RXWH 0RGH 7KH 1HW6FUHHQ QWHUIDFHV RQQHFWLQJ WKH HYLFH WR D 1HWZRUN VWDEOLVKLQJ DQ RQQHFWLRQ...

Page 4: ...RQWHQWV LY 8VHU V XLGH OHFWULFDO 6SHFLILFDWLRQ QYLURQPHQWDO 6DIHW HUWLILFDWLRQV 0 HUWLILFDWLRQV RQQHFWRUV QGH...

Page 5: ...Overview provides an overview of the system its ports and power requirements Chapter 2 Installing the Device details how to install the NetScreen 50 device on a desktop or in a rack Chapter 3 Configur...

Page 6: ...number of a NetScreen device 81 3 5 1 7 25 6 1 76 5 1 38 7 216 To obtain technical documentation for any Juniper Networks NetScreen product visit www netscreen com resources manuals To obtain the lat...

Page 7: ...and Modem Ports on page 4 Compact Flash Card Slot on page 4 Ethernet Interfaces on page 5 The Rear Panel on page 5 Note For safety warnings and instructions please refer to the NetScreen Safety Guide...

Page 8: ...uch as HyperTerminal A modem port A Compact Flash card slot for storage of system images configuration files keys and logs Four Ethernet ports for connecting the NetScreen 50 device to your LAN or loc...

Page 9: ...full Sessions full Maximum number of VPN tunnels reached Firewall attacks detected off No alarms Status System Status blinking green Normal operation green Booting up normally HA High Availability HA...

Page 10: ...ART port both the console and the modem ports must use this configuration RPSDFW ODVK DUG 6ORW The Compact Flash slot is for downloading or uploading system software or configurations This slot can ac...

Page 11: ...he left LED indicates network traffic activity and the right LED indicates if the link is up the port is connected to an active device 7 5 5 3 1 The rear panel of the NetScreen 50 device contains the...

Page 12: ...Chapter 1 Overview 6 User s Guide...

Page 13: ...ack Installation Guidelines on page 8 Equipment Rack Accessories and Required Tools on page 9 NetScreen 50 Rack Mount on page 9 Note For safety warnings and instructions please refer to the NetScreen...

Page 14: ...standard 19 inch equipment rack TXLSPHQW 5DFN QVWDOODWLRQ XLGHOLQHV The location of the chassis the layout of the equipment rack and the security of your wiring room are crucial for proper system oper...

Page 15: ...t provided 4 screws to match the rack if the thread size of the screws provided in the NetScreen 50 product package do not fit the thread size of the rack The included rack mount bracket kit 1HW6FUHHQ...

Page 16: ...Chapter 2 Installing the Device 10 User s Guide...

Page 17: ...s please refer to the NetScreen Safety Guide The instructions in this guide warn you about situations that could cause bodily injury Before working on any equipment be aware of the hazards involved wi...

Page 18: ...rding to configured security policies 5RXWH 0RGH In Route mode the NetScreen 50 device operates at Layer 3 Because you can configure each interface using an IP address and subnet mask you can configur...

Page 19: ...ecurity zone by default you can bind it to another zone as required ethernet1 Bound to the Trust zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet2 Bound...

Page 20: ...e NetScreen 50 power outlet at the rear of the device and to a power source 4 Connect an RJ 45 cross over cable from the Trust zone interface Ethernet port 1 to the internal switch router or hub 5 Con...

Page 21: ...on page 5 67 6 1 1 211 7 21 7 1 9 6 To assure continuous traffic flow in the event of system failure you can cable and configure two NetScreen devices in a redundant cluster The devices propagate all...

Page 22: ...r 3 switch 2 6ZLWFKHV 9 Cable together the switches labeled Switch 3 and Switch 4 10 Cable together the switches labeled Layer 3 switch 1 and Layer 3 switch 2 11 Cable the switches labeled Layer 3 swi...

Page 23: ...NetScreen 50 device and the serial port on your PC 2 Start the vt100 terminal emulator program on your PC Typical settings for a console session are as follows Baud Rate to 9600 Parity to No Data Bits...

Page 24: ...or example to set the IP address and subnet mask of the Trust zone interface to 10 100 2 183 and 16 respectively set interface ethernet1 ip 10 100 2 183 16 3 To confirm the new port settings execute t...

Page 25: ...trusted network to any point on the untrusted network set policy from trust to untrust any any any permit Save you access policy configuration with the following command save You can also use the Outg...

Page 26: ...in both the Admin Name and Password fields then click Login Use lowercase letters only The Admin Name and Password fields are both case sensitive The NetScreen WebUI application window appears 66 7 5...

Page 27: ...l be incremented to signify that this device has been reset This is your last chance to cancel this command If you proceed the device will return to factory default configuration which is System IP 19...

Page 28: ...ole message now reads Waiting for 2nd confirmation 2 Release the button for one second 3 Push the button again for four to six seconds A serial console message states Second push has been confirmed Th...

Page 29: ...er switch OFF and disconnect the power cable 2 Using a screwdriver separate the lid of the external fuse cover from the surface of the power outlet 3 Manually remove the fuse assembly from the device...

Page 30: ...Chapter 4 Replacing the Fuse 24 User s Guide...

Page 31: ...ides general system specifications for the NetScreen 50 device NetScreen 50 Attributes on page A II Electrical Specification on page A II Environmental on page A II Safety Certifications on page A II...

Page 32: ...100 240 VAC 10 DC voltage 36 to 60 VDC Maximum AC Watts 45 Watts Maximum DC Watts 50 Watts Fuse Rating 2 5 Amp 250 Volts 19 5210 17 The maximum normal altitude is 12 000 ft 0 3 660 m 6 7 57 7 216 UL C...

Page 33: ...are compatible with the IEEE 802 3 Type 10 100 Base T standard The following table describes the media type and distance for these connectors Standard Media Type Mhz Km Rating Maximum Distance 100Bas...

Page 34: ...Appendix A Specifications A IV User s Guide...

Page 35: ...nging timeout 17 19 initiating a session 17 console port 4 guide organization v HA connection 16 installation guidelines 8 LEDs alarm 3 Flash 3 HA 3 power 3 session 3 status 3 0 management software lo...

Page 36: ...Index IX 2 User s Guide...

Reviews: