Chapter 3 Configuring the Device
10
User’s Guide
O
PERATIONAL
M
ODES
The NetScreen-5XT supports two operational modes: Transparent mode and Route mode.
The default mode is Route.
Transparent Mode
In Transparent mode, the NetScreen-5XT operates as a Layer-2 bridge. Because the
NetScreen-5XT cannot translate packet IP addresses, it cannot perform Network Address
Translation (NAT). Consequently, for the NetScreen-5XT to access the Internet, any IP
address in your trusted (local) networks must be routable and accessible from untrusted
(external) networks.
In Transparent mode, the IP addresses of the zone interfaces are 0.0.0.0, thus making the
NetScreen-5XT invisible to the network. However, it can still perform firewall, VPN, and
traffic management according to configured security policies.
Route Mode
In Route mode, the NetScreen-5XT operates at Layer 3. Because you can configure each
interface using an IP address and subnet mask, you can configure individual interfaces to
perform NAT.
•
When the interface performs NAT services, the NetScreen-5XT translates the
source IP address of each outgoing packet into the IP address of the untrusted
port. It also replaces the source port number with a randomly-generated value.
•
When the interface does not perform NAT services, the source IP address and
port number in each packet header remain unchanged. Therefore, to reach the
Internet your local hosts must have routable IP addresses.
For more information on NAT, see the NetScreen Concepts & Examples ScreenOS
Reference Guide.
Important:
Performing the setup instructions below configures your NetScreen-5XT in
Route mode. To configure it in Transparent mode, see the NetScreen Concepts & Examples
ScreenOS Reference Guide.
