manualshive.com logo in svg

Juniper SSG 20-WLA, Hardware Installation And Configuration Manual

Share
Download
Juniper SSG 20-WLA Hardware Installation And Configuration Manual Download Page 1

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Part Number: 530-015646-01, Revision  Beta3

Security Products

Secure Services Gateway (SSG) 20

Hardware Installation and Configuration Guide- Beta3

ScreenOS Version 5.4.0

1-888-314-JTAC

 (1-888-314-5822 - toll free in U.S., Canada, and Mexico) 

or go to the link to request service 

http://www.juniper.net/support/requesting-support.html

Summary of Contents for SSG 20-WLA

Page 1: ...r 530 015646 01 Revision Beta3 Security Products Secure Services Gateway SSG 20 Hardware Installation and Configuration Guide Beta3 ScreenOS Version 5 4 0 1 888 314 JTAC 1 888 314 5822 toll free in U...

Page 2: ...THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITE...

Page 3: ...Module 9 Chapter 2 Installing and Connecting the Device 11 Before You Begin 11 Equipment Rack Installation 12 Connecting the Interface Cable to a Device 12 Connecting the Power 13 Connect the Device t...

Page 4: ...ultiplexing Method 32 PPPoE or PPPoA 32 Static IP Address and Netmask 33 The ISDN Interface 34 The T1 Interface 35 The E1 Interface 36 The V 92 Modem Interface 37 Basic Firewall Protections 37 Verify...

Page 5: ...Table of Contents Table of Contents v Index IX 1...

Page 6: ...vi Table of Contents SSG 20 Hardware Installation and Configuration Guide...

Page 7: ...ocol conversions between local area networks LANs and wide area networks WANs Organization This document contains the following chapters Chapter 1 Hardware Overview describes the chassis and component...

Page 8: ...appropriate dialog box where you then define objects and set parameters The set of instructions for each task is divided into navigational path and configuration settings The next figure lists the pat...

Page 9: ...port To obtain technical documentation for any Juniper Networks product visit www juniper net techpubs For technical support open a support case using the Case Manager link at http www juniper net sup...

Page 10: ...SSG 20 Hardware Installation and Configuration Guide x Obtaining Documentation and Technical Support...

Page 11: ...ardware Overview This chapter provides detailed descriptions of the SSG 20 chassis and components It contains the following sections Port and Power Connectors on this page Front Panel on page 3 Back P...

Page 12: ...d Line Interface CLI sessions RJ 45 9600 bps RS 232C serial AUX Enables a backup serial Internet connection through an external modem RJ 45 9600 bps 115 Kbps RS 232C serial Mini PIM ADSL 2 2 Enables a...

Page 13: ...again we recommend waiting a few seconds between shutting it down and powering it back up Table 2 provides the name color status and description of each system status LED Table 2 LED Descriptions Nam...

Page 14: ...there is no link activity Blinking slowly Indicates that a wireless connection is established The baud rate is proportional to the link activity Off Indicates that there is no wireless connection est...

Page 15: ...LEDs on each Ethernet port Figure 2 Activity Link LEDs Table 3 describes the Ethernet port LEDs Table 3 LAN Port LEDs Console Port The Console port is an RJ 45 serial port wired as DCE that can used...

Page 16: ...ents One cable connector port Accepts a network media connector Figure 3 shows the available mini PIMs You can install up to two mini PIMs in a device Figure 3 Mini PIMs on the SSG 20 Two to three sta...

Page 17: ...adily Indicates that there is a local or remote alarm device has detected a failure Off Indicates that there are no alarms or failures LOOP BACK Yellow On steadily Indicates that a loopback or line st...

Page 18: ...b g standards The first transceiver WLAN 0 uses the 2 4 GHz radio band which supports the 802 11b standard at 11 Mbps the 802 11g standard at 54 Mbps and 802 11 SuperG standard at 108 Mbps The second...

Page 19: ...sh key as defined in the CompactFlash Specification published by the CompactFlash Association When the USB storage device is installed and configured it automatically acts as a secondary storage devic...

Page 20: ...SSG 20 Hardware Installation and Configuration Guide 10 Back Panel...

Page 21: ...crucial for proper system operation Observing the following precautions can prevent shutdowns equipment failures and injuries Before installation always check that the power supply is disconnected fr...

Page 22: ...h the equipment rack not provided To install an SSG 20 device onto a rack 1 Align the rack mount ears to the device 2 Place the screws in the holes and use a phillips screwdriver to secure them 3 Moun...

Page 23: ...to an Untrusted Network You can connect your SSG 20 device to the untrusted network in one of the following ways Connecting Ethernet Ports Connecting Serial AUX Console Ports Connecting Ethernet Ports...

Page 24: ...onnect the provided ADSL cable from the ADSL2 2 mini PIM to your telephone outlet The ADSL port on the Annex A version of the device uses an RJ 11 connector while the Annex B version uses an RJ 45 con...

Page 25: ...s or splitters from your service provider Figure 6 Installing a Microfilter and Splitter on Your Network Connecting Other Mini PIMs To connect the mini PIMs to a device perform the following steps 1 H...

Page 26: ...ly to workstations eliminating the need for a hub or switch You can use either crossover or straight through cables to connect the Ethernet ports to other devices Connecting the Wireless Antennae If y...

Page 27: ...guration on page 27 Mini PIM Configuration on page 30 Basic Firewall Protections on page 37 Verify External Connectivity on page 38 Reset the Device to Factory Defaults on page 38 NOTE After you confi...

Page 28: ...l SSH are applications that allows you to access devices through an IP network To configure the device you enter ScreenOS CLI commands in a Telnet session from your workstation Fore more information S...

Page 29: ...itive For information on how to configure the device with the CLI commands see the Concepts and Examples Reference Guide for ScreenOS 5 4 0 5 Optional By default the console times out and terminates a...

Page 30: ...gured for DHCP or is statically configured with an IP address in the 192 168 1 0 subnet 3 Start a Telnet client application to the IP address for the bgroup0 interface the default IP address is 192 16...

Page 31: ...ss interface is in the Null security zone Unsetting the Ethernet or wireless interface that is in a bgroup places the interface in the Null security zone Once assigned to the Null security zone the Et...

Page 32: ...wireless interfaces on a device you need to assign IP addresses to the other interfaces including the WAN interfaces SSG 20 WLAN Interface Zone Wireless interface Specifies a wireless interface which...

Page 33: ...Backup Untrust Interface Configuration on page 26 Changing the Root Admin Name and Password The root admin user has complete privileges to configure an SSG 20 device We recommend that you change the...

Page 34: ...for the SSG device Bridge Group Interfaces By default the SSG 20 device has Ethernet interfaces ethernet0 2 ethernet0 4 grouped together in the Trust security zone Grouping interfaces sets interfaces...

Page 35: ...NMP SSL and SSH which you can enable on a per interface basis WebUI Network Interfaces Edit for ethernet0 0 Under Management Services select or clear the management services you want to use on the int...

Page 36: ...rvices If you connect the 0 2 0 4 port on the device to a workstation you can configure the device from a workstation in the 192 168 1 1 24 subnetwork using a management service such as Telnet You can...

Page 37: ...Wireless Configuration This section provides information for configuring the wireless interface on the SSG 20 WLAN device To use the wireless local area network WLAN capabilities on the device you mu...

Page 38: ...SIDs Specifying SSIDs allows you to have multiple wireless networks reside in the same location without interfering with each other An SSID name can have a maximum of 32 characters If a space is part...

Page 39: ...having to reconnect in another subnet To set up a wireless interface for basic configuration do the following set wlan country code code_id set interface wireless_interface ip ip_addr netmask set ssid...

Page 40: ...ork uses the ADSL2 2 interface adslx 0 with x representing the mini PIM slot 1 or 2 on the device to connect to the service provider s network through an Asynchronous Transfer Mode ATM virtual circuit...

Page 41: ...tual Circuits to an ADSL2 2 Interface To add virtual circuits you create subinterfaces to the ADSL2 2 interface You can create up to 10 ADSL2 2 subinterfaces For example to create a new subinterface n...

Page 42: ...it To configure the VPI VCI 1 32 on the adslx 0 interface and use LLC encapsulation on the virtual circuit WebUI Network Interfaces Edit for the adsl1 0 interface Enter the following click Apply VPI V...

Page 43: ...tatic IP Address and Netmask If your ISP gave you a specific fixed IP address and netmask for your network then configure the IP address and netmask for the network and the IP address of the router po...

Page 44: ...r DNS1 click Apply CLI set interface bgroup0 dhcp server option dns1 1 1 1 152 save For more information about configuring the ADSL and ADSL2 2 interfaces refer to the Concepts Examples ScreenOS Refer...

Page 45: ...terface operates at a bit rate of 1 544 Mbps and can support 24 DS0 channels The devices support the following T1 DS 1 standards ANSI TI 107 TI 102 GR 499 core GR 253 core AT T Pub 54014 ITU G 751 G 7...

Page 46: ...Network Interfaces Edit interface WAN Enter or select the applicable option value click OK WAN Configure main link WAN Encapsulation PPP Binding a PPP Profile junipertest Zone Name untrust IP Address...

Page 47: ...ith your workstations You can configure policies that direct the device to permit outside computers to start specific kinds of sessions with your computers For information about creating or modifying...

Page 48: ...ice to its default settings in one of the following ways Using a Console connection For further information see the Administration chapter in the Administration volume of the Concepts and Examples Scr...

Page 49: ...ory settings When the device resets the STATUS LED glows red for one half second and then glows green The Console displays device bootup messages The system generates SNMP and SYSLOG alerts to configu...

Page 50: ...SSG 20 Hardware Installation and Configuration Guide 40 Reset the Device to Factory Defaults...

Page 51: ...l Interface Module Both SSG 20 models have two slots in the front panel for wide area network physical interface modules WAN mini PIMs Mini PIMs in an SSG 20 device can be installed and replaced The S...

Page 52: ...the antistatic mat Removing a Mini PIM Mini PIMs are installed in the front panel of the SSG device A mini PIM weighs less than 2 lb 106g To remove a mini PIM do the following 1 Place an electrostati...

Page 53: ...he POWER LED is off 3 Grasp the screws on each side of the mini PIM faceplate and align the notches in the connector at the rear of the mini PIM with the notches in the mini PIM slot in the SSG device...

Page 54: ...ice Verify that the POWER LED blinks and then turns off 3 Use a phillips screwdriver to remove the screws from the top panel of the chassis The screws are located at the rear and sides of the panel Ke...

Page 55: ...s set the front edge of the top panel into the groove that runs along the top front edge of the chassis Then lower the top panel onto the chassis 10 Use the phillips screwdriver to tighten the screws...

Page 56: ...SSG 20 Hardware Installation and Configuration Guide 46 Memory Upgrade...

Page 57: ...fications Electrical Specification Table 2 SSG 20 Electrical Specifications Description Value Chassis dimensions 294mm X 194 8mm X 44mm 11 5 inches X 7 7 inches X 2 inches Device weight 1 53kg 3 3 lbs...

Page 58: ...Part 15 Class B USA EN 55022 Class B Europe AS 3548 Class B Australia VCCI Class B Japan EMC Immunity EN 55024 EN 61000 3 2 Power Line Harmonics EN 61000 3 3 Power Line Harmonics EN 61000 4 2 ESD EN 6...

Page 59: ...ce FCC Part 68 TIA 968 Industry Canada CS 03 UL 60950 1 Applicable requirements for TNV circuit with outside plant lead connection Connectors Table 4 lists the RJ 45 connector pinouts for the Console...

Page 60: ...SSG 20 Hardware Installation and Configuration Guide IV Connectors...

Page 61: ...age II 3 WLAN Access Point Window on page II 4 Physical Ethernet Interface Window on page III 5 ADSL2 2 Interface Window on page IV 6 T1 Interface Windows on page V 7 E1 Interface Windows on page X 8...

Page 62: ...iglet sets up the device for you If you want to bypass the configuration wizard and go directly to the WebUI select the last option then click Next If you are not using a configlet to configure the de...

Page 63: ...ntrust security zone Bgroup0 is prebound to the Trust security zone Ethernet0 1 is bound to the DMZ security zone but is optional Figure 3 After binding an interface to a zone you can configure the in...

Page 64: ...I values to identify the permanent virtual circuit Multiplexing Method ATM multiplexing method LLC is the default RFC1483 Protocol Mode Protocol Mode setting Operating Mode Operating mode for the phys...

Page 65: ...indows are displayed T1 Physical Layer Tab Window on page V T1 Frame Relay Tab Window on page VII After you have entered the necessary information click Next Figure 5 T1 Physical Layer Tab Window NOTE...

Page 66: ...r 8 bits per byte Default is 8 bits Frame Checksum Sets the size of checksum Default is 16 Framing Mode Sets the framing format Default is extended mode Idle Cycles Flag Sets the value that the interf...

Page 67: ...downstream and 1 Mbps upstream ITU International Telecommunications Union supports data rates of 6 144 Mbps downstream and 640 kbps upstream Interface Name Sets the subinterface name Inverse ARP Enab...

Page 68: ...n with Peer User Tab Window Table 6 Field Description for PPP Option with Peer User Tab Field Description PPP Profile Name Sets the name of the PPP profile Authentication Sets the authentication type...

Page 69: ...is displayed Figure 9 Cisco HDLC Option with Cisco HDLC Tab Window Table 7 Field Description for Cisco HDLC Option Field Description Interface IP Sets the IP address for the T1 Cisco HDLC interface Ne...

Page 70: ...the Multi link option you will see two Physical Layer tabs Field Description Clocking Sets the transmit clock on the interface Frame Checksum Sets the size of checksum Default is 16 Framing Mode Sets...

Page 71: ...he frame relay LMI type ANSI American National Standards Institute supports data rates up to 8 Mbps downstream and 1 Mbps upstream ITU International Telecommunications Union supports data rates of 6 1...

Page 72: ...At T 5ESS ntdms100 Nortel DMS 100 ins net NTT INS Net etsi European variants ni1 National ISDN 1 SPID1 Service Provider ID usually a seven digit telephone number with some optional numbers Only the DM...

Page 73: ...file name to the ISDN interface Authentication Sets the PPP authentication type Any CHAP Challenge Handshake Authentication Protocol PAP Password Authentication Protocol None Local User Sets the local...

Page 74: ...92 Modem Field Description Modem Name Sets the name for the modem interface Init Strings Sets the initialization string for the modem ISP Name Assigns a name to the ISP Primary Number Specifies the ph...

Page 75: ...s for Ethernet0 0 Interface Field Description Dynamic IP via DHCP Enables the device to receive an IP address for the Untrust zone interface from an ISP Dynamic IP via PPPoE Enables the device to act...

Page 76: ...information then click Next The default Interface IP is 192 168 1 1 with a netmask of 255 255 255 0 or 24 Figure 17 Trust Zone Ethernet0 2 Interface Window Table 15 Field Descriptions for the Trust Zo...

Page 77: ...WLAN radio mode 802 11a 802 11b g 802 11a b g SSID Sets the SSID name Authentication and Encryption Sets the WLAN interface authentication and encryption Open authentication the default allows anyone...

Page 78: ...your wired network via DHCP Enter the IP address range that you want your device to assign to clients using your network 15 Physical Ethernet DHCP Interface Window Select Yes to enable your device to...

Page 79: ...XIX 16 Wireless DHCP Interface Window Confirm your device configuration and change as needed Click Next to save reboot the device then run the configuration 17 Confirmation Window...

Page 80: ...SSG 20 Hardware Installation and Configuration Guide XX...

Page 81: ...management services 25 M management services 25 multiplexing configuring 32 P Point to Point Protocol over ATM See PPPoA Point to Point Protocol over Ethernet See PPPoE PPPoA 31 PPPoE 31 R reset pinh...

Page 82: ...2 Index SSG 20 Hardware Installation and Configuration Guide...

Reviews:

No comments

Brands by name

Popular brands

Load more brands