manualshive.com logo in svg

Juniper SSG140, Hardware Installation And Configuration Manual, Page: 30 / 60

Share
Download
Juniper SSG140 Hardware Installation And Configuration Manual Download Page 30

SSG 140 Series Hardware Installation and Configuration Guide

30

„

PIM Configuration

To configure a bridge group:

WebUI

Network > Interfaces > List > Edit (bgroup0) > Bind Port: Select 

ethernet0/3

ethernet0/4

, and 

ethernet0/5

, then click 

Apply

.

>Basic: Enter the following, then click 

Apply

:

Zone Name: DMZ (select)
IP Address/Netmask: 10.0.0.1/24

CLI

set interface bgroup0/0 port ethernet0/3
set interface bgroup0/0 port ethernet0/4
set interface bgroup0/0 port ethernet0/5
set interface bgroup0/0 zone DMZ
set interface bgroup0/0 ip 10.0.0.1/24
save

If you want to bind an Ethernet interface to a bgroup, you must first make sure that 
the interface is in the Null security zone. Unsetting the interface that is in a bgroup 
places the interface in the Null security zone. Once assigned to the Null security 
zone, the Ethernet interface can be bound to a security zone and assigned a 
different IP address.

PIM Configuration

To configure the interfaces on physical interface modules (PIMs), refer to the 

PIM 

and Mini-PIM Installation and Configuration Guide

.

Basic Firewall Protections

The devices are configured with a default policy that permits workstations in the 
Trust zone of your network to access any resource in the Untrust security zone, 
while outside computers are not allowed to access or start sessions with your 
workstations. You can configure policies that direct the device to permit outside 
computers to start specific kinds of sessions with your computers. For information 
about creating or modifying policies, refer to the 

Concepts & Examples ScreenOS 

Reference Guide.

SSG 140 devices provide various detection methods and defense mechanisms to 
combat probes and attacks aimed at compromising or harming a network or 
network resource:

„

ScreenOS Screen options secure a zone by inspecting, and then allowing or 
denying, all connection attempts that require crossing an interface to that zone. 
For example, you can apply port-scan protection on the Untrust zone to stop a 
source from a remote network from trying to identify services to target for 
further attacks.

Summary of Contents for SSG140

Page 1: ...er Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number 530 015643 01 Revision 05 Security Products SSG 140 Hardware Installation and Configuration G...

Page 2: ...ense The following information is for FCC compliance of Class B devices The equipment described in this manual generates and may radiate radio frequency energy If it is not installed in accordance wit...

Page 3: ...ack Panel 13 Physical Interface Module Slots 13 Power Switch 14 AC Power Appliance Inlet 14 Fuse Cover 14 Chapter 2 Installing and Connecting the Device 15 Before You Begin 16 Installing Equipment 16...

Page 4: ...e CLI Reset Command 31 Restarting the Device with the WebUI 32 Resetting the Device to Factory Defaults 32 Device Serial Number 33 unset all 33 Reset Pinhole Button 34 Chapter 4 Servicing the Device 3...

Page 5: ...onfiguration instructions and examples in this document are based on the functionality of a device running ScreenOS 6 0 0 Your device might function differently depending on the ScreenOS version you a...

Page 6: ...for the SSG 140 device Conventions This guide uses the conventions described in the following sections Web User Interface Conventions on page 6 Command Line Interface Conventions on page 7 Web User I...

Page 7: ...tomer with an active J Care or JNASC support contract or are covered under warranty and need postsales technical support you can access our tools and resources online or open a case with JTAC JTAC pol...

Page 8: ...juniper net company communities Open a case online in the CSC Case Manager http www juniper net customers cm To verify service entitlement by product serial number use our Serial Number Entitlement SN...

Page 9: ...elements on the front panel of the SSG 140 device Port Descriptions on page 10 Device Status LEDs on page 11 Ethernet Port LEDs on page 12 Reset Pinhole on page 12 USB Port on page 12 POWER HA PIM1 PI...

Page 10: ...ation of the port From left to right on the front panel the interface names for the ports are ethernet0 0 through ethernet0 9 For the default zone bindings for each Ethernet port see Default Device Se...

Page 11: ...riptions Name Color Status Description POWER Green On steadily Power is functioning correctly Off Device is not receiving power STATUS Green Off Device is powered off or is starting up Blinking Normal...

Page 12: ...ware between a USB storage device and the internal flash storage of the security device The USB ports support USB 1 1 and USB 2 0 specifications You can also log messages to a USB storage device For m...

Page 13: ...nel Figure 4 Back Panel of an SSG 140 Device The following sections describe the elements on the back panel of the SSG 140 device Physical Interface Module Slots on page 13 Power Switch on page 14 AC...

Page 14: ...nlet and Fuse Cover AC Power Appliance Inlet The AC power appliance inlet is located on the right side of the back panel as shown in Figure 5 You use the AC power appliance inlet to connect the SSG 14...

Page 15: ...n page 16 Installing Equipment on page 16 Organizing Interface Cables on page 18 Connecting Power on page 18 Powering the Device On and Off on page 18 Connecting the Device to a Network on page 18 NOT...

Page 16: ...frame that blocks the air vents on the sides of the chassis Ensure that enclosed racks have fans and louvered sides Correct these hazardous conditions before any installation moist or wet floors leaks...

Page 17: ...es of the device lift the device then position it in the rack When correctly positioned the device sits level in the equipment rack 3 Align the bottom hole in each mounting bracket with a hole in each...

Page 18: ...panel of the device Plug the other end into an AC power source Powering the Device On and Off To power on the SSG 140 device press the AC power switch on the rear panel to the on position ScreenOS sta...

Page 19: ...is prebound to the Untrust security zone 4 Connect an RJ 45 cable from the Console port using the instructions provided in Using a Console Connection on page 22 for management access Figure 8 Basic Ca...

Page 20: ...SSG 140 Series Hardware Installation and Configuration Guide 20 Connecting the Device to a Network...

Page 21: ...tions on page 30 Verifying External Connectivity on page 31 Restarting the Device on page 31 Resetting the Device to Factory Defaults on page 32 NOTE After you configure the device and verify connecti...

Page 22: ...must be on the same subnetwork as the device You can also access the WebUI through a secure server using Secure Sockets Layer SSL with secure HTTP HTTPS Telnet SSH Telnet and SSH are applications that...

Page 23: ...for the login name and password enter netscreen at both the login and password prompts Use lowercase letters only The login and password fields are both case sensitive For information about configurin...

Page 24: ...I homepage opens the device is ready to be configured See Basic Device Configuration on page 26 to complete the initial device configuration Using Telnet To use a Telnet connection the workstation mus...

Page 25: ...ng a management service such as Telnet You can change the default IP address on the ethernet0 0 interface to match the addresses on your LAN The SSG 140 comes preconfigured with three bridge group bgr...

Page 26: ...dge Group Interfaces on page 29 The examples in this section demonstrate how to establish initial network connectivity For advanced configuration information refer to the Concepts Examples ScreenOS Re...

Page 27: ...o the ethernet0 0 interface The workstation must have an IP address in the 192 168 1 1 24 subnet To change the default interface IP address on the device WebUI Network Interfaces Edit for ethernet0 0...

Page 28: ...resolving hostnames and IP addresses Devices access the configured DNS servers to resolve hostnames In ScreenOS you configure the IP addresses for the primary and secondary DNS servers and the time of...

Page 29: ...ecified by the default route To configure the default route on the device WebUI Network Routing Destination New trust vr Enter the following then click OK Network Address Netmask 0 0 0 0 0 0 0 0 Gatew...

Page 30: ...aces on physical interface modules PIMs refer to the PIM and Mini PIM Installation and Configuration Guide Basic Firewall Protections The devices are configured with a default policy that permits work...

Page 31: ...isms volume of the Concepts Examples ScreenOS Reference Guide Verifying External Connectivity To verify that workstations in your network can access resources on the Internet start a browser from any...

Page 32: ...in prompt 2 If you have not yet changed the default username and password enter netscreen at both the login and password prompts Use lowercase letters only The login and password fields are both case...

Page 33: ...he following message appears Reconfirm Lost Password Reset If you continue the entire configuration of the device will be erased In addition a permanent counter will be incremented to signify that thi...

Page 34: ...2 As soon as the Status LED blinks green release the pinhole button and wait two seconds 3 The device now waits for the second reset which confirms the operation Push the pinhole button again for four...

Page 35: ...and wait two seconds 4 Push the pinhole button again for four to six seconds The message 2nd push has been confirmed appears 5 Continue to press the pinhole button until the device resets The system n...

Page 36: ...SSG 140 Series Hardware Installation and Configuration Guide 36 Resetting the Device to Factory Defaults...

Page 37: ...nt on an SSG 140 device you need the following tools and parts Electrostatic bag or antistatic mat Electrostatic discharge grounding wrist strap Flat tip screwdriver 1 8 inch Number 2 phillips screwdr...

Page 38: ...e device 2 If the device is powered on switch off the power switch on the back of the device Verify that the POWER LED is off 3 Loosen the screws on each side of the faceplate as shown in Figure 10 On...

Page 39: ...the correct PIM 5 Disconnect the cables from the PIM 6 If necessary arrange the cables to prevent them from dislodging or developing stress points 7 Loosen the captive screws on each side of the PIM...

Page 40: ...tive screws using a 1 8 inch flat tip screwdriver On PIMs with long screws for handles tighten the captive screws using a number 2 phillips screwdriver 7 Insert the appropriate cables into the cable c...

Page 41: ...wdriver to remove the screws securing the rack mount brackets to the sides of the unit four screws per side 5 Use the phillips screwdriver to remove the six countersunk screws located along the bottom...

Page 42: ...that the tabs swivel away from it 11 Grip the long edge of the memory module and slide it out Set it aside Figure 13 Releasing and Removing the Memory Module 12 Insert the 512 MB memory module into t...

Page 43: ...lier securing the top panel to the chassis 16 Use the screwdriver to replace and tighten the screws securing the rack mount brackets to the sides of the chassis 17 Replace the SSG 140 in the equipment...

Page 44: ...ng the Fuse 3 Manually remove the fuse assembly from the device 4 To replace the fuse assembly enter the new fuse into the opening and slide it in until the fuse clicks into place 5 Replace the power...

Page 45: ...rs on page 48 Physical Table 5 provides the physical specifications for the SSG 140 device Table 5 SSG 140 Physical Specifications Description Value Chassis dimensions 1 75 inches 4 4 cm high 17 5 inc...

Page 46: ...140 Environmental Tolerance Item Specification AC input voltage Operating range 90 to 264 VAC AC input line frequency 50 or 60 Hz AC device current rating 1 8A Description Value Altitude No performan...

Page 47: ...ustralia New Zealand VCCI Class B Japan BSMI Class B Taiwan EMC Immunity EN 55024 EN 61000 3 2 Power Line Harmonics EN 61000 3 3 Voltage Fluctuations and Flicker EN 61000 4 2 ESD EN 61000 4 3 Radiated...

Page 48: ...15 RJ 45 Connector Pin Numbering Table 9 lists the pinouts of the RJ 45 connectors for the Console and AUX ports Table 9 Console and AUX RJ 45 Connector Pinouts Pin Name I O Description 1 RTS Out O R...

Page 49: ...uts Table 11 lists the RJ 45 connector pinouts for the Gigabit Ethernet ports Table 11 Gigabit Ethernet RJ 45 Connector Pinout DB 9 Pin RJ 45 Pin Name I O Description 1 N C DCD Carrier Detect 2 3 RxD...

Page 50: ...hich are not supplied with the PIM Table 12 describe the RJ 48 connector pinouts Table 12 RJ 48 Connector to RJ 48 Connector Straight Pinout CAUTION To maintain agency approvals use only properly cons...

Page 51: ...nfigure the interfaces that are installed on your device This section describes the following ICW windows 1 Rapid Deployment Window on page 52 2 Administrator Login Window on page 52 3 Physical Ethern...

Page 52: ...glet from option browse to the file location then click Next The configlet sets up the device for you If you want to bypass the configuration wizard and go directly to the WebUI select the last option...

Page 53: ...o the Trust security zone Ethernet0 1 is bound to the DMZ security zone but is optional Ethernet0 2 is bound to the Untrust zone Figure 19 Physical Ethernet Interface Window After binding an interface...

Page 54: ...criptions for Ethernet0 0 Interface Field Description Dynamic IP via DHCP Enables the device to receive an IP address for the Untrust zone interface from an ISP Dynamic IP via PPPoE Enables the device...

Page 55: ...e this screen to configure an IP address and a netmask for the DMZ interface Figure 21 DMZ Interface IP Address Window 6 Trust Interface IP Address Window Use this screen to configure an IP address an...

Page 56: ...cal Ethernet DHCP Interface Window Select Yes to enable your device to assign IP addresses to your wired network via DHCP Enter the IP address range that you want your device to assign to clients usin...

Page 57: ...and change as needed Click Next to save restart the device and run the configuration Figure 24 Confirmation Window After the device restarts with the saved system configuration the WebUI login prompt...

Page 58: ...SSG 140 Series Hardware Installation and Configuration Guide 58...

Page 59: ...lt routes configuring 29 device certifications 47 configuration 26 dimensions 45 weight 45 device LEDs 11 dimensions of device 45 DNS servers configuring 28 E electrical specifications 46 EMC certific...

Page 60: ...4 resetting to factory defaults 32 restarting the device 31 routes configuring default 29 S safety certifications 47 services configuring management 27 specifications electrical 46 environmental 46 ph...

Reviews:

No comments