NetScreen Technologies 5GT, Getting Started

Page: 4 / 4

*HWWLQJ 6WDUWHG *XLGH
%$6,&6(&85,7<$1'32/,&<$'0,1,675$7,21
<RXPXVWUHJLVWHU\RXUSURGXFWDWZZZQHWVFUHHQFRPFVRWRDFWLYDWHFHUWDLQ6FUHHQ26
VHUYLFHVVXFKDVWKH'HHS,QVSHFWLRQ6LJQDWXUH6HUYLFH$IWHUUHJLVWHULQJXVHWKH
:HE8,RU&/,WRREWDLQWKHVXEVFULSWLRQIRUWKHVHUYLFH
6WHS
Using Policy Wizards . By default, the NetScreen-5GT permits
workstations in your network to start sessions with outside
workstations, while outside workstations cannot start sessions with
your workstations. You can set up policies that tell the device what
kinds of sessions to restrict or permit.
To set up a policy to either restrict the kinds of traffic that can be
initiated from inside your network to go out to the Internet, or to
permit certain kinds of traffic that can be initiated from outside
workstations to your network, use the WebUI Policy Wizard. In the
WebUI menu column, click
Wizards > Policy . Follow the directions
in the Wizard to configure a policy.
You can use the Wizards only when the device is in the default Trust-
Untrust port mode. For details on setting up policies, see the
NetScreen Concepts & Examples ScreenOS Reference Guide .
6WHS
Using Protection Options. The firewall attack protection (SCREEN)
menu enables you to tailor detection and threshold levels for a range
of potential attacks.
a.
In the WebUI menu column, click Screening > Screen .
b. Select the zone for which you want to configure firewall
attack protection.
c. Select the appropriate protection options, then click Apply .
Remember these features must be configured on each zone
where they are required.
6WHS
Verifying Access. To verify that workstations in your network can
access resources on the Internet, start a Web browser from any
workstation in the network and enter the URL: www.netscreen.com.
6WHS
You can choose to have the NetScreen-5GT assign IP addresses to
hosts in your network.
• Select Yes if the NetScreen-5GT is to act as a DHCP server and
assign dynamic IP addresses to hosts in the Trust zone interface.
Enter a range for the assigned IP addresses or enter the
address(es) of the DNS server(s). If you specify an IP address
range that is in a different subnetwork than the Trust
subnetwork, then your workstation and the Trust zone interface
of the NetScreen-5GT might be in different subnetworks. To
manage the NetScreen-5GT using the WebUI,
ensure that your
workstation and the NetScreen-5GT are in the same
subnetwork.
• Select No if you do not want the NetScreen-5GT to assign IP
addresses to hosts in the Trust zone interface.
Click Next .
6WHS
A confirmation screen like the above appears:
• Click Previous to modify configuration information.
• Click Next to enter the configuration.
Your system reboots after clicking Next.
6WHS
At the final review configuration window, click Finish . Launch a
Web browser. In the URL address field, enter the Trust zone interface
or Work zone interface IP address. (Your workstation and the
NetScreen-5GT must be in the same subnetwork.)
Your NetScreen configuration is complete.
Copyright © 2004 NetScreen Technologies Inc.
All rights reserved. NetScreen, NetScreen Technologies, GigaScreen, NetScreen-Security Manager, NetScreen-Remote, NetScreen ScreenOS and the NetScreen logo are trademarks
and registered trademarks of NetScreen Technologies, Inc. in the United States and other countries. All other trademarks and registered trademarks are the property of their respective
companies.
315HY%