Juniper NetScreen-25, Руководство пользователя

Страница: 18 / 36

Chapter 3 Configuring the Device
12 User’s Guide
2
3(5$7,21$/
0
2'(6
The NetScreen-25 device supports two operational modes: Transparent and Route. The
default mode is Route.
7UDQVSDUHQW0RGH
In Transparent mode, the NetScreen-25 device operates as a Layer-2 bridge. Because the
device cannot translate the IP addresses of packets, it cannot perform Network Address
Translation (NAT). Consequently, for the device to access the Internet, any IP address in
your trusted (local) networks must be routable and accessible from untrusted (external)
networks.
In Transparent mode, the IP addresses for the Trust and Untrust zones are 0.0.0.0, thus
making the NetScreen device invisible to the network. However, the device can still
perform firewall, VPN, and traffic management according to configured security policies.
5RXWH0RGH
In Route mode, the NetScreen-25 device operates at Layer 3. Because you can configure
each interface using an IP address and subnet mask, you can configure individual
interfaces to perform NAT.
• When the interface performs NAT services, the device translates the source IP
address of each outgoing packet into the IP address of the untrusted port. It also
replaces the source port number with a randomly-generated value.
• When the interface does not perform NAT services, the source IP address and
port number in each packet header remain unchanged. Therefore, to reach the
Internet your local hosts must have routable IP addresses.
For more information on NAT, see the NetScreen Concepts & Examples ScreenOS
Reference Guide.
Important: Performing the setup instructions below configures your device in Route
mode. To configure your device in Transparent mode, see the NetScreen Concepts &
Examples ScreenOS Reference Guide.