*HWWLQJ 6WDUWHG *XLGH
&21),*85,1*7+('(9,&(
8VHWKH,QLWLDO&RQILJXUDWLRQ:L]DUGWRFRQILJXUHWKH1HW6FUHHQ*7%HIRUHVWDUWLQJ
WKH:L]DUGGHFLGHKRZ\RXZDQWWRGHSOR\\RXUGHYLFH)RUDGGLWLRQDOLQIRUPDWLRQ
VHHWKH
1HW6FUHHQ*78VHU·V*XLGH
Operational Mode.
You can deploy the NetScreen-5GT in Route
mode with NAT enabled on the Trust zone interface or in Route
mode without NAT. When using Route mode with NAT enabled, the
NetScreen-5GT replaces the source IP address of the sending host
with the IP address of the Untrusted port of the NetScreen-5GT.
Route mode with NAT is the most common way to configure the Trust
zone interface on the NetScreen-5GT. Your network uses the Untrust
zone interface to connect to the Internet. This interface can have a
static IP address or a dynamic IP address assigned via DHCP or
PPPoE. When using Route mode without NAT, an interface routes
traffic without changing the source address and port number in the
IP packet header. You must assign public IP addresses to hosts
connected to non-NAT interfaces. Your network uses the Untrust
zone interface to connect to the Internet. To configure this interface,
you need the IP address of the interface that is connected to the
external router, cable modem, or DSL modem and the IP address of
the router port connected to the NetScreen-5GT.
Port Mode
. Port modes allow the interfaces to be reconfigured and
binds them to zones. The default port mode, Trust-Untrust, binds the
Trust interface to the Trust zone and the Untrust interface to the
Untrust zone.
Trust Zone Interface IP Address
. The default IP address and netmask
for the Trust zone interface is 192.168.1.1/24. You can change this
address to match IP addresses that exist on your network.
Assigning IP Addresses to Hosts in Trust Zone
(Enabling DHCP
Server). You can choose to have the NetScreen-5GT assign IP
addresses, via DHCP, to hosts in your network. If you have the
NetScreen-5GT assign IP addresses, then you can define the range
of addresses to be assigned. You need to ensure that the range of
addresses is in the same subnetwork as the Trust zone interface
IP address.
6WHS
Launch a Web browser. In the URL address field, enter
http://192.168.1.1
or
http://ns.setup
. The Rapid Deployment
Wizard appears.
6WHS
If your network uses NetScreen-Security Manager 2004, you can
use a Rapid Deployment (RD) configlet to automatically configure the
NetScreen-5GT. Obtain a configlet from your Security Manager
administrator, select the
Yes
option, select the
Load Configlet from:
option, browse to the file location, then click
Next
. The configlet sets
up the NetScreen-5GT for you. If you use a configlet, you can skip
the remaining instructions in this guide.
Note:
Skip the Inital Configuration Wizard if you want to configure
the Combined or Extended port mode on the NetScreen-5GT. You
must use the CLI to configure these ports.
If you need to change the port mode on the device, select the
Change the Port Mode
option, select the port mode from the
drop-down menu, then click
Apply
before loading the configlet.
If you want to bypass the configuration wizard and go directly to the
WebUI, select the last option, then click
Next
. (See the
NetScreen-5GT User’s Guide
for configuration instructions.)
If you are not using a configlet to configure the NetScreen-5GT and
want to use the configuration wizard, select the first option, then
click
Next
. The Initial Configuration Wizard welcome screen
appears.
.
Click
Next
.