Краткое содержание страницы № 1
NETSCREEN-ISG 2000
User’s Guide
Version 5.0 P/N 093-1488-000 Rev. A
Краткое содержание страницы № 2
Copyright Notice Copyright © 2004 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, N
Краткое содержание страницы № 3
Language Contents English .....................................................................................................................1 French ...................................................................................................................53 NetScreen-ISG 2000 iii
Краткое содержание страницы № 4
Language Contents iv User’s Guide
Краткое содержание страницы № 5
Contents Preface....................................................................................................................1 Guide Organization .................................................................................... 1 Command Line Interface (CLI) Conventions ............................................... 2 Juniper Networks NetScreen Publications ................................................... 2 Chapter 1 Overview .......................................................
Краткое содержание страницы № 6
Contents Viewing Current Interface Settings ............................................................31 Setting the IP Address of the Management Interface ...............................31 Setting the IP Address for the Trust Zone Interface .....................................31 Setting the IP Address for the Untrust Zone Interface .................................32 Allowing Outbound Traffic .........................................................................32 Configuring the Device
Краткое содержание страницы № 7
Preface The Juniper Networks NetScreen-ISG 2000 is a purpose-built, high-performance security system designed to provide a flexible solution to medium and large enterprise central sites and service providers. The NetScreen-ISG 2000 security system integrates firewall, deep inspection, VPN, and traffic management functionality in a low-profile, modular chassis. The NetScreen-ISG 2000 is built around NetScreen's custom, third-generation purpose- 3 built GigaScreen ASIC, which provides accelerat
Краткое содержание страницы № 8
Preface COMMAND LINE INTERFACE (CLI) CONVENTIONS The following conventions are used when presenting the syntax of a command line interface (CLI) command: • Anything inside square brackets [ ] is optional. • Anything inside braces { } is required. • If there is more than one choice, each choice is separated by a pipe ( | ). For example, set interface { ether1/1 | ether1/2 | ether2/2 } manage means “set the management options for the ether1/1, ether1/2, or ether2/2 interface”. • Variables appe
Краткое содержание страницы № 9
Chapter 1 1 Overview This chapter provides detailed descriptions of the NetScreen-ISG 2000 chassis. Topics in this chapter include: • “The Front Panel” on page 4 – “LED Dashboard” on page 4 – “Interface Modules” on page 6 – “Compact Flash” on page 8 – “Management Interfaces” on page 8 – “High Availability Interfaces” on page 9 – “The Fan Module” on page 9 • “The Rear Panel” on page 10 – “Power Supplies” on page 10 NetScreen-ISG 2000 3
Краткое содержание страницы № 10
Chapter 1 Overview THE FRONT PANEL The front panel of the NetScreen-ISG 2000 has the following: • An LED dashboard • Four removable, replaceable interface modules • A compact flash card slot • Management, console, and modem ports • A fan module LED Dashboard The LED dashboard displays up-to-date information about critical NetScreen-ISG 2000 functions. 4 User’s Guide
Краткое содержание страницы № 11
The Front Panel The LEDs in the dashboard are as follows: LED Purpose Color Meaning POWER Power Supply green Power supply is functioning correctly. off System is not receiving power. red There is a problem with the power. ALARM System Alarm blinking red • Continuous blinking indicates a self-test failure during the ScreenOS bootup. May also occur due to certain algorithm and ACL failures. Blinks once for each software attack. amber One of the following failures has occurred: Power suppl
Краткое содержание страницы № 12
Chapter 1 Overview LED Purpose Color Meaning MOD3 green Security module is installed. off No card installed. FLASH Compact Flash green PC card is installed in compact flash slot. Status blinking green Read-write activity is detected. off Compact flash slot is empty. Note: To change the Alarm LED from red to green but keep the alarm message(s) in the menu system, use the CLI command clear led alarm. When you turn on the NetScreen-ISG 2000, the Status LED changes from off to blinking green. Star
Краткое содержание страницы № 13
The Front Panel TX/RX LED: Link LED: Dark: Not Active Dark: Not Linked Orange: Active Green: Linked Link Activity Link Status The Mini-GBIC Interface Connector Module The mini-GBIC interface module provides connectivity to fiber-based, gigabit ethernet LANs. Connect the module using an optical single mode or multi mode cable. Link LED: TX/RX LED: Dark: Not Linked Dark: Not Active Green: Linked Green: Active NetScreen-ISG 2000 7
Краткое содержание страницы № 14
Chapter 1 Overview Compact Flash The compact flash slot is for downloading or uploading system software or configuration files, and for saving log files to a compact flash card. To download or upload, execute the CLI command save: save { software | config } from { flash | slot1 filename } to { flash | slot1 filename } where flash refers to internal flash memory, slot1 refers to the compact flash slot, and filename is the name of the software or configuration file on the card. For example, the
Краткое содержание страницы № 15
The Front Panel High Availability Interfaces There are no dedicated High Availability (HA) interfaces on the NetScreen-ISG 2000; therefore, you must select and configure the HA ports once the system is running. The HA ports allow you to cable two devices together, and configure them to work as a redundant group. A redundant group consists of a master device and one backup device. If the master device fails, the backup device takes over as the new master, thus avoiding interruption of servic
Краткое содержание страницы № 16
Chapter 1 Overview THE REAR PANEL The rear panel of the NetScreen-ISG 2000 contains the power supplies. Power Supplies The NetScreen-ISG 2000 supports two redundant, fault-tolerant and auto-switching power supplies. The power supplies are hot-swappable, so you can remove or replace one power supply without interrupting device operation. You can order the NetScreen-ISG 2000 with one or two power supplies: DC and AC. Although the NetScreen-ISG 2000 can run with one power supply, it is advisable
Краткое содержание страницы № 17
The Rear Panel The DC Power Supply The DC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a cooling fan vent, and three DC power terminal blocks that connect to power cables. The following figure shows the NetScreen-ISG 2000 DC power supply. Thumbscrew Terminal Blocks Power LED Power Switch Hex Nut The AC Power Supply The AC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a cooling fan vent, and a male p
Краткое содержание страницы № 18
Chapter 1 Overview 12 User’s Guide
Краткое содержание страницы № 19
Chapter 2 2 Installing the Device This chapter describes how to install a NetScreen-ISG 2000 in an equipment rack. Topics in this chapter include: • “General Installation Guidelines” on page 14 • “Equipment Rack Mounting” on page 14 – “Equipment Rack Installation Guidelines” on page 14 – “Equipment Rack Accessories and Required Tools” on page 15 – “Mid-Mount” on page 16 – “Rear-and-Front Mount” on page 17 • “Installing and Connecting the AC Power Supply” on page 18 • “Installing and Wiring a DC
Краткое содержание страницы № 20
Chapter 2 Installing the Device GENERAL INSTALLATION GUIDELINES Observing the following precautions can prevent injuries, equipment failures, and shutdowns. • Never assume that the power supply is disconnected from a power source. Always check first. • Room temperature might not be sufficient to keep equipment at acceptable temperatures without an additional circulation system. Ensure that the room in which you operate the device has adequate air circulation. • Do not work alone if potential