Click here to load reader

ISG 2000 User’s Guide - Juniper Networks · PDF fileJuniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 Part Number: 093-1524-000, Rev. A ISG 2000

  • View
    212

  • Download
    0

Embed Size (px)

Text of ISG 2000 User’s Guide - Juniper Networks · PDF fileJuniper Networks, Inc. 1194 North...

  • ISG 2000

    Users Guide

    ScreenOS 5.0.0-IDP1

    Juniper Networks, Inc.

    1194 North Mathilda Avenue

    Sunnyvale, CA 94089

    USA

    408-745-2000

    www.juniper.net

    Part Number: 093-1524-000, Rev. A

  • ii

    Copyright Notice

    Copyright 2005 Juniper Networks, Inc. All rights reserved.

    Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the NetScreen logo, NetScreen-Global Pro, ScreenOS, and GigaScreen are registered trademarks of Juniper Networks, Inc. in the United States and other countries.

    The following are trademarks of Juniper Networks, Inc.: Deep Inspection, ERX, ESP, Instant Virtual Extranet, Internet Processor, J-Protect, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, M-series, MMD, NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-IDP 1000, IDP 50, IDP 200, IDP 600, IDP 1100, ISG 1000, ISG 2000, NetScreen-Global Pro Express, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-SA 1000 Series, NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security Manager, GigaScreen ASIC, GigaScreen-II ASIC, NMC-RX, SDX, Stateful Signature, T320, T640, and T-series.

    Information in this document is subject to change without notice.

    No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without receiving written permission from:

    Juniper Networks, Inc.ATTN: General Counsel1194 N. Mathilda Ave.Sunnyvale, CA 94089

    FCC Statement

    The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

    The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with NetScreens installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

    If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

    Reorient or relocate the receiving antenna.

    Increase the separation between the equipment and receiver.

    Consult the dealer or an experienced radio/TV technician for help.

    Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

    Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.

    Disclaimer

    THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

  • Table of Contents

    About This Guide v

    Content Summary........................................................................................... viCLI Conventions.............................................................................................. viTerminology................................................................................................... viiIDP Requirements and Documentation......................................................... viii

    ISG 2000 Upgrade .................................................................................. viiiIDP Configuration through NetScreen-Security Manager......................... viii

    NetScreen Product Documentation Guide ....................................................... ixTechnical Support ............................................................................................x

    Chapter 1 Configuring 1

    Before Beginning..............................................................................................2Console Connection and Login.........................................................................3Basic Configuration ..........................................................................................4System Clock and Console Timeout .................................................................5Admin Name and Password.............................................................................5Security Zones and Interfaces ..........................................................................6

    Binding Interfaces to Zones .......................................................................8Interface Modes.........................................................................................9Configuring Interfaces .............................................................................10

    Untrust Zone Interface ......................................................................10DMZ Interface ...................................................................................11Trust Zone Interface..........................................................................11MGT Interface ...................................................................................11

    DNS and Default Route ..................................................................................12Policies...........................................................................................................13

    Addresses ................................................................................................13Services ...................................................................................................13

    Intrusion Detection and Protection ................................................................15Minimum Configuration for a NetScreen-Security Manager

    Connection .......................................................................................15IPSec VPN ......................................................................................................16

    ISG 2000 ...........................................................................................17Remote Peer .....................................................................................18

    Summary of CLI Commands ..........................................................................19CLI Commands Example Firewall Configuration...................................19CLI Commands Example Route-Based VPN Configuration....................20

    Returning the Device to Factory Default Settings ...........................................21

    Table of Contents iii

  • iv

    ISG 2000 Users Guide

    Chapter 2 Installing 23

    Connecting the Device to a Network ..............................................................24Equipment Rack Mounting.............................................................................26

    Equipment Rack Installation Guidelines...................................................26Equipment Rack Accessories and Required Tools ....................................26Rear-and-Front Mount .............................................................................27Mid-Mount ...............................................................................................28

    Chapter 3 Hardware and Servicing 29

    The Front Panel .............................................................................................30LED Dashboard .......................................................................................32

    The Rear Panel...............................................................................................33Replacing Interface Modules ..........................................................................33

    Removing Interface Modules ...................................................................34Inserting Interface Modules .....................................................................35

    Connecting and Disconnecting Gigabit Ethernet Cables .................................36Replacing a Mini-GBIC Transceiver.................................................................38Replacing Power Supplies ..............................................................................39

    Replacing AC Power Supplies ..................................................................39Replacing DC Power Supplies ..................................................................41

    Replacing the Fan Tray ..................................................................................44Re