Manuel d'utilisation / d'entretien du produit 200 Series du fabricant Juniper Networks
Aller à la page of 40
N ET S CREEN -200 S ERIES User’s Guide Version 5.0 P/N 093-1253-000 Rev. B.
Copyright Notice Copyright © 2005 Juniper Networks , Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, Ne tScreen Techn ologies, GigaScr een, and the Ne tScreen log o are registered trademarks of Juniper Netw orks, Inc.
NetScreen-200 Series iii Contents Preface ................ .............. .............. .............. .............. .............. .............. .............. ...... ............. .......... v Guide Organization ..................................
Contents iv User’s Guide Establishing a Termin al Emulator Connection ................................... ............. 22 Changing Your Admin Name an d Password ........................................... ...... 23 Setting Port and Interface IP Addresses .
NetScreen-200 Series v Preface The Juniper Networks NetScreen-200 Series consists of vers atile, purpose-built, high- performance security system s that provide IPSec VPN and firewall services for medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures.
Preface vi User’s Guide C OMMAND L INE I NTERFACE (CLI) C ONVENTIONS The following conventions are used when pr esenting the syntax of a command line interface (CLI) comman d : • Anything inside square brackets [ ] is optional. • Anything insi de braces { } is required.
NetScreen-200 Series 1 1 Chapter 1 Overview This chapter provides detail ed descriptions of the NetScr een-200 Series syst em devices and their components.
Chapter 1 Overview 2 User’s Guide N ET S CREEN -200 S YSTEMS This NetScreen-200 Series currently includes the NetS creen-204 device and the NetScreen-208 device. NetScreen-204 Device The NetScreen-204 is a chassis-based, rack-mou ntable network security device with four ethernet 10/100 Base-T interface ports.
The Front Panel NetScreen-200 Series 3 T HE F RONT P ANEL The features shared in common by Net Scre en-204 and NetScreen -208 devices include: • A System Status LED display • An Asset Recovery Pin.
Chapter 1 Overview 4 User’s Guide Asset Recovery Pinhole The Asset Recovery Pinhole is a button that resets the device to its original default settings. To use this button, i nser t a stiff wire (suc h as a strai ghtened pa per cli p) into the pinhole.
The Front Panel NetScreen-200 Series 5 Console and Modem Ports The Console port is an RJ-45 serial console port connector, for vt100 terminal emulator programs to perform local conf iguration and administra tion.
Chapter 1 Overview 6 User’s Guide Ethernet Interfaces Each Ethernet port is a 10/100 auto-sensing interface with two link LEDs. The left LED indicates network traffic, and the right LED indicates an ac tive network link. T HE R EAR P ANEL The figure below shows the rear panel of a NetScreen -200 Series device (with an AC power suppl y).
The Rear Panel NetScreen-200 Series 7 Power Fuse Each NetScreen-200 Series device uses a 2.5 Amp, slow-blow power fuse rated for 250 Volts. To replace a fuse on a NetScreen-200 Series device: 1. Take the device off-line by turning the power switch OFF and disconnecting the power cable.
Chapter 1 Overview 8 User’s Guide.
NetScreen-200 Series 9 2 Chapter 2 Installing the Device This chapter describes how to install a device in an equi pment rack or on a desktop, and how to connect the device to other devices.
Chapter 2 Installing the Device 10 User’s Guide G ENERAL I NSTALLATION G UIDELINES Observing the following pre cautions can p r event injuries, equi p men t fa il u r es an d shutdowns. • Never assume that the power su pply is disconnected from a power source.
Connecting the Power NetScreen-200 Series 11 There are two ways to rack-mount the NetScree n-200 Series: • Front mount • Mid-mount Front Mount To front mount the NetScreen-200 Seri es device on your equipment rack: 1. Screw the front mount bracket to the side of the chassis.
Chapter 2 Installing the Device 12 User’s Guide W IRING A DC P OWER S UPPLY The DC power supply , ON/OFF switch, gro undin g screw, and termi nal blocks, are located in the back of the chassi s of the powe r supply unit. To connect the DC power supply to a grou nding point at your site: 1.
Connecting the NetScreen-200 Device to Other Devices NetScreen-200 Series 13 C ONNECTING THE N ET S CREEN -200 D EVICE TO O THER D EVICES To connect th e device, use the ethernet interfaces ( ethernet1 through ethern et4 on the NetScreen-204, or ethernet1 through ethernet8 on the NetScree n-208).
Chapter 2 Installing the Device 14 User’s Guide.
NetScreen-200 Series 15 3 Chapter 3 Configuring the Device This chapter descri bes how to perform init ial configura tion on a NetScreen-200 Series device once yo u have mo unted it in a rack or desktop, pl ugged in the ne cessary cables, then turn the power ON.
Chapter 3 Configuring the Device 16 User’s Guide O PERATIONAL M ODES The NetScreen-200 Series devi ce supports two device modes: Transparent mode and Route mode. The default mode is Route. Transparent Mode In Transparent mode, the NetScr een-200 device operates as a Layer-2 bridge.
The NetScreen-200 Series Device Interfaces NetScreen-200 Series 17 T HE N ET S CREEN -200 S ERIES D EVICE I NTERFACES Each NetScreen-200 devi ce provides ethernet interfaces for access and connectivity. In addition, there are logica l (non - phys ical) in terfaces that perform special Layer-2 or management functions.
Chapter 3 Configuring the Device 18 User’s Guide C ONNECTING THE D EVICE AS A S INGLE S ECURITY G ATEWAY There are many ways to connect a NetScre en-2 00 Series device to your network system. In most cases, the device serv es as a single security gateway that prot ects at least one LAN (usually connected to the de vice from a switch or a hub).
Connecting the Device as a Single Security Gateway NetScreen-200 Series 19 In the following example, a NetScreen-208 device connects to a prote cte d LAN through ethernet1 (bound to the Trust security zo ne) and to a protected DMZ through ethernet2 (bound to the DMZ security zone).
Chapter 3 Configuring the Device 20 User’s Guide E STABLISHING AN HA C ONNECTION B ETWEEN D EVICES To assure continuous traffic flow in the event of system failure, you can cable and configure two NetScreen devices in a redu ndan t cluster. The devices propag ate all network, configuration and session information to each other.
Establishing an HA Connection Between Devices NetScreen-200 Series 21 To cable two NetScreen-200 Se ries devices together for HA and connect them to the network: 1. (Optional) Install the NetScreen -200 Seri es devices in an equipment rack (see “Equipment Rack Installa tion Guidelines” on page 10 ).
Chapter 3 Configuring the Device 22 User’s Guide Switches 11. Cable together the switches la beled “Switch 3” and “Switch 4.” 12. Cable together the switches labeled “Layer 3 switch 1” and “Lay er 3 switch 2.” 13. Cable the switches labeled “Layer 3 switch 1” and “Layer 3 switch 2” to routers.
Performing Initial Connection and Configuration NetScreen-200 Series 23 6. At the password prompt, type netscreen . 7. (Optiona l) By defau lt, the console tim e s out and terminates automatically after 10 minutes of idle time.
Chapter 3 Configuring the Device 24 User’s Guide Setting the IP Address of the Management Interface To make an interface work as the management interface, yo u must set the IP address and subnet mask to the same address range as your co mputer (or LAN).
Configuring the Device for Telnet and WebUI Sessions NetScreen-200 Series 25 Allowing Outbound Traffic By default, th e NetScreen -200 Series de vice does not allow inbound or outbound traffic, nor does it allow traffic to or from the DMZ. To permit (or deny) traffic, you must create access policies.
Chapter 3 Configuring the Device 26 User’s Guide 5. (Optiona l) By de fa u lt, the consol e tim e s out and terminates automatically after 10 minutes of idle time. To change this timeout interval, ex ecute the following command: set console timeout number where number is the length of idle time in minute s befo re sessio n termina t ion .
Configuring the Device for Telnet and WebUI Sessions NetScreen-200 Series 27 The NetScreen WebUI appl ication window app ears. Note: NetScreen-Security Manager 20 04 (NSM) and NetScreen Rapid Deployment (RD): If you are using NSM, you can optionally configure NetScreen appliances with RD .
Chapter 3 Configuring the Device 28 User’s Guide A SSET R ECOVERY If you lose the admin password, you can use on e of the following procedures to reset the NetScreen device to its default settings. This destroys any existing configurations, but restores access to the device.
Asset Recovery NetScreen-200 Series 29 Using the Asset Recovery Pinhole to Reset the Device You can also reset the device and restore the fa ct ory default settings by pressing the asset recovery pinhole. To perform this operation, you nee d to make a console connection, as described in “Establishing a Terminal Emulator Connection” on page 22 .
Chapter 3 Configuring the Device 30 User’s Guide.
NetScreen-200 Series A-I A Appendix A Specifications This appendix provid es genera l syste m specifica tio ns for the NetScreen-200 Series devices. • “NetScreen-200 Attributes” on page A-II •.
Appendix A Specifications A-II User’s Guide N ET S CREEN -200 A TTRIBUTES Height: 1.73 inches (4 .4 cm) Depth: 10.8 inches (27.4 cm) Width: 17.5 inches (44.5 c m) Weight: 8 pounds (36 hg) E LECTRICAL S PECIFICATION AC voltage: 100-240 VAC +/- 10% DC voltage: -36 to -60 VD C AC Watts: 45 Watts DC Watts: 50 Watts Fuse Rating: 2.
Index NetScreen-200 Series IX-I Index A asset recovery 28 B back panel 6 C cables connections 19 power 19 RJ-45 connectors 17 RJ45 connectors 5 , 13 twisted pair 13 , 17 cabling network interfaces 25 .
Index IX-II User’s Guide S session establishing 22 using a dialup connection 26 T transparent mode 16 V ventilation 10 viewing port settings 23.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Juniper Networks 200 Series c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Juniper Networks 200 Series - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Juniper Networks 200 Series, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Juniper Networks 200 Series va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Juniper Networks 200 Series, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Juniper Networks 200 Series.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Juniper Networks 200 Series. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Juniper Networks 200 Series ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.