Juniper NetScreen Common

NetScreen FAQ Summary

Can 1.netscreen firewall be used as ha?
So far more than NetScreen-100 models can do ha,netscreen-50 in the new OS version may also be able to do ha.

Does 2.Netscreen support load balancing? At which end?
Yes, load balancing is supported in both the trust and DMZ zones.

3.netscreen Firewall support does not support PPPoE dialing?
NetScreen Firewall's low-end products all support PPPoE dialing.

4. What is a/a full Mesh HA?
NetScreen Firewall's high-end product supports a/a full mesh mode of HA. This HA feature is that each machine that makes up Ha is active (A) and is cross-wired, greatly enhancing the robustness of HA.

Can the 5.netscreen firewall establish a VPN with the Cisco PIX Firewall, and what are the models?
The NetScreen firewall can establish a VPN connection with any Cisco firewall.

6. Which user certifications are supported in addition to the built-in user NetScreen?
Radius database, RSA SecureID database, LDAP database authentication are also supported.

What models are available for 7.NetScreen series products?
NetScreen products from low to high end are: Ns-5xp, NS-5XT, NS-25, NS-50, NS-204, NS-208, NS-500, NS-1000, NS-5200, NS-5400. The following NS-208 including NS-208 are low-end products, NS-208 above belongs to high-end products. NetScreen early products also have NS-10, NS-100 series.

8. What is the relationship between a virtual router and a domain?
The virtual router contains domains, and each domain belongs to a virtual router. For example: The Untrust zone, DMZ zone default belongs to UNTRUST-VR, and the trust zone and user-defined zone defaults are TRUST-VR.

9. What is the relationship between domain (zone) and interface (interface)?
Each interface belongs to a different zone, and the IP address can be configured for interface only when interface is bound to a zone. Each zone contains a number of interface (physical and logical).

10. Why Gloable PRO 3.1 cannot manage the screen OS 3.1 system in transparent mode?
Because global PRO does not support the management of screen OS 3.1 under Transparent.

What is the difference between 11.NetScreen Global Pro Express and NetScreen Global Pro?
Pro Express is a simplified version of Pro Express, which collects and monitors firewall information through a Sun Netra server. PRO is a three-tier structure, and all information is collected in the Oracle database, and reports are generated through third-party software.

Is the 12.netscreen firewall enforcing security policies before NAT is done?
Yes, the NetScreen firewall first checks the security policy and saves all TCP/IP status connection tables, so the firewall knows the true internal IP.

13. What is Hub & spoke?
Hub & Spoke is a patented technology for the NetScreen firewall. It is a VPN connection mode, with a firewall as the center, and some firewalls as branches, to establish a centralized star structure mode of VPN, this VPN is easy to manage and implement.

What is the content filtering function of the 14.netscreen firewall?
All NetScreen devices can be integrated with the Websense content filtering solution to block inappropriate content.

15. Does the data flow between domains (zones) require policy control? Interface (interface)?
In screen OS 3.1, data flows between domains (zones) are controlled by policy. The flow of data between different interfaces in the same domain does not need to be controlled by policy. Commands can be used to control whether data is allowed to flow between interfaces within the same domain.


How is the 16.netscreen firewall doing in terms of QoS?
NetScreen-specific traffic management can assign priority to traffic based on IP address, user, application, or time with eight priority levels of guaranteed bandwidth and maximum bandwidth. Ensure that users ' critical applications are not affected.

How is the latency of the 17.NetScreen VPN calculated?
The average delay is 500 milliseconds, the actual delay is determined based on the packet size and the processor rate, the minimum of a byte packet, the maximum to 1518 byte packet processing time can be from 10ms to 2500ms, plus the sending and receiving time is an average.

18. What is a security domain?
On a netscreen firewall device, the network is divided into multiple segments, each of which can implement different security policies, and such fragmentation is a security domain.

What is the difference between a 19.netscreen firewall and a domestic hardware firewall?
NetScreen Firewall is a pure hardware firewall, most of the domestic firewall is a combination of soft and hard firewall, not a pure hardware firewall. The NetScreen firewall uses ASIC chips to handle firewalls and VPN encryption, which is much faster than software programs that drive CPUs to achieve these functions.

What is the difference between 20.Screen OS 3.1 and screen OS 3.0?
Screen OS 3.1 differs from Screen OS 3.0 in many ways. In summary, there are the following points: Built-in two virtual routers, the introduction of the concept of security domain.

What products are 21.NetScreen with virtual routers? What's the use?
Products that use Screen OS 3.1 have built-in virtual routers. The basic function of the virtual router is to route the datagram through the firewall, which can strengthen the data function of the firewall. Second, the concept of introducing virtual routers can greatly enhance the security of firewalls, in addition, each virtual router can connect an Internet access.

What is the difference between ha in 22.a/a mode and what is normally said to be ha?
What we normally refer to as Ha refers to the a/p approach of Ha, in which the HA is typically one machine working, the other standby, and the other firewall is only taking over when the work machine is unable to work for some reason. The a/a mode of HA two firewalls are in operation, so the speed of the firewall is equal to the sum of two firewalls. However, some other parameters of Ha, such as session number, VPN tunnel number, still remain unchanged. This is because the data on the two firewalls is consistent.

How many models are there in 23.netscreen-1000?
NetScreen-1000 is divided into netscreen-1000sp and netscreen-1000es.

What are the cluster management software for the 24.netscreen firewall?
The cluster management software for NetScreen products is: NetScreen Global manager,netscreen Global Pro,netscreen global Pro Express. NetScreen Global Manager is an early product and can only manage earlier products.

How many models are there in 25.netscreen-500?
There are two types of NetScreen-500: Netscreen-500sp, netscreen-500es.

26. When setting the authentication policy, how long does each authentication take?
The default validity time is 10 minutes, but can be modified to a range of 2 points---10000 points.

What are the features of the 27.netscreen firewall?
NetScreen generally has three major functions: firewall, VPN, traffic management.

28. Why can't I find the Untrust, Trust, and DMZ interfaces on the 208, 204 firewalls?
In NetScreen-208, NetScreen-204 these firewalls, because of the use of screen OS 3.1 introduced the concept of the domain, so the untrust, Trust, the DMZ, these interfaces are removed. Its interface is called Ethernet1, Ethernet2, Ethernet3, and so on. However, in the screen OS 3.1 domain, the default is Untrust, Trust, DMZ, three domains.

29. What is virtual system?
The virtual system is the proprietary technology of the NetScreen firewall, which is currently only implemented on high-end firewalls. It can divide a firewall into relatively independent multiple systems, each with its own policy, Address book, and so on.

30.netscreen-remote is not the software firewall of NetScreen company?
As is known to all, NetScreen is the company that specializes in hardware firewalls. He doesn't have a software firewall. NetScreen Company has a client software, Netscreen-remote, it is used to make mobile users or dial-up users and firewalls to establish a VPN connection of the client software, it is not a software firewall.

Juniper NetScreen Common