Juniper NetScreen Firewall FAQ

1.netscreen firewall can make ha?

So far NetScreen-100 above models can be done ha,netscreen-50 in the new OS version may also be able to do ha.

Does 2.Netscreen support load balancing? At which end?

Yes, both trust and DMZ support load balancing.

3.netscreen Firewall support does not support PPPoE dialing?

The low-end products of the NetScreen firewall support PPPoE dialing.

4. What is a/a full Mesh HA?

NetScreen Firewall high-end products support the A/A full mesh mode of HA. This HA feature is that each machine that makes up Ha is active (A), and through crossover wiring, the robustness of HA is greatly enhanced.

5.netscreen firewall can establish VPN with Cisco's PIX firewall, what are the models?

The NetScreen firewall can establish a VPN connection with any of the Cisco firewalls.

6. In addition to the built-in user NetScreen also support those user authentication?

It also supports RADIUS databases, RSA SecureID databases, and LDAP database authentication.

What models are available in the 7.NetScreen series?

NetScreen products from low-end to high-end are: NS-5XP, NS-5XT, NS-25, NS-50, NS-204, NS-208, NS-500, NS-1000, NS-5200, NS-5400. Among them NS-208 below including NS-208 are the low-end products, NS-208 above belong to high-end products. NetScreen early products also have NS-10, NS-100 series.

8. What is the relationship between virtual routers and domains?

A virtual router contains domains, and each domain belongs to a virtual router. For example: Untrust Zone, DMZ Zone default all belong to UNTRUST-VR, and trust Zone and user custom Zone default belong to TRUST-VR.

9. What is the relationship between domain (Zone) and Interface (interface)?

Each interface belongs to a different zone, and the interface can be configured with an IP address only if interface is bound to a zone. Each zone contains a number of interface (physical and logical).

10. Why Gloable PRO 3.1 cannot manage the screen OS 3.1 system in transparent mode?

Because global PRO does not support transparent for the screen OS 3.1 management.

What is the difference between 11.NetScreen Global Pro Express and NetScreen Global Pro?

Pro Express is a simplified version of Pro, and Pro Express collects and monitors firewall information through a Sun Netra server. PRO is a three-tier structure where all information is collected into Oracle databases and reports are generated through Third-party software.

Does the 12.netscreen firewall implement security policy before Nat?

Yes, the NetScreen firewall first checks the security policy and saves all the TCP/IP status connection tables, so the firewall knows the real internal IP.

13. What is Hub & Spoke?

Hub & Spoke is a patented technology for NetScreen firewalls. It is a VPN connection mode, with a firewall as the center, and some other firewalls as branches, to establish a centralized star structure model of the VPN, which is easy to manage and implement.

What about the content filtering capabilities of the 14.netscreen firewall?

All NetScreen devices can be integrated with Websense content filtering solutions to block inappropriate content.

15. Does the data flow between domains (Zone) require policy control? Interface (interface)?

In screen OS 3.1, the flow of data between domains (Zone) is controlled by policy. The flow of data between different interfaces in the same domain does not need to be controlled by policy. Commands allow you to control whether data flows between interfaces within the same domain.

How does the 16.netscreen firewall do in terms of QoS?

NetScreen specific traffic management can be based on IP address, user, application or time by eight priority levels to ensure bandwidth and maximum bandwidth for traffic allocation priority. Ensure that the user's critical applications are not affected.

How is the delay of the 17.NetScreen VPN calculated?

The average latency is 500 milliseconds, and the actual latency is based on the size of the package and the rate of the processor, with the smallest byte packets, the maximum to 1518 byte packets can be processed from 10ms to 2500ms, plus the sending and receiving time is an average.

18. What is a security domain?

On a netscreen firewall device, the network is divided into multiple segments, each of which can implement different security policies, and such segmentation is a security domain.

What is the difference between a 19.netscreen firewall and a domestic hardware firewall?

NetScreen Firewall is a pure hardware firewall, most of the domestic firewall is a combination of soft and hard firewall, is not a pure hardware firewall. The NetScreen firewall uses the ASIC chip to handle the firewall and the VPN encryption and so on function, compared with the software program drives the CPU to realize these functions to be much faster.

20.Screen OS 3.1 is different from Screen OS 3.0.

Screen OS 3.1 differs from Screen OS 3.0 in many ways. In general, there are the following: two virtual routers built into the concept of a secure domain.