Juniper NetScreen firewall newcomer Guide

NetScreen firewall supports multiple management methods: WEB management and CLI (Telnet) management. Due to the common debugging work, we usually use the first two methods.

(Screios 4.0) First, use the CONSOLE port for configuration.

1. Insert one end of the distribution line to the CONSOLE port of the firewall, and the other end of the line to the switch plug and then to the serial port of the PC.

2. Open the attachment-> communication-> Super Terminal for WINDOWS, and select the serial port connection with the CONSOLE line. (Set the serial port attribute: 9600-8-None-hardware)

3. Enter the account and password to go to the command line setting page. (Default Account: Netscreen; Password: Netscreen)

4. Go to the Netscreen command line management interface} B4B

Web management connection settings

1. Set the interface IP address;

If no IP address is configured for all interfaces (Netscreen device initialization settings), you need to set a port IP address to connect to the web management interface. Here, set the trust port. In command line mode, enter:

Ns5XT-> set int trust ip *

Command Description: A. B .C.D is the IP address, usually set to an intranet address, and E is the mask of the IP address, usually set to 24.

The get interface command can be used to view the port status information (similar to the cisco show interface command)

2. Start the web management function of the interface;

Ns5XT-> set int trust manage web

3. Connect the network between the PC and the firewall and set DW through the web interface of the browser,

For the establishment of NS-5, NS-10, NS-100 firewall, PC and trust port, DMZ port using through cable connection, PC and untrust port connection using cross line. For NS-25, NS-200 and above products, all ports of the PC and firewall are connected using a straight-through cable.

Note: Set the IP address of the PC Nic to the same network segment as the management IP address of the corresponding port of the firewall;

Open IE browser, type the firewall's management IP address, and open the login screen;

Basic firewall settings:

1. Set the access Timeout time: Web: Enter the number of minutes of access Timeout in Enabel Web Management Idle Timeout in Configuration> Admin> Management on the Web, and tick it.

CLI: Y3

NS5XT-> set admin auth timeout 2. Manage Netscreen permissions: set super Administrator (Root) RL | (DDF * 7 M

WEB: Z QG

Go to Configuration> Admin> Administrators to manage all Administrators.

CLI: D NS5XT-> set admin name V

NS5XT-> set admin password

Add local administrator WEB: L

Click the New link to open the configuration page. Enter the Administrator Logon name and password and specify the permissions (optional, ALL or Read_ONLY. ALL indicates that the Administrator has the permission to change the configuration. READ_ONLY indicates that the administrator can only view the configuration and has no permission to change the configuration ).

CLI: D NS5XT-> set admin user password privilege <p>

3. set DNS Web: Open the Network> DNS page and configure Host Name, Domain Name, and Primary DNS Server ), second DNS Server (sub-named Server), and the daily DNS Update time. After configuration, press the Apply button. NS5XT-> set hostname hMRr6

NS5XT-> set domain B

NS5XT-> set DNS host

4. Set the Zone (Security Zone) Web:

Open the Network> Zones page to configure all Zones that already exist on the Netscreen device (not all Zones can be configured, and many default Zones are not allowed to be configured, edit is not displayed in Configure ). Press the New button to add a New Zone. CLI: ho NS5XT-> set zone vrouter OWV6jS

5. Set Interface (Interface) v

WEB: Open Network> Interfaces and select the attribute pages corresponding to the interface to be configured (four optional Interfaces are Trust, Untrust, DMZ, and Tunnel, where Trust, Untrust, and DMZ are physical Interfaces, the Tunnel interface is a logical interface used for VPN. For NS-5 series firewalls, no dmzport ).

Click the Edit link in the Configure column of the corresponding interface to open the Interface Configuration window. (For interfaces in different modes, the configuration will be different after entering. Here we use the NAT mode as an example, the transparent mode will have less configuration content) Zone name: sets the subordinate security Zone;

IP Address/Netmask: Set the IP Address and mask of the interface. Manage IP: Set the management IP Address of the interface. The IP Address must be in the same network segment as the interface IP Address, if the system IP address is set to 0 .. 0.0.0, the Manage IP is the interface IP by default.

Interface Mode: sets the Interface Mode. Only the trust Interface has this option. You can select NAT mode or Route mode. When the trust interface is in NAT mode, any data packets entering this interface will be forcibly converted. When the interface works in Route mode, the firewall works by default as a vro. To implement the policy-based NAT Function of the firewall, set the trust interface to this mode. Management Services: select or clear check boxes such as web, telnet, and snmp to enable or disable corresponding Management functions of this interface. For example, if you clear the web check box and click save, the web management function of this interface is disabled. You cannot enter the web management interface through the Management ip address of this interface, at the same time, all web management connections on this interface will be lost. WF = W. da2

Click Apply to record settings. CLI:

Set the interface IP Address:

NS5XT-> set interface ip

Set interface gateway: $ NS5XT-> set interface <trust | untrust | dmz> gateway J

Manage the startup interface:

NS5XT-> set interface manage

Disable interface management:

NS5XT-> unset interface manage

Set the operation mode of the Trust interface: NS5XT-> set interface trust

In combination with CLI and WEB, we can easily handle NS