Juniper netscreen Password Recovery

2. Password recovery:
   Using the notebook connection to the firewall console port, the user name and password are entered the serial number behind the fuselage, you will be warned to reset configure, twice Press "Y" after the firewall to restore the factory settings, and restart. (Unplug the console line when the firewall starts, or it will enter a TFTP transfer image mode.) ）

4. The factory default username and password is netscreen,ether1 IP is 192.168.1.1, the IP address of the notebook set a 192.168.1.0/24 network segment of the IP, with a network cable connected to the Ether1, you can access the browser.

6. The NetScreen interface can operate in three different modes: Network address translation (NAT), routing, and transparency. If the interface bound to the 3rd layer (OSI model) segment has an IP address, you can define a NAT or route operation mode for that interface. Interfaces bound to layer 2nd sections (such as predefined v1-trust, V1-untrust, and V1-DMZ, or user-defined 2nd segments) must be in transparent mode. Select the operating mode when configuring the interface. Vsys cannot be in "transparent" mode. ”

8. The first time to see NetScreen interface mode must be a little overwhelmed (at least I am dull, so reaction), in fact, if you understand that there are several models are easy to understand. Because the transparent bridge is working in the second layer, so it is certainly the layer2 aspect, namely V1-trust,v1-untrust, V1-DMZ this kind of (because after choosing the good pattern in NetScreen's interface can see Ineteface's type attribute writes " Layer2 ",:-))

10. It's easy to configure after you understand it. I chose Ether7 as the WAN connection, Ether8 connected to the LAN (there is already a NAT device inside the LAN, so I used NetScreen to do the bridge). Ether7 is connected to the outside network, which is of course a non-trusted area, Ether7->v1-untrust;ether8 is connected to the intranet, Ether8->v1-trust. No IP is set.

12. In order to be able to log in to the firewall in the intranet, "network", "zones", "V1-trust", tick "Web UI", "Telnet", "ping" the few (according to their own needs to tick on it). NetScreen is a more peculiar thing is vlan1 (for me is a strange stuff, used to certainly not feel); I thought it was a VLAN in extreme, 802.1Q protocol is built by the virtual network, but did not see the 802.1q tag settings, also did not see a real port in. Later only to know that the original is a virtual east (understanding is not very clear), we set the IP on the vlan1, and then check the "Web UI" and other permissions, so you can use this IP login firewall (not corresponding to a physical port).

14. Finally let's allow the port to communicate, the firewall rules are-not explicitly allowed is forbidden-so we have to set rules to let V1-trust and V1-untrust data can be released. "Polices", "from V1-trust to V1-untrust", select Permit (default is any), from V1-untrust to V1-trust, select Permit.
    Finish, connect the Ether7 and Ether8 cable test effect bar.

16. Of course, the firewall such a pass-through rule is useless, so I in "screening", "screen", for the v1-untrust tick on some of the options to prevent attack, now intercept some data, but also play a role, if really to play a role , the key is to have the choice to make the release rules, otherwise the firewall is just a hub, no role.
    

This article is from the "ZHANGZHG" blog, make sure to keep this source http://zhangzhg.blog.51cto.com/2851373/1606201

Juniper netscreen Password Recovery