Simple configuration of NetScreen firewall

1, enter the character configuration interface:

With a random console line, a computer serial port, a E1 port, on the computer to open the Super Terminal configuration, username, password are netscreen.

2, enter the Web configuration interface:

Using a crossover cable to connect the E1 and the computer's network card, change the computer IP to 192.168.1.2 (the same network segment as the E1 port). Open IE Browser input http:/192.168.1.11 (192.168.1.11 for E1 port management IP), username, password is netscreen.

3. Configure Port IP and manage IP:

E1: Internal network port

Port IP192.168.1.20 and Management IP192.168.1.11

Change to Local intranet IP address, E1 port IP to Local intranet gateway, manage IP to manage NetScreen firewall in intranet.

E3: External Network port

Port IP192.168.42.66 and Management IP192.168.42.68

Changed to the IP address assigned by local telecommunications, the E3 management IP is used by the extranet manager to configure and manage the NetScreen firewall on the Internet.

4, configuration from the intranet to the external network NAT:

Configure NAT on the E3 port to convert the intranet address to the public IP address assigned by the local telecommunications network to access Internet information.

1. Network > Interfaces > Edit (for Ethernet1): Enter the following, and then click OK:

Zone Name:trust

IP address/netmask:172.16.40.11/24 (Local intranet gateway IP)

2. Network > Interfaces > Edit (for Ethernet3): Enter the following, and then click OK:

Zone Name:untrust

IP address/netmask:215.3.4.11/24 (IP address assigned by local telecommunications).

3. Network > Interfaces > Edit (for Ethernet3) > DIP > New: Enter the following, and then click OK:

Id:6

IP Address Range

start:215.3.4.12 (IP address assigned by local telecommunications)

END:215.3.4.210 (IP address assigned by local telecom, this is an address pool, can be large and small)

Port translation:enable

4. Policies > (from:untrust, To:trust) > New: Enter the following content,

And then click OK:

Source Address:

Address Book: (select), any

Destination Address:

Address Book: (select), any

Service:any

Action:permit

> Advanced: Enter the following, and then click Return to set the advanced options and back to the basic Configuration page:

Nat:on

DIP on: (Selection), 6 (215.3.4.12–215.3.4.210): The address pool set up in the previous step.

　　
5, configuration from the external network to the intranet VIP:

In the E3 port configuration VIP, can be an extranet IP and port number corresponding to an intranet IP. This method can be a Web server, mail server or other services into the intranet, and from the extranet only see a public network IP, increase security.