现在的位置: 首页 > 综合 > 正文

Juniper NetScreen firewall newcomers Guide

2012年04月14日 综合 ⁄ 共 4932字 ⁄ 字号 暂无评论

NetScreen Firewall support a variety of management: management of WEB, CLI ( Telnet ) management, due to the general debugging work, we are the most commonly used is the front two. ( ScreenOS 4)

First of all, the use of CONSOLE port configuration

1the distribution line is inserted in the firewall CONSOLE port, the other end of the line is inserted in a conversion plug inserted in the PC serial port.

2open WINDOWS attachment - the" communication -" super terminal, selection of inserted CONSOLE line serial connection. ( set serial port properties:9600-8- no - hardware )

3 of the prompt input account password is set into the command line interface. ( the default account password: Netscreen; Netscreen )

4enter the Netscreen command line interface

Web connection settings

1set interface IP;

If all interfaces are not configured IP ( Netscreen device initialization settings), need to set up a IP port, for connecting to web management interface, here setting trust port; in command line mode input:

Ns5XT > set int trust IP < A.B.C.D / E >

Command : A.B.C.D IP address, usually set to a network address, E for IP address mask bits, usually set to 24.

At this time through the get interface command can see port state information ( similar to CISCO SHOW interface command )

2boot interface web management function;

Ns5XT > set int trust manage web

3 through PC and firewall interbank network, via the browser's web interface for specific function set

Set up for NS-5, NS-10, NS-100 firewall, PC and trust, DMZ mouth adopts a straight-through cable connection, PC and untrust port are connected by cross line. For NS-25, NS-200 and above PC and firewall products, all ports are connected with a straight-through cable.

Note: the PC IP address of network card set and firewall ports management IP the same lan;

Open the IE browser, type of firewall management IP, open the login screen; firewall settings:

1set access timeout:

Web:

In Web Configuration > Admin > Management Enabel Web Management Idle Timeout filled with access timeout minutes, and in front of the tick.

CLI:

NS5XT > set admin auth timeout < minute >

Administrative permissions for 2.Netscreen:

Set super administrator ( Root )

WEB:

Go to Configuration > Admin > Administrators, where you can manage all of the administrator.

CLI:

NS5XT > set admin name < login name >

NS5XT > set admin password < password >

Add a local administrator

WEB:

Click the New link, open the configuration page. Enter the administrator login and password, the specified permission ( optional ALL or Read_ONLY, ALL said the administrator has to change the configuration of the authority, READ_ONLY said the administrator can view configuration, have no right to change ).

CLI:

NS5XT > set admin user < login name > password < password > privilege < all | read-only

3 set DNS

Web:

Open the Network > DNS page, Host Name can be configured ( host name ), Domain Name ( domain name ), Primary DNS Server ( domain name server ), Second DNS Server ( vice is the name server ), and DNS daily update time. Press Apply button configuration after the implementation of.

CLI:

NS5XT > set hostname < HostName >

NS5XT > SET domain < DominName >

NS5XT > set DNS host < dns1dns2> < a.b.c.d > |

4 set Zone ( safety )

Web:

Open the Network > Zones page, can be configured to already exists in the Netscreen equipment of all Zone ( not all of the Zone can be configured, there are many default Zone is not allowed in the Configure configuration, will not appear in the Edit ). Press New button to add a new Zone.

CLI:

NS5XT > set zone < zone name > vrouter < vrouter name >

5 set Interface ( Interface )

WEB:

Open the Network > Interfaces, select configuration interface corresponding to the attribute page ( with four optional interface Trust, Untrust, DMZ and Tunnel, where Trust, Untrust and DMZ physical interface, Tunnel interface as a logical interface, used for VPN. For ns-5series of firewall, no DMZ ports).

Click on the corresponding interface of Configure columns in the Edit link, open interface configuration. ( for different modes of Interface, enter the configuration will be different, here NAT model as an example, transparent mode will be less configuration .)

Zone Name: setting of subordinate security region;

IP Address / Netmask: set interface IP and mask;

Manage IP: setting the interface management with IP, the IP must interface with IP are in the same network segment, if the system IP is set to0..0.0.0, the Manage IP as the default interface IP.

Interface Mode: set interface mode, only with the trust interface. You can select NAT mode or Route mode. When the trust interface in the NAT mode, any access to the interface of the packet will be forced to do address conversion. When the interface is working in Route mode, the firewall default working with a router, if the firewall policy based NAT function, please insert the trust interface set into this mode.

Management Services: telnet web, select or clear the check box, SNMP can enable or disable the interface corresponding management function. Such as the removal of Web check box, and then click the Save button, the interface management of web is turned off, the user cannot pass through the interface management of IP into web management interface, and the interface of the all web management connection will be lost.

After the completion of installation and click the Apply button record set.

CLI IP:: set interface

NS5XT > set interface < trust untrust DMZ > IP | | < a.b.c.d > < netmask >

Set interface:

NS5XT > set interface < trust untrust DMZ > gateway | | < a.b.c.d >

Boot interface management function:

NS5XT > set interface < trust untrust DMZ > manage | | < web telnet SNMP SSL | | | ... >

Close the interface management function:

NS5XT > unset interface < trust untrust DMZ > manage | | < web telnet SNMP SSL | | | ... >

Set the Trust interface mode:

NS5XT > set interface trust < NAT route > |

The combination of CLI and WEB, we can easily be NS.

给我留言

留言无头像?