NetScreen Technologies NetScreen-10 Series Assembly instructions
1(76&5((1
,QVWDOOHU·V*XLGH
9HUVLRQ 31 5HY$
LL 1HW6FUHHQ
Copyright Notice
Copyright © 2000-2001 NetScreen Technologies, Inc.
All rights reserved. Printed in USA.
NetScreen, the NetScreen logo, NetScreen-5, NetScreen-10,
and NetScreen-100 are registered trademarks or trademarks
of NetScreen Technologies, Inc.
Netscape Communicator is a registered trademark of
Netscape in the United States and/or other countries.
Microsoft, Windows and Windows NT are registered
trademarks of Microsoft Corporation in the U.S.A. and/or
other countries. Hyperterminal is a registered trademarks of
Hilgaeve Corporation. All other brands and their products
mentioned in this document are trademarks or registered
trademarks of their respective owners.
The specifications regarding the products in this manual are
subject to change without notice. All statements,
information, and recommendations in this manual are
believed to be accurate but are presented without warranty
of any kind, express or implied. Users must take full
responsibility for their application of any products. This
document may only be used or copied in accordance with the
terms of such license.
NetScreen Technologies, Inc.
350 Oakmead Parkway
Sunnyvale, CA 94085 U.S.A.
www.netscreen.com
FCC Statement
This equipment has been tested and found to comply with
the limits for a Class A digital device, pursuant to part 15 of
the FCC rules. These limits are designed to provide
reasonable protection against harmful interference in a light
commercial installation. This equipment generates, uses and
can radiate radio frequency energy, and, if not installed and
used in accordance with the instruction, may cause harmful
interference to radio communications. However, there is no
guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful
interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is
encouraged to try to correct the interference by one or more
of the following measures:
•Reorient or relocate the receiving antenna.
•Increase the separation between the equipment and
receiver.
•Consult the dealer or an experienced radio/TV techni-
cian for help.
•Connect the equipment to an outlet on a circuit differ-
ent from that to which the receiver is connected.
Caution: Changes or modifications to this product could
void the user's warranty and authority to operate this device.
Product License Agreement
PLEASE READ THIS LICENSE AGREEMENT
(“AGREEMENTS”) CAREFULLY BEFORE USING THIS
PRODUCT. BY INSTALLING AND OPERATING, YOU
INDICATE YOUR ACCEPTANCE OF THE TERMS OF
THIS LEGAL AND BINDING AGREEMENT AND ARE
CONSENTING TO BE BOUND BY AND ARE BECOMING
A PART TO THIS AGREEMENT. IF YOU DO NOT AGREE
TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT
START THE INSTALLATION PROCESS.
1. License Grant. This is a license, not a sales agreement,
between you, the end user, and NetScreen Technologies, Inc.
(“NetScreen”). The term “Firmware” includes all NetScreen
and third party Firmware and software provided to you with
the NetScreen product, and includes any accompanying
documentation, any updates and enhancements of the
Firmware and software provided to you by NetScreen, at its
option. NetScreen grants to you a non-transferable (except as
provided in section 3 (“Transfer”) below, non-exclusive
license to use the Firmware and software in accordance with
the terms set forth in this License Agreement. The Firmware
and software are “in use” on the product when they are
loaded into temporary memory (i.e. RAM).
2. Limitation on Use. You may not attempt and if you are a
corporation, you will use best efforts to prevent your
employees and contractors from attempting to, (a) modify,
translate, reverse engineer decompile, disassemble, create,
derivative works based on, sublicense, or distribute the
Firmware or the accompanying documentation; (b) rent or
lease any rights in the Firmware or software or
accompanying documentation in any form to any person; or
(c) remove any proprietary notice, labels, or marks on the
Firmware, software, documentation, and containers.
3. Transfer. You may transfer (not rent or lease) the
Firmware or software to the end user on a permanent basis,
provided that: (i) the end user receives a copy of this
Agreement and agrees in writing to be bound by its terms
and conditions, and (ii) you at all times comply with all
applicable United States export control laws and regulations.
4. Proprietary Rights. All rights, title, interest, and all
copyrights to the Firmware, software, documentation, and
any copy made by you remain with NetScreen. You
acknowledge that no title to the intellectual property in the
Firmware and software is transferred to you and you will not
acquire any rights to the Firmware except for the license as
expressly set forth herein.
5. Term and Termination. The term of the license is for the
duration of NetScreen's copyright in the Firmware and
software. NetScreen may terminate this Agreement
immediately without notice if you breach or fail to comply
with any of the terms and conditions of this Agreement. You
agree that, upon such termination, you will either destroy all
copies of the documentation or return all materials to
NetScreen. The provisions of this Agreement, other than the
license granted in Section 1 (“License Grant”) shall survive
termination.
3URGXFW/LFHQVH$JUHHPHQW
,QVWDOOHU·V*XLGH LLL
6. Limited Warranty. For a period of one (1) year after
delivery to Customer, NetScreen will repair or replace any
defective product shipped to Customer, provided it is
returned to NetScreen at Customer’s expense within that
period. For a period of ninety (90) days after the initial
delivery of a particular product, NetScreen warrants to
Customer that such product will substantially conform with
NetScreen’s published specifications for that product if
properly used in accordance with the procedures described in
documentation supplied by NetScreen. NetScreen’s exclusive
obligation with respect to non-conforming product shall be,
at NetScreen’s option, to replace the product or use diligent
efforts to provide Customer with a correction of the defect, or
to refund to customer the purchase price paid for the unit.
Defects in the product will be reported to NetScreen in a
form and with supporting information reasonably requested
by NetScreen to enable it to verify, diagnose, and correct the
defect. For returned product, the customer shall notify
NetScreen of any nonconforming product during the
warranty period, obtain a return authorization for the
nonconforming product, from NetScreen, and return the
nonconforming product to NetScreen’s factory of origin with
a statement describing the nonconformance.
NOTWITHSTANDING ANYTHING HEREIN TO THE
CONTRARY, THE FOREGOING IS CUSTOMER’S SOLE
AND EXCLUSIVE REMEDY FOR BREACH OF
WARRANTY BY NETSCREEN WITH RESPECT TO THE
PRODUCT.
The warranties set forth above shall not apply to any
Product or Hardware which has been modified, repaired or
altered, except by NetScreen, or which has not been
maintained in accordance with any handling or operating
instructions supplied by NetScreen, or which has been
subjected to unusual physical or electrical stress, misuse,
abuse, negligence or accidents.
THE FOREGOING WARRANTIES ARE THE SOLE AND
EXCLUSIVE WARRANTIES EXPRESS OR IMPLIED
GIVEN BY NETSCREEN IN CONNECTION WITH THE
PRODUCT AND HARDWARE, AND NETSCREEN
DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING
IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF THIRD PARTY RIGHTS.
NETSCREEN DOES NOT PROMISE THAT THE
PRODUCT IS ERROR-FREE OR WILL OPERATE
WITHOUT INTERRUPTION.
7. Limitation of Liability. IN NO EVENT SHALL
NETSCREEN OR ITS LICENSORS BE LIABLE UNDER
ANY THEORY FOR ANY INDIRECT, INCIDENTAL,
COLLATERAL, EXEMPLARY, CONSEQUENTIAL OR
SPECIAL DAMAGES OR LOSSES SUFFERED BY YOU OR
ANY THIRD PARTY, INCLUDING WITHOUT
LIMITATION LOSS OF USE, PROFITS, GOODWILL,
SAVINGS, LOSS OF DATA, DATA FILES OR PROGRAMS
THAT MAY HAVE BEEN STORED BY ANY USER OF THE
FIRMWARE. IN NO EVENT WILL NETSCREEN'S OR ITS
LICENSORS' AGGREGATE LIABILITY CLAIM BY YOU,
OR ANYONE CLAIMING THROUGH OR ON BEHALF OF
YOU, EXCEED THE ACTUAL AMOUNT PAID BY YOU TO
NETSCREEN FOR FIRMWARE.
Some jurisdictions do not allow the exclusions and
limitations of incidental, consequential or special damages,
so the above exclusions and limitations may not apply to you.
8. Export Law Assurance. You understand that the
Firmware is subject to export control laws and regulations.
YOU MAY NOT DOWNLOAD OR OTHERWISE EXPORT
OR RE-EXPORT THE FIRMWARE OR ANY UNDERLYING
INFORMATION OR TECHNOLOGY EXCEPT IN FULL
COMPLIANCE WITH ALL UNITED STATES AND OTHER
APPLICABLE LAWS AND REGULATIONS.
9. U.S. Government Restricted Rights. If this Product is
being acquired by the U.S. Government, the Product and
related documentation is commercial computer Product and
documentation developed exclusively at private expense, and
(a) if acquired by or on behalf of civilian agency, shall be
subject to the terms of this computer Firmware, and (b) if
acquired by or on behalf of units of the Department of
Defense (“DoD”) shall be subject to terms of this commercial
computer Firmware license Supplement and its successors.
10. Tax Liability. You agree to be responsible for the
payment of any sales or use taxes imposed at any time
whatsoever on this transaction.
11. General. If any provisions of this Agreement are held
invalid, the remainder shall continue in full force and effect.
The laws of the State of California, excluding the application
of its conflicts of law rules shall govern this License
Agreement. This Agreement will not be governed by the
United Nations Convention on the Contracts for the
International Sale of Goods. This Agreement is the entire
agreement between the parties as to the subject matter
hereof and supersedes any other Technologies,
advertisements, or understandings with respect to the
Firmware and documentation. This Agreement may not be
modified or altered, except by written amendment, which
expressly refers to this Agreement and which, is duly
executed by both parties.
You acknowledge that you have read this Agreement,
understand it, and agree to be bound by its terms and
conditions.
Hardware, including technical data, is subject to U.S. export
laws, including the U.S. Export Administration Act and its
associated regulations, and may be subject to export or
import regulations in other countries. Customer agrees to
comply strictly with all such regulations and acknowledges
that it has the responsibility to obtain licensed to export, re-
export, or import hardware.
LY 1HW6FUHHQ
,QVWDOOHU·V*XLGH Y
7DEOHRI&RQWHQWV
:KR6KRXOG5HDGWKLV0DQXDO" YLL
0DQXDO2UJDQL]DWLRQ YLL
5HODWHG3XEOLFDWLRQV YLLL
&KDSWHU DUGZDUHDQG6RIWZDUH'HVFULSWLRQ
DUGZDUH'HVFULSWLRQ
*HQHUDO/D\RXWRIWKH1HW6FUHHQ$GPLQLVWUDWLRQ7RROV
&KDSWHU&RQQHFWLQJWKH1HW6FUHHQWRWKH1HWZRUN
*DWKHULQJWKH1HFHVVDU\7RROV
&RQQHFWLQJWKH1HW6FUHHQWR1HWZRUNVDQG'HYLFHV
&KDSWHU&RQILJXULQJWKH1HW6FUHHQIRUWKH)LUVW7LPH
8VLQJWKH:HE8,
0DNLQJD&RQQHFWLRQ
6HWWLQJWKH6\VWHP,3$GGUHVV
/RJJLQJ2Q
$OORZLQJ2XWERXQG7UDIILF
&KDQJLQJWKH$GPLQLVWUDWRU/RJLQ1DPHDQG3DVVZRUG
7HVWLQJWKH&RQILJXUDWLRQ
8VLQJWKH&/,
0DNLQJD&RQQHFWLRQ
&RQQHFWLQJYLDWKH&RQVROH3RUW
&RQQHFWLQJYLD7HOQHW
/RJJLQJ2Q
6HWWLQJWKH6\VWHP,3$GGUHVV
&KDQJLQJWKH$GPLQLVWUDWRU/RJLQ1DPHDQG3DVVZRUG
7HVWLQJWKH&RQILJXUDWLRQ
,QWHUIDFH6HWWLQJVDQG2SHUDWLRQDO0RGHV
7UDQVSDUHQW0RGH
,QWHUIDFH6HWWLQJV
1HWZRUN$GGUHVV7UDQVODWLRQ0RGH
,QWHUIDFH6HWWLQJV
5RXWH0RGH
,QWHUIDFH6HWWLQJV
$SSHQGL[$6DIHW\5HFRPPHQGDWLRQVDQG:DUQLQJV $
6DIHW\:DUQLQJV $
YL 1HW6FUHHQ
,QVWDOODWLRQ:DUQLQJ $
3RZHU'LVFRQQHFWLRQ:DUQLQJ $
1R8VHU6HUYLFHDEOH3DUWV:DUQLQJ $
&LUFXLW%UHDNHU$:DUQLQJ $
6(/9&LUFXLW:DUQLQJ $
/LJKWQLQJ$FWLYLW\:DUQLQJ $
/LWKLXP%DWWHU\:DUQLQJ $
3URGXFW'LVSRVDO:DUQLQJ $
*HQHUDO6LWH5HTXLUHPHQWV $
2QVLWH3UHFDXWLRQV $
(TXLSPHQW5DFN0RXQWLQJ*XLGHOLQHV $
&RPSOLDQFH6SHFLILFDWLRQV $
,QGH[ ,;
YLL
3UHIDFH
The NetScreen-10™and NetScreen-100™are network security devices that protect
your Ethernet local area network (LAN) when connecting to the Internet. Using a
NetScreen-10/100 firewall, you can configure access policies that control inbound
and outbound network and VPN traffic.
0$18$/25*$1,=$7,21
This manual has 3 chapters and one appendix.
Chapter 1, “Hardware and Software Description”, describes the NetScreen®
device. It explains the functions of the status LEDs, identifies the device interface
ports, and provides a key to the layout of the NetScreen Administrative Web user
interface (WebUI).
Chapter 2, “Connecting the NetScreen-10/100 to the Network”, explains how to
connect the NetScreen-10/100 device to a network. It includes diagrams that show
the typical placement of the NetScreen device between your network and the
Internet, and a summary of the tools and information you need before connecting
the device.
Chapter 3, “Configuring the NetScreen-10/100 for the First Time”explains how to
configure the basic functions of the NetScreen-10/100, and details the method for
ensuring that your device is working correctly on the network.
“Appendix A: Safety Recommendations and Warnings”provides general site
requirements as well as safety warnings and general cautions when using the
NetScreen-10/100 device.
5(/$7('38%/,&$7,216
The following technical publication ships with the NetScreen-100 device:
NetScreen-100 Getting Started Guide
(P/N 093-0019-000 Rev B)
The following publication ships with the NetScreen-10 device:
NetScreen-10 Getting Started Guide
(P/N 093-0018-000 Rev B)
The following publications are included on the product CD for both devices:
3UHIDFH
YLLL 1HW6FUHHQ
NetScreen CLI Reference Guide
(P/N 093-0011-000, Revision C)
NetScreen WebUI Reference Guide
(P/N 093-0040-000, Revision A)
NetScreen Concepts & Examples ScreenOS Reference Guide
(P/N 093-0039-000, Revision A)
,QVWDOOHU·V*XLGH
&KDSW HU
DUGZDUHDQG6RIWZDUH
'HVFULSWLRQ
This chapter provides illustrations and descriptions of the
NetScreen-10/100 front and back panels and an introduction to the Web user
interface (WebUI).
DUGZDUH'HVFULSWLRQ
Before you install your NetScreendevice, you should unpack it onsite and verify
the contents against the packing slip.
A front view of the NetScreen-10/100 is shown below. The label on the left side
indicates the model name: NetScreen-10 or NetScreen-100.
Figure 1-1 Front Panel of the NetScreen-10/100
•PowerLED: glows solid green when power is supplied to the NetScreen-10/
100.
•StatusLED: glows solid green when the NetScreen-10/100 is first powered
up and the unit first performs diagnostics. Then the unit goes into a startup
phase, which takes up to one minute to complete. During startup, the LED
blinks orange, after which the LED blinks green. If an error is detected, then
the LED illuminates red. The LED changes to yellow whenever the unit
writes to the internal flash card.
• PCMCIA Flash Card Slot: The NetScreen-10/100 supports a removable
PCMCIA PC Card ATA compatible flash card. Supported cards include the
SanDisk 96-MB and 20-MB CompactFlash. The NetScreen device
automatically detects the presence of a flash card and records the event log
to it.
&KDSWHU+DUGZDUHDQG6RIWZDUH'HVFULSWLRQ
1HW6FUHHQ
•Console Port: DB25 serial port connector for local configuration and
administration.
•Trusted Port: Connect the NetScreen-10/100 using a twisted pair cable
with RJ45 connectors. The trusted port is a data circuit-terminating
equipment (DCE) port. See the following chapter for cabling guidelines.
•DMZ Port: Connect the NetScreen-10/100 using a twisted pair cable with
RJ45 connectors. The DMZ port is a DCE port. See Chapter 2 for cabling
guidelines.
•Untrusted Port: Connect the NetScreen-10/100 using a twisted pair cable
with RJ45 connectors. The untrusted port is a data terminal equipment
(DTE) port. See the following chapter for cabling guidelines.
•Trusted, DMZ, and Untrusted Ethernet LEDs: Each Ethernet port has
two link lights, or LEDs. The right LED indicates if the link is up (connected
to an active device) and the left LED indicates network traffic activity. These
LEDs differ for the NetScreen-10 and NetScreen-100. See Figure 1-2.
Figure 1-2 Ethernet LEDs
+DUGZDUH'HVFULSWLRQ
,QVWDOOHU·V*XLGH
The back panel of the NetScreen-10/100 is shown in Figure 1-3.
Figure 1-3 Back Panel of the NetScreen-10/100
•Product Label: The model number is either NS-10xor NS-100x, wherex=a,
e, or f.
•Power Outlet: Use the outlet to connect power to the NetScreen-10/100
with the supplied power cable.
•On/Off Switch: Turns the power to the NetScreen-10/100 on or off.
Table 1-1NetScreen-10/100 Model Numbers
Model Type Functionality
aFirewall & VPN (3DES & DES)
eFirewall & VPN (DES)
fFirewall
Note: Certain export restrictions apply to international customers. Check with
your sales representative.
Caution
Make sure you have read “Appendix A: Safety Recommendations and Warnings”
before you begin installation.
&KDSWHU+DUGZDUHDQG6RIWZDUH'HVFULSWLRQ
1HW6FUHHQ
*(1(5$//$<2872)7 (1(76&5((1$'0,1,675$7,21722/6
The Web Administration Tools page consists of two main sections: the menu
column and the central display area:
•Figure 1-4 shows the NetScreen-10/100 menu column and explains the
features found under each button. The menu column consists of four
functional categories: System, Network, Lists, and Monitor, each of which
contains further sub-functions, represented by tabs on the screen. During
configuration, you first select a main functional category, then choose the
various utilities offered within each sub-category.
Figure 1-4 The NetScreen-10/100 Menu Column
*HQHUDO/D\RXWRIWKH1HW6FUHHQ$GPLQLVWUDWLRQ7RROV
,QVWDOOHU·V*XLGH
•A central display area, shown in Figure 1-5, lists the information for each of
the menu items above, in either a tabular or graphical format. These
displays generally contain links to other related screens through links such
as New Entry, New Policy, New Manual Key User, and so forth.
Figure 1-5 Central Display Area
&KDSWHU+DUGZDUHDQG6RIWZDUH'HVFULSWLRQ
1HW6FUHHQ
,QVWDOOHU·V*XLGH
&KDSW HU
&RQQHFWLQJWKH
1HW6FUHHQ
WRWKH1HWZRUN
Follow the instructions in this chapter to connect the NetScreen-10/100 device to
the network and to configure the software for the first time. For further
configuration options, see the NetScreen Concepts & Examples ScreenOS
Reference guide, on the product CD.
This chapter contains the following sections:
•Gathering the Necessary Tools
•Connecting the NetScreen-10/100 to Networks and Devices
*$7 (5,1*7 (1(&(66$5<722/6
The chassis can be placed on a table top or mounted in a standard 19-inch
equipment rack. Table top installation requires no tools. Rack mounting requires
a Phillips-head screwdriver, the rack mount bracket kit, and four screws to match
the rack. Users will have to supply screws to match rack thread size.
Table 2-1 Typical NetScreen-10/100 Cable Connections.
If all cables are connected correctly, the link light for each connection illuminates.
Caution
Make sure you have read “Appendix A: Safety Recommendations and Warnings”,
before you begin this chapter.
For a Device Connected to: Untrusted Port (DTE)*Trusted Port (DCE)
Workstation (DTE) crossover straight-through
Switch/Hub (DCE) straight-through crossover
Router§(DTE) crossover straight-through
*An Untrusted Ethernet port is not technically a DTE but for cabling purposes, should be
treated as such.
§Routers with uplink ports may behave in reverse.
&KDSWHU&RQQHFWLQJWKH1HW6FUHHQWRWKH1HWZRUN
1HW6FUHHQ
&211(&7,1*7 (1(76&5((1721(7:25.6$1''(9,&(6
Note that if you are configuring multiple NetScreen-10/100 devices, you should
install and configure them one at a time. Otherwise, because they all share the
same default IP address (192.168.1.1), you might run into IP address conflicts.
Figure 2-1 Front View of the NetScreen-10/100
Figure 2-2 Back View of the NetScreen-10/100
To set up the NetScreen-10/100 network connections, follow these steps:
1. Install the NetScreen-10/100 in a rack (optional) or on a level surface.
2. Make sure that the power connection to the NetScreen-10/100 is turned off;
that is, that “0”is pressed.
3. Connect the power cable provided in the product package, from the
NetScreen-10/100 power outlet to the power supply.
4. Connect the NetScreen-10/100 to the network as shown in one of the
examples beginning on page 2-3.1
1. Check your router, hub, or computer documentation to determine if you must reconfigure the
device or if you must switch off the power supply when connecting new equipment to the LAN.
&RQQHFWLQJWKH1HW6FUHHQWR1HWZRUNVDQG'HYLFHV
,QVWDOOHU·V*XLGH
5. Turn on the NetScreen-10/100 and any other network devices that you had
turned off.
6. If all cables are connected correctly, the link light for each connection
illuminates.
Figure 2-3 Sample Configuration with a Router Connected to the Untrusted Port, Local
Area Network (LAN) Connected to the Trusted Port
7. To use the DMZ interface, use a crossover cable to connect the DMZ port on
the NetScreen-10/100 to the switch linking the machines using the DMZ
interface. See Figure 2-4 “Sample Configuration Using DMZ Port”on page
2-4 for an example of this configuration.
7UXVWHGSRUW
'0=SRUW
7UXVWHG
SRUW
FURVVRYHU
FDEOH
&KDSWHU&RQQHFWLQJWKH1HW6FUHHQWRWKH1HWZRUN
1HW6FUHHQ
Figure 2-4 Sample Configuration Using DMZ Port
&RQQHFWLQJWKH1HW6FUHHQWR1HWZRUNVDQG'HYLFHV
,QVWDOOHU·V*XLGH
Figure 2-5 Sample Configuration in a redundant group
for High Availability (NetScreen-100 only)
Note: You may have to supply additional cables, depending on your particular
configuration. A straight-through cable is a 10/BaseT unshielded twisted pair
(UTP) and is usually white. A crossover cable is a 10/BaseT UTP and is usually
orange.
A DTE (Data Terminal Equipment) device cannot connect to a DTE port without
a crossover cable. Conversely, a DCE (Data Communications Equipment) device
cannot connect to a DCE port without a crossover cable.
&KDSWHU&RQQHFWLQJWKH1HW6FUHHQWRWKH1HWZRUN
1HW6FUHHQ
This manual suits for next models
1
Table of contents
Other NetScreen Technologies Firewall manuals
Popular Firewall manuals by other brands
Barracuda Networks
Barracuda Networks Spam Firewall Outbound quick start guide
H3C
H3C H3C SecPath F1800-A Operation manual
NETGEAR
NETGEAR ProSAFE SRX5308 datasheet
Fortinet
Fortinet FortiGate 3810A-LENC quick start guide
D-Link
D-Link DFL-200 - Security Appliance user manual
Draytek
Draytek Vigor2860 Series user manual