NetScreen Technologies NetScreen-25 Assembly instructions
1(76&5((1
,QVWDOOHU·V*XLGH
9HUVLRQ 31 5HY%
LL 1HW6FUHHQ
Copyright Notice
Copyright © 1998-2001 NetScreen Technologies, Inc.
NetScreen Technologies, Inc., the NetScreen logo,
NetScreen-5, NetScreen-5XP, NetScreen-10, NetScreen-25,
NetScreen-50, NetScreen-100, NetScreen-500, NetScreen-
1000, NetScreen-Global Manager, NetScreen-Global PRO,
NetScreen-Remote, GigaScreen ASIC, and NetScreen
ScreenOS are trademarks and NetScreen is a registered
trademark of NetScreen Technologies, Inc. All other
trademarks and registered trademarks are the property of
their respective companies.
NetScreen Technologies, Inc.
350 Oakmead Parkway
Sunnyvale, CA 95051 U.S.A.
www.netscreen.com
FCC Statement
This equipment has been tested and found to comply with
the limits for a Class A digital device, pursuant to part 15 of
the FCC rules. These limits are designed to provide
reasonable protection against harmful interference in a light
commercial installation. This equipment generates, uses and
can radiate radio frequency energy, and, if not installed and
used in accordance with the instruction, may cause harmful
interference to radio communications. However, there is no
guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful
interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is
encouraged to try to correct the interference by one or more
of the following measures:
•Reorient or relocate the receiving antenna.
•Increase the separation between the equipment
and receiver.
•Consult the dealer or an experienced radio/TV
technician for help.
•Connect the equipment to an outlet on a circuit
different from that to which the receiver is
connected.
Caution: Changes or modifications to this product could
void the user’s warranty and authority to operate this device.
Product License Agreement
PLEASE READ THIS LICENSE AGREEMENT
(“AGREEMENTS”) CAREFULLY BEFORE USING THIS
PRODUCT. BY INSTALLING AND OPERATING, YOU
INDICATE YOUR ACCEPTANCE OF THE TERMS OF
THIS LEGAL AND BINDING AGREEMENT AND ARE
CONSENTING TO BE BOUND BY AND ARE BECOMING
A PART TO THIS AGREEMENT. IF YOU DO NOT AGREE
TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT
START THE INSTALLATION PROCESS.
1. License Grant. This is a license, not a sales agreement,
between you, the end user, and NetScreen Technologies, Inc.
(“NetScreen”). The term “Firmware”includes all NetScreen
and third party Firmware and software provided to you with
the NetScreen product, and includes any accompanying
documentation, any updates and enhancements of the
Firmware and software provided to you by NetScreen, at its
option. NetScreen grants to you a non-transferable (except as
provided in section 3 (“Transfer”) below, non-exclusive
license to use the Firmware and software in accordance with
the terms set forth in this License Agreement. The Firmware
and software are “in use”on the product when they are
loaded into temporary memory (i.e. RAM).
2. Limitation on Use. You may not attempt and if you are a
corporation, you will use best efforts to prevent your
employees and contractors from attempting to, (a) modify,
translate, reverse engineer decompile, disassemble, create,
derivative works based on, sublicense, or distribute the
Firmware or the accompanying documentation; (b) rent or
lease any rights in the Firmware or software or
accompanying documentation in any form to any person; or
(c) remove any proprietary notice, labels, or marks on the
Firmware, software, documentation, and containers.
3. Transfer. You may transfer (not rent or lease) the
Firmware or software to the end user on a permanent basis,
provided that: (i) the end user receives a copy of this
Agreement and agrees in writing to be bound by its terms
and conditions, and (ii) you at all times comply with all
applicable United States export control laws and regulations.
4. Proprietary Rights. All rights, title, interest, and all
copyrights to the Firmware, software, documentation, and
any copy made by you remain with NetScreen. You
acknowledge that no title to the intellectual property in the
Firmware and software is transferred to you and you will not
acquire any rights to the Firmware except for the license as
expressly set forth herein.
5. Term and Termination. The term of the license is for the
duration of NetScreen's copyright in the Firmware and
software. NetScreen may terminate this Agreement
immediately without notice if you breach or fail to comply
with any of the terms and conditions of this Agreement. You
agree that, upon such termination, you will either destroy all
copies of the documentation or return all materials to
NetScreen. The provisions of this Agreement, other than the
license granted in Section 1 (“License Grant”) shall survive
termination.
6. Limited Hardware Warranty. Warranty Effectivity Date is
the date upon which the coverage period begins. The
Effectivity Date is the Customer’s product registration date
or 60 days from date of product shipment from NetScreen,
whichever comes first.
For a period of one (1) year from the warranty Effectivity
Date, NetScreen will repair or replace any defective product
shipped to Customer, provided it is returned to NetScreen at
Customer’s expense within that period.
NetScreen’s exclusive obligation with respect to non-
conforming product shall be, at NetScreen’s option, to
replace the product or use diligent efforts to provide
Customer with a correction of the defect, or to refund to
customer the purchase price paid for the unit. Defects in the
product will be reported to NetScreen in a form and with
supporting information reasonably requested by NetScreen
3URGXFW/LFHQVH$JUHHPHQW
,QVWDOOHU·V*XLGH LLL
to enable it to verify, diagnose, and correct the defect. For
returned product, the customer shall notify NetScreen of any
nonconforming product during the warranty period, obtain a
return authorization for the nonconforming product from
NetScreen, and return the nonconforming product to
NetScreen with a statement describing the nonconformance.
NOTWITHSTANDING ANYTHING HERIN TO THE
CONTRARY, THE FOREGOING IS CUSTOMER’S SOLE
AND EXCLUSIVE REMEDY FOR BREACH OF
WARRANTY BY NETSCREEN WITH RESPECT TO THE
PRODUCT.
The warranties set forth above shall not apply to any
Product or Hardware which has been modified, repaired or
altered, except by NetScreen, or which has not been
maintained in accordance with any handling or operating
instructions supplied by NetScreen, or which has been
subjected to unusual physical or electrical stress, misuse,
abuse, negligence or accidents.
THE FOREGOING WARRANTIES ARE THE SOLE AND
EXCLUSIVE WARRANTIES EXPRESS OR IMPLIED
GIVEN BY NETSCREEN IN CONNECTION WITH THE
PRODUCT AND HARDWARE, AND NETSCREEN
DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING
IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF THIRD PARTY RIGHTS.
NETSCREEN DOES NOT PROMISE THAT THE
PRODUCT IS ERROR-FREE OR WILL OPERATE
WITHOUT INTERRUPTION.
7. Limitation of Liability. IN NO EVENT SHALL
NETSCREEN OR ITS LICENSORS BE LIABLE UNDER
ANY THEORY FOR ANY INDIRECT, INCIDENTAL,
COLLATERAL, EXEMPLARY, CONSEQUENTIAL OR
SPECIAL DAMAGES OR LOSSES SUFFERED BY YOU OR
ANY THIRD PARTY, INCLUDING WITHOUT
LIMITATION LOSS OF USE, PROFITS, GOODWILL,
SAVINGS, LOSS OF DATA, DATA FILES OR PROGRAMS
THAT MAY HAVE BEEN STORED BY ANY USER OF THE
FIRMWARE. IN NO EVENT WILL NETSCREEN'S OR ITS
LICENSORS' AGGREGATE LIABILITY CLAIM BY YOU,
OR ANYONE CLAIMING THROUGH OR ON BEHALF OF
YOU, EXCEED THE ACTUAL AMOUNT PAID BY YOU TO
NETSCREEN FOR FIRMWARE.
Some jurisdictions do not allow the exclusions and
limitations of incidental, consequential or special damages,
so the above exclusions and limitations may not apply to you.
8. Export Law Assurance. You understand that the
Firmware is subject to export control laws and regulations.
YOU MAY NOT DOWNLOAD OR OTHERWISE EXPORT
OR RE-EXPORT THE FIRMWARE OR ANY UNDERLYING
INFORMATION OR TECHNOLOGY EXCEPT IN FULL
COMPLIANCE WITH ALL UNITED STATES AND OTHER
APPLICABLE LAWS AND REGULATIONS.
9. U.S. Government Restricted Rights. If this Product is
being acquired by the U.S. Government, the Product and
related documentation is commercial computer Product and
documentation developed exclusively at private expense, and
(a) if acquired by or on behalf of civilian agency, shall be
subject to the terms of this computer Firmware, and (b) if
acquired by or on behalf of units of the Department of
Defense (“DoD”) shall be subject to terms of this commercial
computer Firmware license Supplement and its successors.
10. Tax Liability. You agree to be responsible for the
payment of any sales or use taxes imposed at any time
whatsoever on this transaction.
11. General. If any provisions of this Agreement are held
invalid, the remainder shall continue in full force and effect.
The laws of the State of California, excluding the application
of its conflicts of law rules shall govern this License
Agreement. This Agreement will not be governed by the
United Nations Convention on the Contracts for the
International Sale of Goods. This Agreement is the entire
agreement between the parties as to the subject matter
hereof and supersedes any other Technologies,
advertisements, or understandings with respect to the
Firmware and documentation. This Agreement may not be
modified or altered, except by written amendment, which
expressly refers to this Agreement and which, is duly
executed by both parties.
You acknowledge that you have read this Agreement,
understand, it and agree to be bound by its terms and
conditions.
Hardware, including technical data, is subject to U.S. export
laws, including the U.S. Export Administration Act and its
associated regulations, and may be subject to export or
import regulations in other countries. Customer agrees to
comply strictly with all such regulations and acknowledges
that it has the responsibility to obtain licensed to export, re-
export, or import hardware.
,QVWDOOHU·V*XLGH Y
7DEOHRI&RQWHQWV
0DQXDO2UJDQL]DWLRQ YLL
*HQHUDO/D\RXWRIWKH1HW6FUHHQ HE8, YLLL
&RPPDQG/LQH,QWHUIDFH&/,6\QWD[ L[
5HODWHG3XEOLFDWLRQV [
&KDSWHU+DUGZDUH'HVFULSWLRQ
1HW6FUHHQ)XVH,QVWDOODWLRQDQG5HSODFHPHQW
&RQQHFWLRQ3LQ$VVLJQPHQWV
&KDSWHU&RQQHFWLQJWRWKH1HWZRUN
*DWKHULQJWKH1HFHVVDU\7RROV
&RQQHFWLQJWKH1HW6FUHHQDVD6LQJOH6HFXULW\$SSOLDQFH
6HULDO&DEOH$FFHVV
([WHUQDO0RGHP$FFHVV
&KDSWHU,QLWLDO&RQILJXUDWLRQ
&RQILJXULQJYLDWKH HE8,
0DNLQJD&RQQHFWLRQ
/RJJLQJ2QDQG6HWWLQJWKH6\VWHP,3$GGUHVV
6HWWLQJ,QWHUIDFH$GGUHVVHV
$OORZLQJ2XWERXQG7UDIILF
&KDQJLQJWKH$GPLQLVWUDWRU/RJLQ1DPHDQG3DVVZRUG
7HVWLQJWKH&RQILJXUDWLRQ
%DFNXS&RQILJXUDWLRQ6HWWLQJV
&RQILJXULQJYLDWKH&/,
0DNLQJD&RQQHFWLRQ
/RJJLQJ2QDQG6HWWLQJWKH6\VWHP,3$GGUHVV
6HWWLQJ,QWHUIDFH$GGUHVVHV
$OORZLQJ2XWERXQG7UDIILF
&KDQJLQJWKH$GPLQLVWUDWRU/RJLQ1DPHDQG3DVVZRUG
7HVWLQJWKH&RQILJXUDWLRQ
$VVHW5HFRYHU\
$SSHQGL[$6DIHW\5HFRPPHQGDWLRQVDQG DUQLQJV $
6DIHW\ DUQLQJV $
,QVWDOODWLRQ DUQLQJ $
3RZHU'LVFRQQHFWLRQ DUQLQJ $
1R8VHU6HUYLFHDEOH3DUWV DUQLQJ $
&LUFXLW%UHDNHU$ DUQLQJ $
YL 1HW6FUHHQ
6(/9&LUFXLW DUQLQJ $
/LJKWQLQJ$FWLYLW\ DUQLQJ $
/LWKLXP%DWWHU\ DUQLQJ $
3URGXFW'LVSRVDO DUQLQJ $
*HQHUDO6LWH5HTXLUHPHQWV $
2QVLWH3UHFDXWLRQV $
(TXLSPHQW5DFN0RXQWLQJ*XLGHOLQHV $
%60,/DEHOLQJ5HTXLUHPHQW $
,QGH[ ,;
,QVWDOOHU·V*XLGH YLL
3UHIDFH
The NetScreen-25™is a network security device which protects your local area
network (LAN) when connected to the Internet. Using a NetScreen-25 as a
firewall, you can configure access policies that control inbound and outbound
network traffic. With IPSec VPN tunnels, you can access distant private networks
over the public Internet safely and reliably.
0$18$/25*$1,=$7,21
This manual has three chapters and two appendices.
Chapter 1, “Hardware Description”,describes the NetScreen-25®device. It
explains the functions of the status LEDs, identifies the device interface ports,
and details the front and back panels of the device.
Chapter 2, “Connecting to the Network”,explains how to connect the
NetScreen-25 to the network as a standalone unit.
Chapter 3, “Initial Configuration”,explains how to configure the NetScreen-25
with a network using both the command line interface (CLI) and the web user
interface (WebUI).
Appendix A, “Safety Recommendations and Warnings”,provides general site
requirements as well as safety warnings and general cautions when using the
NetScreen-25 device.
3UHIDFH
YLLL 1HW6FUHHQ
*(1(5$//$<2872)7+(1(76&5((1 (%8,
The Web User Interface (WebUI) contains two main logical sections: the menu
column and the central display area.
•The menu column includes four main functional categories: System,
Network, Lists, and Monitor, each of which contains further sub-functions
represented by tabs in the central display area. During the configuration
process, you first must select a main functional category before choosing the
various utilities offered within each sub-category.
•The central display area displays the information for each of the categories
in the menu column, in either a tabular or graphical format. These pages
generally contain links to dialog boxes through links such as New Policy,
New Manual Key User, New Entry, Edit, and so forth.
The NetScreen-25 Central Display Area
Menu
column
Tab
categories
Links
,QVWDOOHU·V*XLGH L[
&200$1'/,1(,17(5)$&(&/,6<17$;
These guidelines apply to all NetScreen commands.
6\QWD[
•A parameter inside [ ] (square brackets) is optional.
•A parameter inside { } (braces) is required.
•Anything inside < > is a variable.
•If there is more than one choice for a parameter inside [ ] and { }, they are
separated by a pipe ( | ). For example, [auth {md5 | sha-1}] means
“choose either MD5 or SHA-1 as your authentication method.”
•IP addresses are represented by <a.b.c.d>, and <a.b.c.d>–<w.x.y.z> if a range
is being specified.
•A subnet mask is represented by <A.B.C.D>.
&RQYHQWLRQV
•To remove a single character, press BACKSPACE or CTRL+H.
•To remove an entire line, press CTRL+U.
•To traverse up to 16 lines forward in the command history buffer, press CTRL+F or the
DOWN ARROW key.
•To traverse up to 16 lines backward in the command history buffer, press
CTRL+B or the UP ARROW key.
•To see the next available keyword or input, and a brief description of usage,
type a question mark (?).
•The console times out and the connection is broken if no keyboard activity is
detected for 10 minutes.
Items you enter are into the system are in bold text.
For further explanation of NetScreen commands and their syntax, refer to the
NetScreen CLI Reference Guide, which is included on the product CD.
Note: To use the arrow keys for navigating among commands in a Telnet
session on Windows 95, 98, NT, or 2000: On the Terminal menu, click
Preferences…, select the VT100 Arrows check box, and click the OK button.
3UHIDFH
[1HW6FUHHQ
5(/$7('38%/,&$7,216
These technical publications ship with the NetScreen-25 device:
NetScreen-25 Installer’s Guide
NetScreen-25 Getting Started Guide
The following publications are included on the documentation CD:
NetScreen CLI Reference Guide
NetScreen WebUI Reference Guide
NetScreen Concepts & Examples ScreenOS Reference Guide
NetScreen Message Log Reference Guide
Note: To receive important news on product updates, please visit our Web site at
www.netscreen.com and register your product.
,QVWDOOHU·V*XLGH
&KDSW HU
+DUGZDUH'HVFULSWLRQ
This chapter provides illustrations and descriptions of the NetScreen-25 front and
back panels.
Figure 1-1 Front Panel of the NetScreen-25
A front view of the NetScreen-25 is shown above. The label on the left side
indicates the model name: NetScreen-25.
Figure 1-2 Condition LED Displays
These items are located on the front panel of the NetScreen-25:
•Power LED: Glows solid green during normal operation, and red in event of
an error.
•Status-1 LED: Glows solid green when a boot-up process is underway, and
blinks green during normal operation.
•Status-2 LED: Reserved for future use.
•Alarm LED: Glows red during a critical alarm and glows amber during a
major alarm (low memory or high CPU utilization).
Compact Flash
Card slot Untrusted
Port Reserved
Port
Trusted DMZ
Port
Asset recovery
pinhole Console
Port
Modem
Port Port
Condition
LEDs
Power LED
Alarm LED
Status-2 LED
Flash LED
Session LED
Status-1 LED
&KDSWHU+DUGZDUH'HVFULSWLRQ
1HW6FUHHQ
•Session LED: Glows orange when there is over 90% utilization of sessions,
and is dark during normal operation. The NetScreen-25 supports 4,000
concurrent sessions.
•Compact Flash LED: Glows a steady green when a card is plugged in with
no activity, and flashes green when there is activity. The LED is dark when
the card slot is empty.
•Configuration Reset Pinhole: When the user resets the device, the
NetScreen-25 will boot up using the original factory default configuration.
See Figure 1-1 on page 1-1. Any current existing configuration settings will
be lost, and the firewall and VPN service rendered inoperative. See “Backup
Configuration Settings”on page 3-13 for more information.
•Console Port: RJ-45 serial console port connector for local configuration
and administration. See Figure 1-1 on page 1-1.
•Modem Port: RJ-45 serial console port connector for local configuration and
administration. See Figure 1-1 on page 1-1.
•Compact Flash Card Slot: The NetScreen-25 supports SanDisk
CompactFlash™cards with a variety of memory capacities. NetScreen has
tested 96MB and 512MB cards. The NetScreen device automatically detects
the presence of a flash card and records the event log to it.
The CompactFlash™card is used for storage of system images, configuration
files, keys and logs shown in Figure 1-1 on page 1-1.
Warning
For complete security, operate the NetScreen-25 in a “locked room”
environment.
Note: For cabling guidelines and instructions, see Chapter 2, “Connecting to
the Network”.
Warning
The insertion and removal of the CompactFlash card must be performed
when the unit is powered off and disconnected from all power sources.
,QVWDOOHU·V*XLGH
•Ethernet Interface:
Trust Port: Port 1
Untrust Port: Port 2
DMZ Port: Port 3
Reserved Port: Port 4
Each Ethernet port is a 10/100 Auto Sensing Interface. The port has two link
lights, or LEDs, shown in Figure 1-3. The left LED indicates network traffic
activity and the right LED indicates if the link is up (connected to an active
device).
Figure 1-3 Ethernet LEDs
The back panel of the NetScreen-25 is shown in Figure 1-4.
Figure 1-4 Back Panel of the NetScreen-25
Note: Certain export restrictions apply to international customers. Check
with your sales representative.
Fuse CoverPower Switch
&KDSWHU+DUGZDUH'HVFULSWLRQ
1HW6FUHHQ
•Power Outlet: Use the outlet to connect power to the NetScreen-25 with the
supplied power cable.
AC Power Supply: Input Voltage: 90 to -264 VAC
Input Frequency: 47 to -63Hz
•On/Off Switch: Turns the power to the NetScreen-25 on or off.
1(76&5((1)86(,167$//$7,21$1'5(3/$&(0(17
1. To replace a failed fuse on the NetScreen-25 it is necessary to take the device
off-line, turn the power switch off and disconnect the power cable.
2. Using a screwdriver, separate the lid of the external fuse cover from the
surface of the power outlet, as shown in Figure 1-5.
Figure 1-5 Screwdriver Applied to NetScreen-25 Power Panel
3. Manually remove the fuse assembly from the NetScreen-25.
Caution
Make sure you have read the Appendix A, “Safety Recommendations and
Warnings”,before you begin installation.
&RQQHFWLRQ3LQ$VVLJQPHQWV
,QVWDOOHU·V*XLGH
4. To replace, enter the new fuse into the opening and slide in until the fuse
clicks into place. The replacement fuse must be a 2.5 amp slow-blow fuse
rated for 250 volts.
Figure 1-6 NetScreen-25 Fuse
5. Replace the power cable and turn the device power switch on.
&211(&7,213,1$66,*10(176
The below table displays the RJ-45 to DB-9 adapter connection definitions. Both
the console and the modem ports on the NetScreen-25 must use this configuration
in order to employ a standard UART port.
Table 1-1 DB9 to RJ45 connections
DB9 Signal Abbr. DTE DCE RJ45
1Data Carrier Detect DCD In Out NC
2Received Data RD In Out 3
3Transmitted Data TD Out In 6
4Data Terminal Ready DTR Out In 7
5Signal Ground SGND - - 4
6Data Set Ready DSR In Out 2
7Request To Send RTS Out In 8
8Clear To Send CTS In Out 1
9Ring Indicator RI In Out NC
&KDSWHU+DUGZDUH'HVFULSWLRQ
1HW6FUHHQ
,QVWDOOHU·V*XLGH
&KDSW HU
&RQQHFWLQJWRWKH1HWZRUN
Follow the instructions in this chapter to connect the NetScreen-25 device to the
network and to configure the software for the first time. For further configuration
options, see the NetScreen Concepts & Examples ScreenOS Reference Guide on the
product CD.
This chapter contains the following sections:
•“Gathering the Necessary Tools”on page 2-1.
•“Connecting the NetScreen-25 as a Single Security Appliance”on page 2-2.
*$7+(5,1*7+(1(&(66$5<722/6
The chassis can be placed on a table top or mounted in a standard 19-inch
equipment rack. Table top installation requires no tools. Rack mounting requires
a Phillips-head screwdriver, the rack mount bracket kit, and four screws to match
the rack. Mounting brackets and screws are provided in the NetScreen-25 product
package.
Caution
Make sure you have read Appendix A, Safety Recommendations and Warnings,
before you begin this chapter.
Note: The rack mount screws included in the product package may not fit your
rack. In this case, it is necessary that you supply screws to match the particular
rack thread size.
&KDSWHU&RQQHFWLQJWRWKH1HWZRUN
1HW6FUHHQ
&211(&7,1*7+(1(76&5((1$6$6,1*/(6(&85,7<$33/,$1&(
Note when configuring multiple NetScreen-25 devices, each NetScreen-25 may be
in default mode and will have a default IP address of 192.168.1.1. Putting two
more more NetScreen-25 devices on the same subnet in default mode will cause IP
address conflicts. To avoid this problem, install and configure each NetScreen-25
device separately before connecting them to the network.
To set up the NetScreen-25 network connections, follow these steps:
1. Install the NetScreen-25 in a rack (optional) or on a level surface.
2. Make sure that the power connection to the NetScreen-25 is turned off; that
is, that “0”is pressed.
3. Connect the power cable provided in the product package from the
NetScreen-25 power outlet to the power supply.
4. Connect the NetScreen-25 to the network as shown in one of the examples
beginning on page 2-31. See Table 2-2 for further information concerning the
NetScreen-25 cabling requirements.
Trusted Port (Interface 1): Connect the NetScreen-25 using a twisted pair
cable with RJ45 connectors. The trusted port is a Data Circuit-terminating
Equipment (DCE) port.
DMZ Port (Interface 2): Connect the NetScreen-25 using a twisted pair
cable with RJ45 connectors. The DMZ port is also a DCE port.
Untrusted Port (Interface 3): Connect the NetScreen-25 using a twisted
pair cable with RJ45 connectors. The untrusted port is a data terminal
equipment (DCE) port.
5. Turn on the NetScreen-25 and any other network devices that you had
turned off.
6. The NetScreen-25 will take approximately 30 seconds to boot up.
7. If all cables are connected correctly, the link light for each connection glows.
1. Check your router, hub, or computer documentation to determine if you must reconfigure the de-
vice or if you must switch off the power supply when connecting new equipment to the LAN.
&RQQHFWLQJWKH1HW6FUHHQDVD6LQJOH6HFXULW\$SSOLDQFH
,QVWDOOHU·V*XLGH
Figure 2-7 Sample Configuration with a Router Connected to the Untrusted Port, Local
Area Network (LAN) Connected to the Trusted Port
The NetScreen-25 has three operational ports and one port reserved for future
applications.
Table 2-2 Port and Interface Detail
Port Interface
1Trust
2DMZ
3Untrust
4Reserved for future use
SRUW
8QWUXVWHG
7UXVWHGSRUW
,QWHUQHW
5RXWHU
VWUDLJKWWKURXJK
FDEOH
&KDSWHU&RQQHFWLQJWRWKH1HWZRUN
1HW6FUHHQ
To use the DMZ, connect a cable from the DMZ port on the NetScreen-25 to the
switch linking the machines in the DMZ to the DMZ interface. See Figure 2-8 for
an example of this configuration.
Figure 2-8 Sample Configuration Using DMZ Port
If all cables are connected correctly, the link light for each connection glows.
Table 2-3 Recommended Cable Connections
Connection: Cable Used:
DTE to DTE crossover
DTE to DCE straight-through
DCE to DCE crossover
*All 10/100 auto sensing ethernet interfaces are DCE.
Internet Router
Untrusted Port
Trusted Port
Switch
Straight-through cable
Switch
DMZ Port
Crossover cable
LAN
DMZ
Other manuals for NetScreen-25
1
Table of contents
Other NetScreen Technologies Network Hardware manuals
