Chapter 3 Configuring the Device
6 User’s Guide
Restricting Management
By default, anyone in your network can manage the NetScreen-5GT if they know the login
and password. You can configure the NetScreen-5GT to be managed only from a specific
host on your network. (And you can choose which services — for example, WebUI, Telnet,
ping — you want enabled on the NetScreen-5GT.) Refer to the “Administration” chapter
in Volume 3 of the NetScreen Concepts & Examples ScreenOS Reference Guide.
Operational Mode
The operational mode is the way an interface on a NetScreen-5GT processes traffic
between zones. By default, the NetScreen-5GT operates in Route mode with network
address translation (NAT) enabled on the Trust interface. This means that when devices
in the Trust zone send traffic to the Internet, the NetScreen-5GT replaces the original
source IP addresses with the IP address of the Untrust interface. While the NetScreen-
5GT assigns “private” IP addresses to the devices in your network, these addresses
remain hidden to computers outside your network.
If all devices in your network have public IP addresses, you can configure the NetScreen-
5GT for Transparent mode or Route mode without NAT enabled. In Transparent mode,
the NetScreen-5GT forwards traffic without checking IP addresses. In Route mode
without NAT enabled, the NetScreen-5GT routes traffic by checking IP addresses. For
more information about configuring the device for Transparent mode or Route mode
without NAT enabled, refer to the “Interface Modes” chapter in Volume 2 of the NetScreen
Concepts & Examples ScreenOS Reference Guide.
Trust Interface Address
You can change the IP address and netmask of the Trust interface if necessary.
(Remember that the IP addresses of devices in your network are never seen by computers
outside your network; outside computers see only the IP address of the Untrust interface.)
For example, you might need to change the Trust interface to match the IP addresses that
already exist on your network. If you change the IP address and netmask of the Trust
interface, you also need to change either the range of addresses that the NetScreen device
assigns via DHCP to devices in the network, or disable the DHCP server on the Trust
interface.
To assign a different IP address and netmask to the Trust interface, refer to the
“Interfaces” chapter in Volume 2 of the NetScreen Concepts & Examples ScreenOS
Reference Guide.
To change the DHCP settings for the NetScreen-5GT, refer to the “System Parameters”
chapter in Volume 2 of the NetScreen Concepts & Examples ScreenOS Reference Guide.
Artisan Technology Group - Quality Instrumentation ... Guaranteed | (888) 88-SOURCE | www.artisantg.com
To Next Page
Loading...
Need help?
General
