background image

Copyright Notice

Copyright © 2004 Juniper Networks, Inc. All rights reserved.

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo 
are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, 
NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, 
NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, NetScreen-Remote VPN 
Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, GigaScreen-II ASIC, and 
NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and registered trademarks are the 
property of their respective companies.

Information in this document is subject to change without notice.

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any 
purpose, without receiving written permission from: 

Juniper Networks, Inc.

ATTN:  General Counsel

1194 N. Mathilda Ave.Sunnyvale, CA  94089

FCC Statement

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply 
with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide 
reasonable protection against harmful interference when the equipment is operated in a commercial environment. The 
equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the 
instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a 
residential area is likely to cause harmful interference, in which case users will be required to correct the interference at 
their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates 
and may radiate radio-frequency energy. If it is not installed in accordance with NetScreen’s installation instructions, it 
may cause interference with radio and television reception. This equipment has been tested and found to comply with the 
limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are 
designed to provide reasonable protection against such interference in a residential installation. However, there is no 
guarantee that interference will not occur in a particular installation.

If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the 
equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

•   Reorient or relocate the receiving antenna.

•   Increase the separation between the equipment and receiver.

•   Consult the dealer or an experienced radio/TV technician for help.

•   Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.

Disclaimer

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH 
IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY 
THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, 
CONTACT YOUR NETSCREEN REPRESENTATIVE FOR A COPY.

Summary of Contents for NetScreen-204

Page 1: ...1 76 5 1 6 5 6 8VHU V XLGH Version 5 0 P N 093 1253 000 Rev A...

Page 2: ...ications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to correct the interference at their own expense The following i...

Page 3: ...U 6XSSOLHV 3RZHU XVH KDSWHU QVWDOOLQJ WKH HYLFH HQHUDO QVWDOODWLRQ XLGHOLQHV 3HUIRUPLQJ TXLSPHQW 5DFN QVWDOODWLRQ TXLSPHQW 5DFN QVWDOODWLRQ XLGHOLQHV URQW 0RXQW 0LG 0RXQW RQQHFWLQJ WKH 3RZHU LULQJ D 3...

Page 4: ...WKH 8QWUXVW RQH QWHUIDFH OORZLQJ 2XWERXQG 7UDIILF RQILJXULQJ WKH HYLFH IRU 7HOQHW DQG HE8 6HVVLRQV 6WDUWLQJ D RQVROH 6HVVLRQ 8VLQJ 7HOQHW 6WDUWLQJ D RQVROH 6HVVLRQ 8VLQJ LDOXS VWDEOLVKLQJ D 8 0DQDJHPH...

Page 5: ...Base T interface ports and performs firewall functions at 550 Mbps All NetScreen 200 Series 10 100 Base T ports perform auto speed sensing and auto polarity correction 8 25 1 7 21 This manual has thre...

Page 6: ...number of a NetScreen device 81 3 5 1 7 25 6 1 76 5 1 38 7 216 To obtain technical documentation for any Juniper Networks NetScreen product visit www netscreen com resources manuals To obtain the lat...

Page 7: ...3 Asset Recovery Pinhole on page 4 Console and Modem Ports on page 5 Compact Flash Card Slot on page 5 Ethernet Interfaces on page 6 The Rear Panel on page 6 Power Supplies on page 6 Power Fuse on pag...

Page 8: ...T interface ports The figure below shows a NetScreen 204 device 1HW6FUHHQ HYLFH The NetScreen 208 is a chassis based rack mountable network security device with eight ethernet 10 100 Base T interface...

Page 9: ...six LEDs The information revealed by each LED is as follows LED Name Purpose Color Meaning Power Power Supply green Power supply is functioning correctly off The device is not receiving power Status S...

Page 10: ...10 remaining High CPU utilization more than 90 in use Session full Maximum number of VPN tunnels reached HA status changed or redundant group member not found off No alarms Session Session Utilizatio...

Page 11: ...connection definitions To employ a standard UART port both the console and the modem ports use this configuration RPSDFW ODVK DUG 6ORW The NetScreen 200 Series supports CompactFlash cards with a vari...

Page 12: ...e can have an AC power supply or a DC power supply The DC power supply can operate on one or two DC feeds ranging from 36V to 60V When you use two feeds they share the load If one feed fails the other...

Page 13: ...ries device 1 Take the device off line by turning the power switch OFF and disconnecting the power cable 2 Using a screwdriver separate the lid of the external fuse cover from the surface of the power...

Page 14: ...Chapter 1 Overview 8 User s Guide...

Page 15: ...on Guidelines on page 10 Front Mount on page 11 Mid Mount on page 11 Connecting the Power on page 11 Wiring a DC Power Supply on page 12 Connecting the NetScreen 200 Device to Other Devices on page 13...

Page 16: ...room are crucial for proper system operation Use the following guidelines while configuring your equipment rack Enclosed racks must have adequate ventilation An enclosed rack should have louvered side...

Page 17: ...assis 2 Screw the front mount bracket to the rack as shown below 0LG 0RXQW To mid mount the NetScreen 200 Series device on your equipment rack 1 Screw the mid mount bracket to the side of the chassis...

Page 18: ...een 200 Series devices can operate on one or two feeds To connect DC power feeds to the terminal blocks 1 Strip the ends of the power cables 2 Loosen the three screws in the top of the block These are...

Page 19: ...et1 is bound to the Trust security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet2 is bound to the DMZ security zone by default Connect this interface...

Page 20: ...Chapter 2 Installing the Device 14 User s Guide...

Page 21: ...bUI Sessions on page 25 Starting a Console Session Using Telnet on page 25 Starting a Console Session Using Dialup on page 26 Establishing a GUI Management Session on page 26 Asset Recovery on page 28...

Page 22: ...ent according to configured security policies 5RXWH 0RGH In Route mode the NetScreen 200 device operates at Layer 3 Because you can configure each interface using an IP address and subnet mask you can...

Page 23: ...a twisted pair cable with RJ 45 connectors ethernet2 Bound to the DMZ security zone by default Connect this interface using a twisted pair cable with RJ 45 connectors ethernet3 Bound to the Untrust se...

Page 24: ...urity gateway that protects at least one LAN usually connected to the device from a switch or a hub RQQHFWLYLW DPSOHV In the following example a NetScreen 208 device connects to the protected LAN thro...

Page 25: ...Series network connections 1 Place the NetScreen 200 Series device in a rack or on a desktop 2 Confirm that the power connection to the device is turned OFF 0 pressed in 3 Connect the provided power...

Page 26: ...ould one device fail the other takes over the traffic processing The following diagram shows a typical HA setup for NetScreen 208 devices Note For the NetScreen 204 the default HA interface is etherne...

Page 27: ...evice 1 connect a 10 100 Base T cable from ethernet2 to the switch labeled DMZ 7 On Device 1 connect a 10 100 Base T cable from ethernet3 to the switch labeled Layer 3 switch 1 HYLFH 8 On Device 2 con...

Page 28: ...nto the serial port of your computer Be sure that the DB 9 is seated properly by screwing in the thumbscrews 2 Plug the RJ 45 end of the cable into the Console port of the NetScreen 200 Series device...

Page 29: ...to change your admin name and password immediately Enter the following commands set admin name name_str set admin password pswd_str save For information on creating different levels of administrators...

Page 30: ...interface by executing the following command set interface ethernet1 manage 4 Optional To confirm the new interface settings execute the following command get interface ethernet1 6HWWLQJ WKH 3 GGUHVV...

Page 31: ...Series device In addition you can start management sessions using the NetScreen WebUI a web based GUI management application 6WDUWLQJ D RQVROH 6HVVLRQ 8VLQJ 7HOQHW To establish a Telnet session with t...

Page 32: ...n VWDEOLVKLQJ D 8 0DQDJHPHQW 6HVVLRQ To access the NetScreen 200 Series device with the WebUI management application 1 Connect your computer or your LAN hub to the ethernet1 port using a Category 5 Et...

Page 33: ...7 The NetScreen WebUI application window appears Note NetScreen Security Manager 2004 NSM and NetScreen Rapid Deployment RD If you are using NSM you can optionally configure NetScreen appliances with...

Page 34: ...l be erased In addition a permanent counter will be incremented to signify that this device has been reset This is your last chance to cancel this command If you proceed the device will return to fact...

Page 35: ...green The serial console message now reads Waiting for 2nd confirmation 2 Release the button for one second 3 Push the button again for four to six seconds A serial console message states Second push...

Page 36: ...Chapter 3 Configuring the Device 30 User s Guide...

Page 37: ...ppendix provides general system specifications for the NetScreen 200 Series devices NetScreen 200 Attributes on page A II Electrical Specification on page A II Environmental on page A II Safety Certif...

Page 38: ...s 250Volts 19 5210 17 The maximum normal altitude is 0 12 000 ft 0 3 660 m 1 6 57 7 216 Level 3 NetScreen 208 with DC power GR 63 Core NEBS Environmental Testing GR 1089 Core EMC and Electrical Safety...

Page 39: ...wiring 12 dialup connection 26 guide organization v high availability establishing an HA connection 20 installation guidelines 10 IP address conflicts 19 LEDs 6 link lights 6 19 logging on 26 login ch...

Page 40: ...Index IX II User s Guide 6 session establishing 22 using a dialup connection 26 7 transparent mode 16 9 ventilation 10 viewing port settings 23...

Reviews: