Juniper Networks SSG 20 manual Basic Firewall Protections, Verifying External Connectivity

Page 48

SSG 20 Hardware Installation and Configuration Guide

Basic Firewall Protections

The devices are configured with a default policy that permits workstations in the Trust zone of your network to access any resource in the Untrust security zone, while outside computers are not allowed to access or start sessions with your workstations. You can configure policies that direct the device to permit outside computers to start specific kinds of sessions with your computers. For information about creating or modifying policies, refer to the Concepts & Examples ScreenOS Reference Guide.

The SSG 20 device provides various detection methods and defense mechanisms to combat probes and attacks aimed at compromising or harming a network or network resource:

„ScreenOS SCREEN options secure a zone by inspecting, and then allowing or denying, all connection attempts that require crossing an interface to that zone. For example, you can apply port-scan protection on the Untrust zone to stop a source from a remote network from trying to identify services to target for further attacks.

„The device applies firewall policies, which can contain content-filtering and Intrusion Detection and Prevention (IDP) components, to the traffic that passes the SCREEN filters from one zone to another. By default, no traffic is permitted to pass through the device from one zone to another. To permit traffic to cross the device from one zone to another, you must create a policy that overrides the default behavior.

To set ScreenOS SCREEN options for a zone, use the WebUI or CLI as follows:

WebUI

Screening > Screen: Select the zone to which the options apply. Select the

SCREEN options that you want, then click Apply:

CLI

set zone zone screen option save

For more information about configuring the network-security options available in

ScreenOS, refer to the Concepts & Examples ScreenOS Reference Guide.

Verifying External Connectivity

To verify that workstations in your network can access resources on the Internet, start a browser from any workstation in the network and enter the following URL: www.juniper.net.

48„ Basic Firewall Protections

Page 47 Page 49
Image 48
Page 47 Page 49
Contents SSG 20 Hardware Installation and Configuration Guide Copyright Notice Table of Contents Appendix B Initial Configuration Wizard About This Guide Organization WebUI ConventionsNavigational Path and Configuration Settings CLI ConventionsObtaining Documentation and Technical Support Hardware Overview Port and Power Connectors Front Panel System Status LEDsStatus LED Descriptions Name Color Name Color Status Description Port Descriptions LAN Port LEDs Name Color Status DescriptionLink TX/RXMini Physical Interface Module Port Descriptions Mini PIMs for the SSGMini PIM LED States on the SSG Type Name Color Description Power Adapter Back PanelRadio Transceivers Grounding Lug Antennae Types USB PortInstalling and Connecting the Device Installing Equipment Before You BeginSSG 20 Front-mount Connecting Interface Cables to a Device Connecting the PowerConnecting a Device to a Network Connecting a Device to an Untrusted NetworkConnecting Mini PIMs to an Untrusted Network Serial AUX/Console PortsConnecting a Device to an Internal Network or a Workstation Microfilter and Splitter on Your Network ConnectionWireless Antennae Configuring the Device Accessing a Device Using a Console ConnectionUsing the WebUI Using Telnet WebUI Login PromptDefault Device Settings Default Physical Interface to Zone Bindings Port LabelDMZ Wireless and Logical Interface Bindings Interface ZoneBasic Device Configuration Root Admin Name and PasswordDate and Time Bridge Group InterfacesAdministrative Access Management ServicesDefault Route Hostname and Domain NameManagement Interface Address Backup Untrust Interface Configuration Basic Wireless ConfigurationDefault SSG 20-WLAN Configuration Wireless Authentication and Encryption Options WPA-PSKWPA WPA2-PSKActivate wireless changes Mini PIM Configuration ADSL2/2+ InterfaceVirtual Circuits PPPoE or PPPoA Static IP Address and Netmask Isdn Interface T1 InterfaceE1 Interface Modem Interface Basic Firewall Protections Verifying External ConnectivityResetting a Device to Factory Defaults Page Servicing the Device Required Tools and PartsReplacing a Mini-Physical Interface Module Removing a Blank Faceplate Removing a Mini PIMInstalling a Mini PIM Removing a Mini PIMUpgrading Memory Bottom of DeviceUnlocking the Memory Module 56 „ Upgrading Memory Specifications Physical ElectricalEnvironmental Tolerance Safety CertificationsEMC Emissions EMC ImmunityConnectors RJ-45 Connector Pinouts Name DescriptionGND DSRDB-9 Connector Pinouts Name Description DCDDTR RTSPage Initial Configuration Wizard Administrator Login Window Rapid Deployment WindowWlan Access Point Window Physical Interface WindowAdsl Interface Configuration Window ADSL2/2+ Interface WindowFields in Adsl Interface Configuration Window Description VPI/VCIT1 Interface Windows T1 Physical Layer Tab WindowFields in T1 Physical Layer Tab Window Description 70 „ Page Cisco Hdlc Option with Cisco Hdlc Tab Window E1 Interface Windows E1 Physical Layer Tab WindowFields in E1 Physical Layer Tab Window Description Isdn Interface Windows Field DescriptionFields in Isdn Physical Layer Tab Window Description SPID1SPID2 Page 92 Modem Interface Window Eth0/0 Interface Untrust Zone WindowEth0/1 Interface DMZ Zone Window Bgroup0 Interface Trust Zone Window Bgroup0 Interface WindowWireless0/0 Interface Trust Zone Window Fields in Bgroup0 Interface Window DescriptionFields in Wireless0/0 Interface Window Description Interface Summary WindowSsid Wireless Dhcp Interface Window Physical Ethernet Dhcp Interface WindowConfirmation Window Confirmation WindowIndex AdslVPI/VCI
Top Page Image Contents