Manuals / Brands / Computer Equipment / Computer Hardware / Juniper Networks / Computer Equipment / Computer Hardware

Juniper Networks SSG 20 Basic Firewall Protections, Verifying External Connectivity

1 86

Download 86 pages, 5.09 Mb

SSG 20 Hardware Installation and Configuration Guide

48 Basic Firewall Protections

Basic Firewall Protections

The devices are configured with a default policy that permits workstations in the

Trust zone of your network to access any resource in the Untrust security zone,

while outside computers are not allowed to access or start sessions with your

workstations. You can configure policies that direct the device to permit outside

computers to start specific kinds of sessions with your computers. For information

about creating or modifying policies, refer to the Concepts & Examples ScreenOS

Reference Guide.

The SSG 20 device provides various detection methods and defense mechanisms to

combat probes and attacks aimed at compromising or harming a network or

network resource:

ScreenOS SCREEN options secure a zone by inspecting, and then allowing or

denying, all connection attempts that require crossing an interface to that zone.

For example, you can apply port-scan protection on the Untrust zone to stop a

source from a remote network from trying to identify services to target for

further attacks.

The device applies firewall policies, which can contain content-filtering and

Intrusion Detection and Prevention (IDP) components, to the traffic that passes

the SCREEN filters from one zone to another. By default, no traffic is permitted

to pass through the device from one zone to another. To permit traffic to cross

the device from one zone to another, you must create a policy that overrides the

default behavior.

To set ScreenOS SCREEN options for a zone, use the WebUI or CLI as follows:

WebUI

Screening > Screen: Select the zone to which the options apply. Select the

SCREEN options that you want, then click Apply:

CLI

set zone zone screen option

save

For more information about configuring the network-security options available in

ScreenOS, refer to the Concepts & Examples ScreenOS Reference Guide.

Verifying External Connectivity

To verify that workstations in your network can access resources on the Internet,

start a browser from any workstation in the network and enter the following URL:

www.juniper.net.

Contents

Main Copyright Notice FCC Statement Disclaimer Table of Contents Page About This Guide Organization WebUI Conventions CLI Conventions Obtaining Documentation and Technical Support Chapter 1 Hardware Overview 10 Port and Power Connectors Table 1: SSG 20 Ports and Power Connectors Figure 2: Built-in Port and Mini-PIM Location Port Description Connector Speed/Protocol Front Panel System Status LEDs 12 Name Color Status Description Port Descriptions Console Port AUX Port Mini Physical Interface Module Port Descriptions Table 4: Mini PIM LED States on the SSG 20 Type Name Color State Description panel slots before powering on the device. CAUTION: Mini PIMs are not hot-swappable. You must install them in the front Back Panel Power Adapter Radio Transceivers Page Antennae Types USB Port Chapter 2 Installing and Connecting the Device Before You Begin Installing Equipment Page Connecting Interface Cables to a Device Connecting the Power Connecting a Device to a Network Connecting a Device to an Untrusted Network Serial (AUX/Console) Ports Connecting Mini PIMs to an Untrusted Network ADSL2/2+ Mini PIM ISDN, T1, E1, and V.92 Mini PIMs Connecting a Device to an Internal Network or a Workstation Wireless Antennae Chapter 3 Configuring the Device Accessing a Device Using a Console Connection Using the WebUI Using Telnet Default Device Settings Page Basic Device Configuration Root Admin Name and Password Date and Time Bridge Group Interfaces Administrative Access Management Services Hostname and Domain Name Default Route Management Interface Address Backup Untrust Interface Configuration Basic Wireless Configuration Page Page Page Mini PIM Configuration ADSL2/2+ Interface Virtual Circuits VPI/VCI and Multiplexing Method PPPoE or PPPoA Static IP Address and Netmask ISDN Interface T1 Interface E1 Interface V.92 Modem Interface Basic Firewall Protections Verifying External Connectivity Resetting a Device to Factory Defaults Page Chapter 4 Servicing the Device Required Tools and Parts Replacing a Mini-Physical Interface Module Removing a Blank Faceplate Removing a Mini PIM Installing a Mini PIM Upgrading Memory Page Page Appendix A Specifications 58 Physical Electrical Environmental Tolerance Certifications Safety EMC Emissions EMC Immunity ETSI T1 Interface Connectors Figure 23 shows the location of the pins on the DB-9 female connector. Table12 provides the DB-9 connector pinouts. Page Appendix B Initial Configuration Wizard 1. Rapid Deployment Window 2. Administrator Login Window 3. WLAN Access Point Window 4. Physical Interface Window 5. ADSL2/2+ Interface Window Table 13: Fields in ADSL Interface Configuration Window 6. T1 Interface Windows Table 14: Fields in T1 Physical Layer Tab Window Figure 30: T1 Frame Relay Tab Window Table 15: Fields in T1 Frame Relay Tab Window Page Page 7. E1 Interface Windows Table 19: Fields in E1 Physical Layer Tab Window Figure 35: E1 Frame Relay Tab Window Table 20: Fields in E1 Frame Relay Tab Window 8. ISDN Interface Windows Table 21: Fields in ISDN Physical Layer Tab Window Figure 37: ISDN Connection Tab Window Table 22: Fields in ISDN Connection Tab Window 9. V.92 Modem Interface Window Figure 38: Modem Interface Window Table 23: Fields in Modem Interface Window 10. Eth0/0 Interface (Untrust Zone) Window The eth0/0 interface can have a static or a dynamic IP address assigned via DHCP or PPPoE. 11. Eth0/1 Interface (DMZ Zone) Window The eth0/1 interface can have a static or a dynamic IP address assigned via DHCP. 12. Bgroup0 Interface (Trust Zone) Window 13. Wireless0/0 Interface (Trust Zone) Window Table 27: Fields in Wireless0/0 Interface Window 14. Interface Summary Window After you have configured the WAN interfaces, you will see the Interface Summary window. Figure 43: Interface Summary Window Page 17. Confirmation Window Index A B C D S U V W