SSG 20 Hardware Installation and Configuration Guide

Basic Firewall Protections

The devices are configured with a default policy that permits workstations in the Trust zone of your network to access any resource in the Untrust security zone, while outside computers are not allowed to access or start sessions with your workstations. You can configure policies that direct the device to permit outside computers to start specific kinds of sessions with your computers. For information about creating or modifying policies, refer to the Concepts & Examples ScreenOS Reference Guide.

The SSG 20 device provides various detection methods and defense mechanisms to combat probes and attacks aimed at compromising or harming a network or network resource:

„ScreenOS SCREEN options secure a zone by inspecting, and then allowing or denying, all connection attempts that require crossing an interface to that zone. For example, you can apply port-scan protection on the Untrust zone to stop a source from a remote network from trying to identify services to target for further attacks.

„The device applies firewall policies, which can contain content-filtering and Intrusion Detection and Prevention (IDP) components, to the traffic that passes the SCREEN filters from one zone to another. By default, no traffic is permitted to pass through the device from one zone to another. To permit traffic to cross the device from one zone to another, you must create a policy that overrides the default behavior.

To set ScreenOS SCREEN options for a zone, use the WebUI or CLI as follows:

WebUI

Screening > Screen: Select the zone to which the options apply. Select the

SCREEN options that you want, then click Apply:

CLI

set zone zone screen option save

For more information about configuring the network-security options available in

ScreenOS, refer to the Concepts & Examples ScreenOS Reference Guide.

Verifying External Connectivity

To verify that workstations in your network can access resources on the Internet, start a browser from any workstation in the network and enter the following URL: www.juniper.net.

48„ Basic Firewall Protections

Page 47 Page 49
Page 48
Image 48
Juniper Networks SSG 20 manual Basic Firewall Protections, Verifying External Connectivity
Page 47 Page 49
Top Page Image Contents