Juniper Network NetScreen Secure Access, NetScreen Secure Access FIPS User Guide

NetScreen Secure Access
NetScreen Secure Access FIPS

快速入门指南

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

部件号： 093-1692-000

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986–1997, Epilogue
Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public
domain.

This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software
included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by The Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988,
1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, The Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by
Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol.
Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the
University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the NetScreen logo, NetScreen-Global Pro, ScreenOS, and GigaScreen are
registered trademarks of Juniper Networks, Inc. in the United States and other countries.

The following are trademarks of Juniper Networks, Inc.: ERX, E-series, ESP, Instant Virtual Extranet, Internet Processor, J2300, J4300, J6300, J-Protect,
J-series, J-Web, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, M-series, MMD, NetScreen-5GT,
NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400,
NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-SA 1000 Series,
NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security
Manager, NMC-RX, SDX, Stateful Signature, T320, T640, T-series, and TX Matrix. All other trademarks, service marks, registered trademarks, or registered
service marks are the property of their respective owners. All specifications are subject to change without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed
to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347,
6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Copyright © 2005, Juniper Networks, Inc.
All rights reserved. Printed in USA.

Juniper Networks NetScreen Secure Access and Secure Access FIPS Quick Start Guide, Release 5.1
Writer: Bill Baker
Editor: Claudette Hobbart
Illustrator: Gilbert Irias
Covers design: Edmonds Design

The information in this document is current as of the date listed in the revision history.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or
otherwise revise this publication without notice.

Year 2000 Notice

Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year

2038. However, the NTP application is known to have some difficulty in the year 2036.

Software License

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the
extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you
indicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain
uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

End User License Agreement

READ THIS END USER LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY

DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU
(AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND
BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE
SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively “Juniper”), and the person or organization that
originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, and updates and
releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive
and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use the Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an
authorized Juniper reseller, unless the applicable Juniper documentation expressly permits installation on non-Juniper equipment.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer
has paid the applicable license fees.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to
Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls,
connections, subscribers, clusters, nodes, or transactions, or require the purchase of separate licenses to use particular features, functionalities, services,
applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical
limits. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable
license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not:
(a) modify, unbundle, reverse engineer, or create derivative work s based on the Software; (b) make unauthorized copies of the Software (except as necessary
for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any
proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the
Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted
feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even
if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to
any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper
reseller; (i) use the Software on non-Juniper equipment where the Juniper documentation does not expressly permit installation on non-Juniper equipment;
(j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper
reseller; or (k) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish
such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer
shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes
restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software,
associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the
Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that
accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services
may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT
PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER
OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF
ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY
LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE),
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES
JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR
INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to
Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave
rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and
agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth
herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause
consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license
granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s
possession or control.

10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively “Taxes”). Customer shall be responsible for
paying Taxes arising from the purchase of the license, or importation or use of the Software.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign
agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or
without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption
or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or
disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4,
FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface
information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any.
Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any
applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology
are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor
shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the
Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and
subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License
(“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate)
available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N.
Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the
LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The
provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the
Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This
Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and
contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that
the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are
inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless
expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not
affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the
Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous
les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related
documentation is and will be in the English language)).

简介

感谢您选择 Juniper Networks NetScreen Instant Virtual Extranet (IVE) 设备！可以
采用以下简单的步骤来安装 IVE 和启动系统配置操作：

 第 2 页上的 " 步骤 1：安装硬件 "

 第 6 页上的 " 步骤 2：执行基本设置 "

 第 9 页上的 " 步骤 3：授权和配置 IVE"

注： 安装和设置 IVE 后，请参阅管理员 Web 控制台中的 " 任务指南 " 来

的

IVE OS

试初始设置及继续配置

和

Secure Access FIPS

服务包、授权

管理

IVE 设备以及创建测试用户以验证用户的可访问性。要测
IVE

，请参阅 IVE Juniper Networks NetScreen Secure Access

指南的 " 入门 " 一节。

安装最新

建议您通过 LAN 来安装 IVE，以确保它能与相应的资源进行通讯，这些资源包括：

 认证服务器

 DNS 服务器

 内部 Web 服务器 （通过 HTTP/HTTPS 访问）

 外部 Web 站点 （通过 HTTP/HTTPS 访问）（可选）

 Windows 文件服务器 （可选）

 NFS 文件服务器 （可选）

 客户端 / 服务器应用 （可选）

如果决定在 DMZ 中安装设备，请确保 IVE 设备可以连接到这些资源。

您可以在下面所列的站点中找到本文档的翻译版本。

https://www.juniper.net/customers/csc/documentation/techdocs/ive/index.jsp

简介  1

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

步骤 1：安装硬件

IVE 设备在硬件设计方面特色各异。 IVE 硬件的安装过程取决于所购买的 IVE 具体
型号。以下各节将介绍在 Juniper Networks 中使用的各种 IVE 硬件安装过程：

 第 2 页上的 "Secure Access 2000 和 Secure Access 4000"

 第 3 页上的 "Secure Access 6000"

 第 4 页上的 "Secure Access FIPS"

 第 5 页上的 "Secure Access 700"

Secure Access 2000 和 Secure Access 4000

Secure Access 2000 和 Secure Access 4000 设备在出厂时即带有安装支架，它们连
接在机柜的前端。使用这些支架并按照以下步骤来安装机架、接通电源、将附带的
电缆与机器连接起来：

1. 将 IVE 设备安装在服务器机架上。

2. 在后面板上，将电源线插头插入 AC 插座。

3. 在 SA 2000 或 SA 4000 的前面板上：

a. 按下面板左角的电源开关。电源开关下方的绿色 LED 开启。无论设备从

IVE 硬盘读取数据或向其中写入数据， IVE 硬盘指示灯都会开启。

b. 将以太网电缆插头插入左侧的端口 （标有 "INTERNAL"）。内部端口使用

两个 LED 来指示 LAN 连接状态，如第 6 页上的表 "1" 中所述。

图 1: 内部端口位于前面板上。

2  步骤 1：安装硬件

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

c. 将串行电缆插入串行端口：

图 2: 串行端口位于前面板上。

当您安装了设备机架、连接了电源、网络、串行电缆并接通了 IVE 电源后，硬件安
装过程即结束。接下来将按照第 6 页上的 " 步骤 2：执行基本设置 " 所述来连接设
备的串行控制台，以便可以输入基本的机器和网络设置。

Secure Access 6000

Secure Access 6000 在出厂时即带有安装支架，它们连接在机柜的前端。使用这些
支架并按照以下步骤来安装机架、接通电源、将附带的电缆与机器连接起来：

1. 将 IVE 设备安装在服务器机架上。

2. 在后面板上，将电源线插头插入 AC 插座。

3. 在 SA 6000 的前面板上：

a. 按下面板左角的电源开关。电源开关下方的绿色 LED 开启。无论设备从

IVE 硬盘读取数据或向其中写入数据， IVE 硬盘指示灯都会开启。

b. 将以太网电缆插头插入上方的端口 （标有 "INT"，表示 internal）。内部端

口使用两个 LED 来指示 LAN 连接状态，如第 6 页上的表 "1" 中所述

图 3: 内部端口位于前面板上。

步骤 1：安装硬件  3

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

c. 将串行电缆插入串行端口：

图 4: 串行端口位于前面板上。

Secure Access FIPS

注： 有关 SA 6000 硬件组件的详细信息，请参阅 Juniper Networks NetScreen

Secure Access

和

Secure Access FIPS

管理

指南的 "Secure Access 6000 概述 " 一节。

当您安装了设备机架、连接了电源、网络、串行电缆并接通了 IVE 电源后，硬件安
装过程即结束。接下来将按照第 6 页上的 " 步骤 2：执行基本设置 " 所述来连接设
备的串行控制台，以便可以输入基本的机器和网络设置。

Secure Access FIPS 设备在出厂时即带有安装支架，它们连接在机柜的前端。使用
这些支架并按照以下步骤来安装机架、接通电源、将附带的电缆与机器连接起来：

1. 将 Secure Access FIPS 设备安装到服务器机架上。

2. 在后面板上，将电源线插头插入 AC 插座并打开电源开关。

3. 在 Secure Access FIPS 设备的前面板上：

a. 按一下右角的切换开关。电源开关下方的绿色 LED 开启。无论设备从 IVE

硬盘读取数据或向其中写入数据， IVE 硬盘指示灯都会开启。

b. 将以太网电缆插头插入左侧的端口 （标有 "INTERNAL"）。内部端口使用

两个 LED 来指示 LAN 连接状态，如第 6 页上的表 "1" 中所述。

4. 在硬件安全模块面板上执行以下步骤：

4  步骤 1：安装硬件

a. 将模式开关设置为 I （初始化模式）。

6

示硬件安全模块的模式，如第

页上的表

硬件安全模块

"2"

所述。

(HSM) 状态 LED

可指

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

1 2

6

987 10

3 4 5

b. 将智能读卡器电缆接入读卡器端口。

c. 将其中一张智能卡接触面向上插入读卡器。绿色 HSM LED 开启。当模块

处于 I 模式时，请不要取出智能卡。

图 5: Secure Access FIPS - 前面板的详细视图

Secure Access 700

Secure Access FIPS 前面板结构

1 - LAN LED

6 - IVE 串行端口

2 - HSM 智能读卡器端口 7 - IVE 以太网端口

3 - HSM 模式开关 8 - IVE 电源开关

4 - HSM 清除按钮

5 - HSM LED

9 - IVE LED

10 - IVE 硬盘 LED

当您安装了设备机架、连接了电源、网络、串行电缆并接通了 IVE 电源后，硬件安
装过程即结束。接下来将按照第 6 页上的 " 步骤 2：执行基本设置 " 所述来连接设
备的串行控制台，以便可以输入基本的机器和网络设置。

Secure Access 700 出厂时即带有安装吊环和橡胶支座。使用安装吊环将设备安装
在机架内，或通过加装橡胶垫使设备能置于平坦表面上。接下来，按照以下步骤接
通电源并将附带的电缆与机器连接起来：

1. 在后面板上，将电源线插头插入 AC 插座。

2. 在前面板上：

a. 将以太网电缆插头插入右侧的端口 （标有 "INTERNAL"）。内部端口使用

两个 LED 来指示连接状态，如第 6 页上的表 "1" 中所述。

步骤 1：安装硬件  5

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

图 6: 内部端口位于前面板上。

b. 按一下右角的切换开关。电源开关旁的绿色 LED 开启。

c. 将串行电缆插入串行端口：

图 7: 串行端口位于前面板上。

当您安装了设备机架、连接了电源、网络、串行电缆并接通了 IVE 电源后，硬件安
装过程即结束。接下来将按照第 6 页上的 " 步骤 2：执行基本设置 " 所述来连接设
备的串行控制台，以便可以输入基本的机器和网络设置。

LED

和模块状态指示灯的工作情况

表 1: 内部端口 LED

LAN 状态

10 M bps 连接 关闭 不适用

100 Mbps 连接 绿色 不适用

1000 Mbps 连接 橙色 不适用

正在传输数据 橙色、绿色或关闭 闪烁

无连接 关闭 关闭

表 2: Secure Access FIPS - 硬件安全模块状态指示灯

LAN 状态

预初始化状态 单次、短闪 模块准备就绪，可以开始

操作状态 大部分时间点亮，有时规

LED 1 LED 2

LED 1

说明

初始化

模式开关设置为 "O" （操

律性闪烁

作）。设置为 "I" 开始初
始化。

6  步骤 1：安装硬件

表 2: Secure Access FIPS - 硬件安全模块状态指示灯 （续）

步骤 2：执行基本设置

当启动未经配置的 IVE 设备时，需要通过 IVE 串行控制台来输入基本的网络和机器
信息，以便可以通过网络对设备进行访问。输入了这些设置后，可以通过管理员
Web 控制台继续进行 IVE 的配置。本节将介绍首次连接到 IVE 时所需的串行控制
台设置以及需要执行的任务。

要执行基本设置：

1. 对控制台终端或电脑中运行的终端仿真程序 （如 " 超级终端 "）进行配置，在

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

LAN 状态

LED 1

说明

预维护状态 单次、长闪 模式开关设置为 "M" （维

护）。设置为 "I" 开始初
始化。

其中使用下列串行连接参数：

 9600 位 / 秒

 8 位，无奇偶校验 (8N1)

 1 停止位

 无流量控制

2. 将终端或便携式电脑连接到已接入设备串行端口的串行电缆，然后按 Enter 键
直到出现初始化脚本提示。

图 8: IVE 串行控制台的欢迎屏幕

3. 输入 y 继续，然后输入 y 接受许可协议 （或者输入 r 先阅读许可）。

步骤 2：执行基本设置  7

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

4. 在提示时输入机器信息，包括：

 内部端口的 IP 地址 （在初始配置后，可通过管理员 Web 控制台对外部端

口进行配置）

 网络掩码

 缺省网关地址

 主 DNS 服务器地址

 辅 DNS 服务器地址 （可选）

 缺省 DNS 域名 （例如 acmegizmo.com）

 WINS 服务器名称或地址 （可选）

 管理员用户名

 管理员密码

 通用机器名称 （例如 connect.acmegizmo.com）

 组织名称 （例如 Acme Gizmo, Inc.）

注： IVE 使用最后两段数据来创建自签署数字证书，并将其用于产品评估和初试

设置过程。在部署 IVE 用于生产用途之前，强烈建议您导入由可信任的证书授权
机构 (CA) 签署的数字证书。

输入此信息后，即完成了串行控制台的设置。当出现 IVE 提示您修改设置的选
项时，请选定适当的选项或继续。

5. 如果要安装 Secure Access FIPS 设备，请将模式开关设置为 O （操作模式）。

6. 在浏览器中输入机器的 URL 并后跟 "/admin"，以访问管理员登录页面。 URL

的格式为：

https://a.b.c.d/admin，其中 a.b.c.d 是在步骤 4 中输入的机器 IP 地

址。当安全警报提示是否要在没有签署证书的条件下继续时，单击 Yes。如果
出现管理员登录页面，则表明已成功将 IVE 设备连接到网络中。

8  步骤 2：执行基本设置

图 9: 管理员登录页面

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

7. 在登录页面中，输入在步骤 4 中创建的管理员用户名及密码，然后单击
Sign In。管理员 Web 控制台将进入到 System>Status>Overview 页面中。

图 10: System > Status > Overview 页面

步骤 2：执行基本设置  9

Juniper Networks NetScreen Secure Access 和 Secure Access FIPS 快速入门指南

步骤 3：授权和配置 IVE

安装了

IVE

并执行了基本设置后，即可安装最新的

可访问性以及完成配置过程：

 要

安装最新的

Secure Access FIPS
Web 控制台内嵌的 " 任务指南 "。

IVE OS

设备

服务包，授权

，及创建测试用户以验证用户可访问性，请参照管理员

IVE OS

服务包、授权

IVE

、验证

NetScreen Secure Access 或 NetScreen

 要测试初始设置及继续配置

Access

和

Secure Access FIPS

IVE

，请参阅 IVE Juniper Networks NetScreen Secure

管理

指南的 " 入门 " 一节。

10  步骤 3：授权和配置 IVE