How it Works
Juniper Networks
Loading...
5000
User Manual
116 pgs5.16 Mb0
User Manual
66 pgs3.31 Mb0
Table of contents
Loading...

Juniper Networks 5000 User Manual

NETSCREEN-5000 SERIES
User’s Guide
Version 5.0 P/N 093-1489-000 Rev. A
Copyright Notice
Copyright © 2004 Juniper Networks, Inc. All rights reserved.
Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and registered trademarks are the property of their respective companies.
Information in this document is subject to change without notice.
No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without receiving written permission from:
Juniper Networks, Inc.
ATTN: General Counsel
1194 N. Mathilda Ave.
Sunnyvale, CA 94089-1206
FCC Statement
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with NetScreen’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.
If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Consult the dealer or an experienced radio/TV technician for help.
• Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.
Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.
Disclaimer
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR NETSCREEN REPRESENTATIVE FOR A COPY.

Language Contents

English ..................................................................................................................... 1
French ...................................................................................................................53
NetScreen-5000 Series iii
Language Contents
iv User’s Guide

Table of Contents

Preface....................................................................................................................1
Guide Organization .................................................................................... 1
Command Line Interface (CLI) Conventions ............................................... 2
Juniper Networks NetScreen Publications ................................................... 2
Chapter 1 Overview ...............................................................................................3
NetScreen-5000 Series ................................................................................ 4
NetScreen-5200 .............................................................................................. 4
NetScreen-5400 .............................................................................................. 4
Power Supplies ............................................................................................ 5
NetScreen-5200 Power Recommendations..................................................... 6
NetScreen-5400 Power Recommendations..................................................... 6
The DC Power Supply ...................................................................................... 6
The AC Power Supply....................................................................................... 7
Fan Modules ............................................................................................... 7
NetScreen-5000 Modules ........................................................................... 8
Management Modules.................................................................................... 8
The 5000-M Management Module .............................................................8
The 5000-M2 Management Module ...........................................................9
Secure Port Modules...................................................................................... 10
The 5000-8G SPM ......................................................................................10
The 5000-2G24FE SPM ..............................................................................11
Chapter 2 Installing the Device ............................................................................ 13
General Installation Guidelines ................................................................ 14
Equipment Rack Installation Guidelines ................................................... 14
Mounting the NetScreen-5000 Series ....................................................... 15
NetScreen-5200 Front and Rear Mount......................................................... 15
NetScreen-5200 Mid-Mount .......................................................................... 16
NetScreen-5400 Front Mount......................................................................... 16
Installing and Connecting the AC Power Supply ...................................... 17
Installing and Wiring a DC Power Supply .................................................. 17
Establishing an HA Connection ................................................................. 19
Connecting the NetScreen-5000 Series to a Router or Switch .................. 19
Chapter 3 Configuring the Device ....................................................................... 21
Operational Modes .................................................................................. 22
Transparent Mode ......................................................................................... 22
Route Mode................................................................................................... 22
The NetScreen-5000 Interfaces ................................................................ 23
NetScreen-5200 Interfaces............................................................................ 23
NetScreen-5400 Interfaces............................................................................ 24
Configurable Interfaces ................................................................................ 24
NetScreen-5000 Series v
Table of Contents
Performing Initial Connection and Configuration ..................................... 25
Establishing a Terminal Emulator Connection................................................ 25
Upgrading the Firmware During the Boot Process ......................................... 26
Changing Your Admin Name and Password ................................................. 27
Setting Port and Interface IP Addresses ......................................................... 27
Viewing Current Interface Settings ............................................................27
Setting the IP Address of the Management Interface ...............................27
Setting the IP Address for the Trust Zone Interface .....................................28
Setting the IP Address for the Untrust Zone Interface .................................28
Allowing Outbound Traffic .........................................................................29
Configuring the Device for Telnet and WebUI Sessions ............................. 29
Starting a Console Session Using Telnet ......................................................... 29
Starting a Console Session Using Dialup ........................................................ 30
Establishing a GUI Management Session....................................................... 30
Configuring the Chassis Alarm .................................................................. 31
Configuring Aggregate Interfaces ............................................................ 32
Using CLI Commands to Reset the Device ................................................ 33
Chapter 4 Servicing the Device............................................................................35
Removing and Reseating Modules ........................................................... 36
Replacing a DC Power Supply .................................................................. 36
Replacing an AC Power Supply ................................................................ 37
Replacing the Fan Tray ............................................................................. 37
Connecting and Disconnecting Gigabit Ethernet Cables ........................ 38
Removing and Installing a Mini-GBIC Transceiver ..................................... 39
Appendix A Specifications ....................................................................................41
NetScreen-5200 Attributes ........................................................................ 42
NetScreen-5400 Attributes ........................................................................ 42
Electrical Specification ............................................................................. 42
Environmental Specification ..................................................................... 42
NEBS Certifications .................................................................................... 43
Safety Certifications .................................................................................. 43
EMI Certifications ...................................................................................... 43
Connectors ............................................................................................... 43
Appendix B Port Descriptions and LED Status ........................................................45
Module Port Descriptions .......................................................................... 46
Module LED Descriptions ........................................................................... 47
vi User’s Guide
Status LED States ....................................................................................... 47
Interpreting Status LEDs for the Management Modules .................................47
Interpreting Status LEDs for the Secure Port Module .......................................48
Interpreting Ethernet Port Status LEDs for All Modules .....................................48
Power Supply LEDs .................................................................................... 49
Interpreting Power Supply LED Status for the NetScreen-5200 .......................49
Interpreting Power Supply LED Status for the NetScreen-5400 .......................49
Single SPM Installed ..................................................................................49
Fan LED ..................................................................................................... 50
Index ..................................................................................................................... 51
NetScreen-5000 Series vii
Table of Contents
viii User’s Guide

Preface

The Juniper Networks NetScreen-5000 Series consists of purpose-built, high-performance security systems that provide IPSec VPN and firewall services for large-scale carrier, enterprise, and data-center networks. Built around NetScreen’s third-generation ASIC technology and distributed system architecture, the NetScreen-5000 Series offers excellent scalability and flexibility.
The NetScreen-5000 Series includes the following device models:
The NetScreen-5200, a chassis-based, two-slot network security device.
The NetScreen-5400, a chassis-based, four-slot network security device.
NetScreen-5000 Series architecture features multiple processing modules. These include a management module that provides overall system control, and security processing modules that allow a variety of port configurations. Together, these modules provide a wide range of performance and security gateway configurations. Because the modules can work in many combinations, you can customize the NetScreen-5000 Series to accommodate the specific requirements of your organization.
The NetScreen-5000 Series also employs a switch fabric for data exchange and a separate multi-bus channel for control information, thus delivering scalable performance for the most demanding environments.
G
UIDE
This manual has four chapters and two appendices.
Chapter 1, Overview provides a detailed overview of the system, its modules, Fast Ethernet (FE) and mini-GBIC connectors, power supplies, and fan tray.
Chapter 2, Installing the Device details how to rack mount the NetScreen-5000 Series, connect the power supplies, and connect the modules to the network in addition to providing desktop site requirements and guidelines for rack mounting.
Chapter 3, Configuring the Device details how to obtain an IP address for an interface on one of the modules and how to aggregate ports on one of the modules.
Chapter 4, Servicing the Device provides procedures on how to replace your module and power supplies.
Appendix A, Specifications provides a list of physical specifications about the NetScreen-5000 Series, the modules, and power supplies.
Appendix B, Port Descriptions and LED Status provides descriptions of port and LED behavior.
RGANIZATION
O
NetScreen-5000 Series 1
Preface
OMMAND LINE INTERFACE
C
The following conventions are used when presenting the syntax of a command line interface (CLI) command:
Anything inside square brackets [ ] is optional.
Anything inside braces { } is required.
If there is more than one choice, each choice is separated by a pipe ( | ). For
example,
set interface { ether1/1 | ether1/2 | ether2/2 } manage
means “set the management options for the ether1/1, ether1/2, or ether2/2 interface”.
Variables appear in italic. For example:
set admin user name1 password xyz
When a CLI command appears within the context of a sentence, it is in bold (except for variables, which are always in italic). For example: “Use the get system command to display the serial number of a NetScreen device.”
Note: When typing a keyword, you only have to type enough letters to identify the word
uniquely. For example, typing set adm u joe j12fmt54 is enough to enter the command
set admin user joe j12fmt54. Although you can use this shortcut when entering
commands, all the commands documented here are presented in their entirety.
(CLI) C
ONVENTIONS
UNIPER NETWORKS NETSCREEN PUBLICATIONS
J
To obtain technical documentation for any Juniper Networks NetScreen product, visit
www.juniper.net/techpubs/
For technical support, open a support case using the Case Manager link at http://
www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-
9500 (outside the United States).
If you find any errors or omissions in the following content, please contact us at the e-mail address below:
2 User’s Guide
.
techpubs-comments@juniper.net
Chapter 1

Overview

This chapter provides detailed descriptions of the NetScreen-5000 Series, modules, power supplies, and fan assemblies.
Topics explained in this chapter include:
“NetScreen-5000 Series” on page 4
“NetScreen-5200” on page 4
“NetScreen-5400” on page 4
“Power Supplies” on page 5
“NetScreen-5200 Power Recommendations” on page 6
“NetScreen-5400 Power Recommendations” on page 6
“The DC Power Supply” on page 6
“The AC Power Supply” on page 7
“Fan Modules” on page 7
“NetScreen-5000 Modules” on page 8
“Management Modules” on page 8
“Secure Port Modules” on page 10
1
NetScreen-5000 Series 3
Chapter 1 Overview
NETS
CREEN
This section describes the NetScreen-5000 Series, which currently includes the NetScreen-5200 and the NetScreen-5400.
-5000 S
NetScreen-5200
The NetScreen-5200 is a chassis-based, two-slot network security device. Slot 1 is for the management module and Slot 2 is for the Secure Port Module (SPM). The device has two hot-swappable power supplies for power redundancy and a removable fan module.
The figure below shows a NetScreen-5200 with a management module in slot 1 (top) and an SPM in slot 2 (bottom).
NetScreen-5400
ERIES
The NetScreen-5400 is a chassis-based, four-slot network security device with a 5U (rack unit) chassis. The top slot (slot 1) holds the management module, and the bottom slots (slots 2-4) hold up to three Secure Port Modules (SPMs) for flexible, high-density port configurations. The device has three hot-swappable power supplies for power redundancy and a removable fan module.
The figure below shows a NetScreen-5400 fully populated with a management module in slot 1 (top) and SPMs in slots 2 through 4.
Management,
slot 1
SPM, slot 2
SPM, slot 3
SPM, slot 4
4 User’s Guide
OWER SUPPLIES
P
The NetScreen-5000 Series can use two kinds of power supplies:
Alternating Current (AC) Power Supply
Direct Current (DC) Power Supply
The slots for these power supplies are located in the back of the NetScreen-5200 and on the front of the NetScreen-5400.
Note: You can order a NetScreen-5000 Series that runs on DC power. For DC-powered
units, the power supply has a DC terminal block with three sockets.
When two or more power supplies are in service, they share the power load equally. The power supplies are hot-swappable, so you can remove one and replace it without affecting operation. Each power supply is intended to receive power from separate feeds.
When one power supply fails, the other(s) automatically assume the full load and the device logs a system alarm. This alarm is viewable through the WebUI or a console accessing the NetScreen Command Line Interface (CLI). The Alarm LED on the management module glows red in response to any power supply failure.

Power Supplies

Warning: You must replace the failed power supply as soon as possible; otherwise, system
damage may result. See “Servicing the Device” on page 35 for instructions on how to replace a power supply.
NetScreen-5000 Series 5
Chapter 1 Overview
NetScreen-5200 Power Recommendations
Although the NetScreen-5200 can run with one power supply, it is advisable to install both. This practice minimizes the likelihood of system failure due to individual power supply failure.
When either power supply fails, the Alarm LED on the management module glows red. If both are operational, the Alarm LED is off. For more information on power supply LEDs, see Appendix B, Port Descriptions and LED Status.
NetScreen-5400 Power Recommendations
When the NetScreen-5400 contains only two modules, it can operate with one power supply. However, if the system contains three or four modules, the system requires at least two power supplies. In either case, it is advisable to install all three power supplies. This practice minimizes the likelihood of system failure due to individual power supply failure.
When any power supply fails, the Alarm LED on the management module glows red. While all three are operational, the Alarm LED is off. For more information on power supply LEDs, see Appendix B, Port Descriptions and LED Status.
The DC Power Supply
The DC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a cooling fan vent, and three DC power terminal blocks that connect to power cables.
The figure below shows the NetScreen-5200 DC power supply.
Thumbscrew
Power
LED
Power Switch
DC Power
Terminal
Blocks
Grounding
Screw
6 User’s Guide

Fan Modules

The AC Power Supply
The AC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a male power outlet, and a cooling fan vent.
The figure below shows the NetScreen-5200 AC power supply.
Thumbscrew
Power LED
FAN MODULES
The NetScreen-5200 has a three-fan module and the NetScreen-5400 has a two-fan module. You can access the fan module from the left front side of each chassis.
To remove the NetScreen-5200 fan module, turn the fan knob in the unlock position, then gently pull the fan module lever toward you to slide the module out.
To remove the NetScreen-5400 fan module, loosen the two thumb screws that secure the fan module, then gently slide the module out.
If a fan stops operating due to failure or removal, the system continues to run and generates an alarm. When you replace the fan, do not leave the fan tray empty for more than two minutes. See “Replacing the Fan Tray” on page 37 for more information.
Male
Power
Outlet
Fuse
Power Switch
NetScreen-5000 Series 7
Chapter 1 Overview
NETS
CREEN
The NetScreen-5000 Series device supports two module types:
NetScreen-5000 management modules
NetScreen-5000 Secure Port Modules (SPMs)
The following table shows the modules supported by each slot.
NetScreen-5200 Management Module Secure Port Module N/A N/A
NetScreen-5400 Management Module Secure Port Module Secure Port Module Secure Port Module
-5000 M
slot 1 slot 2 slot 3 slot 4
ODULES
Management Modules
The management module provides general-purpose CPU delivery, and contains dedicated High Availability (HA) and management interfaces. It handles tasks such as management access, session setup and termination, and Internet Key Exchange (IKE) negotiation.
Note: There are currently two management modules: The 5000-M and 5000-M2.
The 5000-M Management Module
The 5000-M is based around a powerful, 600-MHz PowerPC CPU, which assists other system elements, primarily with non-flow related tasks. The 5000-M management module provides overall management and control of the system. Although it performs system management, the primary function of the 5000-M is to support the other modules.
Features of the 5000-M module include:
A management port, for WebUI management sessions or Command Line Interface sessions.
A console port, for serial terminal emulation programs such as HyperTerminal.
Two High Availability (HA) ports.
A modem port.
The 5000-M also has port Link and Activity LEDs, CPU utilization indicators, a High Availability (HA) LED, an Alarm LED, a Status LED, a Flash LED, and a Power LED. In addition, it has a compact flash slot for flash memory card installation.
8 User’s Guide
CPU Utilization
LEDs
Compact Flash Slot
NetScreen-5000 Modules
Management Port High Availability Ports
Power
LED
Status
LED
HA
LED
Alarm
LED
Flash
LED
Console
Port
Modem
Port
The 5000-M2 Management Module
The 5000-M2 is based around powerful, dual 1GHz PowerPC CPUs, which assist other system elements, primarily with non-flow related tasks. The 5000-M2 management module provides overall management and control of the system. Although it performs system management, the primary function of the 5000-M2 is to support the other modules.
Features of the 5000-M2 module include:
A management port, for WebUI management sessions or Command Line Interface sessions.
A console port, for serial terminal emulation programs such as HyperTerminal.
Two High Availability (HA) ports.
A modem port.
The 5000-M2 also has port Link and Activity LEDs, CPU utilization indicators, a High Availability (HA) LED, an Alarm LED, a Status LED, a Flash LED, and a Power LED. In addition, it has a compact flash slot for flash memory card installation.
Note: The 5000-M2 is not currently FIPS, NEBS, or Common Criteria Certified.
CPU Utilization
Power
LED
Status
LED
LEDs
HA
LED
Alarm
LED
Compact Flash Slot
Flash
LED
Console
Management Port High Availability Ports
Port
Modem
Port
NetScreen-5000 Series 9
Chapter 1 Overview
Secure Port Modules
Secure Port Modules (SPMs) perform general packet processing and device connection tasks for devices that communicate with the NetScreen-5000 Series. These modules are based around the GigaScreen-II ASIC.
SPMs handle packets as they enter and exit the system, providing packet parsing, classification, and flow-level processing. SPMs also provide encryption, decryption, Network Address Translation (NAT), and session lookup features. When packets require processing beyond that provided by an SPM, the NetScreen-5000 Series hands them off to the management module for further processing.
There are currently two SPM models:
The 5000-8G SPM, with eight mini-GBIC Gigabit Ethernet ports.
The 5000-2G24FE SPM, with two mini-GBIC Gigabit Ethernet ports and 24 10/
100 Ethernet ports.
The 5000-8G SPM
The 5000-8G SPM provides eight Gigabit Ethernet mini-Gigabit Interface Converter (GBIC) ports using hot-swappable transceivers. The 5000-8G delivers up to 4 Gigabits­per-second (Gbps) of firewall and up to 2 Gbps of Virtual Private Network (VPN) capacity. This module is also capable of supporting a total of four aggregate interfaces.
(For details on connecting or removing a mini-GBIC transceiver and connecting and disconnecting a Gigabit Ethernet cable, see Chapter 4, Servicing the Device.)
The 5000-8G provides port Link and Activity LEDs in addition to Power and Status LEDs.
Eight 1-Gigabit
Power LED
Status LED
Link LED
Transmit/
Receive LED
mini-GBIC Ports
10 User’s Guide
NetScreen-5000 Modules
The 5000-2G24FE SPM
The 5000-2G24FE Secure Port Module (SPM) deploys two 1-Gigabit Ethernet ports and 24 FE ports with up to 2 Gbps of firewall and up to 1 Gbps of VPN process capacity. This module is capable of supporting a total of six aggregate interfaces. This total consists of one aggregate interface for the two 1-Gigabit ports, and five aggregate interfaces for the 24 10/100 Ethernet ports. Only similar ports can be aggregated together. You cannot aggregate a Gigabit port to a 10/100 FE port.
The 5000-2G24FE provides port Link and Activity LEDs, in addition to Power and Status LEDs.
Mini-GBIC transceivers are hot-swappable. For details on connecting or removing a mini­GBIC transceiver and connecting or disconnecting a Gigabit Ethernet cable, see Chapter 4, Servicing the Device.
Power LED
Status LED
Link LED
Two 1 Gigabit
GBIC Ports
Ethernet RJ-45 Ports
Transmit/Receive
LED
NetScreen-5000 Series 11
Chapter 1 Overview
12 User’s Guide
Chapter 2

Installing the Device

This chapter describes how to install a NetScreen-5000 Series in an equipment rack or on a desktop and how to configure the device on a network. Topics in this chapter include:
“General Installation Guidelines” on page 14
“Equipment Rack Installation Guidelines” on page 14
“Mounting the NetScreen-5000 Series” on page 15
“NetScreen-5200 Front and Rear Mount” on page 15
“NetScreen-5200 Mid-Mount” on page 16
“NetScreen-5400 Front Mount” on page 16
“Installing and Connecting the AC Power Supply” on page 17
“Installing and Wiring a DC Power Supply” on page 17
“Establishing an HA Connection” on page 19
“Connecting the NetScreen-5000 Series to a Router or Switch” on page 19
2
NetScreen-5000 Series 13
Chapter 2 Installing the Device
ENERAL INSTALLATION
G
Observing the following precautions can prevent injuries, equipment failures, and shutdowns.
Never assume that the power supply is disconnected from a power source. Always check first.
Room temperature might not be sufficient to keep equipment at acceptable temperatures without an additional circulation system. Ensure that the room in which you operate the NetScreen-5000 Series has adequate air circulation.
Do not work alone if potentially hazardous conditions exist.
Look carefully for possible hazards in your work area, such as moist floors,
ungrounded power extension cables, frayed power cords, and missing safety grounds.
Important: Although you can place the NetScreen-5000 Series on a desktop for operation,
NetScreen does not recommend deploying it in this manner.
Warning: To prevent abuse and intrusion by unauthorized personnel, it is extremely
important to install the NetScreen device in a locked-room environment.
QUIPMENT RACK INSTALLATION
E
UIDELINES
G
UIDELINES
G
The location of the chassis and the layout of your equipment rack or wiring room are crucial for proper system operation.
Use the following guidelines while configuring your equipment rack.
Enclosed racks must have adequate ventilation. An enclosed rack should have louvered sides and a fan to provide cooling air.
When mounting a chassis in an open rack, ensure that the rack frame does not block the intake or exhaust ports. If you install the chassis on slides, check the position of the chassis when it is seated all the way into the rack.
In an enclosed rack with a ventilation fan in the top, equipment higher in the rack can draw heat from the lower devices. Always provide adequate ventilation for equipment at the bottom of the rack.
Baffles can isolate exhaust air from intake air. The best placement of the baffles depends on the airflow patterns in the rack.
You can mount the device in a standard 19-inch equipment rack. Rack mounting requires the following tools:
1 Phillips-head screwdriver
Rack-compatible screws
The included rear slide kit (for the rear and front mount method) on the
NetScreen-5200
Front-mount brackets
14 User’s Guide

Mounting the NetScreen-5000 Series

There are two ways to rack mount the NetScreen-5200:
Rear and front mount
Mid-mount
Note: Juniper Networks strongly recommends the rear and front rack mount configuration
for the NetScreen-5200.
You can only front-mount the NetScreen-5400.
OUNTING THE NETSCREEN
M
The following sections describe how to rack mount the NetScreen-5000 Series.
-5000 S
ERIES
NetScreen-5200 Front and Rear Mount
To mount the NetScreen-5200 with support from the front and rear, you need four fitted screws, a Phillips-head screwdriver, the rear slide kit, and brackets.
To mount the NetScreen-5200:
1. Screw the rear mount bracket to the rear rack posts.
2. With the indented groove of each slide facing outward, screw the slides to the middle of each side of the chassis.
3. Slip the slides into the rear mount brackets, then push the NetScreen-5200 forward until the left and right brackets contact the front rack posts, as shown below.
4. Screw the left and right brackets to the rack.
NetScreen-5000 Series 15
Chapter 2 Installing the Device
NetScreen-5200 Mid-Mount
To mid-mount the NetScreen-5200, you need four fitted screws, a Phillips-head screwdriver, and brackets.
To mid-mount the NetScreen-5200:
1. Screw the left and right brackets to the middle of each side of the chassis, as shown below.
2. Screw the left and right brackets to the rack.
NetScreen-5400 Front Mount
To front mount the NetScreen-5400, you need four fitted screws, a Phillips-head screwdriver, and brackets.
To front mount the device:
1. Screw the front mount bracket to the front of the chassis, as shown below.
2. Screw the left and right brackets to the rack.
16 User’s Guide

Installing and Connecting the AC Power Supply

NSTALLING AND
I
To install and connect the AC power supply to the NetScreen-5000 Series device:
1. On the NetScreen-5200, slide the power supply into one of the power compartments in the back of the system.
On the NetScreen-5400, slide the power supply into one of the power compartments on the front of the system.
2. Fasten the power supply to the system by tightening the corner screws into the eyelets on the sides of the power supply.
3. If you want to install two power supplies in the NetScreen-5200 or three power supplies in the NetScreen-5400, repeat steps 1 and 2 for the remaining power supplies.
4. Connect the female end of a standard power cord to the male connector on the back of each power supply.
5. Connect each power cord to a standard 100-240-Volt power outlet.
Note: Whenever you deploy two or more power supplies to a NetScreen-5000
Series device, connect each to a different power source. Each power supply is intended to receive power from separate feeds.
6. Turn the power switches on.
ONNECTING THE
C
AC P
OWER SUPPLY
Note: If there are multiple power supplies in the NetScreen-5000 Series device
and any of them are off, the Alarm LED on the management module glows red. This alarm indicates that maximum system stability requires all installed power supplies to be operational.
NSTALLING AND
I
To install and connect the DC power supply to the NetScreen-5000 Series device:
1. On the NetScreen-5200, slide the power supply into one of the power compartments in the back of the system.
On the NetScreen-5400, slide the power supply into one of the power compartments on the front of the system.
2. Fasten the power supply to the system by tightening the corner screws into the eyelets on the sides of the power supply.
3. If you want to install two power supplies in the NetScreen-5200 or three power supplies in the NetScreen-5400, repeat steps 1 and 2 for the remaining power supplies.
IRING A
W
DC P
OWER SUPPLY
NetScreen-5000 Series 17
Chapter 2 Installing the Device
The DC power supply, power switch, grounding screw, and terminal blocks, are located on the faceplate of the power supply unit.
Power
LED
-48V -48V COM
Power Switch
Thumbscrew
DC Power
Terminal Block
Grounding
Screw
Warning: You must shut off current to the DC feed wires before connecting the wires to the
power supplies. Also, make sure that the power switch is in the off position.
To connect the DC power supply to a grounding point at your site:
1. Remove the hex nut on the grounding screw.
2. Place the ground lug on the screw and tighten the hex nut securely.
3. Connect the other end of the grounding lug wire to a grounding point at your site.
To connect DC power feeds to the terminal blocks:
1. Loosen the retaining screws on each terminal block.
2. Insert the 0V DC (positive voltage) return wire into the center COM connector and the -48V DC power feed wire into either the left or right connector.
3. Fasten the screws over the connectors.
4. Turn the power switches on.
Note: If there are multiple power supplies in the NetScreen-5000 Series device
and any of them are off, the Alarm LED on the Management Module glows solid red. This alarm indicates that maximum system stability requires all installed power supplies to be operational.
18 User’s Guide

Establishing an HA Connection

STABLISHING AN
E
To assure continuous traffic flow in the event of system failure, you can cable and configure two NetScreen devices in a redundant cluster, with one device acting as a master and the other as its backup. The master propagates all its network, configuration and session information to the backup. Should the master fail, the backup is promoted to master and takes over the traffic processing.
To physically connect the master and backup devices, the 5000-M and 5000-M2 management modules provide a pair of High Availability (HA) ports. To connect the NetScreen-5000 Series devices, you can use the provided Gigabit Ethernet mini-GBIC cable. Use this cable to connect the HA1 port on one system to the HA1 port on another system. Though you cannot connect HA ports between 5000-M and 5000-M2 management modules, you can connect HA ports between the same type of management module. For example, a 5000-M management module to another 5000-M management module.
For information on setting up HA configurations, see the NetScreen Concepts & Examples ScreenOS Reference Guide.
ONNECTING THE NETSCREEN
C
HA C
ONNECTION
OR SWITCH
You can establish a high-speed connection to a router or switch, and provide firewall and general security for your network, by connecting a Secure Port Module (SPM) to a fiber­optic or copper wire backbone. There are two ways to create this connection:
-5000 S
ERIES TO A ROUTER
Connect a Fiber Optic cable from one of the mini-GBIC ports to the router (or switch).
Connect an Unshielded Twisted Pair (UTP) CAT5 cable from an FE port to the router (or switch).
NetScreen-5000 Series 19
Chapter 2 Installing the Device
20 User’s Guide
Chapter 3

Configuring the Device

This chapter describes how to perform initial configuration on a NetScreen-5000 Series once you have mounted it in a rack or desktop, plugged in the necessary cables, and turned the power on. Topics in this chapter include:
“Operational Modes” on page 22
“Transparent Mode” on page 22
“Route Mode” on page 22
“The NetScreen-5000 Interfaces” on page 23
“NetScreen-5200 Interfaces” on page 23
“NetScreen-5400 Interfaces” on page 24
“Configurable Interfaces” on page 24
“Performing Initial Connection and Configuration” on page 25
“Establishing a Terminal Emulator Connection” on page 25
“Upgrading the Firmware During the Boot Process” on page 26
“Changing Your Admin Name and Password” on page 27
“Setting Port and Interface IP Addresses” on page 27
“Configuring the Device for Telnet and WebUI Sessions” on page 29
“Starting a Console Session Using Telnet” on page 29
“Starting a Console Session Using Dialup” on page 30
“Establishing a GUI Management Session” on page 30
“Configuring the Chassis Alarm” on page 31
“Configuring Aggregate Interfaces” on page 32
“Using CLI Commands to Reset the Device” on page 33
3
Note: You must register your product at www.netscreen.com/cso
services, such as the Deep Inspection Signature Service, can be activated on the device. After registering your product, use the WebUI or CLI to obtain the subscription for the service. For more information about registering your product and obtaining subscriptions for specific services, see the “System Parameters” chapter in the NetScreen Concepts & Examples ScreenOS Reference Guide.
NetScreen-5000 Series 21
so that certain ScreenOS
Chapter 3 Configuring the Device
PERATIONAL
O
A NetScreen-5000 Series device supports two operational modes: Transparent and Route. The default mode is Route.
M
ODES
Transparent Mode
In Transparent mode, a NetScreen-5000 Series device operates as a Layer-2 bridge. Because the device cannot translate packet IP addresses, it cannot perform Network Address Translation (NAT). Consequently, for the device to access the Internet, any IP address in your trusted (local) networks must be routable and accessible from untrusted (external) networks.
In Transparent mode, the IP addresses for the Layer-2 Trust and Untrust zones are
0.0.0.0, thus making the NetScreen-5000 Series device invisible to the network. However, the device can still perform firewall, VPN, and traffic management according to configured security policies.
Route Mode
In Route mode, a NetScreen-5000 Series device operates at Layer 3. Because you can configure each interface using an IP address and subnet mask, you can configure individual interfaces to perform NAT.
When the interface performs NAT services, the NetScreen-5000 Series device translates the source IP address of each outgoing packet into the IP address of the untrusted interface. It also replaces the source port number with a randomly-generated value.
When the interface does not perform NAT services, the source IP address and port number in each packet header remain unchanged. Therefore, to reach the Internet your local hosts must have routable IP addresses.
For more information on NAT, see the NetScreen Concepts & Examples ScreenOS Reference Guide.
22 User’s Guide
Loading...
+ 86 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use