Top Banner

Click here to load reader

Juniper Overview SSG500

Nov 08, 2014

ReportDownload

Documents

Juniper Overview SSG500

Concepts & Examples ScreenOS Reference Guide

Volume 1: Overview

Release 6.0.0, Rev. 02

Juniper Networks, Inc.1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000

www.juniper.netPart Number: 530-017767-01, Revision 02

Copyright NoticeCopyright 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

FCC StatementThe following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/TV technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.

DisclaimerTHE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

ii

Table of ContentsVolume 1: OverviewAbout the Concepts & Examples ScreenOS Reference Guide xlv

Volume Organization .................................................................................. xlvii Document Conventions.................................................................................. liii Web User Interface Conventions ............................................................. liii Command Line Interface Conventions..................................................... liii Naming Conventions and Character Types .............................................. liv Illustration Conventions............................................................................ lv Technical Documentation and Support .......................................................... lvi Master Index ...........................................................................................................IX-I

Volume 2: FundamentalsAbout This Volume ix

Document Conventions.................................................................................... x Web User Interface Conventions ............................................................... x Command Line Interface Conventions....................................................... x Naming Conventions and Character Types ............................................... xi Illustration Conventions........................................................................... xii Technical Documentation and Support ......................................................... xiii Chapter 1 ScreenOS Architecture 1

Security Zones ................................................................................................. 2 Security Zone Interfaces................................................................................... 3 Physical Interfaces..................................................................................... 3 Subinterfaces............................................................................................. 3 Virtual Routers ................................................................................................. 4 Policies.............................................................................................................5 Virtual Private Networks .................................................................................. 6 Virtual Systems ................................................................................................9 Packet-Flow Sequence.................................................................................... 10 Jumbo Frames................................................................................................ 13 ScreenOS Architecture Example..................................................................... 14 Example: (Part 1) Enterprise with Six Zones............................................ 14 Example: (Part 2) Interfaces for Six Zones ............................................... 16 Example: (Part 3) Two Routing Domains ................................................. 18 Example: (Part 4) Policies ........................................................................ 20

Table of Contents

iii

Concepts & Examples ScreenOS Reference Guide

Chapter 2

Zones

25

Viewing Preconfigured Zones......................................................................... 26 Security Zones ............................................................................................... 28 Global Zone ............................................................................................. 28 SCREEN Options...................................................................................... 28 Binding a Tunnel Interface to a Tunnel Zone.................................................. 29 Configuring Security Zones and Tunnel Zones ............................................... 30 Creating a Zone ....................................................................................... 30 Modifying a Zone..................................................................................... 31 Deleting a Zone ....................................................................................... 32 Function Zones ..............................................................................................33 Chapter 3 Interfaces 35

Interface Types ..............................................................................................36 Logical Interfaces..................................................................................... 36 Physical Interfaces ............................................................................ 36 Wireless Interfaces............................................................................ 36 Bridge Group Interfaces..................................................................... 37 Subinterfaces .................................................................................... 37 Aggregate Interfaces ......................................................................... 37 Redundant Interfaces ........................................................................ 37 Virtual Security Interfaces .................................................................38 Function Zone Interfaces ......................................................................... 38 Management Interfaces..................................................................... 38 High Availability Interfaces................................................................ 38 Tunnel Interfaces..................................................................................... 39 Deleting Tunnel Interfaces ................................................................ 42 Viewing Interfaces ......................................................................................... 43 Configuring Security Zone Interfaces ............................................................. 44 Binding an Interface to a Security Zone ................................................... 44 Unbinding an Interface from a Security Zone .......................................... 45 Addressing an L3 Security Zone Interface................................................ 46 Public IP Addresses ........................................................................... 47 Private IP Addresses.......................................................................... 47 Addressing an Interface .......