1. Home
    2. /
  2. Manuals
    3. /
  3. Juniper
    4. /
  4. SSG5
    5. /
  5. 8
Page 36 / 64 Scroll up to view Page 31 - 35
SSG 5 Hardware Installation and Configuration Guide
36
±
Basic Wireless Configuration
CLI
1.
Set the WLAN country code and IP address.
set wlan country-code {
code_id
}
set interface
wireless_interface
ip
ip_addr/netmask
2.
Set the SSID.
set ssid name
name_str
set ssid
name_str
authentication
auth_type
encryption
encryption_type
set ssid
name_str
interface
interface
(optional) set ssid
name_str
key-id
number
3.
Set the WLAN mode.
set interface
wireless_interface
wlan both
4.
Activate wireless changes.
save
exec wlan reactivate
You can set an SSID to operate in the same subnet as the wired subnet. This action
allows clients to work in either interface without having to reconnect in another
subnet.
To set an Ethernet and a wireless interface to the same bridge-group interface, use
the WebUI or CLI:
WebUI
Network > Interfaces > List > Edit (
bgroup_name
) > Bind Port: Select the
wireless and ethernet interfaces, then click
Apply
.
CLI
set interface
bgroup_name
port
wireless_interface
set interface
bgroup_name
port
ethernet_interface
NOTE:
Bgroup_name
can be bgroup0—bgroup3.
Ethernet_interface
can be ethernet0/0—ethernet0/6.
Wireless_interface
can be wireless0/0—wireless0/3.
If a wireless interface is configured, then you need to reactivate the WLAN with
the
exec wlan reactivate
CLI command or click
Activate Changes
on the Wireless
> General Settings WebUI page.
Page 37 / 64
WAN Configuration
±
37
WAN Configuration
This section explains how to configure the following WAN interfaces:
±
ISDN Interface
±
V.92 Modem Interface
ISDN Interface
Integrated Services Digital Network (ISDN) is a set of standards for digital
transmission over different media created by the Consultative Committee for
International Telegraphy and Telephone (CCITT) and International
Telecommunications Union (ITU). As a dial-on-demand service, it has fast call setup
and low latency as well as the ability to carry high-quality voice, data, and video
transmissions. ISDN is also a circuit-switched service that can be used on both
multipoint and point-to-point connections. ISDN provides a service router with a
multilink Point-to-Point Protocol (PPP) connection for network interfaces. The ISDN
interface is usually configured as the backup interface of the Ethernet interface to
access external networks.
To configure the ISDN interface, use the WebUI or CLI:
WebUI
Network > Interfaces > List > Edit (bri0/0): Enter or select the following, then
click
OK
:
BRI Mode: Dial Using BRI
Primary Number: 123456
WAN Encapsulation: PPP
PPP Profile: isdnprofile
CLI
set interface bri0/0 dialer-enable
set interface bri0/0 primary-number "123456"
set interface bri0/0 encap ppp
set interface bri0/0 ppp profile isdnprofile
save
To configure the ISDN interface as the backup interface, see “Backup Untrust
Interface Configuration” on page 33.
For more information on how to configure the ISDN interface, refer to the
Concepts
& Examples ScreenOS Reference Guide.
Page 38 / 64
SSG 5 Hardware Installation and Configuration Guide
38
±
WAN Configuration
V.92 Modem Interface
The V.92 interface provides an internal analog modem to establish a PPP
connection to a service provider. You can configure the serial interface as a primary
or backup interface, which is used in case of interface failover.
To configure the V.92 interface, use the WebUI or CLI:
WebUI
Network > Interfaces > List > Edit (for serial0/0): Enter the following, then
click
OK
:
Zone Name: untrust (select)
ISP: Enter the following, then click
OK
:
ISP Name: isp_juniper
Primary Number: 1234567
Login Name: juniper
Login Password: juniper
Modem: Enter the following, then click
OK
:
Modem Name: mod1
Init String: AT&FS7=255S32=6
Active Modem setting
Inactivity Timeout: 20
CLI
set interface serial0/0 zone untrust
set interface serial0/0 modem isp isp_juniper account login juniper password
juniper
set interface serial0/0 modem isp isp_juniper primary-number 1234567
set interface serial0/0 modem idle-time 20
set interface serial0/0 modem settings mod1 init-strings AT&FS7=255S32=6
set interface serial0/0 modem settings mod1 active
For information on how to configure the V.92 modem interface, refer to the
Concepts & Examples ScreenOS Reference Guide
.
NOTE:
The V.92 interface does not work in Transparent mode.
Page 39 / 64
Basic Firewall Protections
±
39
Basic Firewall Protections
The devices are configured with a default policy that permits workstations in the
Trust zone of your network to access any resource in the Untrust security zone,
while outside computers are not allowed to access or start sessions with your
workstations. You can configure policies that direct the device to permit outside
computers to start specific kinds of sessions with your computers. For information
about creating or modifying policies, refer to the
Concepts & Examples ScreenOS
Reference Guide
.
The SSG 5 device provides various detection methods and defense mechanisms to
combat probes and attacks aimed at compromising or harming a network or
network resource:
±
ScreenOS SCREEN options secure a zone by inspecting, and then allowing or
denying, all connection attempts that require crossing an interface to that zone.
For example, you can apply port-scan protection on the Untrust zone to stop a
source from a remote network from trying to identify services to target for
further attacks.
±
The device applies firewall policies, which can contain content-filtering and
Intrusion Detection and Prevention (IDP) components, to the traffic that passes
the SCREEN filters from one zone to another. By default, no traffic is permitted
to pass through the device from one zone to another. To permit traffic to cross
the device from one zone to another, you must create a policy that overrides the
default behavior.
To set ScreenOS SCREEN options for a zone, use the WebUI or CLI as follows:
WebUI
Screening > Screen: Select the zone to which the options apply. Select the
SCREEN options that you want, then click
Apply
:
CLI
set zone
zone
screen
option
save
For more information about configuring the network-security options available in
ScreenOS, see the
Attack Detection and Defense Mechanisms
volume in the
Concepts
& Examples ScreenOS Reference Guide
.
Verifying External Connectivity
To verify that workstations in your network can access resources on the Internet,
start a browser from any workstation in the network and enter the following URL:
www.juniper.net.
Page 40 / 64
SSG 5 Hardware Installation and Configuration Guide
40
±
Resetting a Device to Factory Defaults
Resetting a Device to Factory Defaults
If you lose the admin password, you can reset the device to its default settings. This
action destroys any existing configurations but restores access to the device.
You can restore the device to its default settings in one of the following ways:
±
Using a Console connection. For further information, see the
Administration
volume of the
Concepts & Examples ScreenOS Reference Guide
.
±
Using the reset pinhole on the back panel of the device, as described in the next
section.
You can reset the device and restore the factory default settings by pressing the
reset pinhole. To perform this operation, you need to either view the device status
LEDs on the front panel or start a Console session as described in Using a Console
Connection on page 24.
To use the reset pinhole to reset and restore the default settings, perform the
following steps:
1.
Locate the reset pinhole on the rear panel. Using a thin, firm wire (such as a
paperclip), push the pinhole for four to six seconds and then release.
The STATUS LED blinks red. A message on the console states that erasure of the
configuration has started and the system sends an SNMP/SYSLOG alert.
2.
Wait for one to two seconds.
After the first reset, the STATUS LED blinks green; the device is now waiting for
the second reset. The Console message now states that the device is waiting for
a second confirmation.
3.
Push the reset pinhole again for four to six seconds.
The Console message verifies the second reset. The STATUS LED glows red for
one-half second and then returns to the blinking green state.
The device then resets to its original factory settings. When the device resets,
the STATUS LED glows red for one-half second and then glows green. The
console displays device-bootup messages. The system generates SNMP and
SYSLOG alerts to configured SYSLOG or SNMP trap hosts.
After the device has rebooted, the console displays the login prompt for the
device. The STATUS LED blinks green. The login and password are
netscreen
.
If you do not follow the complete sequence, the reset process cancels without any
configuration change and the Console message states that the erasure of the
configuration is aborted. The STATUS LED returns to blinking green. If the device
did not reset, an SNMP alert is sent to confirm the failure.
WARNING:
Resetting the device deletes all existing configuration settings and
disables all existing firewall and VPN services.

Rate

3.5 / 5 based on 2 votes.

Popular Juniper Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top