Juniper SSG5 Router Manual PDF (Setup & Configuration Guide)

Page 36 / 64 Scroll up to view Page 31 - 35

SSG 5 Hardware Installation and Configuration Guide

36

±

Basic Wireless Configuration

CLI

1.

Set the WLAN country code and IP address.

set wlan country-code {

code_id

}

set interface

wireless_interface

ip

ip_addr/netmask

2.

Set the SSID.

set ssid name

name_str

set ssid

name_str

authentication

auth_type

encryption

encryption_type

set ssid

name_str

interface

(optional) set ssid

name_str

key-id

number

3.

Set the WLAN mode.

set interface

wireless_interface

wlan both

4.

Activate wireless changes.

save

exec wlan reactivate

You can set an SSID to operate in the same subnet as the wired subnet. This action

allows clients to work in either interface without having to reconnect in another

subnet.

To set an Ethernet and a wireless interface to the same bridge-group interface, use

the WebUI or CLI:

WebUI

Network > Interfaces > List > Edit (

bgroup_name

) > Bind Port: Select the

wireless and ethernet interfaces, then click

Apply

.

CLI

set interface

bgroup_name

port

wireless_interface

set interface

bgroup_name

port

ethernet_interface

NOTE:

Bgroup_name

can be bgroup0—bgroup3.

Ethernet_interface

can be ethernet0/0—ethernet0/6.

Wireless_interface

can be wireless0/0—wireless0/3.

If a wireless interface is configured, then you need to reactivate the WLAN with

the

exec wlan reactivate

CLI command or click

Activate Changes

on the Wireless

> General Settings WebUI page.

Page 37 / 64

WAN Configuration

±

37

WAN Configuration

This section explains how to configure the following WAN interfaces:

±

ISDN Interface

±

V.92 Modem Interface

ISDN Interface

Integrated Services Digital Network (ISDN) is a set of standards for digital

transmission over different media created by the Consultative Committee for

International Telegraphy and Telephone (CCITT) and International

Telecommunications Union (ITU). As a dial-on-demand service, it has fast call setup

and low latency as well as the ability to carry high-quality voice, data, and video

transmissions. ISDN is also a circuit-switched service that can be used on both

multipoint and point-to-point connections. ISDN provides a service router with a

multilink Point-to-Point Protocol (PPP) connection for network interfaces. The ISDN

interface is usually configured as the backup interface of the Ethernet interface to

access external networks.

To configure the ISDN interface, use the WebUI or CLI:

WebUI

Network > Interfaces > List > Edit (bri0/0): Enter or select the following, then

click

OK

:

BRI Mode: Dial Using BRI

Primary Number: 123456

WAN Encapsulation: PPP

PPP Profile: isdnprofile

CLI

set interface bri0/0 dialer-enable

set interface bri0/0 primary-number "123456"

set interface bri0/0 encap ppp

set interface bri0/0 ppp profile isdnprofile

save

To configure the ISDN interface as the backup interface, see “Backup Untrust

Interface Configuration” on page 33.

For more information on how to configure the ISDN interface, refer to the

Concepts

& Examples ScreenOS Reference Guide.

Page 38 / 64

SSG 5 Hardware Installation and Configuration Guide

38

±

WAN Configuration

V.92 Modem Interface

The V.92 interface provides an internal analog modem to establish a PPP

connection to a service provider. You can configure the serial interface as a primary

or backup interface, which is used in case of interface failover.

To configure the V.92 interface, use the WebUI or CLI:

WebUI

Network > Interfaces > List > Edit (for serial0/0): Enter the following, then

click

OK

:

Zone Name: untrust (select)

ISP: Enter the following, then click

OK

:

ISP Name: isp_juniper

Primary Number: 1234567

Login Name: juniper

Login Password: juniper

Modem: Enter the following, then click

OK

:

Modem Name: mod1

Init String: AT&FS7=255S32=6

Active Modem setting

Inactivity Timeout: 20

CLI

set interface serial0/0 zone untrust

set interface serial0/0 modem isp isp_juniper account login juniper password

juniper

set interface serial0/0 modem isp isp_juniper primary-number 1234567

set interface serial0/0 modem idle-time 20

set interface serial0/0 modem settings mod1 init-strings AT&FS7=255S32=6

set interface serial0/0 modem settings mod1 active

For information on how to configure the V.92 modem interface, refer to the

Concepts & Examples ScreenOS Reference Guide

.

NOTE:

The V.92 interface does not work in Transparent mode.

Page 39 / 64

Basic Firewall Protections

±

39

Basic Firewall Protections

The devices are configured with a default policy that permits workstations in the

Trust zone of your network to access any resource in the Untrust security zone,

while outside computers are not allowed to access or start sessions with your

workstations. You can configure policies that direct the device to permit outside

computers to start specific kinds of sessions with your computers. For information

about creating or modifying policies, refer to the

Concepts & Examples ScreenOS

Reference Guide

.

The SSG 5 device provides various detection methods and defense mechanisms to

combat probes and attacks aimed at compromising or harming a network or

network resource:

±

ScreenOS SCREEN options secure a zone by inspecting, and then allowing or

denying, all connection attempts that require crossing an interface to that zone.

For example, you can apply port-scan protection on the Untrust zone to stop a

source from a remote network from trying to identify services to target for

further attacks.

±

The device applies firewall policies, which can contain content-filtering and

Intrusion Detection and Prevention (IDP) components, to the traffic that passes

the SCREEN filters from one zone to another. By default, no traffic is permitted

to pass through the device from one zone to another. To permit traffic to cross

the device from one zone to another, you must create a policy that overrides the

default behavior.

To set ScreenOS SCREEN options for a zone, use the WebUI or CLI as follows:

WebUI

Screening > Screen: Select the zone to which the options apply. Select the

SCREEN options that you want, then click

Apply

:

CLI

set zone

zone

screen

option

save

For more information about configuring the network-security options available in

ScreenOS, see the

Attack Detection and Defense Mechanisms

volume in the

Concepts

& Examples ScreenOS Reference Guide

.

Verifying External Connectivity

To verify that workstations in your network can access resources on the Internet,

start a browser from any workstation in the network and enter the following URL:

www.juniper.net.

Page 40 / 64

SSG 5 Hardware Installation and Configuration Guide

40

±

Resetting a Device to Factory Defaults

If you lose the admin password, you can reset the device to its default settings. This

action destroys any existing configurations but restores access to the device.

You can restore the device to its default settings in one of the following ways:

±

Using a Console connection. For further information, see the

Administration

volume of the

Concepts & Examples ScreenOS Reference Guide

.

±

Using the reset pinhole on the back panel of the device, as described in the next

section.

You can reset the device and restore the factory default settings by pressing the

reset pinhole. To perform this operation, you need to either view the device status

LEDs on the front panel or start a Console session as described in Using a Console

Connection on page 24.

To use the reset pinhole to reset and restore the default settings, perform the

following steps:

1.

Locate the reset pinhole on the rear panel. Using a thin, firm wire (such as a

paperclip), push the pinhole for four to six seconds and then release.

The STATUS LED blinks red. A message on the console states that erasure of the

configuration has started and the system sends an SNMP/SYSLOG alert.

2.

Wait for one to two seconds.

After the first reset, the STATUS LED blinks green; the device is now waiting for

the second reset. The Console message now states that the device is waiting for

a second confirmation.

3.

Push the reset pinhole again for four to six seconds.

The Console message verifies the second reset. The STATUS LED glows red for

one-half second and then returns to the blinking green state.

The device then resets to its original factory settings. When the device resets,

the STATUS LED glows red for one-half second and then glows green. The

console displays device-bootup messages. The system generates SNMP and

SYSLOG alerts to configured SYSLOG or SNMP trap hosts.

After the device has rebooted, the console displays the login prompt for the

device. The STATUS LED blinks green. The login and password are

netscreen

.

If you do not follow the complete sequence, the reset process cancels without any

configuration change and the Console message states that the erasure of the

configuration is aborted. The STATUS LED returns to blinking green. If the device

did not reset, an SNMP alert is sent to confirm the failure.

WARNING:

Resetting the device deletes all existing configuration settings and

disables all existing firewall and VPN services.

Rate

Popular Juniper Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share