Network, Interface, and Security Modules Supported in Security Devices

This topic includes information about how to configure network module, slot information in security devices, and various physical interface modules that are supported by security devices.

Configuring the Network Module

Some security device systems, such as the NetScreen–500, NetScreen 5000 line, and ISG Series, contain physical slots in which you can install optional modules.

The NetScreen 5000 line running ScreenOS 6.1 or later supports three cards MGT3, 8G2-G4, and 2XGE-G4. These rods need to use M3A-Management_Module, which is a special image for NetScreen 5000 line devices. Also, the ISG 1000 and ISG 2000 running ScreenOS 6.1 or later support a new 10Gb interface slot that large enterprise and service provider customers require.

Slot Information in Security Devices

Note: On SSG520 and SSG550 security devices only, slot 0 is reserved for the device motherboard. The card type is referred to as “4 Ethernet interfaces (10/100/1000) fixed.”

The Chassis screens provide additional information about network modules installed in the available chassis slots of an ISG1000 or ISG2000 security device. The information displayed in the Chassis screens, including the version and serial number of the card, is obtained from the card installed in the physical device and is read-only.

You must configure the network module before physical interfaces appear in the NSM UI (even for imported devices).

Physical Interface Modules Supported by SSG520 and SSG550 Security Devices

The WAN interface type PIMs that are supported by SSG520 and SSG550 devices are displayed in Table 91:

Table 91: PIMs Supported by SSG520 andSSG 550 Security Devices

Parameters

Description

Serial

Serial PIMs on SSG devices have two serial ports per PIM, which support full-duplex, synchronous data transmission. These ports can transmit packets at speeds up to 8 Mbps. You cannot use these serial ports to connect a console or modem.

T1

T1 PIMs on SSG devices contain two T1 ports with integrated channel service unit/data service unit (CSU/DSU). These ports provide physical connections to T1 or fractional T1 network media types.

E1

E1 PIMs on SSG devices have two E1 ports with integrated CSU/DSU. These ports provide physical connections to E1 or fractional E1 network media types.

T3 (also known as DS3)

Digital signal level 3 (DS3) PIMs on SSG devices contain one physical DS3 port with integrated DSU. This port provides physical connection to T3 network media types at a bit rate of 44.736 Mbps.

Interface Modules (Copper)

A single security device can support a 10/100Base-T and GBIC card simultaneously; however, the cards are not hot-swappable.

10/100 Mbps

The 10/100 Mbps interface module is typically used to support a 10Base-T or 100Base-T LAN. The card can support 2, 4, or 8 copper interfaces, and uses RJ–45 connectors with twisted pair.

Note: The ISG2000 supports a maximum port count of 28. When using 8-port 10/100–Mbps modules in each I/O slot, ports five through eight in slot 4 are automatically disabled. You cannot configure these ports for firewall or HA functionality.

10/100/1000 Mbps

The tri-mode card, available for ISG security devices, is a 2 Ethernet port 10/100/1000–Mbps I/O card. The card supports 2 copper interfaces, uses RJ–45 connectors and twisted pair, and contains the following I/O port configurations:

Interface Modules (Fiber)

The fiber interface module provides connectivity for fiber-based, Gigabit Ethernet LANs.

Secure Port Modules

Secure Port Modules (SPMs) provide general packet processing and device connection tasks for the NetScreen 5000 line. These modules are based on either the GigaScreen-II or Jupiter-II ASIC.

SPMs handle packets as they enter and exit the system, providing packet parsing, classification, and flow-level processing. SPMs also provide encryption, decryption, Network Address Translation (NAT), and session lookup features. When packets require additional processing, the device forwards the packets to the management module.

The SPMs for the NetScreen 5000 line of security devices supported by NSM are displayed in Table 92.

Table 92: SPMs Supported by NSM

Parameters

Description

5000-8G SPM

This SPM provides eight 1-Gigabit Ethernet mini-Gigabit Interface Connector (GBIC) ports using hot-swappable transceivers. The 5000-8G SPM delivers up to 4 Gbps of firewall and up to 2 Gbps of VPN capacity. This module is also capable of supporting a total of four aggregate interfaces. The 5000-8G SPM provides port Link and Activity LEDs in addition to Power and Status LEDs.

5000-8G2 SPM

This SPM provides eight 1-Gigabit Ethernet mini-GBIC ports using hot-swappable transceivers. The 5000-8G2 SPM delivers up to 8 Gbps of firewall and up to 4 Gbps of VPN capacity. This module is also capable of supporting a total of four aggregate interfaces, with up to four ports for each aggregate interface. The 5000-8G2 SPM provides port Link and Activity LEDs in addition to Power and Status LEDs.

5000-2G24FE SPM

This SPM provides two 1-Gigabit Ethernet ports and 24 FE ports with up to 2 Gbps of firewall and up to 1 Gbps of VPN process capacity. This module is capable of supporting a total of six aggregate interfaces. This total consists of one aggregate interface for the two 1-Gigabit ports, and five aggregate interfaces for the 24 10/100 Ethernet ports. Only similar ports can be aggregated together. You cannot aggregate a gigabit port to a 10/100 FE port. The 5000-2G24FE SPM provides port Link and Activity LEDs, in addition to Power and Status LEDs. Mini-GBIC transceivers are hot-swappable.

5000-2XGE SPM

This SPM provides two 10-Gigabit Ethernet ports using hot-swappable 10-Gigabit Small Form Factor Pluggable Module for PHY transceiver. The 5000-2XGE SPM delivers up to 10 Gbps of firewall and up to 5 Gbps of VPN capacity. This module provides port Link and Activity LEDs in addition to Power and Status LEDs.

Related Documentation