Determining Physical Ports and Logical Interfaces and Zones Using ScreenOS Devices Port Mode

The port mode of a NetScreen-5GT ADSL device determines the binding of physical ports, logical interfaces, and zones as described in Table 27.

Table 27: Physical Ports, Logical Interfaces, and Zones

Supported Port Modes

Description

Trust-Untrust port mode (default)

This port mode uses the following default settings:

  • Binds the ADSL port to the adsl1 interface, which is bound to the Untrust zone.
  • Binds Ethernet ports 1-4 to the ethernet1 interface, which is bound to the Trust zone.

Home-Work port mode

Creates special Home and Work zones to segregate business and home users, while allowing users in both zones to access the Internet (the Untrust zone) through the ADSL interface. This port mode uses the following default settings:

  • Binds Ethernet ports 1 and 2 to the ethernet1 interface, which is bound to the Work security zone.
  • Binds Ethernet ports 3 and 4 to the ethernet2 interface, which is bound to the Home security zone.
  • Permits all traffic from the Work zone to the Untrust zone.
  • Permits all traffic from the Home zone to the Untrust zone.
  • Permits all traffic from the Work zone to the Home zone.
  • Denies all traffic from the Home zone to the Work zone (you cannot remove this policy)

    In the Home-Work port mode, you must manage the device from the Work zone. You cannot configure the device from the Home zone, nor can you use any management services on the Home zone interface. The default IP address of ethernet1, the Work zone interface, is 192.168.1.1/24.

Trust-Untrust-DMZ port mode

This port mode uses the following default settings:

  • Binds Ethernet ports 1 and 2 to the ethernet1 interface, which is bound to the Trust security zone.
  • Binds Ethernet ports 3 and 4 to the ethernet2 interface, which is bound to the DMZ security zone.
  • Binds the ADSL port to the adsl1 interface, which is bound to the Untrust security zone.

    Note: The Trust/Untrust/DMZ port mode is supported only on the Extended version of the NetScreen-5GT ADSL device.

For all supported port modes, the adsl1 interface is the only interface bound to the Untrust zone by default.

You can change the port mode to use different port, interface, and zone bindings on the device. For more information about port modes, see the “ Zones” chapter in the “ Fundamentals” volume of the Concepts & Examples ScreenOS Reference Guide.

Related Documentation