Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Network Settings Options and Descriptions


The Network screens contain the options that enable the device to connect to and operate in the network. In the NSM navigation tree, click Device Manager > Devices, and then select a device. In the Device navigation tree, select Network to see the network settings options.

Table 1 describes the detailed configuration methods available for network settings.

Table 1: Network Settings Options

Network Settings Options


Vsys DHCP Enhancement Overview

This option is available only for NetScreen-5GT Wireless security devices running ScreenOS 5.0.0-WLAN; this device can act as a wireless access point (WAP). The wireless settings specify how the WAP connects multiple wireless networks or a wireless network to a wired network.

Network, Interface, and Security Modules Supported in Security Devices (Slot and Chassis)

This option is only available for security device systems, such as the NetScreen 5000 line, ISG1000, ISG2000, SSG520M, and SSG550M, that contain a motherboard or physical slots in which you can install optional modules. You can view or edit the type of network module installed in each available slot in the physical device.

Configuring Virtual Routers

A virtual router (VR) supports static routes, dynamic routing protocols, and multicast protocols. The virtual router configuration includes the configuration for dynamic routing protocols and multicast protocols. As of ScreenOS 6.2, on high-end platforms you can change the management zone virtual router to an existing virtual router that is no longer bound to the trust-vr. The management zone virtual router supports out-of-band management and segregates firewall management traffic away from production traffic.

Configuring Zones and Zone Properties in ScreenOS Devices Overview

A security zone is a specific network segment for which you can control inbound and outbound traffic. You can configure predefined zones or create user-defined security zones. You can also create a tunnel zone, which is a logical segment to which a VPN tunnel interface is bound.

Interface Types in ScreenOS Devices Overview

You bind interfaces to predefined or user-defined security zones or to tunnel zones to permit traffic to pass into or out of the zone. For an interface in Route or NAT mode, you assign an IP address to the interface.

Example: Configuring DIP Groups (NSM Procedure)

You can configure a range of IP addresses from which security device can take addresses when performing NAT on the source IP address of outgoing or incoming IP packets.

About Configuring PPPoE

This option is only available for some security devices. You can configure PPPoE to enable the security device to connect to remote sites.

Using the PPP Option to Configure Point-To-Point Protocol Connections

This option is only available for some security devices. You can configure PPP to enable the security device to connect to remote sites.

Configuring a PPPoA Client Instance

On the ADSL interface (available on the NetScreen-5GT ADSL security device), you can configure a PPPoA client instance with a username, password, and other parameters, and then bind the instance to the ADSL interface (or subinterface) to enable Internet access for an internal network.

Configuring a NetScreen Address Change Notification

This option is only available for security devices running ScreenOS 5.x. You configure NetScreen Address Change Notification to enable the security device to alert NSM of any change in the IP address assigned by a DHCP or PPPoE server.

Interface Failover in ScreenOS Devices

This option is only available for some security devices. When there are both primary and backup interfaces to the Untrust zone, you can configure failover traffic from the primary to the backup interface, and from the backup to the primary interface.

Example: Configuring Modem Connections (NSM Procedure)

This option is only available for some security devices. You can connect and configure an external modem to the RS-232 serial port as a backup dialup interface for traffic to the Untrust zone.

DNS Server Configuration Using DNS Settings

Before the security device can use DNS for domain name and address resolution, you must configure the addresses for the primary and secondary DNS servers.

Advanced Network Settings Overview

This option contains additional network settings you can configure.