Configuring Network Settings Options and Descriptions
The Network screens contain the options that enable the device to connect to and operate in the network. In the NSM navigation tree, click Device Manager > Devices, and then select a device. In the Device navigation tree, select Network to see the network settings options.
Table 1 describes the detailed configuration methods available for network settings.
Table 1: Network Settings Options
Network Settings Options
This option is available only for NetScreen-5GT Wireless security devices running ScreenOS 5.0.0-WLAN; this device can act as a wireless access point (WAP). The wireless settings specify how the WAP connects multiple wireless networks or a wireless network to a wired network.
Network, Interface, and Security Modules Supported in Security Devices (Slot and Chassis)
This option is only available for security device systems, such as the NetScreen 5000 line, ISG1000, ISG2000, SSG520M, and SSG550M, that contain a motherboard or physical slots in which you can install optional modules. You can view or edit the type of network module installed in each available slot in the physical device.
A virtual router (VR) supports static routes, dynamic routing protocols, and multicast protocols. The virtual router configuration includes the configuration for dynamic routing protocols and multicast protocols. As of ScreenOS 6.2, on high-end platforms you can change the management zone virtual router to an existing virtual router that is no longer bound to the trust-vr. The management zone virtual router supports out-of-band management and segregates firewall management traffic away from production traffic.
A security zone is a specific network segment for which you can control inbound and outbound traffic. You can configure predefined zones or create user-defined security zones. You can also create a tunnel zone, which is a logical segment to which a VPN tunnel interface is bound.
You bind interfaces to predefined or user-defined security zones or to tunnel zones to permit traffic to pass into or out of the zone. For an interface in Route or NAT mode, you assign an IP address to the interface.
You can configure a range of IP addresses from which security device can take addresses when performing NAT on the source IP address of outgoing or incoming IP packets.
This option is only available for some security devices. You can configure PPPoE to enable the security device to connect to remote sites.
This option is only available for some security devices. You can configure PPP to enable the security device to connect to remote sites.
On the ADSL interface (available on the NetScreen-5GT ADSL security device), you can configure a PPPoA client instance with a username, password, and other parameters, and then bind the instance to the ADSL interface (or subinterface) to enable Internet access for an internal network.
This option is only available for security devices running ScreenOS 5.x. You configure NetScreen Address Change Notification to enable the security device to alert NSM of any change in the IP address assigned by a DHCP or PPPoE server.
This option is only available for some security devices. When there are both primary and backup interfaces to the Untrust zone, you can configure failover traffic from the primary to the backup interface, and from the backup to the primary interface.
This option is only available for some security devices. You can connect and configure an external modem to the RS-232 serial port as a backup dialup interface for traffic to the Untrust zone.
Before the security device can use DNS for domain name and address resolution, you must configure the addresses for the primary and secondary DNS servers.
This option contains additional network settings you can configure.