Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Network, Interface, and Security Modules Supported in Security Devices

    This topic includes information about how to configure network module, slot information in security devices, and various physical interface modules that are supported by security devices.

    Configuring the Network Module

    Some security device systems, such as the NetScreen–500, NetScreen 5000 line, and ISG Series, contain physical slots in which you can install optional modules.

    The NetScreen 5000 line running ScreenOS 6.1 or later supports three cards MGT3, 8G2-G4, and 2XGE-G4. These rods need to use M3A-Management_Module, which is a special image for NetScreen 5000 line devices. Also, the ISG 1000 and ISG 2000 running ScreenOS 6.1 or later support a new 10Gb interface slot that large enterprise and service provider customers require.

    Slot Information in Security Devices

    • Physical Interface Modules—The SSG520 and SSG550 security devices use WAN data links to transmit and receive traffic across geographically dispersed networks. You define the properties of the data link by configuring the WAN interface that corresponds to a port on an SSG Physical Interface Module (PIM).
    • Copper and Fiber Interface Modules—These modules provide additional Ethernet ports.
    • Management Modules—These modules provide management functionality for the ISG2000 and ISG1000 devices. The NetScreen 5000 line network modules are known as Secure Port Modules (SPMs); SPMs handle general packet processing at gigabit speeds, enabled by ASIC support.

    Note: On SSG520 and SSG550 security devices only, slot 0 is reserved for the device motherboard. The card type is referred to as “4 Ethernet interfaces (10/100/1000) fixed.”

    The Chassis screens provide additional information about network modules installed in the available chassis slots of an ISG1000 or ISG2000 security device. The information displayed in the Chassis screens, including the version and serial number of the card, is obtained from the card installed in the physical device and is read-only.

    You must configure the network module before physical interfaces appear in the NSM UI (even for imported devices).

    Physical Interface Modules Supported by SSG520 and SSG550 Security Devices

    The WAN interface type PIMs that are supported by SSG520 and SSG550 devices are displayed in Table 1:

    Table 1: PIMs Supported by SSG520 andSSG 550 Security Devices

    Parameters

    Description

    Serial

    Serial PIMs on SSG devices have two serial ports per PIM, which support full-duplex, synchronous data transmission. These ports can transmit packets at speeds up to 8 Mbps. You cannot use these serial ports to connect a console or modem.

    T1

    T1 PIMs on SSG devices contain two T1 ports with integrated channel service unit/data service unit (CSU/DSU). These ports provide physical connections to T1 or fractional T1 network media types.

    E1

    E1 PIMs on SSG devices have two E1 ports with integrated CSU/DSU. These ports provide physical connections to E1 or fractional E1 network media types.

    T3 (also known as DS3)

    Digital signal level 3 (DS3) PIMs on SSG devices contain one physical DS3 port with integrated DSU. This port provides physical connection to T3 network media types at a bit rate of 44.736 Mbps.

    Interface Modules (Copper)

    A single security device can support a 10/100Base-T and GBIC card simultaneously; however, the cards are not hot-swappable.

    10/100 Mbps

    The 10/100 Mbps interface module is typically used to support a 10Base-T or 100Base-T LAN. The card can support 2, 4, or 8 copper interfaces, and uses RJ–45 connectors with twisted pair.

    Note: The ISG2000 supports a maximum port count of 28. When using 8-port 10/100–Mbps modules in each I/O slot, ports five through eight in slot 4 are automatically disabled. You cannot configure these ports for firewall or HA functionality.

    10/100/1000 Mbps

    The tri-mode card, available for ISG security devices, is a 2 Ethernet port 10/100/1000–Mbps I/O card. The card supports 2 copper interfaces, uses RJ–45 connectors and twisted pair, and contains the following I/O port configurations:

    • 10–Mbps full/half duplex
    • 100–Mbps full/half duplex
    • 1000–Mbps full duplex
    • Auto (autonegotiate link speed/duplex)

    Interface Modules (Fiber)

    The fiber interface module provides connectivity for fiber-based, Gigabit Ethernet LANs.

    • Gigabyte
      • 1 interface (mini-GBIC)—This card supports 1 fiber interface and uses an optical cable with SX or LX connectors.
      • 2 interfaces (GBIC)—This card supports 2 fiber interfaces and uses an optical cable with SX or LX connectors.
    • Gigabyte LX/SX (2 interfaces)—This card supports 2 fiber interfaces and uses an optical cable with SX and LX connectors.

    Secure Port Modules

    Secure Port Modules (SPMs) provide general packet processing and device connection tasks for the NetScreen 5000 line. These modules are based on either the GigaScreen-II or Jupiter-II ASIC.

    SPMs handle packets as they enter and exit the system, providing packet parsing, classification, and flow-level processing. SPMs also provide encryption, decryption, Network Address Translation (NAT), and session lookup features. When packets require additional processing, the device forwards the packets to the management module.

    The SPMs for the NetScreen 5000 line of security devices supported by NSM are displayed in Table 2.

    Table 2: SPMs Supported by NSM

    Parameters

    Description

    5000-8G SPM

    This SPM provides eight 1-Gigabit Ethernet mini-Gigabit Interface Connector (GBIC) ports using hot-swappable transceivers. The 5000-8G SPM delivers up to 4 Gbps of firewall and up to 2 Gbps of VPN capacity. This module is also capable of supporting a total of four aggregate interfaces. The 5000-8G SPM provides port Link and Activity LEDs in addition to Power and Status LEDs.

    5000-8G2 SPM

    This SPM provides eight 1-Gigabit Ethernet mini-GBIC ports using hot-swappable transceivers. The 5000-8G2 SPM delivers up to 8 Gbps of firewall and up to 4 Gbps of VPN capacity. This module is also capable of supporting a total of four aggregate interfaces, with up to four ports for each aggregate interface. The 5000-8G2 SPM provides port Link and Activity LEDs in addition to Power and Status LEDs.

    5000-2G24FE SPM

    This SPM provides two 1-Gigabit Ethernet ports and 24 FE ports with up to 2 Gbps of firewall and up to 1 Gbps of VPN process capacity. This module is capable of supporting a total of six aggregate interfaces. This total consists of one aggregate interface for the two 1-Gigabit ports, and five aggregate interfaces for the 24 10/100 Ethernet ports. Only similar ports can be aggregated together. You cannot aggregate a gigabit port to a 10/100 FE port. The 5000-2G24FE SPM provides port Link and Activity LEDs, in addition to Power and Status LEDs. Mini-GBIC transceivers are hot-swappable.

    5000-2XGE SPM

    This SPM provides two 10-Gigabit Ethernet ports using hot-swappable 10-Gigabit Small Form Factor Pluggable Module for PHY transceiver. The 5000-2XGE SPM delivers up to 10 Gbps of firewall and up to 5 Gbps of VPN capacity. This module provides port Link and Activity LEDs in addition to Power and Status LEDs.

    Published: 2013-01-02