Juniper NETSCREEN-5GT Benutzerhandbuch Seite 27

Optional Configuration
Restricting Management
By default, anyone in your network can manage the NetScreen device if they know the
login and password. You can configure the NetScreen device to be managed only from a
specific host on your network. (And you can choose which services — for example, WebUI,
Telnet, ping — you want enabled on the NetScreen device.) Refer to the "Administration"
chapter in the "Administration" volume of the NetScreen Concepts & Examples ScreenOS
Reference Guide for ScreenOS 5.0.0.
Changing the Operational Mode
The operational mode is the way an interface on a NetScreen device processes traffic
between zones. By default, the NetScreen-5GT ADSL operates in Route mode with
network address translation (NAT) enabled on the Trust interface. This means that when
devices in the Trust zone send traffic to the Internet, the NetScreen device replaces the
original source IP addresses with the IP address of the Untrust interface. While the
NetScreen device assigns "private" IP addresses to the devices in your network, these
addresses remain hidden to computers outside your network.
If all devices in your network have public IP addresses, you can configure the NetScreen
device for Route mode without NAT enabled. In Route mode without NAT enabled, the
NetScreen device routes traffic by checking IP addresses. For more information about
configuring the device for Route mode without NAT enabled, refer to the "Interface
Modes" chapter in the "Fundamentals" volume of the NetScreen Concepts & Examples
ScreenOS Reference Guide for ScreenOS 5.0.0.
Changing the Trust Interface Address
You can change the IP address and netmask of the Trust interface if necessary.
(Remember that when the Trust interface is in NAT mode, the IP addresses of devices in
your network are never seen by computers outside your network; outside computers see
only the IP address of the Untrust interface.) For example, you might need to change the
Trust interface to match the IP addresses that already exist on your network. If you
change the IP address and netmask of the Trust interface, you also need to change either
the range of addresses that the NetScreen device assigns via DHCP to devices in the
network, or disable the DHCP server on the Trust interface.
If the computers in your network obtain their IP addresses from the DHCP server on the
NetScreen device, then the computers also obtain their default gateway from the
NetScreen device. If a computer has a statically assigned IP address, you must manually
set its default gateway to the IP address of the Trust interface on the NetScreen device.
To assign a different IP address and netmask to the Trust interface, refer to the
"Interfaces" chapter in the "Fundamentals" volume of the NetScreen Concepts & Examples
ScreenOS Reference Guide for ScreenOS 5.0.0.
To change the DHCP settings for the NetScreen device, refer to the "System Parameters"
chapter in the "Fundamentals" volume of the NetScreen Concepts & Examples ScreenOS
Reference Guide for ScreenOS 5.0.0.
NetScreen-5GT ADSL 23