ScreenOS 5.0 1 2
ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gateway NAT Destination NetScreen-Security Manager NetScreen
ScreenOS 5.0 ScreenOS 5.0 NetScreen Deep Inspection NetScreen-Security Manager)
ScreenOS 5.0 http://support.nox.co.jp/ ScreenOS 5.0 NetScreen ScreenOS Migration Guide NetScreen-5XP NetScreen-5XT NetScreen-5GT NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 NetScreen-500 NetScreen-5000 ScreenOS 3 ScreenOS WebUI Configuration > Update > Config File > Save To File ns >get config TFTP ns >save config to tftp <TFTP IP > < > ns >save config to tftp 10.10.1.100 cfg-0921.txt
ScreenOS 5.0 ScreenOS 5.0 Deep Inspection ALG 250 HTTP FTP SMTP POP3 IMAP DNS ALG SIP RSH URL NetScreen-5XP VSYS NTP MD5 NetScreen-5GT Trend Micro VPN VLAN NetScreen-25/50 8VLAN RIPv2 NetScreen-204/208 32VLAN IP NetScreen-25 NSRP Lite NSRPv2 VPN NetScreen-25/50 NetScreen-25 1,000 NAT NetScreen-50 4,000 NAT Destination
ScreenOS 5.0 PPPoE Syslog PPPoE 4 Syslog DHCP TCP SSHv2 DHCP Rapid Deployment DHCP Trust NetScreen-Security Manager DHCP VLAN DHCP NetScreen-Security Manager Permit Deny Deep Inspection Drop Reset
Deep Inspection Layer 3 4 Layer 7 Drop HTTP SMTP POP3 IMAP FTP DNS 250 Layer 3 4 IP NO Drop YES NO YES Deep Inspection NO Drop NO Forward packet Src IP Dst IP Src Port Dst Port Payload Deep Deep YES YES Inspection Inspection Drop Close Ignore Src IP Dst IP Src Port Dst Port Payload
Deep Inspection Deep Inspection Deep Inspection 1 1 1 Deep Inspection NS-DI-xx Expire NS-DI-xx Expire NS-DI-xx NS-MNT-xx NS-MNT-xx NS-MNT-xx
Deep Inspection Deep Inspection FAQ Q. Deep Inspection A. NetScreen Technologies., Inc. Q. A. Deep Inspection ScreenOS 5.0 Q. A. ScreenOS 5.0 NetScreen-5XP Deep Inspection Q. NetScreen-IDP A. Deep Inspection NetScreen-IDP NetScreen-IDP 1,800 250 NetScreen-IDP 50 HTTP FTP SMTP IMAP POP3 DNS Q. Deep Inspection A. Deep Inspection Close Close Client Close Server Drop Drop Packet Ignore None Q. A. Deep Inspection
NetScreen NetScreen-5GT Trend Micro NetScreen-5GT Trend Active Update Service NetScreen-5GT TO: A FROM: B Subject:: CCC TO: A FROM: B Subject:: CCC Attachment Has been Dropped Virus Scanning Application Programming Interface (VSAPI)
NetScreen-5GT NetScreen-5GT Config > Update > ScreenOS/Keys AV: Enable
1 1 NetScreen-5GT Anti Virus Deep Inspection NS-5GT-007-AV NS-5GT-107-AV NS-5GT-207-AV Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE NetScreen-5GT NS-AV-5GT Anti Virus NS-AV-5GTP NS-AV-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE NS-5GT-007 NS-5GT-107 NS-MNT1-5GT NS-MNT1-5GTP NS-MNT2-5GT NS-MNT2-5GTP NS-MNT2-5GT NS-MNT2-5GTP
FAQ Q. NetScreen A. NetScreen-5GT NetScreen- NetScreen-25/50/204/208/500 Trend Micro InterScan Virus Wall 3. CSP(Content Scanning ) Q. NetScreen-5GT A. PC PC NetScreen-5GT Q. NetScreen-5GT A. NetScreen-5GT Q. NetScreen-5GT A. NetScree-5GT Q. NetScreen-5GT A. NetScreen-5GT 75Mbps 75Mbps NetScreen- 5GT Q. NetScreen-5GT A. 4MB 8
FAQ Q. NetScreen-5GT A. 20MB 20MB Q. ZIP A. NetScreen-5GT ZIP Q. NetScreen-5GT A. 80,000 Q. A. NetScreen-5GT Q. A. NetScreen-5GT Trend Active Update Service 15
VLAN(802.1Q VLAN 802.1Q VLAN 802.1Q NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 ScreenOS 4.0 0 0 0 0 32VLAN ScreenOS 5.0 8 8 32 32 32VLAN 32VLAN Virtualization Key 5 10 IEEE 802.1Q VLAN
NetScreen-25 HA Lite HA Lite SA VPN NetScreen NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 ScreenOS 4.0 ScreenOS 5.0 / / / / / / / / / / Lite / / / NetScreen-25/50 NetScreen ScreenOS 4.0 ScreenOS 5.0 NetScreen-25 8,000 1,000 NetScreen-50 1,000 4,000
ALG Application Layer Gateway) ALG SIP RSH NAT Predefined Service Deep Inspection URL Advance ON/OFF
VPN VPN VPN-1 Tunnel.1 3.3.3.3 Trust 192.18.1.0/24 Tunnel. 1 2.2.2.2 VPN-1 VPN-2 VPN-2 Tunnel.1 4.4.4.4 Trust 192.18.2.0/24 NHTB Destination 192.18.1.0 192.18.2.0 Tunnel.1 3.3.3.3 Tunnel.1 4.4.4.4 VPN 3.3.3.3 4.4.4.4 VPN-1 VPN-2 NHTB Next-Hop Tunnel Binding) NHTB VPN
RIPv2 1.1.1.0/24 2.2.2.1/24 3.3.3.1/24 URL IDP etc.. set route 1.1.1.0/24 interface eth2 2.2.2.1 set vr trust route source 10.1.2.0/24 interface eth3 3.3.3.1 set vr trust enable-source-routing eth2 eth3 10.1.2.0/24 3.3.3.1 URL IDP 10.1.1.0/24 10.1.2.0/24
NAT Destination (NAT-Dst) 1 1 1 NAT-Dst 1 1 Trust 192.18.1.254/24 Untrust 1.1.1.10 2.2.2.1 192.18.1.10 1.1.1.10 2.10.2.10 44444 80 1.1.1.10 192.18.1.10 44444 80
NAT Destination (NAT-Dst) NAT-Dst 1 1.1.1.9 Trust 192.18.1.254/24 Untrust 1.1.1.10 2.2.2.1 192.18.1.10 1.1.1.9 2.10.3.10 55555 80 1.1.1.9 192.18.1.10 55555 80 1.1.1.10 2.10.2.10 44444 23 1.1.1.10 192.18.1.10 44444 23
NAT Destination (NAT-Dst) NAT-Dst 192.18.1.10 1.1.1.9 Trust 192.18.1.254/24 192.18.1.11 1.1.1.10 Untrust 2.2.2.1 192.18.1.12 192.18.1.13 1.1.1.9 2.10.3.10 55555 80 1.1.1.9 192.18.1.10 55555 80 1.1.1.10 2.10.2.11 44444 80 1.1.1.10 192.18.1.11 44444 80 1.1.1.10 2.10.3.12 44444 80 1.1.1.10 192.18.1.12 44444 80 1.1.1.10 2.10.2.13 44444 80 1.1.1.10 192.18.1.13 44444 80
set policy id 4 from "Trust" to "Untrust" "Trust_1" "Any" "DNS" permit log set policy id 4 set src-address "Trust_2" set src-address "Trust_3" set service "FTP" set service "HTTP" set service "MAIL" exit ScreenOS 4.0 Object
NetScreen-Security Manager NetScreen Rapid Deployment VPN HA ScreenOS
NetScreen-Security Manager 3-Tier UI(User Interface) JAVA GUI UI(User Interface) Windows 2000 Windows NT Windows XP GUI / GUI Solaris 8, 9 Red Hat Linux 8.0, 9.0 1,000 NetScreen-5XP/5XT/5GT NetScreen-25/50 NetScreen-204/208 NetScreen-500 NetScreen-5200/5400 ScreenOS 4.0.0/4.0.0 Dial2/4.0.1/4.0.3 ScreenOS 5.0.0 TCP SHA-1 AES
NetScreen NetScreen /VPN NetScreen-5XT/Elite NetScreen-5GT/Plus/AV NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 NetScreen-500 NetScreen-5200 NetScreen-5400 NetScreen NetScreen-Remote VPN NetScreen-Remote Security NetScreen NetScreen-IDP 10 NetScreen-IDP 100 NetScreen-IDP 500 NetScreen-IDP 1000 NetScreen NetScreen-SA 1010/1020/1030 NetScreen-SA 3010/3020/3030/3040/3050 NetScreen-SA 5020/5030/5040/5050/500 NetScreen NetScreen-Security Manager
(ScreenS 5.0 NetScreen FW/VPN NetScreen-5400 VPN 24 * mini-gbic 1,000,000 * mini-gbic 72 * 10/100Base-T FW:4Gbps VPN 3DES 2Gbps 1,000 VSYS /VLAN 40,000 ACT/ACT (Full Mesh) ACT/ACT ACT/SBY 500VSYS 4,000VLAN NetScreen-5200 8 * mini-gbic 500,000 2 * mini-gbic 24 * 10/100Base-T FW 2Gbps VPN 3DES 1Gbps 1,000 40,000 ACT/ACT (Full Mesh) ACT/ACT ACT/SBY 500VSYS 4,000VLAN NetScreen-500 8 * 10/100Base-T 250,000 8 * mini-gbic(sx/lx) 4 * GBIC(SX/LX) FW 700Mbps VPN 3DES 250Mbps 10,000 20,000 ACT/ACT (Full Mesh) ACT/ACT ACT/SBY 25VSYS 100VLAN NetScreen-204/208 4/8 * 10/100Base-T 128,000 FW 400/550Mbps VPN 3DES 200Mbps 1,000 4,000 ACT/ACT (Full Mesh/208) ACT/ACT ACT/SBY 32VLAN VLAN NetScreen-50 4 * 10/100Base-T 4,000 FW 170Mbps 100 1,000 ACT/SBY 8 VPN 3DES 50Mbps 400(Remote) NetScreen-25 4 * 10/100Base-T 1,000 FW 100Mbps VPN 3DES 20Mbps 25 100(Remote) 500 ACT/SBY (HA Lite) 8 NetScreen-5XT 1 * 10/100Base-T(Untrust) 2,000 FW: 70MB 10 100 N/A N/A 4 * 10/100Base-T(Trust) VPN 3DES 20Mbps NetScreen-5GT 5 * 10/100Base-T 2,000 FW 75Mbps 10 100 N/A N/A VPN 3DES 20Mbps