Operational modes, Transparent mode, Route mode – Juniper Networks ISG 2000 Manuel d'utilisation

Chapter 3 Configuring the Device

22

User’s Guide

O

PERATIONAL

M

ODES

The NetScreen-ISG 2000 supports two device modes: Transparent mode and Route mode.
The default mode is Route.

Transparent Mode

In Transparent mode, the NetScreen-ISG 2000 operates as a Layer-2 bridge. Because the
device cannot translate packet IP addresses, it cannot perform Network Address
Translation (NAT). Consequently, any IP address in your trusted (local) networks must be
public, routable, and accessible from untrusted (external) networks.

In Transparent mode the NetScreen device is invisible to the network. However, the
device can still perform firewall, VPN, and traffic management according to configured
security policies.

Route Mode

In Route mode, the NetScreen-ISG 2000 operates at Layer 3. Because you can configure
each interface using an IP address and subnet mask, you can configure individual
interfaces to perform NAT.

•

When the interface performs NAT services, the device translates the source IP
address of each outgoing packet into the IP address of the untrusted port. It also
replaces the source port number with a randomly-generated value. You can also
perform translations using either Mapped IP (MIP) or Virtual IP (VIP)
addresses.

•

When the interface does not perform NAT services, the source IP address and
port number in each packet header remain unchanged. Therefore, your local
hosts must have public IP addresses.

For more information on NAT, see the NetScreen Concepts and Examples ScreenOS
Reference Guide.

Note:

Because you enable NAT capability by configuring interfaces and creating security

policies, NAT is not considered a device mode. To configure your device for NAT, the device
must be in Route mode.