Allowing outbound traffic – Juniper Networks ISG 2000 Manuel d'utilisation

Chapter 3 Configuring the Device

32

User’s Guide

3.

To set the IP address and subnet mask:

set interface ethernet3/8 ip ip_addr/mask

where ip_addr is the IP address and mask is the subnet mask. For example, to
set the IP address and subnet mask of the ethernet3/8 interface to
10.250.2.1/16:

set interface ethernet3/8 ip 10.250.2.1/16

4.

(Optional) To confirm the new interface settings:

get interface ethernet3/8

Setting the IP Address for the Untrust Zone Interface

The NetScreen-ISG 2000 usually communicates with external (untrusted) devices
through an interface bound to the Untrust zone. To allow an interface to communicate
with external devices, you must assign it a public IP address.

To set up the ethernet1/1 interface to communicate with external devices:

1.

Choose an unused public IP address and subnet mask.

2.

To bind the ethernet1/1 interface to the Untrust zone:

set interface ethernet1/1 zone untrust

3.

To set the IP address and subnet mask:

set interface ethernet1/1 ip ip_addr/mask

where ip_addr is the IP address and mask is the subnet mask. For example, to
set the IP address and subnet mask of the ethernet1/1 interface to
172.16.20.1/16:

set interface ethernet1/1 ip 172.16.20.1/16

4.

(Optional) To confirm the new interface settings:

get interface ethernet1/1

Allowing Outbound Traffic

By default, the NetScreen-ISG 2000 does not allow inbound or outbound traffic, nor does
it allow traffic to or from the DMZ. To permit (or deny) traffic, you must create access
policies.