Table des Matières
Publicité
Les langues disponibles
Les langues disponibles
Chapter 3 Configuring the Device
O
PERATIONAL
The NetScreen-ISG 2000 supports two device modes: Transparent mode and Route mode.
The default mode is Route.
Note:
Because you enable NAT capability by configuring interfaces and creating security
policies, NAT is not considered a device mode. To configure your device for NAT, the device
must be in Route mode.
Transparent Mode
In Transparent mode, the NetScreen-ISG 2000 operates as a Layer-2 bridge. Because the
device cannot translate packet IP addresses, it cannot perform Network Address
Translation (NAT). Consequently, any IP address in your trusted (local) networks must be
public, routable, and accessible from untrusted (external) networks.
In Transparent mode the NetScreen device is invisible to the network. However, the
device can still perform firewall, VPN, and traffic management according to configured
security policies.
Route Mode
In Route mode, the NetScreen-ISG 2000 operates at Layer 3. Because you can configure
each interface using an IP address and subnet mask, you can configure individual
interfaces to perform NAT.
•
When the interface performs NAT services, the device translates the source IP
address of each outgoing packet into the IP address of the untrusted port. It also
replaces the source port number with a randomly-generated value. You can also
perform translations using either Mapped IP (MIP) or Virtual IP (VIP)
addresses.
•
When the interface does not perform NAT services, the source IP address and
port number in each packet header remain unchanged. Therefore, your local
hosts must have public IP addresses.
For more information on NAT, see the NetScreen Concepts and Examples ScreenOS
Reference Guide.
22
M
ODES
User's Guide
Publicité
Chapitres
Table des Matières
