Setting The Ip Address For The Untrust Zone Interface; Allowing Outbound Traffic - Juniper NETSCREEN-ISG 2000 Mode D'emploi

Chapter 3 Configuring the Device
3. To set the IP address and subnet mask:
set interface ethernet3/8 ip ip_addr/mask
where ip_addr is the IP address and mask is the subnet mask. For example, to
set the IP address and subnet mask of the ethernet3/8 interface to
10.250.2.1/16:
set interface ethernet3/8 ip 10.250.2.1/16
4. (Optional) To confirm the new interface settings:
get interface ethernet3/8

Setting the IP Address for the Untrust Zone Interface

The NetScreen-ISG 2000 usually communicates with external (untrusted) devices
through an interface bound to the Untrust zone. To allow an interface to communicate
with external devices, you must assign it a public IP address.
To set up the ethernet1/1 interface to communicate with external devices:
1. Choose an unused public IP address and subnet mask.
2. To bind the ethernet1/1 interface to the Untrust zone:
set interface ethernet1/1 zone untrust
3. To set the IP address and subnet mask:
set interface ethernet1/1 ip ip_addr/mask
where ip_addr is the IP address and mask is the subnet mask. For example, to
set the IP address and subnet mask of the ethernet1/1 interface to
172.16.20.1/16:
set interface ethernet1/1 ip 172.16.20.1/16
4. (Optional) To confirm the new interface settings:
get interface ethernet1/1

Allowing Outbound Traffic

By default, the NetScreen-ISG 2000 does not allow inbound or outbound traffic, nor does
it allow traffic to or from the DMZ. To permit (or deny) traffic, you must create access
policies.
32 User's Guide