Page 3 - Table of Contents
NetScreen-5000 Series iii Table of Contents Preface ................................................................................................................... vii Guide Organization ................................................................................... vii Command Line Interfac...
Page 7 - Preface; UIDE
NetScreen-5000 Series vii Preface The Juniper Networks NetScreen-5000 Series consists of purpose-built, high-performance security systems that provide IPSec VPN and firewall services for large-scale carrier, enterprise, and data-center networks. Built around NetScreen’s third-generation ASIC technol...
Page 8 - set admin user
Preface viii User’s Guide C OMMAND L INE I NTERFACE (CLI) C ONVENTIONS The following conventions are used when presenting the syntax of a command line interface (CLI) command: • Anything inside square brackets [ ] is optional. • Anything inside braces { } is required. • If there is more than one cho...
Page 9 - Overview
NetScreen-5000 Series 1 1 Chapter 1 Overview This chapter provides detailed descriptions of the NetScreen-5000 Series, modules, power supplies, and fan assemblies. Topics explained in this chapter include: • “NetScreen-5000 Series” on page 2 – “NetScreen-5200” on page 2 – “NetScreen-5400” on page 2 ...
Page 10 - CREEN
Chapter 1 Overview 2 User’s Guide N ET S CREEN -5000 S ERIES This section describes the NetScreen-5000 Series, which currently includes the NetScreen-5200 and the NetScreen-5400. NetScreen-5200 The NetScreen-5200 is a chassis-based, two-slot network security device with a 2U (rack unit) chassis. Slo...
Page 11 - OWER; NetScreen-5200 Power Recommendations; NetScreen-5400 Power Recommendations
P ower S upplies NetScreen-5000 Series 3 P OWER S UPPLIES The NetScreen-5000 Series can use two kinds of power supplies: • Direct Current (DC) Power Supply • Alternating Current (AC) Power Supply The slots for these power supplies are located in the back of the NetScreen-5200 and on the front of the...
Page 12 - The DC Power Supply; The AC Power Supply
Chapter 1 Overview 4 User’s Guide The DC Power Supply The DC power supply weighs about three pounds. The faceplate contains a power LED, a power switch, a cooling fan vent, and three DC power terminal blocks that connect to power cables. The figure below shows the NetScreen-5200 DC power supply. The...
Page 13 - AN
Fan Modules NetScreen-5000 Series 5 F AN M ODULES The NetScreen-5200 has a three-fan module and the NetScreen-5400 has a two-fan module. You can access the fan module from the left front side of each chassis. • To remove the NetScreen-5200 fan module, turn the fan knob in the unlock position, then g...
Page 14 - Management Modules; The 5000-M Management Module
Chapter 1 Overview 6 User’s Guide Management Modules The management module provides general-purpose CPU delivery, and contains dedicated High Availability (HA) and management interfaces. It handles tasks such as management access, session setup and termination, and Internet Key Exchange (IKE) negoti...
Page 15 - See
NetScreen-5000 Modules NetScreen-5000 Series 7 The 5000-M2 Management Module The 5000-M2 management module is based around powerful, dual 1GHz PowerPC CPUs, which assist other system elements, primarily with non-flow related tasks. The 5000-M2 management module provides overall management and contro...
Page 16 - Secure Port Modules
Chapter 1 Overview 8 User’s Guide Secure Port Modules Secure Port Modules (SPMs) perform general packet processing and device connection tasks for devices that communicate with the NetScreen-5000 Series. These modules are based around the GigaScreen-II ASIC. SPMs handle packets as they enter and exi...
Page 21 - Installing the Device
NetScreen-5000 Series 13 2 Chapter 2 Installing the Device This chapter describes how to install a NetScreen-5000 Series in an equipment rack or on a desktop and how to configure the device on a network. Topics in this chapter include: • “General Installation Guidelines” on page 14 • “Equipment Rack...
Page 23 - OUNTING; NetScreen-5200 Front and Rear Mount
Mounting the NetScreen-5000 Series NetScreen-5000 Series 15 There are two ways to rack mount the NetScreen-5200: • Rear and front mount • Mid-mount You can only front-mount the NetScreen-5400. M OUNTING THE N ET S CREEN -5000 S ERIES The following sections describe how to rack mount the NetScreen-50...
Page 25 - AC P; DC P
Installing and Connecting the AC Power Supply NetScreen-5000 Series 17 I NSTALLING AND C ONNECTING THE AC P OWER S UPPLY To install and connect the AC power supply to the NetScreen-5000 Series: 1. On the NetScreen-5200, slide the power supply into one of the power compartments in the back of the sys...
Page 27 - HA C
Establishing an HA Connection NetScreen-5000 Series 19 E STABLISHING AN HA C ONNECTION To assure continuous traffic flow in the event of a system failure, you can cable and configure two NetScreen devices in a redundant cluster, with one device acting as a master and the other as its backup. The mas...
Page 29 - Configuring the Device
NetScreen-5000 Series 21 3 Chapter 3 Configuring the Device This chapter describes how to perform initial configuration on the NetScreen-5000 Series once you have mounted it in a rack or desktop, plugged in the necessary cables, and turned the power on. Topics in this chapter include: • “Operational...
Page 30 - PERATIONAL; Transparent Mode
Chapter 3 Configuring the Device 22 User’s Guide O PERATIONAL M ODES The NetScreen-5000 Series supports two operational modes: Transparent and Route. The default mode is Route. Transparent Mode In Transparent mode, a NetScreen-5000 Series systems operates as a Layer-2 bridge. Because the device cann...
Page 32 - Configurable Interfaces
Chapter 3 Configuring the Device 24 User’s Guide NetScreen-5400 Interfaces A NetScreen-5400 contains one management module (in slot 1) and up to three SPMs. You can use a 5000-M or a 5000-M2 management module in slot 1. In the illustrations below, the device contains three 5000-8G SPMs. Configurable...
Page 33 - ERFORMING; Establishing a Terminal Emulator Connection
Performing Initial Connection and Configuration NetScreen-5000 Series 25 P ERFORMING I NITIAL C ONNECTION AND C ONFIGURATION To establish the first console session with the NetScreen-5000 Series system, use a vt100 terminal emulator program through the provided RJ-45/DB9 serial port connector. Estab...
Page 34 - Upgrading the Firmware During the Boot Process
Chapter 3 Configuring the Device 26 User’s Guide Upgrading the Firmware During the Boot Process 1. Connect your computer to the NetScreen-5000 Series system: a. Using a serial cable, connect the serial port on your computer to the console port on the NetScreen-5000 Series system. This connection, in...
Page 35 - Changing Your Admin Name and Password; Setting Port and Interface IP Addresses; Viewing Current Interface Settings
Performing Initial Connection and Configuration NetScreen-5000 Series 27 Changing Your Admin Name and Password Because all NetScreen products use the same admin name and password ( netscreen ), it is highly advisable to change your admin name and password immediately. Enter the following commands: s...
Page 36 - Setting the IP Address for the Trust Zone Interface; Setting the IP Address for the Untrust Zone Interface
Chapter 3 Configuring the Device 28 User’s Guide For example, to set the IP address and subnet mask of the MGT interface to 10.100.2.183 and 16, respectively: set interface mgt ip 10.100.2.183/16 3. To confirm the new port settings, execute the following command: get interface mgt Setting the IP Add...
Page 37 - set interface ethernet2/3; get interface ethernet2/3; UI S; Starting a Console Session Using Telnet
Configuring the Device fo r T elnet and WebUI Sessions NetScreen-5000 Series 29 3. Set the IP address and subnet mask by executing the following command: set interface ethernet2/3 ip ip_addr / mask where ip_addr is the IP address and mask is the subnet mask . For example, to set the IP address and s...
Page 38 - Starting a Console Session Using Dialup
Chapter 3 Configuring the Device 30 User’s Guide For example, if the MGT interface has an address of 10.100.2.183 , then enter: telnet 10.100.2.183 3. At the Username prompt, type your user name (default is netscreen ). 4. At the Password prompt, type your password (default is netscreen ). 5. (Optio...
Page 39 - ONFIGURING; set chassis audible-alarm; get chassis
Configuring the Chassis Alarm NetScreen-5000 Series 31 For example, if you assigned the MGT interface an IP address of 10.100.2.183 /16, then enter: http://10.100.2.183 The NetScreen WebUI software displays the login prompt. 3. Enter netscreen in both the Admin Name and Password fields, and then cli...
Page 41 - get interface; CLI C
Using CLI Commands to Reset the Device NetScreen-5000 Series 33 4. (Optional) To see the updated port list and details about the new aggregate interface: get interface get interface aggregate1 Notice that the listing contains aggregate1 , an aggregate interface comprised of ethernet2/1 and ethernet2...
Page 47 - NetScreen-5200 Fan Tray Filter
Replacing the Fan Module NetScreen-5000 Series 39 NetScreen-5200 Fan Tray Filter Before you replace the fan tray filter, make sure you have the following tools: • Flashlight or other light source • 18-inch wooden ruler To replace the fan tray filter: 1. Remove the fan tray (See “NetScreen-5200 Fan M...
Page 50 - NetScreen-5400 Fan Tray Filter
Chapter 4 Servicing the Device 42 User’s Guide NetScreen-5400 Fan Tray Filter To replace the fan tray filter: 1. Remove the fan tray (See “NetScreen-5400 Fan Module” on page 40 ). 2. Lay the fan tray filter up. 3. Pull the filter from the Velcro backing. 4. Replace the filter. 5. Align the new fan m...
Page 53 - Specifications
NetScreen-5000 Series I A Appendix A Specifications This appendix provides general system specifications for the NetScreen-5000 Series. • “NetScreen-5200 Attributes” on page A-II • “NetScreen-5400 Attributes” on page A-II • “Electrical Specification” on page A-II • “NEBS Certifications” on page A-II...
Page 54 - The following table presents the environmental specifications.
Appendix A Specifications II User’s Guide N ET S CREEN -5200 A TTRIBUTES Height: 3.4 inches (8.6 cm) Depth: 19.5 inches (49.5 cm) Width: 17.5 inches (44.5 cm) Weight: 32 pounds (without power supply) (15 kg) N ET S CREEN -5400 A TTRIBUTES Height: 8.62 inches (21.89 cm) Depth: 14 inches (35 cm) Width...
Page 55 - NEBS C; AFETY; EMI C; ERTIFICATIONS
NetScreen-5000 Series III NEBS C ERTIFICATIONS Level 3 NetScreen-5200 with DC power supply. GR-63-Core: NEBS, Environmental Testing GR-1089-Core: EMC and Electrical Safety for Network Telecommunications Equipment S AFETY C ERTIFICATIONS UL, CUL, CSA, CE, CB EMI C ERTIFICATIONS FCC class A, CE class ...
Page 56 - The following table shows the 10-Gigabit media
Appendix A Specifications IV User’s Guide The following table shows the 10-Gigabit media types and distances for the different types of connectors used with the NetScreen-5000 Series systems. Standard Media Type Mhz/Km Rating Maximum Distance 1000 Base-SR 62.5/125µm Multimode Fiber 160 220 m 62.5/12...
Page 58 - ODULE
Appendix B Port Descriptions and LED Status II User’s Guide M ODULE P ORT D ESCRIPTIONS The following table describes the ports on the 5000-M and 5000-M2 management modules. The following table describes the ports on the 5000-8G Secure Port Module (SPM). The following table details the ports on the ...
Page 59 - LED D; ESCRIPTIONS
NetScreen-5000 Series III The following table details the ports on the 5000-8G2 SPM. The following table details the ports on the 5000-2XGE SPM. M ODULE LED D ESCRIPTIONS This section provides descriptions of the LEDs on NetScreen-5000 Series modules. Two types of LEDs exist on the modules: • Status...
Page 60 - TATUS; LED S; TATES; Interpreting Status LEDs for the Management
Appendix B Port Descriptions and LED Status IV User’s Guide S TATUS LED S TATES This section describes Status LED states on all modules. Interpreting Status LEDs for the Management Modules The Status LEDs indicate whether the management module is operating properly. The following table describes the...
Page 62 - LED; Interpreting Power Supply LED Status for the; Single SPM Installed
Appendix B Port Descriptions and LED Status VI User’s Guide P OWER S UPPLY LED S The following tables describe LED behaviors on the 5000-M and 5000-M2 for different combinations of functioning power supplies. Interpreting Power Supply LED Status for the NetScreen-5200 The following table details the...
Page 65 - Index; Numerics
Index NetScreen-5000 Series IX-I Index Numerics 5000-2G24FE, description 95000-2XGE, description 115000-8G description 8figure 8port status LEDs Vsystem status LEDs V 5000-8G2 description 10figure 10, 11port status LEDs Vsystem status LEDs V 5000-M figure 6system status LEDs IV 5000-M2 figure 7syste...
