In this post, we will describe the steps of configuring netscreen 5200 Firewall.
First of all, we must log to the firewall using line console with Speed 9600.
The default user is netscreen and password is netscreen.
After logging to the firewall we need, to configure management IP with the command:
set interface mgt ip 192.168.1.1/24
After configuring the management IP, we connect to the firewall using web interface using the management IP configured in previous step.
In this step, we must enable SSHv2 and SSL
By default, all IPs are authorized to connect to the firewall. To limit IP for the management of the firewall,
Navigate to Configuration →Admin → Permitted IPs
For configuring the HA in the firewall, we will use the netscreen protocol nsrp.
Before configuring nsrp, we must check that both devices (master and slave) running the same version using the command get system
After verifying the version, connect the fiber between to devices in the interface ha.
Configure the cluster name:
Set nsrp cluster name NSRP-Cluster
Configure the VSD-group and priority in both devices (master and slave), the low priority must be configured in the master.
After configure the VSD-Group, we must configure the cluster id and the interfaces that will be monitored in the cluster.
To configure the cluster id, navigate to Network → NSRP → Cluster:
To configure the interfaces that will be monitored, navigate to Network → NSRP → Monitor → Interface and Check interfaces that will be monitored
This can also be configured using CLI
After configuring the cluster, we must synchronize the configuration.
To synchronize the configuration, we must connect to the firewall slave and execute the command:
FW-Cluster->Exec nsrp sync global-config save
FW-Cluster->load peer system config to save
Save global configuration successfully.
Continue to save local configurations … Save local configuration Successfully.
Please reset your box to let cluster configuration take effect!
Now, we must reset the slave without saving the configuration. The reset, will be done using the command reset.
Configuration modified, save? [y]/n n
System reset, are you sure? y/[n] y
In reset …
After reboot, we execute the command set nsrp rto-mirror sync on the master to synchronize the config.