How to configure Netscreen 5200

by admin

In this post, we will describe the steps of configuring netscreen 5200 Firewall.

First of all, we must log to the firewall using line console with Speed 9600.

Putty configuration

The default user is netscreen and password is netscreen.

After logging to the firewall we need, to configure management IP with the command:

set interface mgt ip 192.168.1.1/24

After configuring the management IP, we connect to the firewall using web interface using the management IP configured in previous step.

In this step, we must enable SSHv2 and SSL

By default, all IPs are authorized to connect to the firewall. To limit IP for the management of the firewall,

Navigate to Configuration →Admin → Permitted IPs

For configuring the HA in the firewall, we will use the netscreen protocol nsrp.

Before configuring nsrp, we must check that both devices (master and slave) running the same version using the command get system

After verifying the version, connect the fiber between to devices in the interface ha.

Configure the cluster name:

Set nsrp cluster name NSRP-Cluster

Configure the VSD-group and priority in both devices (master and slave), the low priority must be configured in the master.


VSD-Group configuration in the master

After configure the VSD-Group, we must configure the cluster id and the interfaces that will be monitored in the cluster.

To configure the cluster id, navigate to Network → NSRP → Cluster:


Configure Cluster ID using webinterface

To configure the interfaces that will be monitored, navigate to Network → NSRP → Monitor → Interface and Check interfaces that will be monitored



Configure interface monitoring using web interface


This can also be configured using CLI

Configuring nsrp using CLI

After configuring the cluster, we must synchronize the configuration.

To synchronize the configuration, we must connect to the firewall slave and execute the command:

FW-Cluster->Exec nsrp sync global-config save

FW-Cluster->load peer system config to save

Save global configuration successfully.

Continue to save local configurations … Save local configuration Successfully.

Done

Please reset your box to let cluster configuration take effect!

Now, we must reset the slave without saving the configuration. The reset, will be done using the command reset.

FW-Cluster->reset

Configuration modified, save? [y]/n n

System reset, are you sure? y/[n] y

In reset …

After reboot, we execute the command set nsrp rto-mirror sync on the master to synchronize the config.

Related Posts

Leave a Comment