How to configure Netscreen 5400

by

 In this post, we will describe the steps of configuring netscreen 5400 Firewall.

First of all, we must log to the firewall using line console with Speed 9600.

How to configure Netscreen 5400

The default user is netscreen and password is netscreen.

After logging to the firewall we need, to configure management IP with the command:

set interface mgt ip 192.168.1.1/24

After configuring the management IP, we connect to the firewall using web interface using the management IP configured in previous step.

In this step, we must enable SSHv2 and SSL

How to configure Netscreen 5400

By default, all IPs are authorized to connect to the firewall. To limit IP for the management of the firewall, Navigate to Configuration→Admin →Permitted IPs

How to configure Netscreen 5400

For configuring the HA in the firewall, we will use the netscreen protocol nsrp.

Before configuring nsrp, we must check that both devices (master and slave) running the same version using the command get system

How to configure Netscreen 5400

After verifying the version, connect the fiber between to devices in the interface ha.

Configure the cluster name:

Set nsrp cluster name NSRP-Cluster

Configure the VSD-group and priority in both devices (master and slave), the low priority must be configured in the master.

How to configure Netscreen 5400

VSD-Group configuration in the master

How to configure Netscreen 5400

After configure the VSD-Group, we must configure the cluster id and the interfaces that will be monitored in the cluster.

configure the cluster id, navigate to Network → NSRP → Cluster:

How to configure Netscreen 5400
Configure Cluster ID using webinterface

To configure the interfaces that will be monitored, navigate to

Network → NSRP → Monitor → Interface and check interfaces that will be monitored

Configure interface monitoring using web interface

This can also be configured using CLI

Configuring nsrp using CLI

After configuring the cluster, we must synchronize the configuration.

To synchronize the configuration, we must connect to the firewall slave and execute the command:

FW-Cluster->Exec nsrp sync global-config save

FW-Cluster->load peer system config to save

Save global configuration successfully.

Continue to save local configurations … Save local configuration Successfully.

Done

Please reset your box to let cluster configuration take effect!

Now, we must reset the slave without saving the configuration. The reset, will be done using the command reset.

FW-Cluster->reset

Configuration modified, save? [y]/n n

System reset, are you sure? y/[n] y

In reset …

After reboot, we execute the command set nsrp rto-mirror sync on the master to synchronize the config.

Related Posts

Leave a Comment