Shulou(Shulou.com)06/01 Report--

Summary of Netscreen FAQ

Can 1.netscreen firewall be used as HA?

So far, models above NetScreen-100 can do HA,NetScreen-50 or HA in the new OS version.

Does 2.Netscreen support load balancing? At which end?

Yes, both Trust and DMZ zones support load balancing.

Does the 3.netscreen firewall support PPPoE dialing?

PPPoE dialing is supported by low-end products of netscreen firewalls.

4. What is An A Full Mesh HA?

The high-end products of netscreen Firewall support HA in the way of A Full Mesh. This HA is characterized by the fact that every machine that makes up the HA is active (A) and is cross-wired to greatly enhance the robustness of the HA.

Can 5.netscreen firewall establish × × × with Cisco's Pix firewall? what models are available?

The netscreen firewall can establish a × × connection with any Cisco firewall.

6. Which user authentication is supported in addition to the built-in user NetScreen?

It also supports Radius database, RSA SecureID database and LDAP database authentication.

What models are available in the 7.NetScreen series?

NetScreen products from low end to high end are: NS-5XP, NS-5XT, NS-25, NS-50, NS-204, NS-208, NS-500, NS-1000, NS-5200, NS-5400. Among them, NS-208 and below, including NS-208, are medium and low-end products, and NS-208 and above are high-end products. The early products of NetScreen include NS-10 and NS-100 series.

8. What is the relationship between the virtual router and the domain?

A virtual router contains domains, and each domain belongs to a virtual router. For example, Untrust Zone and DMZ Zone defaults to Untrust-VR, while Trust Zone and user-defined Zone defaults to Trust-VR.

9. What is the relationship between domain (Zone) and interface (interface)?

Each interface belongs to a different Zone, and the interface can be configured with an IP address only if the interface is bound to a Zone. Each Zone contains several interface (physical and logical).

10. Why can't Gloable PRO 3.1 manage Screen OS 3.1 systems in Transparent mode?

Because Global PRO does not support the management of Screen OS 3.1 under Transparent.

What is the difference between 11.NetScreen Global PRO Express and NetScreen Global PRO?

PRO Express is a simplified version of PRO, and PRO Express collects and monitors firewall information through a Sun Netra Server. PRO is a three-tier structure, all the information will be collected into the Oracle database, through third-party software to generate reports.

Does the 12.netscreen firewall implement security policies before doing NAT?

Yes, the netscreen firewall first checks the security policy and saves all the TCP/IP state connection tables, so the firewall knows the real internal IP.

13. What is Hub & Spoke?

Hub & Spoke is a patented technology of netscreen firewall. It is a × × connection mode, with a firewall as the center and other firewalls as branches to establish a centralized star structure mode, which is easy to manage and implement.

What is the content filtering function of 14.netscreen Firewall?

All NetScreen devices can be integrated with Websense content filtering solutions to block inappropriate content.

15. Does the flow of data between Zone require policy control? What about interfaces (interface)?

In Screen OS 3.1, the flow of data between domains (Zone) is controlled by policies. The flow of data between different interfaces in the same domain does not need to be controlled by policy. You can use commands to control whether data is allowed to flow between interfaces in the same domain.

How is the 16.netscreen firewall doing in terms of QoS?

The unique traffic management of NetScreen can assign priority to traffic according to IP address, user, application or time with eight priority levels of guaranteed bandwidth and maximum bandwidth. Ensure that users' critical applications will not be affected.

How is the delay of 17.NetScreen calculated?

The average delay is 500ms, and the actual delay is determined according to the packet size and processor rate. The processing time of packets with a minimum of 64 byte and a maximum of 1518 byte can go from 10ms to 2500ms, plus the average sending and receiving time.

18. What is a security domain?

On a netscreen firewall device, the network is divided into multiple segments, each segment can implement different security policies, such a segment is a security domain.

What is the difference between 19.netscreen firewall and domestic hardware firewall?

Netscreen firewall is a pure hardware firewall, most of the domestic firewalls are the combination of software and hardware, not pure hardware firewall. The netscreen firewall uses ASIC chips to handle functions such as firewall and × × encryption, which is much faster than using software programs to drive CPU to achieve these functions.

What is the difference between 20.Screen OS 3.1 and Screen OS 3.0?

There are many differences between Screen OS 3.1 and Screen OS 3.0. Generally speaking, there are the following points: two virtual routers are built in and the concept of security domain is introduced.

Which products of 21.NetScreen have virtual routers? What's the use?

Products that use Screen OS 3.1 have built-in virtual routers. The basic function of the virtual router is to route the datagrams that flow through the firewall, which can strengthen the data function of the firewall. Second, the introduction of the concept of virtual router can greatly enhance the security of the firewall, in addition, each virtual router can connect an Internet access.

What is the difference between HA in 22.A/A mode and what is commonly called HA?

What we usually mean by HA refers to the HA in the way of A hand P, in which HA usually means that one machine works, another standby, and only when the working machine cannot work for some reason, another firewall takes over. On the other hand, the two firewalls of HA are working, so the speed of the firewall is equal to the sum of the two firewalls. But in this way, some other parameters of HA, such as the number of Session and the number of × × tunnels, remain unchanged. This is because the data on the two firewalls are consistent.

How many models do you have for 23.NetScreen-1000?

NetScreen-1000 is divided into NetScreen-1000SP and NetScreen-1000ES.

What are the cluster management software of 24.netscreen firewall?

The cluster management software of NetScreen products is: NetScreen Global Manager,NetScreen Global Pro,NetScreen Global Pro Express. Among them, NetScreen Global Manager belongs to early products and can only manage early products.

How many models do you have for 25.NetScreen-500?

There are two models of NetScreen-500: NetScreen-500SP and NetScreen-500ES.

twenty-six。 When setting the authentication policy, what is the effective time of each certification?

The default valid time is 10 minutes, but it can be modified, and its range is 2 minutes-10000 minutes.

What are the functions of 27.netscreen firewall?

Generally speaking, NetScreen has three major functions: firewall, × ×, and traffic management.

twenty-eight。 Why can't you find Untrust, Trust, DMZ interfaces on these firewalls?

In NetScreen-208 and NetScreen-204 firewalls, because the concept of domain is introduced in Screen OS 3.1, the terms of interface such as Untrust, Trust and DMZ have been cancelled. Its interfaces are called Ethernet1, Ethernet2, Ethernet3, and so on. But there are three domains, Untrust, Trust and DMZ, by default in the Screen OS 3.1domain.

twenty-nine。 What is a virtual system (Virtual System)?

Virtual system is the proprietary technology of netscreen firewall, which is only implemented on high-end firewall at present. Through it, a firewall can be divided into relatively independent systems, each with an independent policy, address book, and so on.

Is 30.NetScreen-Remote the software firewall of NetScreen?

As we all know, NetScreen is a company specializing in hardware firewalls. He doesn't have a software firewall. NetScreen has a client software, NetScreen-Remote, which is used to enable mobile users or dial-up users to establish a × × connection with the firewall, it is not a software firewall.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.