Upload
sandra4211
View
1.176
Download
5
Tags:
Embed Size (px)
Citation preview
Configuring VPN from Proventia®
M Series Appliance to NetScreen SystemsAugust 12, 2005
Overview
Introduction This document describes how to configure a VPN tunnel from a Proventia M Series appliance running a Firmware 2.1 operating system or later to NetScreen 208 systems.
Intended use This document provides an example for configuring VPN from a Proventia M Series appliance to a NetScreen system running a version 4.0.0r6 operating system. The example is not designed for operational use without modification. A knowledgeable IPSEC network administrator or advanced user should design new, custom polices for operational use.
Scope This document does not provide specific procedures, but rather examples of settings. For specific instructions on how to configure these settings, refer to the documentation listed in the Related documentation section of this topic.
Related documentation
Refer to the Proventia Manager Online Help and the Proventia M Series Appliances User Guide for more information about the following:
● IKE settings
● IPSEC and IPSEC policies
● security gateways
● access policies
● NAT policies
For procedures for configuring the NetScreen system, refer to the documentation provided with your system.
1
© Internet Security Systems, Inc. 2005. All rights reserved worldwide.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
In this document This document contains the following topics:
Topic Page
Before You Begin 3
Configuring the Proventia Appliance Security Gateway 5
Configuring the Proventia Appliance IPSEC Policy 7
Creating an IPSEC Policy for Antivirus Protection with VPN Connection 8
Creating Related Access Policies for the Proventia M Series Appliance 10
Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance
11
Creating Access Policies to Enable Traffic from Subnet A to Subnet B 12
Creating NAT Rules 14
Creating Network Objects for the NetScreen System 16
Configuring VPN on the NetScreen System Using the VPN Wizard 18
Configuring VPN on the NetScreen System Manually 20
Configuring IKE Phase 2 Policy on the NetScreen System 22
Creating Firewall Rules on the NetScreen System 23
2
Contents of document subject to change.
Before You Begin
Before You Begin
Introduction This topic includes a topography graphic and a checklist to help you gather the information you need to configure VPN for your Proventia M Series appliance and NetScreen system.
Topography The following graphic illustrates the network topography of a Proventia M Series appliance configured for VPN with a NetScreen system. The example used in this document is based on the topography depicted.
Table 1: Topography for VPN tunnel from Proventia appliance to NetScreen
3
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Checklist The following checklist indicates the information that you need before configuring your VPN tunnel.
Task Description
Proventia M Series External IP address _____________________________
Note: This is the IP address that you will use where a.a.a.a appears in the examples in this document.
Proventia M Series Internal IP Address _____________________________
Subnet A IP address _____________________________
Netscreen External IP address _____________________________
Note: This is the IP address that you will use where b.b.b.b appears in the examples in
this document.
Netscreen Internal IP address _____________________________
Subnet B IP address/mask _____________________________
Preshared key (minimum of 16 characters) _____________________________
Note: Use signed certificates to identify the Proventia appliance and Check Point VPN server for better security.
IKE Phase 1 (Main Mode) Authentication MD5 SHA1
IKE Phase 1 Encryption 3DES DES AES
Note: If you select AES, select an AES key length: 128 192 256
IKE Phase 1 Key Lifetime Seconds _____________________________
IKE Phase 1 Key Lifetime Kbytes _____________________________
IKE Phase 1 Diffie-Hellman Group Group1 Group2 Group5
IKE Phase 2 (Quick Mode) Authentication MD5 SHA1
IKE Phase 2 Encryption 3DES DES AES
Note: If you select AES, select an AES key length: 128 192 256
IKE Phase 2 Key Lifetime Seconds _____________________________
IKE Phase 2 Key Lifetime Kbytes _____________________________
IKE Phase 2 Diffie-Hellman Group None Group1 Group2 Group5
Access Policies
Table 2: Checklist before configuring VPN tunnel
4
Contents of document subject to change.
Configuring the Proventia Appliance Security Gateway
Configuring the Proventia Appliance Security Gateway
Introduction You must configure the security gateway that represents the NetScreen appliance. The security gateway contains the IKE and IPSEC communication settings. To configure the security gateway, create an Auto Key IPSEC Security Gateway with the settings shown below.
Security gateway IKE Configuration settings
Define the security gateway name, and configure IKE settings on the IKE Configuration tab, as shown in the following table:
Item Setting
Name To_NetScreen
Enabled Selected
Comment IPSEC tunnel to NetScreen system
Direction Both Directions
Exchange Type Main Mode
Encryption Algorithm AES
AES Key Length 128
Authentication Algorithm
SHA1
Authentication Mode Pre Shared Key
Pre-Shared Key A text string value of at least 16 alphanumeric characters
Example
1234567890abcdefNote: Use the same text string for the NetScreen system.
Life Time Secs 28800
Life Time KBytes 0
DH Group Group2
Local IP Address Static Address
Note: In the IP Address field, type the external interface IP address of the Proventia appliance.
Example
a.a.a.a
Remote IP Address Static Address
Note: In the IP Address field, type the external interface IP address of the Symantec system.
Example
b.b.b.b
Table 3: IKE Configuration settings for the Proventia appliance
5
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
IKE XAuth settings In the XAuth area of the IKE Configuration tab, the Enabled checkbox is disabled by default. Make sure that this checkbox is cleared to disable the XAuth settings.
IPSEC Configuration general settings
Define the IPSEC Configuration general settings on the IPSEC Configuration tab, as shown in the following table:
Adding a security proposal
In the Security Proposal area of the IPSEC Configuration tab, add a security proposal with the settings shown in the following table:
Advanced settings In the Advanced Settings area of the IPSEC Configuration tab, the Enabled checkbox is cleared by default. Make sure that this checkbox is cleared to disable the advanced settings.
Local ID Static Address
Note: In the IP Address field, type the external interface IP address of the Proventia appliance.
Example
a.a.a.a
Remote ID Static Address
Note: In the IP Address field, type the external interface IP address of the NetScreen system.
Example
b.b.b.b
Item Setting
Table 3: IKE Configuration settings for the Proventia appliance
Item Setting
Encapsulation Mode Tunnel
Perfect Forward Secrecy
Group2
Advanced Settings Disabled
Table 4: IPSEC Configuration general settings for the Proventia appliance
Item Setting
Security Protocol ESP with Auth
Auth Algorithm SHA1
ESP Algorithm AES
ESP AES Key Length
128
Life Time Secs 3600
Life Time KBytes 0
Table 5: Security Proposal settings for the Proventia appliance
6
Contents of document subject to change.
Configuring the Proventia Appliance IPSEC Policy
Configuring the Proventia Appliance IPSEC Policy
Introduction You must configure the IPSEC policy to define what is encrypted between the Proventia appliance and the NetScreen system. The IPSEC policy is configured without network address translation (NAT).
Reference: See “Creating NAT Rules” on page 14.
IPSEC policy general settings
Define the IPSEC policy general settings as shown in the following table:
IPSEC policy remaining settings
Define the remaining IPSEC policy settings as shown in the following table:
Item Setting
Name To_NetScreen
Enabled Selected
Comment IPSEC tunnel to NetScreen
Security Process Encrypt
Protocol All
Table 6: IPSEC general policy settings for the Proventia appliance
On this subtab... Select this item... With this setting...
Security Gateway Auto Key Security Gateway To_NetScreen
Source Address Network Address/#Network Bits (CIDR)
The network address and subnet mask for subnet A
Example
192.168.1.0/24
Source Port Any N/A
Destination Address Network Address/#Network Bits (CIDR)
The network address and subnet mask for subnet B
Example
10.1.0.0/16
Destination Port Any N/A
Table 7: IPSEC policy settings for the Proventia appliance
7
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Creating an IPSEC Policy for Antivirus Protection with VPN Connection
Introduction The antivirus software proxies traffic to the external interface of the Proventia appliance for the following protocols:
● HTTP
● FTP
● SMTP
● POP3
To ensure that traffic analyzed by the antivirus software is sent and received from the remote VPN subnet B, you must create an additional IPSEC policy.
Note: The Proventia appliance automatically creates the mirror inbound policy for antivirus protection for VPN.
IPSEC policy general settings
Define the IPSEC policy general settings as shown in the following table:
IPSEC policy remaining settings
Define the remaining IPSEC policy settings as shown in the following table:
Item Setting
Name AV_To_NetScreen
Enabled Selected
Comment IPSEC policy to protect AV traffic to NetScreen
Security Process Encrypt
Protocol All
Table 8: IPSEC Configuration general settings for antivirus protection for VPN
On this subtab... Select this item... With this setting...
Security Gateway Auto Key Security Gateway To_NetScreen
Source Address Single IP Address The external interface IP address of the Proventia appliance
Example
a.a.a.aNote: This setting encapsulates traffic from the Proventia appliance external interface.
Source Port Any N/A
Destination Address Network Address/#Network Bits (CIDR)
The network mask for subnet B
Example
10.1.0.0/16Table 9: IPSEC Configuration remaining settings for antivirus protection for VPN
8
Contents of document subject to change.
Creating an IPSEC Policy for Antivirus Protection with VPN Connection
Destination Port Any N/A
On this subtab... Select this item... With this setting...
Table 9: IPSEC Configuration remaining settings for antivirus protection for VPN (Continued)
9
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Creating Related Access Policies for the Proventia M Series Appliance
Introduction You must create additional access policies on the Proventia appliance to do the following:
● enable Internet Security Association and Key Management Protocol (ISAKMP) traffic to the Proventia appliance external interface
Reference: See “Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance” on page 11.
● enable traffic from subnet A to subnet B without NAT (Network Address Translation)
Reference: See “Creating Access Policies to Enable Traffic from Subnet A to Subnet B” on page 12.
Guideline You are creating a VPN tunnel in which the original IP addresses are preserved in the ESP, so you do not need NAT for the subnets. See “Creating NAT Rules” on page 14.
Order of access policies
The appliance processes access policies in the order that they appear in the Access Policy list.
10
Contents of document subject to change.
Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance
Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance
Introduction Although you have created a VPN tunnel from the NetScreen server to the Proventia VPN server, you must configure the firewall to accept or deny traffic from the VPN client. To do this, enable ISAKMP traffic to the Proventia appliance external interface.
To enable ISAKMP traffic to the Proventia appliance, enable the access policy that allows VPN traffic. You can identify this policy by the Comment field that includes the following default text:
Enable this rule for VPN Connectivity
Note: This access policy is disabled by default. You must enable it to allow VPN traffic.
ISAKMP access policy general settings
Define the access policy general settings as defined in the following table:
ISAKMP access policy remaining settings
Define the remaining access policy settings as shown in the following table:
Item Setting
Enabled Selected
Action Allow
Log Enabled Not selected (optional)
Comment Enable this rule for VPN Connectivity
Table 10: ISAKMP access policy general settings for the Proventia appliance
On this subtab... Select this item... With this setting...
Protocol Any N/A
Source Address Single IP Address The external interface IP address for the NetScreen server (Unit B)
Example
b.b.b.b
Source Port Any N/A
Destination Address Self N/A
Destination Port Specify Network Objects ISAKMP_UDP
Table 11: ISAKMP access policy settings for the Proventia appliance
11
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Creating Access Policies to Enable Traffic from Subnet A to Subnet B
Introduction You must create two additional access policies on the Proventia appliance to allow all traffic from subnet A to subnet B:
● a policy to allow inbound traffic
● a policy to allow outbound traffic
Inbound access policy general settings
Define the inbound access policy general settings as defined in the following table:
Inbound access policy remaining settings
Define the remaining inbound access policy settings as shown in the following table:
Outbound access policy general settings
Define the outbound access policy general settings as defined in the following table:
Item Setting
Enabled Selected
Action Allow
Log Enabled Not selected (optional)
Comment Access policy to allow traffic from remote NetScreen network
Table 12: Inbound access policy general settings
On this subtab... Select this item... With this setting...
Protocol Any N/A
Source Address Network Address/#Network Bits (CIDR)
The network IP address and mask for subnet B
Example
10.1.0.0/16
Source Port Any N/A
Destination Address Network Address/#Network Bits (CIDR)
The network IP address and mask for subnet A
Example
192.168.1.0/24
Destination Port Any N/A
Table 13: Inbound access policy remaining settings
Item Setting
Enabled Selected
Action Allow
Log Enabled Not selected (optional)
Table 14: Outbound access policy general settings
12
Contents of document subject to change.
Creating Access Policies to Enable Traffic from Subnet A to Subnet B
Outbound access policy remaining settings
Define the remaining outbound access policy settings as shown in the following table:
Comment Access policy to allow traffic out to remote NetScreen network
Item Setting
Table 14: Outbound access policy general settings (Continued)
On this subtab... Select this item... With this setting...
Protocol Any N/A
Source Address Network Address/#Network Bits (CIDR)
The network mask for subnet A
Example
192.168.1.0/24
Source Port Any N/A
Destination Address Network Address/#Network Bits (CIDR)
The network mask for subnet B
Example
10.1.0.0/16
Destination Port Any N/A
Table 15: Outbound access policy remaining settings
13
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Creating NAT Rules
Introduction In firmware version 2.1 and later, you must add NAT (Network Address Translation) rules to bypass NAT and insure that the appliance does not translate packets that travel between subnets. The additional NAT rules are as follows:
● a Source NAT Rule
● a Destination NAT Rule
Source NAT Rule general settings
Create a Source NAT Rule with general settings as defined in the following table:
Source NAT Rule remaining settings
Define the remaining Source NAT Rule settings as shown in the following table:
Note: Make sure that the Source NAT Rule is in the first position in the Source NAT Rules table.
Destination NAT Rule general settings
Create a Destination NAT Rule with general settings as defined in the following table:
Item Setting
Name NetScreen_BypassNAT_Src
Enabled Selected
Comment Source NAT Rule to bypass NAT
Table 16: Source NAT Rule general settings
On this subtab... Select this item... With this setting...
Protocol Any N/A
Source Address Network Address/#Network Bits (CIDR)
The network mask for subnet A.
Example
192.168.1.0/24
Destination Address Network Address/#Network Bits (CIDR)
The network mask for subnet B.
Example
10.1.0.0/16
Destination Port Any N/A
Translated Address Do Not Translate N/A
Table 17: Source NAT Rule remaining settings
Item Setting
Name NetScreen_BypassNAT_Dst
Enabled Selected
Comment Destination NAT Rule to bypass NAT
Table 18: Destination NAT Rule general settings
14
Contents of document subject to change.
Creating NAT Rules
Destination NAT Rule remaining settings
Define the remaining Destination NAT Rule settings as shown in the following table:
Note: Make sure that the Destination NAT Rule is in the first position in the Destination NAT Rules table.
On this subtab... Select this item... With this setting...
Protocol Any N/A
Source Address Network Address/#Network Bits (CIDR)
The network mask for subnet B.
Example
10.1.0.0/16
Destination Address Network Address/#Network Bits (CIDR)
The network mask for subnet A.
Example
192.168.1.0/24
Destination Port Any N/A
Translated Address Do Not Translate N/A
Translated Port Do Not Translate N/A
Table 19: Destination NAT Rule remaining settings
15
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Creating Network Objects for the NetScreen System
Introduction You must create network objects on the NetScreen management console.
Creating an address list object for subnet A
To create an address list object for subnet A:
1. In the left pane, select Objects Addresses List.
2. Select Untrust.
3. Click New, and then configure the following settings:
4. Click OK.
Creating an address list object for subnet B
To create an address list object for Subnet B:
1. In the left pane, select Objects Addresses List.
2. Select Trust.
3. Click New, and then configure the following settings:
4. Click OK.
Creating an address list object for the Proventia appliance external IP address
To create an address list object for the Proventia appliance external IP address:
1. In the left pane, select Objects Addresses List.
2. Select Untrust.
Item Setting
Address Name Subnet A
IP/Netmask The network address and subnet mask for subnet A
Example
192.168.1.0/24
Zone Untrust
Table 20: NetScreen address list object settings for Subnet A
Item Setting
Address Name Subnet B
IP/Netmask The network address and subnet mask for subnet B
Example
10.1.0.0/16
Zone Trust
Table 21: NetScreen address list object settings for Subnet B
16
Contents of document subject to change.
Creating Network Objects for the NetScreen System
3. Click New, and then configure the following settings:
4. Click OK.
Item Setting
Address Name ProventiaM
IP/Netmask The external interface IP address of the Proventia appliance
Example
a.a.a.a/32
Zone Untrust
Table 22: Netscreen address list object settings for the Proventia appliance
17
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Configuring VPN on the NetScreen System Using the VPN Wizard
Introduction Configuring VPN on the NetScreen system involves the following tasks:
● setting up VPN using the VPN wizard
● setting up the VPN rules to allow antivirus software to function
● disabling NAT traversal
Setting up VPN To set up VPN:
1. In the left pane, select Wizards VPN.
2. Select LAN-to-LAN.
3. Select Local Static IP <-> Remote Static IP.
4. In the Remote Gateway IP Address field, type the external interface IP address of the Proventia appliance.
Example
a.a.a.a
5. Select Standard (128/168-bit encryption strength).
6. In the Preshared Secret field, type the same pre-shared key that you used for the Proventia appliance.
Example
1234567890abcdef
7. Choose Select from the untrust zone address book, and then select Subnet A from the list.
8. Choose Select from the trust zone address book, and then select Subnet B from the list.
9. Review the configuration, and then click Next to accept.
Setting up VPN rules to allow antivirus software to function
To set up VPN rules to allow the antivirus software to function:
1. In the left pane, select Wizards VPN.
2. Select LAN-to-LAN.
3. Select Local Static IP <-> Remote Static IP.
4. In the Remote Gateway IP Address field, type the external interface IP address of the Proventia appliance.
Example
a.a.a.a
5. Select Standard (128/168-bit encryption strength).
6. In the Preshared Secret field, type the same pre-shared key that you used for the Proventia appliance.
Example
18
Contents of document subject to change.
Configuring VPN on the NetScreen System Using the VPN Wizard
1234567890abcdef
7. Choose Select from the untrust zone address book, and then select ProventiaM from the list.
8. Choose Select from the trust zone address book, and then select Subnet B from the list.
9. Review the configuration, and then click Next to accept.
Disabling NAT traversal
To disable NAT traversal:
1. In the left pane, select VPN Autokey Advanced Gateway.
2. In the right pane, click Edit next to Gateway to Subnet A.
3. Click Advanced.
4. Clear the Enable NAT-Traversal check box.
5. Click Return.
6. Click OK.
19
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Configuring VPN on the NetScreen System Manually
Introduction If you do not want to use the VPN wizard, or if the wizard does not properly configure your VPN settings, you can configure the settings manually. The remainder of this document describes how to configure VPN on the NetScreen system manually.
Creating gateway object and IKE phase 1 policy
To create the gateway object and IKE phase 1 policy:
1. Select VPNs AutoKey Advanced Gateway.
2. In the right pane, click New.
3. Configure the following settings:
4. Click Advanced.
5. Clear the Enable NAT-Traversal check box.
6. Click Return.
7. Click OK.
Item Setting
Gateway Name Gateway for Subnet A
Security Level Standard
Reference: For information about the Standard Security Level, refer to “Description of Standard Security Level” on page 21.
Remote Gateway Type Static IP Address
IP Address The external interface IP address of the Proventia appliance
Example
a.a.a.a
Peer ID The external interface IP address of the Proventia appliance
Example
a.a.a.a
User None
Group None
Preshared Key The same pre-shared key that you used for the Proventia appliance
Example
1234567890abcdef
Local ID Leave blank
Outgoing Interface Select the interface configured as Untrust under NetworkInterfaces
Exampleethernet3
Table 23: NetScreen gateway object and IKE Phase 1 policy settings
20
Contents of document subject to change.
Configuring VPN on the NetScreen System Manually
Description of Standard Security Level
The Standard Security Level setting includes the following policy settings:
● Policy 1
■ Identity Authentication: Preshared Secret
■ Perfect Forward Secrecy: Diffie-Hellman Group 2
■ Encryption: 3DES
■ Authentication: SHA-1
● Policy 2
■ Identity Authentication: Preshared Secret
■ Perfect Forward Secrecy: Diffie-Hellman Group 2
■ Encryption: AES 128
■ Authentication: SHA-1
Note: The Proventia M Series settings match Policy 2 settings.
21
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
Configuring IKE Phase 2 Policy on the NetScreen System
Introduction This topic describes how to configure IKE Phase 2 or Quick Mode on the NetScreen system.
Creating an IKE policy rule
To create an IKE policy rule:
1. Select VPNs AutoKey IKE.
2. In the right pane, click New.
3. Configure the following settings:
4. Click OK.
Item Setting
VPN Name Tunnel for Subnet A
Security Level Standard
Reference: For information about the Standard Security Level, refer to “Description of Standard Security Level” on page 21.
Remote Gateway Predefined
Select Gateway for Subnet A.
Table 24: NetScreen IKE Phase 2 policy settings
22
Contents of document subject to change.
Creating Firewall Rules on the NetScreen System
Creating Firewall Rules on the NetScreen System
Introduction This topic describes how to create inbound and outbound firewall rules for the NetScreen system.
Note: IKASMP and UDP port 500 rules for IKE negotiations are enabled by default.
Creating the outbound firewall rule
To create the outbound firewall rule:
1. In the left pane, select Polices.
2. Select Trust from the From drop-down list.
3. Select Untrust from the To drop-down list.
4. Click Go.
5. Click New, and then configure the following settings:
6. Click OK.
Verifying the inbound firewall rule
The mirror policy for inbound traffic is automatically created when you select Modify matching bidirectional VPN policy. However, you may want to verify that it was created.
To verify that the inbound rule was created:
1. Select Untrust from the From list.
2. Select Trust from the To list.
3. Click Go.
You should see an enabled policy with the following settings:
Item Setting
Name Proventia
Source Address Address Book
Select Subnet B from the drop-down list.
Destination Address The external interface IP address of the Proventia appliance
Example
a.a.a.a.
Service Any
Action Tunnel
Tunnel Tunnel for Subnet A
Modify matching bidirectional VPN policy
Selected
L2TP None
Position at Top Selected
Table 25: NetScreen outbound firewall rule settings
23
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
■ Source: Subnet A
■ Destination: Subnet B
■ Service: Any
■ Action: Tunnel
Creating the outbound firewall rule for the antivirus software to function
To create the outbound firewall rule to allow the antivirus software to function:
1. In the left pane, select Polices.
2. Select Trust from the From drop-down list.
3. Select Untrust from the To drop-down list.
4. Click Go.
5. Click New, and then configure the following settings:
6. Click OK.
Verifying the inbound firewall rule
The mirror policy for inbound traffic is automatically created when you select Modify matching bidirectional VPN policy. However, you may want to verify that it was created.
To verify that the inbound rule was created:
1. Select Untrust from the From list.
2. Select Trust from the To list.
3. Click Go.
You should see an enabled policy with the following settings:
■ Source: Subnet A
■ Destination: Subnet B
Item Setting
Name Proventia
Source Address Address Book
Select Subnet B from the list.
Destination Address Address Book
Select Subnet A from the list.
Service Any
Action Tunnel
Tunnel Tunnel for ProventiaM
Modify matching bidirectional VPN policy
Selected
L2TP None
Position at Top Selected
Table 26: NetScreen antivirus outbound firewall rule settings
24
Contents of document subject to change.
Creating Firewall Rules on the NetScreen System
■ Service: Any
■ Action: Tunnel
Copyright © 2003-2005, Internet Security Systems, Inc. All rights reserved worldwide.
Internet Security Systems, the Internet Security Systems logo, and Proventia are trademarks of Internet Security Systems, Inc. Other marks and trade names mentioned are marks and names of their owners as indicated. All marks are the property of their respective owners and used in an editorial context without intent of infringement. Specifications and content are subject to change without notice.
25
Contents of document subject to change.
Configuring VPN from Proventia® M Series Appliance to NetScreen Systems
26
Contents of document subject to change.