- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Quick start | 29.37 KB |
Quick start
This help contains the following topics:
· Basic settings for the security device
¡ Configure interface IP addresses
Introduction
To ensure high security, security devices by default can communicate only with the network devices or endpoints connected to the management interfaces. For the security devices to communicate with other devices, you must add the connecting interfaces of the security devices to security zones and configure security policies to permit traffic. This page will help you complete required configurations when you first use your security device.
Basic settings for the security device
Change the default password
When you first access the Web interface of the security device, you can use the default administrator account (username and password are both admin) to log in. After you successfully log in, immediately change the default password as a best practice to avoid illegal logins and ensure security for the device and network.
Configure interface IP addresses
By default, only the management interface of the security device has an IP address configured for login management. To enable the security device to forward service packets, you must configure IP addresses for service interfaces. For more information about interface configuration, see the interface help.
Add security zone members
The security device discards packets between two interfaces that are not in any security zone. For the security device to correctly process received packets, you must add the device's interfaces to security zones. The security device has five predefined security zones, which are Local, Management, Trust, Untrust, and DMZ. The Local zone represents the security device itself. You cannot add interfaces to the Local zone. The Management zone holds the management interface. As a best practice, do not add service interfaces to the Management zone. You can add service interfaces to the Trust, Untrust, and DMZ zones. You can also create security zones as needed. For more information about security zones, see the security zone help.
Configure a security policy
The security device uses the security policies applied to security zone pairs to control packet forwarding. By default, the security device forwards packets only between the Management and Local zones. That is, the device or endpoint connected to the interface in the Management zone can access the security device, and all other packets accessing the security device will be discarded. For the security device to forward these packets correctly, you must configure security policies to permit valid packets and discard invalid packets between specific zone pairs.
A device might need to exchange packets with the security device itself for some services, such as OSPF, tunnel, VPN, DHCP, and NAT. To correctly process these packets, you need to configure a security policy to permit packets between the security zone of the device and the Local zone of the security device.
For more information about security policies, see the security policy help.