We installed NetScreen's new security appliances in our test lab network and in our production corporate network at Opus One. In our production network, we used the NetScreen devices primarily in "bridge" (Layer 2) mode. Then we pulled the boxes out of the production network into the lab where we re-created our configuration using the IP routing mode (Layer 3) of the NetScreen devices.
We used our Entrust Certificate Authority to generate certificates for the NetScreen boxes and then built VPN tunnels to our existing infrastructure, which includes Nokia and SonicWall VPN devices. Because our production network is based on Fast Ethernet, we used Extreme Networks' Summit48 switches as a gateway between the Gigabit Ethernet ports on the 5200 and the Fast Ethernet in the rest of the network. Once we had secure VPN channels for management and control, we moved onto firewall configuration.
Using our existing security policy with approximately 50 network objects and more than 100 rules, we re-created our production firewall configuration on the NetScreen appliance and dropped it into the network. As part of the installation, we explored the Web-based and Command Line Interface-based configuration options on the NetScreen device.