Port Modes

The port modes allow you to set different port, interface, and zone bindings on some security devices. To see figures illustrating the port mode bindings, refer to the Concepts and Examples ScreenoS Refernece Guide.

Note: Setting the port mode removes any existing configurations on the device and requires a system reset.

You can set one of the following port modes on some devices (select a port mode, then click Apply to save your setting):

Trust-Untrust is the default port mode. The Initial Configuration Wizard only runs in Trust-Untrust port mode. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	Untrust	Untrust
1	Trust	Trust
2	Trust	Trust
3	Trust	Trust
4	Trust	Trust
Modem	serial	Null
ADSL	adsl1	Untrust
	wireless1	Wzone1
	wireless2	Trust

Home-Work mode binds interfaces to the Untrust security zone and to Home and Work security zones. The Home and Work zones allow you to segregate users and resources in each zone. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet3	Untrust
1	ethernet1	Work
2	ethernet1	Work
3	ethernet2	Home
4	ethernet2	Home
Modem	serial	Null
ADSL	adsl1	Untrust
	wireless1	Wzone1
	wireless2	Work
	wireless3	Home

Trust/Untrust/DMZ (Extended mode) binds interfaces to the Untrust, Trust and DMZ security zones, allowing you to segregate web, e-mail or other application servers from the internal network. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet3	Untrust
1	ethernet1	Trust
2	ethernet1	Trust
3	ethernet2	DMZ
4	ethernet2	DMZ
Modem	serial	Null
ADSL	adsl1	Untrust
	wireless1	Wzone1
	wireless2	Trust
	wireless3	DMZ
	wireless4	Wzone2

Dual Untrust mode binds two interfaces, a primary and a backup, to the Untrust security zone. The primary interface is used to pass traffic to and from the Untrust zone, while the backup interface is used only when there is a failure on the primary interface. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet3	Untrust
1	ethernet1	Trust
2	ethernet1	Trust
3	ethernet1	Trust
4	ethernet2	Untrust
	wiresless1	Wzone1
	wireless2	Trust

Combined mode allows both primary and backup interfaces to the Untrust security zone, and the segregation of users and resources in Home and Work security zones. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet4	Untrust
1	ethernet1	Work
2	ethernet2	Home
3	ethernet2	Home
4	ethernet3	Untrust
	wireless1	Wzone1
	wireless2	Work
	wireless3	Home
Modem	N/A	N/A

DMZ-Dual-Untrust mode binds interfaces to the Untrust, Trust, and DMZ security zones, allowing you to pass traffic simultaneously from the internal network. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet4	Untrust
1	ethernet1	Trust
2	ethernet1	Trust
3	ethernet2	DMZ
4	ethernet3	Untrust
ADSL	adsl1	Untrust
	wireless1	Wzone1
	wireless2	Trust
	wireless3	DMZ
	wireless4	Wzone2
Modem	N/A	N/A

Dual DMZ mode binds interfaces to the Untrust, Trust, DMZ, and DMZ2 security zones, allowing you to pass traffic simultaneously from the internal network. This mode provides the following port, interface, and zone bindings:

Port	Interface	Zone
Untrusted	ethernet5	Untrust
1	ethernet1	Trust
2	ethernet2	DMZ
3	ethernet3	DMZ2
4	ethernet4	Untrust
ADSL	adsl1	Untrust
	wireless1	Wzone1
	wireless2	Trust
	wireless3	DMZ
	wireless4	Wzone2
Modem	N/A	N/A

Note: Issuing the unset all CLI command does not affect the port mode setting on the device.