The port modes allow you to set different port, interface, and zone bindings on some security devices. To see figures illustrating the port mode bindings, refer to the Concepts and Examples ScreenoS Refernece Guide.
Note: Setting the port mode removes any existing configurations on the device and requires a system reset.
You can set one of the following port modes on some devices (select a port mode, then click Apply to save your setting):
Trust-Untrust is the default port mode. The Initial Configuration Wizard only runs in Trust-Untrust port mode. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
Untrust |
Untrust |
1 |
Trust |
Trust |
2 |
Trust |
Trust |
3 |
Trust |
Trust |
4 |
Trust |
Trust |
Modem |
serial |
Null |
ADSL |
adsl1 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Trust |
Home-Work mode binds interfaces to the Untrust security zone and to Home and Work security zones. The Home and Work zones allow you to segregate users and resources in each zone. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet3 |
Untrust |
1 |
ethernet1 |
Work |
2 |
ethernet1 |
Work |
3 |
ethernet2 |
Home |
4 |
ethernet2 |
Home |
Modem |
serial |
Null |
ADSL |
adsl1 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Work |
|
wireless3 |
Home |
Trust/Untrust/DMZ (Extended mode) binds interfaces to the Untrust, Trust and DMZ security zones, allowing you to segregate web, e-mail or other application servers from the internal network. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet3 |
Untrust |
1 |
ethernet1 |
Trust |
2 |
ethernet1 |
Trust |
3 |
ethernet2 |
DMZ |
4 |
ethernet2 |
DMZ |
Modem |
serial |
Null |
ADSL |
adsl1 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Trust |
|
wireless3 |
DMZ |
|
wireless4 |
Wzone2 |
Dual Untrust mode binds two interfaces, a primary and a backup, to the Untrust security zone. The primary interface is used to pass traffic to and from the Untrust zone, while the backup interface is used only when there is a failure on the primary interface. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet3 |
Untrust |
1 |
ethernet1 |
Trust |
2 |
ethernet1 |
Trust |
3 |
ethernet1 |
Trust |
4 |
ethernet2 |
Untrust |
|
wiresless1 |
Wzone1 |
|
wireless2 |
Trust |
Combined mode allows both primary and backup interfaces to the Untrust security zone, and the segregation of users and resources in Home and Work security zones. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet4 |
Untrust |
1 |
ethernet1 |
Work |
2 |
ethernet2 |
Home |
3 |
ethernet2 |
Home |
4 |
ethernet3 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Work |
|
wireless3 |
Home |
Modem |
N/A |
N/A |
DMZ-Dual-Untrust mode binds interfaces to the Untrust, Trust, and DMZ security zones, allowing you to pass traffic simultaneously from the internal network. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet4 |
Untrust |
1 |
ethernet1 |
Trust |
2 |
ethernet1 |
Trust |
3 |
ethernet2 |
DMZ |
4 |
ethernet3 |
Untrust |
ADSL |
adsl1 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Trust |
|
wireless3 |
DMZ |
|
wireless4 |
Wzone2 |
Modem |
N/A |
N/A |
Dual DMZ mode binds interfaces to the Untrust, Trust, DMZ, and DMZ2 security zones, allowing you to pass traffic simultaneously from the internal network. This mode provides the following port, interface, and zone bindings:
Port |
Interface |
Zone |
Untrusted |
ethernet5 |
Untrust |
1 |
ethernet1 |
Trust |
2 |
ethernet2 |
DMZ |
3 |
ethernet3 |
DMZ2 |
4 |
ethernet4 |
Untrust |
ADSL |
adsl1 |
Untrust |
|
wireless1 |
Wzone1 |
|
wireless2 |
Trust |
|
wireless3 |
DMZ |
|
wireless4 |
Wzone2 |
Modem |
N/A |
N/A |
Note: Issuing the unset all CLI command does not affect the port mode setting on the device.