What is the purpose of the ‘Permitted IP’ address on aNetScreendevice?
It defines which range of addresses can access devices connected to theNetScreen
It defines a list of addresses that are trusted to perform management on theNetScreen
It is used in policy rules to determine which user traffic is allowed through theNetScreen
It is the address to which an external device connects in order to gain management access to a NetScreen
It defines a list of devices whose traffic can pass through theNetScreenwithout being authenticated
You can administerNetScreendevices from one or multiple addresses of a subnet. By default, any host on the
trustedinterface can administer aNetScreendevice. To restrict this ability to specific workstations, you must
configuremanagement client IP addresses.
Example: Restricting Administration to a Single Workstation In this example, the administrator at the workstation with the IP address 172.16.40.42 is the only administrator
specifiedto manage theNetScreendevice.
Configuration > Admin > PermittedIPs: Enter the following, and then click Add:
IP Address /Netmask: 172.16.40.42/32
setadmin manager-ip 172.16.40.42/32
Note: The assignment of a management client IP address takes effect immediately. If you are managing the device via a network connection and your workstation is not included in the assignment, theNetScreendevice immediately terminates your current session and you are no longer able to manage the device from that workstation.