NETGEAR ProSafe SRXN3205 Reference Manual

Wireless-n vpn firewall

Hide thumbs Also See for ProSafe SRXN3205:

Datasheet (4 pages)

Reference manual (218 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

Table of Contents

Quick Links

Download this manual See also: Reference Manual, Installation Manual

ProSafe Wireless-N VPN Firewall

SRXN3205 Reference Manual

Trademarks

NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETGEAR, Inc.

Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product

names are registered trademarks or trademarks of their respective holders.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to

make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit

layout(s) described herein.

Federal Communications Commission (FCC) Compliance Notice: Radio Frequency

Notice

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of

the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential

installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in

accordance with the instructions, may cause harmful interference to radio communications. However, there is no

guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference

to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to

try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed

and operated with a minimum distance of 20 centimeters between the radiator and your body.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

1) This device may not cause harmful interference, and

2) This device must accept any interference received, including interference that may cause undesired operation.

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from all persons and must not be co-

located or operating in conjunction with any other antenna or transmitter.

1.0, July 2008

Table of Contents

Summary of Contents for NETGEAR ProSafe SRXN3205

Page 1 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 2 EU Regulatory Compliance Statement The ProSafe Wireless-N VPN Firewall is compliant with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950-1. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das ProSafe Wireless-N VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist.
Page 3 Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 4 Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
Page 5: Table Of Contents
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Contents About This Manual Conventions, Formats, and Scope ..................xiii How to Use This Manual ....................xiv How to Print this Manual ....................xiv Revision History ....................... xv Chapter 1 Introduction Key Features ........................1-1 Dual WAN Ports for Increased Reliability or Outbound Load Balancing ....1-2...
Page 6 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring the WAN Mode (Required for Dual WAN) ..........2-11 Network Address Translation .................2-12 Classical Routing ....................2-12 Configuring Auto-Rollover Mode ................2-13 Configuring Load Balancing ...................2-15 Configuring Dynamic DNS (Optional) ................2-17 Configuring the Advanced WAN Options (Optional) .............2-19 Additional WAN Related Configuration ..............2-21 Chapter 3...
Page 7 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Setting Block Sites (Content Filtering) ..............4-19 Enabling Source MAC Filtering ..................4-22 Port Triggering ......................4-23 E-Mail Notifications of Event Logs and Alerts ...............4-25 Administrator Tips ......................4-25 Chapter 5 Virtual Private Networking Using IPsec Considerations for Dual WAN Port Systems ..............5-1 Configuring an IPsec VPN Connection using the VPN Wizard ........5-3...
Page 8 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Configuring Domains, Groups, and Users ..............6-7 Configuring Applications for Port Forwarding ..............6-7 Adding Servers ......................6-8 Adding A New Host Name ..................6-9 Configuring the SSL VPN Client ...................6-10 Configuring the Client IP Address Range ..............
Page 9 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Using an SNMP Manager .....................8-12 Settings Backup and Firmware Upgrade ..............8-14 Configuring Date and Time Service ................8-16 Chapter 9 Monitoring System Performance Enabling the Traffic Meter ....................9-1 Activating Notification of Events and Alerts ..............9-4 Viewing Firewall Logs .....................9-6 Viewing Router Configuration and System Status ............9-7...
Page 10 ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Related Documents Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You Begin ..............C-1 Cabling and Computer Hardware Requirements ............
Page 11: About This Manual
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About This Manual The NETGEAR ® ProSafe™ Wireless-N VPN Firewall Reference Manual describes how to configure and troubleshoot a ProSafe Wireless-N VPN Firewall. The information in this manual is intended for readers with intermediate computer and networking skills.
Page 12: How To Use This Manual
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 13: Revision History
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Page 14 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual v1.0, July 2008...
Page 15: Introduction
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall connects your wired local area network (LAN) and your wireless LAN clients to the Internet (Wide Area Network) through an external broadband access device such as a cable modem or DSL modem. As a complete security solution, the SRXN3205 incorporates a powerful and flexible firewall to safeguard your networks, while providing advanced IPsec and SSL VPN technologies for secure wired and wireless connections.
Page 16: Key Features
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • “Front Panel Features” • “Rear Panel Features” • “Default IP Address, Login Name, and Password Location” • “Qualified Web Browsers” Key Firewall Features The VPN firewall portion provides the following key features: •...
Page 17: Autosensing Ethernet Connections With Auto Uplink
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Logs security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.
Page 18 IPsec VPN with broad protocol support for secure connection to other IPsec gateways and clients. – Bundled with the single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) – Supports up to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with 3 SSL VPN sessions).
Page 19 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The choice of band is reflected in protocol standard supported, as well as the administration screens displayed to you. For example, if you choose to enable the 2.4 GHz band, only 802.11b/g/n protocols are supported. In addition, in the administration screens, the configuration options for 802.11a/n protocols are greyed out.
Page 20: Easy Installation And Management
Power over Ethernet. Power can be supplied to the SRXN3205 over the Ethernet port from any 802.3af compliant mid-span or end-span source. Please refer to the Appendix for a list of compliant Netgear PoE switches. ????? Autosensing Ethernet Connection with Auto Uplink Interface. Connects to 10/100/1000 •...
Page 21: Maintenance And Support
Visual monitoring. The VPN firewall’s front panel LEDs provide an easy way to monitor its status and activity. Maintenance and Support NETGEAR offers the following features to help you maximize your use of the VPN firewall: • Flash memory for firmware upgrade.
Page 22: Package Contents
At least one computer to act as the host PC with the TCP/IP protocol installed. • At least one computer to act as the wireless client with the TCP/IP protocol and a 802.11a/b/g/n or 802.11a/b/g/n-compliant wireless device installed, such as, a NETGEAR WG511 Wireless Adapter. Package Contents...
Page 23: Front Panel Features
• Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. Front Panel Features...
Page 24 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Factory Defaults button. (5) Using a sharp object, press and hold this button for about ten seconds until the front panel TEST light flashes to reset the VPN firewall to factory default settings. All configuration settings will be lost and the default password will be restored.
Page 25: Rear Panel Features
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Rear Panel Features The rear panel of the ProSafe Wireless-N VPN Firewall includes three SMA dual-band antenna connectors (2 dipole (long); 1 patch (square) and AC-DC power adapter jack. Figure 1-2 New Photo The SRXN3205 rear panel functions are described below: 1.
Page 26: Default Ip Address, Login Name, And Password Location
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the SRXN3205’s enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3New Drawing Qualified Web Browsers...
Page 27: Understanding The Connection Steps
SRXN3205 ProSafe Wireless-N VPN Firewall for complete steps. A PDF of the Installation Guide is on the NETGEAR web site at: http://kbserver.netgear.com. 2. Log in to the VPN Firewall. After logging in, you are ready to set up and configure your firewall.
Page 28: Logging Into The Vpn Firewall Router
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. Configure the WAN options (optional). Optionally, you can enable the WAN port to respond to a ping, and you can change the factory default MTU size and port speed. However, these are advanced features and changing them is not usually required.
Page 29: Navigating The Menus
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Web Configuration Manager appears, displaying the Router Status menu as the default. Figure 2-2 new screen shot Navigating the Menus The Web Configuration Manager menus are organized in a layered structure of main categories and submenus: •...
Page 30: Configuring The Internet Connections
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Submenu. The horizontal grey bar immediately below the main menu is the submenu, containing subcategories of the currently selected primary category. • Tab. Immediately below the submenu bar, at the top of the menu active window, are one or more tabs, further subdividing the currently selected subcategory if necessary.
Page 31 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 2-3 New screen shot 2. Click Auto Detect at the bottom of the menu. Auto Detect will probe the WAN port for a range of connection methods and suggest one that your ISP appears to support. a.
Page 32: Troubleshooting The Isp Connection
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual b. If Auto Detect senses a connection method that requires input from you, it will prompt you for the information. All methods with the required settings are detailed in the following table. Table 2-1. Internet connection methods Connection Method Data Required DHCP (Dynamic IP)
Page 33: Manually Configuring The Internet Connection
5. Click Test to evaluate your entries. The firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR’s Web site appears. If your WAN ISP configuration was successful, you can skip ahead to “Configuring the WAN...
Page 34 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. If you clicked Yes, enter the ISP-provided Login and Password information. 4. In the ISP Type options, select the type of ISP connection you use from the three listed options. (By default, “Other (PPPoE)” is selected, as shown below. Figure 2-7 New screen shot (If your connection is PPPoE, PPTP or BigPond Cable, your ISP will require an initial login.) 5.
Page 35 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 6. If your ISP is Austria Telecom or any other ISP that uses PPTP as a login protocol: a. Select Austria (PPTP). b. Configure the following fields: • Account Name (also known as Host Name or System Name). Enter the valid account name for the PPTP connection (usually your e-mail name as assigned by your ISP).
Page 36 13. Click Test to evaluate your entries. The firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR’s Web site appears. When you are finished, click Logout or proceed to additional setup and management tasks.
Page 37: Configuring The Wan Mode (Required For Dual Wan)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on Network Configuration > WAN Settings and select the WAN Mode tab. The WAN mode page allows you to configure how your firewall uses the external Internet connection.
Page 38: Configuring Dynamic Dns (Optional)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Dynamic DNS (Optional) Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, TZO.com or Iego.net.
Page 39 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To configure Dynamic DNS: 1. Select Network Configuration > Dynamic DNS from the main/submenu. The Dynamic DNS screen displays. Figure 2-11 Need new screenshots (3) The Current WAN Mode section reports the currently configured WAN mode. Only those options that match the configured WAN Mode will be accessible.
Page 40: Configuring The Advanced Wan Options (Optional)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Access the Web site of one of the DDNS service providers and set up an account. Links to three DDNS providers are in the tab header. Figure 2-12 Need new screen shots (3) 4.
Page 41 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the Advanced link to the right of the tabs. The WAN Advanced Options tab is displayed. Figure 2-13 Need new screenshot 3. Edit the default information you want to change. a. MTU Size. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections.
Page 42: Additional Wan Related Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase or lowercase letters A-F). If you select Use This MAC Address and then type in a MAC address, your entry will be overwritten. 4.
Page 43: Lan Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Wireless-N VPN Firewall. This chapter contains the following sections: • “Using the VPN Firewall as a DHCP Server” on page 3-1 •...
Page 44: Configuring The Lan Setup Options
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual and 192.168.1.100, although you may wish to save part of the range for devices with fixed addresses. The VPN Firewall will deliver the following parameters to any LAN device that requests DHCP: • An IP Address from the range you have defined.
Page 45 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 3-1OK 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address. The LAN address of your VPN Firewall (factory default: 192.168.1.1). Note: If you change the LAN IP address of the firewall while connected through the browser, you will be disconnected.
Page 46: Inbound Traffic
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • If another device on your network will be the DHCP server, or if you will manually configure all devices, click Disable DHCP Server. If the DHCP server is enabled, enter the following parameters: •...
Page 47: Managing Groups And Hosts (Lan Groups)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing Groups and Hosts (LAN Groups) The Known PCs and Devices table in the LAN Groups menu contains a list of all known PCs and network devices that are assigned dynamic IP addresses by the VPN Firewall, or have been discovered by other means.
Page 48: Viewing The Lan Groups Database
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • A computer is identified by its MAC address—not its IP address. Hence, changing a computer’s IP address does not affect any restrictions applied to that PC. Viewing the LAN Groups Database To view the LAN Groups Database, follow these steps: 1.
Page 49 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Group. Each PC or device can be assigned to a single group. By default, a computer is assigned to Group 1, unless a different group is chosen from the Group pull-down menu. •...
Page 50: Changing Group Names In The Lan Groups Database
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Changing Group Names in the LAN Groups Database By default, the LAN Groups are named Group1 through Group8. You can rename these group names to be more descriptive, such as Engineering or Marketing. To edit the names of any of the eight available groups: 1.
Page 51: Configuring Dhcp Address Reservation
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring DHCP Address Reservation A computer (or device) will always receive the same IP address, if you specify a reserved IP address for the computer (or device) on the LAN (based on the MAC address of the device), each time it accesses the VPN Firewall’s DHCP server.
Page 52: Configuring Multi Home Lan Ip Addresses
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Multi Home LAN IP Addresses If you have computers on your LAN using different IP address ranges (for example, 172.16.2.0 or 10.0.0.0), you can add “aliases” to the LAN port, giving computers on those networks access to the Internet through the VPN Firewall.
Page 53: Configuring Static Routes
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Click Add. The new Secondary LAN IP address will appear in the Available Secondary LAN IPs table. Note: IP addresses on these secondary subnets cannot be configured in the DHCP server. The hosts on the secondary subnets must be manually configured with IP addresses, gateway IP addresses, and DNS server IP addresses.
Page 54 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click Add and the Add Static Route tab is displayed. Figure 3-6Replaced 3. Enter a route name for this static route in the Route Name field (for identification and management). 4. Select Active to make this route effective. 5.
Page 55: Configuring Routing Information Protocol (Rip)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Routing Information Protocol (RIP) RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks (LANs). It allows a router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
Page 56 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • In Only. The VPN Firewall accepts RIP information from other routers, but does not broadcast its routing table. • Out Only. The VPN Firewall broadcasts its routing table periodically but does not accept RIP information from other routers.
Page 57 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 4 Wireless Configuration This chapter describes how to set up your ProSafe Wireless-N VPN Firewall SRXN3205 for wireless connectivity to your LAN. This basic configuration will enable computers with 802.11b/ g/n or 802.11a/n wireless adapters to do such things as connect to the Internet, or access printers and files on your LAN.
Page 58: Wireless Equipment Placement And Range Guidelines
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your wireless connection can vary significantly based on the physical placement of the VPN Firewall. The latency, data throughput performance, and notebook power consumption of wireless adapters also vary depending on your configuration choices.
Page 59 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 4-1Need new photo/picture There are several ways you can enhance the security of your wireless network: • Restrict Access Based on MAC address. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the SRXN3205.
Page 60 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Basic Wireless Setup (No Security) Configuring Basic Wireless Setup (No Security) To configure the SRXN3205 for basic Wireless access, follow these simple steps: 1. Connect to the SRXN3205 by opening your browser and entering http://192.168.1.1 in the address field.
Page 61 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • You will automatically be logged out of the VPN Firewall after 5 minutes of no activity. Figure 4-3 4. Select Network Configuration from the main menu (orange menu bar). Figure 4-4 5. Select Wireless Settings in the submenu (gray menu bar below the orange menu bar). Wireless Configuration v1.0, July 2008...
Page 62 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The default Wireless Settings screen displays as shown in Figure 4-6. Use this screen to setup your wireless connectivity requirements. Figure 4-5 6. Click Enable Wireless Access Point on the right side of the screen. 7.
Page 63 9. From the Region pull-down menu, select the region where the SRXN3205 will be used (the default Region is North America). Note: If your country or region is not listed, please check with Netgear Support. 10. Select your wireless Mode setting from the pulldown menu or accept the default (11ng) setting.
Page 64 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Completing Wireless Setup (No Security) The purpose of setting your wireless settings in stages, without the security settings, is to eliminate any possible errors in setting up your wireless settings before adding the more complicated security settings.
Page 65 (shown by lost connections and/or slow data transfers). If this happens, you may need to experiment with different channels to see which is the best. See the article on “Wireless Channels” available on the NETGEAR website. A link to this article and other articles of interest can be found in Appendix B, “Related...
Page 66 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • 40 MHz - This is the static, high-throughput mode. Legacy clients will not be able to connect in this mode. 3. Click Apply to save your 802.11b/g/n wireless settings. Configuring 802.11a/n Wireless Settings To configure the 802.11.a/n wireless settings of your VPN Firewall: 1.
Page 67 (shown by lost connections and/or slow data transfers). If this happens, you may need to experiment with different channels to see which is the best. See the article on “Wireless Channels” available on the NETGEAR website. A link to this article and other articles of interest can be found in Appendix B, “Related...
Page 68 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Use the default user name of admin and default password of password— or use a new LAN address and password if you have set them up. 3. Select Network Configuration > Wireless Settings from main/submenu. 4.
Page 69 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you in making your slections: •...
Page 70 SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. NETGEAR is the default SRXN3205 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below.
Page 71 SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. NETGEAR is the default SRXN3205 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below.
Page 72 Data transmissions are always encrypted using the default key. See the document “Wireless Communications” for a full explanation of each of these options, as defined by the IEEE 802.11 wireless communication standard. A link to this document on the NETGEAR website is in Appendix B, “Related Documents.”...
Page 73 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 4-8 Note: If you use a wireless computer to configure WEP settings, you will be disconnected when you click Apply. Reconfigure your wireless adapter to match the new settings or access the VPN Firewall from a wired computer to make any further changes.
Page 74 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 or above include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings.
Page 75 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA2-PSK Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Ensure your client card supports WPA2. Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings. Figure 4-10 To configure WPA2-PSK in the Wireless Settings menu: 1.
Page 76 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK and WPA2-PSK Not all wireless adapters support WPA and WPA2. Client software is required on the client: • Windows XP and Windows 2000 with Service Pack 3 or above do include the client software that supports WPA.
Page 77 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. In the PSK Settings section, enter text in the Passphrase text box (Network Key) with 8-63 characters. 5. Enter a value for Key Lifetime text box in minutes. 6. Click Apply to save your settings. Configuring WPA with RADIUS Not all wireless adapters support WPA.
Page 78 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA2 with RADIUS Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Make sure your client card supports WPA2. Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings. Figure 4-12 To configure WPA2 with RADIUS in the Wireless Settings menu: 1.
Page 79 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. Click Apply to save your settings. Configuring WPA and WPA2 with RADIUS Not all wireless adapters support WPA and WPA2. Client software is required on the client: • Windows XP and Windows 2000 with Service Pack 3, or above, do include the client software that supports WPA.
Page 80 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. – Server Name. The – IP Address. The IP address of the RADIUS Server. The default is 0.0.0.0. –...
Page 81 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Verifying Wireless Connectivity (Security) Using a Client PC with an 802.11b/g/n or 802.11a/n wireless adapter with the correct wireless and security settings for connection to the SRXN3205 (SSID, WEP/WPA, MAC ACL, etc.), verify connectivity by using a browser such as Mozilla Firefox, Netscape, or Internet Explorer to browse the Internet, or check for file and printer access on your network.
Page 82 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Connect Ethernet cable(s) from the LAN ports on your VPN Firewall to a LAN port on ????your router, switch, or hub. Note: By default, SRXN3205 is set with the DHCP client Enabled. If your network uses dynamic IP addresses, you must change this setting.
Page 83: Configuring Advanced Wireless Settings
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Advanced Wireless Settings Configuring Advanced Wireless Settings The Advanced screen of the Wireless Settings menu is used to configure and enable various wireless LAN parameters for all of the 802.11a/n and 802.11b/g/n modes. The default wireless LAN parameters usually work well.
Page 84 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Enter the appropriate information in the fields described below: • RTS Threshold (256 - 2346): Request to Send Threshold. The packet size that is used to determine if it should use the CSMA/CD (Carrier Sense Multiple Access with Collision Detection) mechanism or the CSMA/CA mechanism for packet transmission.
Page 85 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the Setup Access List to the right of the screen. The Access Control List tab and Available Wireless Stations tab appear on screen with the Access Control List tab selected. Figure 4-16need new screen 3.
Page 86 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 6. Click the Add button to the right when you have completed typing. Now, only devices on this list will be allowed to wirelessly connect to the SRXN3205. 7. Repeat these steps for each additional device you want to add to the list. 8.
Page 87 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 5 Firewall Security and Content Filtering This chapter describes how to set up your firewall and use the content filtering features of the SRXN3205 VPN firewall to protect your network. This chapter contains the following sections: •...
Page 88: Services-Based Rules
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from attacks and intrusions.
Page 89 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Quality of Service (QoS) priorities. Each service at its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change this QoS priority if desired to change the traffic mix through the system (see “Setting Quality of Service (QoS) Priorities”...
Page 90 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 5-1. Outbound Rules (continued) Item Description LAN users These settings determine which computers on your network are affected by this rule. Select the desired options: • Any – All PCs and devices on your LAN. •...
Page 91 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP address may change periodically as the DHCP lease expires. Consider using Dyamic DNS (under Network Configuration) so that external users can always find your network (see “Configuring Dynamic DNS (Optional)”...
Page 92 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 5-2. Inbound Rules (continued) Item Description WAN Users These settings determine which Internet locations are covered by the rule, based on their IP addresses. Select the desired option: • Any – All Internet IP address are covered by this rule. •...
Page 93: Order Of Precedence For Rules
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-1need new screenshot Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu as the last item in the list, as shown in Figure 5-1.
Page 94: Creating A Lan Wan Outbound Services Rule
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To change the Default Outbound Policy, follow these steps: 1. Click the LAN WAN Rules tab, shown in Figure 5-1. 2. Change the Default Outbound Policy by choosing Block Always from the drop-down menu. 3.
Page 95: Creating A Lan Wan Inbound Services Rule
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Click Apply to save your changes and reset the fields on this screen. The new rule will be listed on the Outbound Services table. Creating a LAN WAN Inbound Services Rule This Inbound Services Rules table lists all existing rules for inbound traffic. If you have not defined any rules, no rules will be listed.
Page 96: Attack Checks
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. In the Action column adjacent to the rule, do the following: • Click Edit to make any changes to the rule definition of an existing rule. The Outbound Service screen is displayed containing the data for the selected rule. •...
Page 97 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual see that no application is listening at that port, and (3) reply with an ICMP Destination Unreachable packet. When the victimized system is flooded, it is forced to send many ICMP packets, eventually making it unreachable by other clients. The attacker may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, thus making the attacker’s network location anonymous.
Page 98: Inbound Rules Examples
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-4need new screenshot 3. Select the Attack Checks you wish to initiate. 4. Click Apply to save your settings Inbound Rules Examples LAN WAN Inbound Rule: Hosting A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.
Page 99 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-5need new screenshot LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown in Figure 5-6, CU-SeeMe connections are allowed to a local host only from...
Page 100 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-6Need new screenshot LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN.
Page 101 1. Create an inbound rule that allows all protocols. 2. Place the new rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer on your LAN is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
Page 102: Outbound Rules Example
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger, Real Audio, or other non-essential services. LAN WAN Outbound Rule: Blocking Instant Messenger To block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu.
Page 103: Adding Customized Services
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Figure 5-8Need screenshot Adding Customized Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’...
Page 104 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To add a custom service: 1. Select Security > Services from the main/submenu and the Services screen displays. Figure 5-9OK 2. In the Add Custom Services section, enter a descriptive name for the service (this name is for your convenience).
Page 105: Setting Quality Of Service (Qos) Priorities
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Quality of Service (QoS) Priorities The Quality of Service (QoS) Priorities setting determines the priority of a service, which in turn, determines the quality of that service for the traffic passing through the firewall. The user can change this priority: •...
Page 106 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in the Block Sites menu, or if you defined an outbound or inbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted.
Page 107: Setting Block Sites (Content Filtering)
Web site is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available: •...
Page 108 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-11OK 2. Select Yes to enable Content Filtering. 3. Click Apply to activate the menu controls. 5-22 Firewall Security and Content Filtering v1.0, July 2008...
Page 109 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Select any Web Components you wish to block. Proxy, Java, ActiveX, or Cookies 5. Select the groups to which Keyword Blocking will apply, then click Enable to activate Keyword blocking (or disable to deactivate Keyword Blocking). 6.
Page 110: Enabling Source Mac Filtering
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Source MAC Filtering (Address Filter) In the Address Filter submenu, the Source MAC Filter tab allows you to block traffic coming from certain known machines or devices. • By default, the source MAC address filter is disabled. Traffic received from any MAC address is allowed.
Page 111 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-12Need new screenshot 4. Enter your list of source MAC addresses to be blocked in the MAC Address field in the form 01:23:45:67:89:AB, using colon-separated hexadecimal characters (0-9, A-F). 5. Click the Add icon. The MAC address is added to the MAC Addresses table where it will be blocked.
Page 112 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Source MAC Filter screen displays as the default with the IP/MAC Binding tab shown. 2. Click the IP/MAC Binding tab to view the options available. 3. Click the Yes radio button to enable Source MAC Filtering. IP/MAC Bind Table This table lists the currently defined IP/MAC Bind rules: –...
Page 113 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Figure 5-13Need screenshot Example: If three computers are on the LAN with the following setup: Host1 -- MAC address(00:01:02:03:04:05) & IP address(192.168.10.10) Host2 -- MAC address(00:01:02:03:04:06) & IP address(192.168.10.11) Host3 -- MAC address(00:01:02:03:04:07) & IP address(192.168.10.12) All the above host entries are added in IP/MAC Binding table.
Page 114: Port Triggering
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Port Triggering Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partially blocked by the firewall. Using this feature requires the port numbers used by the application. Once configured, port triggering operates as follows: 1.
Page 115 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Port Triggering screen is displayed. Figure 5-14OK 2. Enter a user-defined name for this rule in the Name field. 3. From the Enable pull-down menu, indicate if the rule is enabled or disabled. 4.
Page 116 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Bandwidth Profile The Bandwidth profile sets the limits on the bandwidth of internet link and determines the limits on the data traffic sent to or received from your host. Bandwidth Limiting, by providing limits on the outgoing/incoming traffic, prevents the LAN users for consuming all the bandwidth of internet link.
Page 117 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. To add a Bandwidth Profile to the table, click the Add button. The Add Bandwidth Profile screen displays. 3. Type a value for each parameter text box to create a new bandwidth profile. •...
Page 118 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. To enable the UPnP feature, click the Yes radio button or No to disable it. – No is the default and the VPN firewall will not automatically configure devices. – If Yes is selected it activates the two text boxes to the right. 3.
Page 119: E-Mail Notifications Of Event Logs And Alerts
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual E-Mail Notifications of Event Logs and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified e-mail address. For example, your VPN firewall will log security-related events such as: accepted and dropped packets on different segments of your LAN;...
Page 120: Configuring An Ipsec Vpn Connection Using The Vpn Wizard
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 6 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Wireless-N VPN Firewall to provide secure, encrypted communications between your local network and a remote network or computer.
Page 121: Creating A Vpn Tunnel To A Gateway
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a VPN Tunnel to a Gateway You can configure multiple gateway VPN tunnel policies through the VPN Wizard. You can also set up multiple remote VPN client policies through the VPN Wizard. A remote client policy can support up to 200 clients.
Page 122 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Create a Connection Name. Enter an appropriate name for the connection. This name is not supplied to the remote VPN endpoint. It is used to help you manage the VPN settings. 3. Enter a Pre-shared Key. The key must be entered both here and on the remote VPN gateway, or the remote VPN client.
Page 123 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-2need new screenshot You can also view the status of your IKE Policies by clicking the IKE Policies tab. The IKE Policies screen is displayed. Then view or edit the parameters of the new policy by clicking Edit in the Action column adjacent to the policy.
Page 124: Creating A Vpn Tunnel Connection To A Vpn Client
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-3OK Creating a VPN Tunnel Connection to a VPN Client You can set up multiple remote VPN Client policies through the VPN Wizard by changing the default End Point Information settings created for each policy by the wizard. A remote client policy can support up to 200 clients.
Page 125 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-4New screenshot 2. Select VPN Client as your VPN tunnel connection. The wizard needs to know whether you are planning to connect to a remote gateway or setting up the connection for a remote client PC to establish a secure connection to this device. 3.
Page 126 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Alternatively, you can provide the Internet name of the gateway. The Internet name is the Fully Qualified Domain Name (FQDN); for example, vpn.netgear.com. 7. Enter the Local WAN IP Address or Internet name.
Page 127 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-6Need new screenshot 2. You can also view the status of your IKE Policies by clicking the IKE Policies tab. The IKE Policies screen displays. Virtual Private Networking Using IPsec v1.0, July 2008...
Page 128 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-7 3. To see the detailed settings of the IKE Policy, click the Edit button next to the policy. The Edit IKE Policy tab is displayed Figure 6-8OK Virtual Private Networking Using IPsec v1.0, July 2008...
Page 129: Managing Vpn Tunnel Policies
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing VPN Tunnel Policies After you use the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name you selected as the VPN tunnel connection name during Wizard setup identifies both the VPN policy and IKE policy.
Page 130: About The Ike Policy Table
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in the List of IKE Policies and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies directly on the List of IKE Policies.
Page 131: Vpn Policy
To gain a more complete understanding of the encryption, authentication and DH algorithm technologies, see Appendix B, “Related Documents” for a link to the NETGEAR website. VPN Policy You can create two types of VPN policies. When using the VPN Wizard to create a VPN policy, only the Auto method is available.
Page 132: Vpn Tunnel Connection Status
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Traffic covered by a policy will automatically be sent via a VPN tunnel. 2. When traffic is covered by two or more policies, the first matching policy will be used. (In this situation, the order of the policies is important.
Page 133 If more PCs are to be connected, an additional policy or policies must be created. Each PC will use Netgear's ProSafe VPN Client software. Since the PC's IP address is assumed to be unknown, the PC must always be the initiator of the connection.
Page 134: Configuring The Vpn Client
6-24, respectively). As an alternative to the local user database, you can also choose a RADIUS server. Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to the SRXN3205. To configure your VPN client: 1.
Page 135: Testing The Connection
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The value entered under Domain Name will be of the form “<name><XY>.fvg_remote.com”, where each user must use a different variation on the Domain Name entered here. The <name> is the policy name used in the SRXN3205 configuration. In this example, it is “home”. X and Y are an arbitrary pair of numbers chosen for each user.
Page 136: Manually Assigning Ip Addresses To Remote Users (Modeconfig)
– LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The Mode...
Page 137 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Click the Mode Config tab. The Mode Config tab is displayed.. Figure 6-9OK 4. Click Add. The Add Mode Config Record screen is displayed Figure 6-10OK 5. Enter a descriptive Record Name such as “Sales”. 6-18 Virtual Private Networking Using IPsec v1.0, July 2008...
Page 138 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 6. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients. Note: The IP Pool should not be within your local network IP addresses. Use a different range of private IP addresses such as 172.20.xx.xx.
Page 139 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual a. Enter a descriptive name in the Policy Name Field such as “salesperson”. This name will be used as part of the remote identifier in the VPN client configuration. b. Set Direction/Type to Responder. c.
Page 140: Configuring The Prosafe Vpn Client For Modeconfig
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1. Right-click the VPN client icon in the Windows toolbar. In the upper left of the Policy Editor window, click the New Policy editor icon.
Page 141: Extended Authentication (Xauth) Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual a. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the Diffie- Hellman Group 2 from the PFS Key Group pull-down menu. c.
Page 142: Configuring Xauth For Vpn Clients
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • IPsec Host. If you want authentication by the remote gateway, enter a User Name and Password to be associated with this IKE policy. If this option is chosen, the remote gateway must specify the user name and password used for authenticating this gateway. Note: If a RADIUS-PAP server is enabled for authentication, XAUTH will first check the local User Database for the user credentials.
Page 143: User Database Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. In the Extended Authentication section, choose the Authentication Type from the pull- down menu which will be used to verify user account information. Select • Edge Device to use this firewall as a VPN concentrator where one or more gateway tunnels terminate.
Page 144 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > IPsec VPN from the main/submenu. 2. Click the RADIUS Client tab and the RADIUS Client screen displays. Figure 6-12Need new sceenshot 3. To activate (enable) the Primary RADIUS server, click the Yes radio button. The primary server options become active.
Page 145 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The SRXN3205 is acting as a NAS (Network Access Server), allowing network access to external users after verifying their authentication information. In a RADIUS transaction, the NAS must provide some NAS Identifier information to the RADIUS Server. Depending on the configuration of the RADIUS Server, the SRXN3205’s IP address may be sufficient as an identifier, or the server may require a name, which you would enter here.
Page 146: Understanding The Portal Options
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the SRXN3205 can authenticate itself to an SSL-enabled client, such as a standard web browser.
Page 147: Planning For Ssl Vpn
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to the firewall. Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the remote PC that will allow the remote user to virtually join the corporate network. The SSL VPN Client provides a PPP (point-to-point) connection between the client and the firewall, and a virtual network interface is created on the user’s PC.
Page 148: Creating The Portal Layout
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can define global policies, group policies, or individual policies. Because you must assign an authentication domain when creating a group, the group is created after you have created the domain.
Page 149 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by selecting from available portal layouts in the configuration of a Domain. When you have completed your Portal Layout, you can apply the Portal Layout to one or more authentication domains (see XREF to apply a Portal Layout to a Domain). You can also make the new portal the default portal for the SSL VPN gateway by selecting the default radio button adjacent to the portal layout name.
Page 150 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2OK 3. In the Portal Layout and Theme Name section of the menu, configure the following entries: a. Enter a descriptive name for the portal layout in the Portal Layout Name field. This name will be part of the path of the SSL VPN portal URL.

NETGEAR ProSafe SRXN3205 Reference Manual

About this Manual

Chapter 1 Introduction

Chapter 2 Connecting the FVS336G to the Internet

Chapter 3 LAN Configuration

Chapter 4 Firewall Protection and Content Filtering

Chapter 5 Virtual Private Networking Using Ipsec

Chapter 6 Virtual Private Networking Using SSL Connections

Quick Links

Related Manuals for NETGEAR ProSafe SRXN3205

Summary of Contents for NETGEAR ProSafe SRXN3205

Table of Contents