NETGEAR ProSafe FVS114 Reference Manual page 115

Now, the traffic from devices within the range of the LAN subnet addresses on FVS114 A and
Gateway B will be authenticated using the certificates rather than via a shared key.
8. Set up Certificate Revocation List (CRL) checking.
Get a copy of the CRL from the CA and save it as a text file.
a.
Note: The procedure for obtaining a CRL differs from a CA like Verisign and a CA such
as a Windows 2000 certificate server, which an organization operates for providing
certificates for its members. Follow the procedures of your CA.
From the main menu VPN section, click the CRL link.
b.
Click Add to add a CRL.
c.
Click Browse to locate the CRL file.
d.
Click Upload.
e.
Now expired or revoked certificates will not be allowed to use the VPN tunnels managed by
IKE policies which use this CA.
Note: You must update the CRLs regularly in order to maintain the validity of the
certificate-based VPN policies.
Advanced Virtual Private Networking
Reference Manual for the ProSafe VPN Firewall FVS114
202-10098-01, April 2005
6-27