Page 1: Reference Manual
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA October 2008 202-10416-01 v1.0...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
Page 4 Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 5 Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
Page 6 1.0, October 2008...
Page 7: Table Of Contents
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope ..................xiii How to Use This Manual ....................xiv How to Print this Manual ....................xiv Revision History ....................... xv Chapter 1 Introduction Key Firewall Features .....................1-1 A Powerful, True Firewall with Content Filtering ............1-2 Autosensing Ethernet Connections with Auto Uplink ..........1-2 Extensive Protocol Support ..................1-3 Advanced VPN Support for Both IPsec and SSL .............1-3...
Page 8 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode ...................2-10 Configuring Dynamic DNS ................... 2-11 Configuring the Advanced WAN Options (Optional) .............2-12 Additional WAN Related Configuration ..............2-14 Chapter 3 LAN Configuration Configuring the LAN Setup Options ................3-1 Using the VPN Firewall as a DHCP Server ..............3-3 Configuring DHCP Address Reservation ................3-4 Managing Groups and Hosts (LAN Groups) ..............3-4 Viewing the LAN Groups Database .................3-5...
Page 9 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address ............4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering ..............5-1 Using Rules & Services to Block or Allow Traffic ............5-2 Services-Based Rules ....................5-2 Viewing the Firewall Rules ..................5-7 Order of Precedence for Rules ................5-7 Setting the Outbound Policy ..................5-7...
Page 10 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection ................... 6-11 Managing VPN Tunnel Policies ..................6-11 About IKE .......................6-12 Managing IKE Policies ...................6-12 About the IKE Policy Table ..................6-13 VPN Policy ......................6-15 VPN Tunnel Connection Status ................6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig) ......6-17 Mode Config Operation ..................6-17 Configuring the VPN Firewall .................6-17 Configuring the ProSafe VPN Client for ModeConfig ..........6-20...
Page 11 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users .............8-1 Creating a Domain ....................8-1 Creating a Group ......................8-3 Creating a New User Account ..................8-4 Setting User Login Policies ..................8-5 Managing Certificates .....................8-8 Viewing and Loading CA Certificates ...............8-8 Viewing Active Self Certificates ................8-9...
Page 12 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status ................... 11-12 Monitoring VPN Tunnel Connection Status ..............11-13 Reviewing the VPN Logs .................... 11-14 Chapter 12 Troubleshooting Basic Functions ......................12-1 Power LED Not On ....................12-2 LEDs Never Turn Off ....................12-2 LAN or WAN Port LEDs Not On ................12-2 Troubleshooting the Web Configuration Interface ............12-2 Troubleshooting the ISP Connection ................12-4...
Page 13: About This Manual
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About This Manual The NETGEAR ® ProSafe™ Wireless-N VPN FirewallReference Manual describes how to configure and troubleshoot a ProSafe Wireless-N VPN Firewall. The information in this manual is intended for readers with intermediate computer and networking skills.
Page 14: How To Use This Manual
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 15: Revision History
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Page 16 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual v1.0, October 2008...
Page 17: Introduction
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to your local Ethernet and wireless networks via a broadband cable or DSL modem. The SRXN3205 is a complete security solution with a powerful and flexible firewall to safeguard your networks along with advanced IPsec and SSL VPN technologies for secure wired and wireless connections.
Page 18: A Powerful, True Firewall With Content Filtering
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs for easy monitoring of status and activity •...
Page 19: Extensive Protocol Support
IPsec VPN with broad protocol support for secure connection to other IPsec gateways and clients. – Bundled with the single-user license of the NETGEAR ProSafe VPN Client software (VPN01L) – Supports up to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with 3 SSL VPN sessions).
Page 20: Wireless Networking Features
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for mobile users to selected corporate resources without requiring a pre-installed VPN client on their computers. – Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, to provide client-free access with customizable user portals and support for a wide variety of user repositories.
Page 21: Easy Installation And Management
ISP account. • VPN Wizard. The firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the IPsec VPN tunnels are interoperable with other VPNC-compliant VPN firewalls and clients.
Page 22: Package Contents
• Warranty and Support Information Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. Front Panel Features...
Page 23 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 1-1. Description of Front Panel Items Item Activity Description On Green Power is supplied to the firewall. (Power) Power is not supplied to the firewall. TEST On Amber Test mode: The system is initializing (On) or the initialization has failed (Blinking).
Page 24: Rear Panel Features
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Rear Panel Features The rear panel of the ProSafe Wireless-N VPN Firewall is shown below. Figure 1-2 New Photo 1. Detachable (SMA) Antennas: The SRXN3205 provides three SMA connectors for the detachable antennas (two dipole and one patch). For the best performance, attach the patch antenna to the middle connector and attach the dipole antennas to the two connectors on both corners.
Page 25: Default Ip Address, Login Name, And Password Location
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the SRXN3205’s enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers...
Page 26 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1-10 Introduction v1.0, October 2008...
Page 27: Connecting To The Internet (Wan)
1. Connect the firewall to your network. Connect the cables and restart your network according to the instructions in the printed installation guide included in the product package. A PDF of the Installation Guide is on the product CD and on the NETGEAR web site at: http://kbserver.netgear.com.
Page 28: Logging Into The Vpn Firewall
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to get an IP address via DHCP. To log in to the firewall, follow these steps: 1. Open a browser, and enter https://192.168.1.1 in the address field. The login window displays in the browser.
Page 29: Navigating The Menus
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Navigating the Menus The Web Configuration Manager menus are organized in a layered structure of main categories and submenus: • Main menu. The horizontal orange bar near the top of the page is the main menu, containing the primary configuration categories.
Page 30 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select Network Configuration > WAN Settings from the menu/submenu. The WAN tabs appear on screen with the WAN ISP Settings tab in view. Figure 2-3 2. Click Auto Detect at the bottom of the menu. Auto Detect will probe the WAN port for a range of connection methods and suggest one that your ISP appears to support.
Page 31 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual b. If Auto Detect senses a connection method that requires input from you, it will prompt you for the information. All methods with the required settings are detailed in the following table. Table 2-1. Internet connection methods Connection Method Data Required DHCP (Dynamic IP)
Page 32: Manually Configuring The Internet Connection
5. Click Test to evaluate your entries. The firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR’s Web site appears. If the automatic WAN ISP configurations failed, you can attempt a manual configuration as described in the following section, or see “Troubleshooting the ISP Connection”...
Page 33 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. In the ISP Type options, select the type of ISP connection you use from the three listed options. (By default, “Other (PPPoE)” is selected, as shown below. Figure 2-7 (If your connection is PPPoE, PPTP or BigPond Cable, your ISP will require an initial login.) 5.
Page 34 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual a. Select Austria (PPTP). b. Configure the following fields: • Account Name (also known as Host Name or System Name). Enter the valid account name for the PPTP connection (usually your e-mail name as assigned by your ISP). Some ISPs require entering your full email address here.
Page 35 13. Click Test to evaluate your entries. The firewall will attempt to connect to the NETGEAR Web site. If a successful connection is made, NETGEAR’s Web site appears. When you are finished, click Logout or proceed to additional setup and management tasks.
Page 36: Configuring The Wan Mode
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on Network Configuration > WAN Settings and select the WAN Mode tab. The WAN mode page allows you to configure how your firewall uses the external Internet connection.
Page 37: Configuring Dynamic Dns
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Dynamic DNS Note: Dynamic DNS enables you to employ some VPN configurations that require using an FQDN instead of the WAN IP address. Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names.
Page 38: Configuring The Advanced Wan Options (Optional)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To configure Dynamic DNS: 1. Select Network Configuration > Dynamic DNS from the main/submenu. The Current WAN Mode section reports the currently configured WAN mode. Only those options that match the configured WAN Mode will be accessible. 2.
Page 39 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the Advanced link to the right of the tabs. The WAN Advanced Options tab is displayed. Figure 2-11 Need new screenshot 3. Edit the default information you want to change. a. MTU Size. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections.
Page 40: Additional Wan Related Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase or lowercase letters A-F). If you select Use This MAC Address and then type in a MAC address, your entry will be overwritten. 4.
Page 41: Lan Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Wireless-N VPN Firewall. This chapter contains the following sections: • “Configuring the LAN Setup Options” on page 3-1 •...
Page 42 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 3-1 2. In the LAN TCP/IP Setup section, configure the following settings: • IP Address. The LAN address of your firewall (factory default: 192.168.1.1). Note: If you change the LAN IP address of the firewall while connected through the browser, you will be disconnected.
Page 43: Using The Vpn Firewall As A Dhcp Server
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Starting IP Address. Specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN will be assigned an IP address between this address and the Ending IP Address. The IP address 192.168.1.2 is the default start address. •...
Page 44: Configuring Dhcp Address Reservation
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual addresses will be assigned to the attached PCs from a pool of addresses specified in this menu. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN. Specify the pool of IP addresses to be assigned by setting the Starting IP Address and Ending IP Address.
Page 45: Viewing The Lan Groups Database
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Scanning the Network. The local network is scanned using ARP requests. The ARP scan will detect active devices that are not DHCP clients. However, sometimes the name of the PC or device cannot be accurately determined, and will appear in the database as Unknown. •...
Page 46: Adding Devices To The Lan Groups Database
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the LAN Groups tab and the LAN Groups tab displays. Figure 3-2 The Known PCs and Devices table lists the entries in the LAN Groups Database. For each computer or device, the following fields are displayed: •...
Page 47: Changing Group Names In The Lan Groups Database
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • IP Address Type. From the pull-down menu, choose how this device receives its IP address. The choices are: – Fixed (Set on PC). The IP address is statically assigned on the computer. –...
Page 48: Configuring Multi Home Lan Ip Addresses
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 3-3 2. Select the radio button next to any group name to make that name active for editing. 3. Type a new name in the field. 4. Click Apply to save your setting, each time you change a name in the field. {{Possible bug}} 5.
Page 49 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the LAN Multi-homing tab and the LAN Multi-homing screen displays. Figure 3-4 The Available Secondary LAN IPs table lists the secondary LAN IP addresses added to the firewall. • IP Address. The “alias,” an additional IP address hosted by the LAN port of the firewall. This address will be the gateway for computers on the secondary subnet.
Page 50: Configuring Static Routes
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring tatic Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You should configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your network.
Page 51: Configuring Routing Information Protocol (Rip)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Enter a route name for this static route in the Route Name field (for identification and management). 4. Select Active to make this route effective. 5. Select Private if you want to limit access to the LAN only. The static route will not be advertised in RIP.
Page 52: Lan Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The RIP Configuration menu displays. Figure 3-7 3. From the RIP Direction pull-down menu, choose the direction in which the firewall will send and receive RIP packets. The choices are: • None. The firewall neither broadcasts its route table nor does it accept any RIP packets from other routers.
Page 53 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • RIP-2. This includes all the functionality of RIPv1 plus it supports subnet information. Though the data is sent in RIP-2 format for both RIP-2B and RIP-2M, the modes in which packets are sent are different. –...
Page 54 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3-14 LAN Configuration v1.0, October 2008...
Page 55: Wireless Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 4 Wireless Configuration This chapter describes how to set up your ProSafe Wireless-N VPN Firewall SRXN3205 for wireless connectivity to your LAN. This basic configuration will enable computers with 802.11b/ g/n or 802.11a/n wireless adapters to do such things as connect to the Internet, or access printers and files on your LAN.
Page 56: Wireless Equipment Placement And Range Guidelines
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your wireless connection can vary significantly based on the physical placement of the VPN firewall. The latency, data throughput performance, and notebook power consumption of wireless adapters also vary depending on your configuration choices.
Page 57 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 4-1Need new photo/picture There are several ways you can enhance the security of your wireless network: • Restrict Access Based on MAC address. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the SRXN3205.
Page 58: Basic Wireless Setup (No Security)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Basic Wireless Setup (No Security) Test wireless connectivity in your environment by setting up the unit without wireless security. To configure the SRXN3205 for basic Wireless access, follow these simple steps: 1. Log in to the SRXN3205. 2.
Page 59: Completing Wireless Setup (No Security)
6. From the Region pull-down menu, select the region where the SRXN3205 will be used (the default Region is North America). Note: If your country or region is not listed, please check with Netgear Support. 7. Select your wireless Mode setting from the pulldown menu or accept the default (11ng) setting.
Page 60: Testing Wireless Connectivity (No Security)
(shown by lost connections and/or slow data transfers). If this happens, you may need to experiment with different channels to see which is the best. See the article on “Wireless Channels” available on the NETGEAR website. A link to this article and other articles of interest can be found in Appendix B, “Related...
Page 61 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. From your Web browser, log in to the SRXN3205 using its default address of http://192.168.1.1. 2. Use the default user name of admin and default password of password— or use a new LAN address and password if you have set them up.
Page 62: Wireless Security Types And Settings
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you in making your selections: •...
Page 63: Ssid And Wep/Wpa Settings Setup Form
SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. NETGEAR is the default SRXN3205 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below.
Page 64 SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. NETGEAR is the default SRXN3205 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below.
Page 65: Configuring Wep
Data transmissions are always encrypted using the default key. See the document “Wireless Communications” for a full explanation of each of these options, as defined by the IEEE 802.11 wireless communication standard. A link to this document on the NETGEAR website is in Appendix B, “Related Documents.”...
Page 66: Configuring Wpa-Psk
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 or above include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings.
Page 67: Configuring Wpa-Psk And Wpa2-Psk
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK and WPA2-PSK Not all wireless adapters support WPA and WPA2. Client software is required on the client: • Windows XP and Windows 2000 with Service Pack 3 or above do include the client software that supports WPA.
Page 68 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you select the WPA data encryption, only the feature selections for WPA and RADIUS are made active on screen, while the other options and features remain grayed out. 2. Select RADIUS from the WPA with drop-down menu on the right. PSK is the default WPA and the RADIUS Server Settings are highlighted.
Page 69 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. – Server Name. The – IP Address. The IP address of the RADIUS Server. The default is 0.0.0.0. –...
Page 70: Verifying Wireless Connectivity (Security)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – IP Address. The IP address of the RADIUS Server. The default is 0.0.0.0. – RADIUS Port. The port number of the RADIUS Server. The default is 1812. – Shared Key. This is shared between the VPN firewall and the RADIUS Server while authenticating the supplicant (wireless client).
Page 71: Advanced Wireless Settings
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Connect Ethernet cable(s) from the LAN ports on your firewall to a LAN port on your switch. Note: By default, SRXN3205 is set with the DHCP client Enabled. If your network uses dynamic IP addresses, you must change this setting. To connect to the SRXN3205 after the DHCP server on your network assigns it a new IP address, enter the VPN firewall name into your Web browser.
Page 72: Restricting Wireless Access By Mac Address
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • RTS Threshold (256 - 2346): Request to Send Threshold. The packet size that is used to determine if it should use the CSMA/CD (Carrier Sense Multiple Access with Collision Detection) mechanism or the CSMA/CA mechanism for packet transmission. With the CSMA/CD transmission mechanism, the transmitting station sends out the actual packet as soon as it has waited for the silence period.
Page 73 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Access Control List tab and Available Wireless Stations tab appear on screen with the Access Control List tab selected. 3. Click the radio button for Yes in the ACL Enable section to turn on the Access Control List feature.
Page 74: Wireless Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4-20 Wireless Configuration v1.0, October 2008...
Page 75: Firewall Security And Content Filtering
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 5 Firewall Security and Content Filtering This chapter describes how to set up your firewall and use the content filtering features of the SRXN3205 VPN firewall to protect your network. This chapter contains the following sections: •...
Page 76: Using Rules & Services To Block Or Allow Traffic
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from attacks and intrusions.
Page 77 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Quality of Service (QoS) priorities. Each service at its own native priority that impacts its quality of performance and tolerance for jitter or delays. You can change this QoS priority if desired to change the traffic mix through the system (see “Setting Quality of Service (QoS) Priorities”...
Page 78 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 5-1. Outbound Rules (continued) Item Description LAN users These settings determine which computers on your network are affected by this rule. Select the desired options: • Any – All PCs and devices on your LAN. •...
Page 79 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP address may change periodically as the DHCP lease expires. Consider using Dyamic DNS (under Network Configuration) so that external users can always find your network (see “Configuring Dynamic DNS”...
Page 80 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 5-2. Inbound Rules (continued) Item Description WAN Users These settings determine which Internet locations are covered by the rule, based on their IP addresses. Select the desired option: • Any – All Internet IP address are covered by this rule. •...
Page 81: Viewing The Firewall Rules
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing the Firewall Rules To view the firewall rules, go to Security > Firewall from the main. The LAN WAN Rules tab displays. Figure 5-1 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu as the last item in the list, as shown in Figure 5-1.
Page 82: Creating A Lan Wan Outbound Services Rule
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Click Apply. Creating a LAN WAN Outbound Services Rule An outbound rule will block or allow the selected application from an internal IP LAN address to an external WAN IP address according to the schedule created in the Schedule menu. You can also tailor these rules to your specific needs (see “Administrator Tips”...
Page 83 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Click Add under the Inbound Services Table. The Add LAN WAN Inbound Service screen is displayed. Figure 5-3 2. Configure the parameters and click Apply to save your changes and reset the fields on this screen.
Page 84: Attack Checks
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you to specify whether or not the firewall should be protected against common attacks in the LAN and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined below: •...
Page 85: Inbound Rules Examples
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, if a VPN Client or Gateway on the LAN side of this firewall wants to connect to another VPN endpoint on the WAN (placing this firewall between two VPN end points), encrypted packets are sent to this firewall.
Page 86 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-5 LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown in Figure 5-6, CU-SeeMe connections are allowed to a local host only from...
Page 87 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual In the example shown in Figure 5-7, we have configured multi-NAT to support multiple public IP addresses on one WAN interface. The inbound rule instructs the firewall to host an additional public IP address (10.1.0.5) and to associate this address with the Web server on the LAN (at 192.168.0.2).
Page 88: Outbound Rules Example
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Place the new rule below all other inbound rules. Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer on your LAN is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
Page 89: Adding Customized Services
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Customized Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
Page 90: Setting Quality Of Service (Qos) Priorities
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 6. Click Add. The new custom service will be added to the Custom Services Table. Modifying a Service To edit the parameters of an existing service: 1. In the Custom Services Table, click the Edit button adjacent to the service you want to edit. The Edit Service screen is displayed.
Page 91: Setting Schedules To Block Or Allow Traffic
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in the Block Sites menu, or if you defined an outbound or inbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted.
Page 92: Setting Block Sites (Content Filtering)
Web site is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available: •...
Page 93 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 5-10 2. Select Yes to enable Content Filtering. 3. Click Apply to activate the menu controls. 4. Select any Web Components you wish to block. Proxy, Java, ActiveX, or Cookies 5. Select the groups to which Keyword Blocking will apply, then click Enable to activate Keyword blocking (or disable to deactivate Keyword Blocking).
Page 94: Enabling Source Mac Filtering (Address Filter)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Trusted Domain will appear in the Trusted Domains table. You can also edit any entry by clicking Edit in the Action column adjacent to the entry. 8. Click Apply to save your settings. Enabling Source MAC Filtering (Address Filter) In the Address Filter submenu, the Source MAC Filter tab allows you to block traffic coming from certain known machines or devices.
Page 95: Ip/Mac Binding Tab
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Enter your list of source MAC addresses to be blocked in the MAC Address field in the form 01:23:45:67:89:AB, using colon-separated hexadecimal characters (0-9, A-F). 5. Click the Add icon. The MAC address is added to the MAC Addresses table where it will be blocked. 6.
Page 96 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Click the Yes radio button to enable Source MAC Filtering. IP/MAC Bind Table lists the currently defined IP/MAC Bind rules: – Name: Displays the user-defined name for this rule. – MAC Addresses: Displays the MAC Addresses for this rule. –...
Page 97: Enabling Port Triggering
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Port Triggering Port triggering allows some applications running on a LAN network to be available to external applications that would otherwise be partially blocked by the firewall. Using this feature requires the port numbers used by the application. Once configured, port triggering operates as follows: 1.
Page 98: Bandwidth Profile
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select Security from the main menu and Port Triggering from the submenu. Figure 5-13 The Port Triggering screen is displayed. 2. Enter a user-defined name for this rule in the Name field. 3.
Page 99 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Example: When a new connection is established on the VPN firewall, the firewall rules are search for a corresponding rule limit to the connection. If the rule has a bandwidth profile setting, then the firewall will create a bandwidth class in the kernel.
Page 100: Upnp (Universal Plug And Play)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. If you decide not to enter a new profile once you started a new profile, click Bandwidth Profile in the submenu to return to the List of Bandwidth Profiles table. 5. Click Apply to save your settings and accept the new bandwidth profile. 6.
Page 101: E-Mail Notifications Of Event Logs And Alerts
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – Protocol: Indicates the network protocol (i.e. HTTP, FTP, etc.) used by the device to connect to the VPN firewall. – Int. Port (Internal Port): Indicates if any internal ports are opened by the UPnP device. –...
Page 102 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5-28 Firewall Security and Content Filtering v1.0, October 2008...
Page 103: Virtual Private Networking Using Ipsec
Security Association, traffic selectors, authentication algorithm, and encryption. The parameters used by the VPN wizard are based on the recommendations of the VPN Consortium (VPNC), an organization that promotes multi-vendor VPN interoperability. The section below provides wizard and NETGEAR VPN Client configuration procedures for the following scenarios: •...
Page 104: Creating Gateway To Gateway Vpn Tunnels With The Wizard
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating Gateway to Gateway VPN Tunnels with the Wizard You can configure multiple gateway VPN tunnel policies through the VPN Wizard. You can also set up multiple remote VPN client policies through the VPN Wizard. To set up a gateway VPN Tunnel using the VPN Wizard: 1.
Page 105 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 6. Enter the Remote WAN IP Address or Internet Name of the gateway to which you want to connect. • Both the remote WAN address and your local WAN address are required. • The remote WAN IP address must be a public address or the Internet name of the remote gateway.
Page 106: Creating A Client To Gateway Vpn Tunnel With The Wizard
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a Client to Gateway VPN Tunnel with the Wizard Follow these steps to configure the VPN client. 1. From the main menu, go to VPN > IPSec VPN > VPN Wizard. The VPN Wizard displays. Figure 6-2 2.
Page 107: Viewing Or Modifying Ike And Vpn Policy Settings
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing or Modifying IKE and VPN Policy Settings Follow these steps to view or modify IKE and VPN policy settings. 1. For IKE policy settings, go to VPN > IPSec VPN > IKE Policies. Figure 6-3 To view or modify the IKE policy settings, click Edit in the Action column of the policy you want to review.
Page 108 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. For VPN policy settings, go to VPN > IPSec VPN > VPN Policies. Figure 6-4 To view or modify the IKE Polic, click Edit in the Actioni columnof the policy you want to review.
Page 109: Creating A Vpn Client To Srxn3205 Connection
The PCs may be directly connected to the Internet or may be behind NAT routers. Each PC will use Netgear's ProSafe VPN Client software. Since the PC's IP address is assumed to be unknown, the PC must always be the initiator of the connection.
Page 110: Configuring The Vpn Client
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to the SRXN3205. To configure your VPN client: 1. Right-click on the VPN client icon in your Windows toolbar and choose Security Policy Editor.
Page 111 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 7. In the left frame, click My Identity. Figure 6-6 8. From the Select Certificate pull-down menu, choose None. 9. From the ID Type pull-down menu, choose Domain Name. 10. Leave Virtual Adapter disabled, and click your computer’s Network Adapter. Your current IP address will appear.
Page 112 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. For the Phase 1 Negotiation Mode, check the Aggressive Mode radio box. Figure 6-7 5. PFS should be disabled, and Enable Replay Detection should be enabled. 6. In the left frame, expand Authentication (Phase 1) and choose Proposal 1. The Proposal 1 fields should mirror those in the following figure.
Page 113: Testing The Connection
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 7. In the left frame, expand Key Exchange (Phase 2) and choose Proposal 1. The fields in this proposal should also mirror those in the following figure. No changes should be necessary. Figure 6-9 8.
Page 114: About Ike
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wizard setup identifies both the VPN policy and IKE policy. You can edit existing policies, or add new VPN and IKE policies directly in the policy tables. Note: An IKE policy cannot be edited if it is associated with an enabled VPN policy. About IKE The IKE (Internet Key Exchange) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys used in IPsec.
Page 115: About The Ike Policy Table
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in the List of IKE Policies and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies directly on the List of IKE Policies.
Page 116 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – Authentication Method. Select Pre-shared Key for a simple password based key. Selecting RSA-Signature will disable the Pre-shared key text box and uses the Active Self Certificate uploaded in the Certificates page. In that case, a certificate must be configured in order for RSA-Signature to work.
Page 117: Vpn Policy
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is authenticated by a remote gateway with a username and password combination. In this mode, the router acts as a VPN Client of the remote gateway. VPN Policy You can create two types of VPN policies. When using the VPN Wizard to create a VPN policy, only the Auto method is available.
Page 118: Vpn Tunnel Connection Status
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Name. Each policy is given a unique name (the Connection Name when using the VPN Wizard). • Type. The Type is “Auto” or “Manual” as described previously (Auto is used during VPN Wizard configuration).
Page 119: Manually Assigning Ip Addresses To Remote Users (Modeconfig)
– LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The Mode...
Page 120 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Click the Mode Config tab. The Mode Config tab is displayed. Figure 6-10 4. Click Add. The Add Mode Config Record screen is displayed Figure 6-11 5. Enter a descriptive Record Name such as “Sales”. 6.
Page 121 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your firewall’s LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the LAN subnet of the firewall.) 11.
Page 122: Configuring The Prosafe Vpn Client For Modeconfig
10. Click Apply. The new policy will appear in the IKE Policies Table. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. To configure the client PC: 1.
Page 123 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual d. Check the Connect using radio button and choose Secure Gateway Tunnel from the pull- down menu. e. From the ID Type pull-down menu, choose Domain name and enter the FQDN of the firewall;...
Page 124: Extended Authentication (Xauth) Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection policy you configured will appear; in this case “My Connections\modecfg_test”. 2. Click on the connection. Within 30 seconds the message “Successfully connected to MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read “On”.
Page 125: Configuring Xauth For Vpn Clients
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring XAUTH for VPN Clients Once the XAUTH has been enabled, you must establish user accounts in the User Database to be authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server. Note: If you are modifying an existing IKE Policy to add XAUTH, if it is in use by a VPN policy, the VPN policy must be disabled before you can modify the IKE Policy.
Page 126: User Database Configuration
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – RADIUS–CHAP or RADIUS–PAP (depending on the authentication mode accepted by the RADIUS server) to add a RADIUS server. If RADIUS–PAP is selected, the firewall will first check in the user database to see if the user credentials are available. If the user account is not present, the firewall will then connect to the RADIUS server (see “RADIUS Client Configuration”...
Page 127 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 6-13 3. To activate (enable) the Primary RADIUS server, click the Yes radio button. The primary server options become active. 4. Configure the following entries: • Primary RADIUS Server IP address. The IP address of the RADIUS server. •...
Page 128 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 8. Click Apply to save the settings. Note: Selection of the Authentication Protocol, usually PAP or CHAP, is configured on the individual IKE policy screens. 6-26 Virtual Private Networking Using IPsec v1.0, October 2008...
Page 129: Virtual Private Networking
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the SRXN3205 can authenticate itself to an SSL-enabled client, such as a standard web browser.
Page 130: Planning For Ssl Vpn
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to the firewall. Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the remote PC that will allow the remote user to virtually join the corporate network. The SSL VPN Client provides a PPP (point-to-point) connection between the client and the firewall, and a virtual network interface is created on the user’s PC.
Page 131: Creating The Portal Layout
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can define global policies, group policies, or individual policies. Because you must assign an authentication domain when creating a group, the group is created after you have created the domain.
Page 132 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by selecting from available portal layouts in the configuration of a Domain. When you have completed your Portal Layout, you can apply the Portal Layout to one or more authentication domains (see XREF to apply a Portal Layout to a Domain). You can also make the new portal the default portal for the SSL VPN gateway by selecting the default radio button adjacent to the portal layout name.
Page 133 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. In the Portal Layout and Theme Name section of the menu, configure the following entries: a. Enter a descriptive name for the portal layout in the Portal Layout Name field. This name will be part of the path of the SSL VPN portal URL.
Page 134 These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. Note: NETGEAR strongly recommends enabling HTTP meta tags for security reasons and to prevent out-of-date web pages, themes, and data being stored in a user’s web browser cache.
Page 135: Configuring Domains, Groups, And Users
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. In the SSL VPN Portal Pages to Display section, check the checkboxes for the portal pages you wish users to access. Any pages that are not selected will not be visible from the portal navigation menu.
Page 136 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab. The Port Forwarding screen display. Figure 7-4 2. In the Add New Application for Port Forwarding section, enter the IP address of an internal server or host computer.
Page 137: Adding A New Host Name
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Click Add. The “Operation succeeded” message appears at the top of the tab, and the new application entry is listed in the List of Configured Applications. 5. Repeat this process to add other applications for use in Port Forwarding. Adding A New Host Name Once the server IP address and port information has been configured, remote users will be able to access the private network servers using Port Forwarding.
Page 138 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with addresses on the corporate network, configure an IP address range that does not directly overlap with addresses on your local network. For example, if 192.168.1.1 through 192.168.1.100 are currently assigned to devices on your local network, then start the client address range at 192.168.1.101 or choose an entirely different subnet altogether.
Page 139: Configuring The Client Ip Address Range
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range to be assigned to VPN tunnel clients, then define the address range. To configure the client IP address range: 1. Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. The SSL VPN Client screen displays.
Page 140: Adding Routes For Vpn Tunnel Clients
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for VPN Tunnel Clients The VPN Tunnel Clients assume that the following networks are located across the VPN over the SSL tunnel: Note: VPN client routs need to be added in split tunnel mode only. •...
Page 141: Using Network Resource Objects To Simplify Policies
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Using Network Resource Objects to Simplify Policies Network resources are groups of IP addresses, IP address ranges, and services. By defining resource objects, you can more quickly create and configure network policies. You will not need to redefine the same set of IP addresses or address ranges when configuring the same access policies for multiple users.
Page 142: Configuring User, Group, And Global Policies
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. Adjacent to the new resource, click the Edit button. The Add Resource Addresses screen displays. Figure 7-7 6. From the Object Type pull-down menu, select either IP Address or IP Network: • If you selected IP Address, enter an IP address or fully qualified domain name in the IP Address/Name field.
Page 143: Viewing Policies
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a policy configured for a single IP address takes precedence over a policy configured for a range of addresses. And a policy that applies to a range of IP addresses takes precedence over a policy applied to all IP addresses.
Page 144: Adding A Policy
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > SSL VPN from the main/submenu, and then select the Policies tab. The Policies screen will display. Figure 7-8 2. Make your selection from the following Query options: • Click Global to view all global policies. •...
Page 145 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this new policy is to be limited to a selected group. Open the pull-down menu and choose the relevant group’s name. •...
Page 146 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-11 • If you choose IP Network, you’ll need to enter a descriptive Policy Name, IP Address, Subnet Mask, then choose the Service and relevant Permission from the pull-down menus. Figure 7-12 •...
Page 147: Managing Users, Authentication, And Certificates
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates This chapter contains the following sections: • “Adding Authentication Domains, Groups, and Users” • “Managing Certificates” Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will connect to the firewall. This includes administrators and SSL VPN clients.
Page 148 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-1 2. Click Add. The Add Domain screen displays. Figure 8-2 3. Configure the following fields: a. Enter a descriptive name for the domain in the Domain Name field. b. Select the Authentication Type. The required fields are activated in varying combinations according to your selection of Authentication Type: Authentication Type...
Page 149: Creating A Group
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Authentication Type Required Authentication Information Fields Active Directory Authentication Server, Active Directory Domain LDAP Authentication Server, LDAP Base DN c. Select a portal to which this domain will be associated. 4. Click Apply to save and apply your entries. The Domain screen will display a new domain row.
Page 150: Creating A New User Account
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Click Add. The new group appears in the List of Groups, ready for use in user account setup. Creating a New User Account To add individual user accounts: 1. Select Users > Users from the main/submenu and the Users screen displays. Figure 8-4 2.
Page 151: Setting User Login Policies
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual e. Idle Timeout. For an Administrator, this is the period at which an idle user will be automatically logged out of the Web Configuration Manager. 4. Click Apply to save and apply your entries. The new user appears in the List of Users. Setting User Login Policies You can restrict the ability of defined users to log into the Web Configuration Manager.
Page 152 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in based on IP address: 1. Select the by Source IP Address tab and the by Source IP Address screen displays. Figure 8-7 2. In the Defined Addresses Status section, select: •...
Page 153 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in based on the user’s browser: 1. Select the by Client Browser tab. The by Client Browser screen will display. Figure 8-8 2. In the Defined Browsers Status section, select: •...
Page 154: Managing Certificates
A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the firewall in your network.
Page 155: Viewing Active Self Certificates
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To view the VPN Certificates: Select VPN > Certificates from the main/sub-menu and the Certificates screen displays. The top section of the Certificates screen displays the Trusted Certificates (CA Certificates). Figure 8-9 When you obtain a self certificate from a CA, you will also receive the CA certificate. In addition, many CAs make their certificates available on their websites.
Page 156: Obtaining A Self Certificate From A Certificate Authority
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Serial Number. This is a serial number maintained by the CA. It is used to identify the certificate with in the CA. • Issuer Name. The name of the CA that issued the certificate. •...
Page 157 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-11 3. Complete the Optional fields, if desired, with the following information: • IP Address – If you have a fixed IP address, you may enter it here. Otherwise, you should leave this field blank. •...
Page 158 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. In the Self Certificate Requests table, click View under the Action column to view the request. Figure 8-13 6. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CERTIFICATE REQUEST---”...
Page 159: Managing Your Certificate Revocation List (Crl)
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Select the checkbox next to the certificate request, then click Browse and locate the certificate file on your PC. 11. Click Upload. The certificate file will be uploaded to this device and will appear in the Active Self Certificates list.
Page 160 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 8-14 Managing Users, Authentication, and Certificates v1.0, October 2008...
Page 161: Firewall And Network Management
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 9 Firewall and Network Management This chapter describes how to use the network management features of your ProSafe Wireless-N VPN Firewall. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface.
Page 162: Features That Reduce Traffic
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are used to connect to the Internet. As a result and depending on the traffic being carried, the WAN side of the firewall will be the limiting factor to throughput for most installations.
Page 163 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – Groups. The rule is applied to a Group (see “Managing Groups and Hosts (LAN Groups)” on page 3-4 to assign PCs to a Group using the LAN Groups Database). • WAN Users. These settings determine which Internet locations are covered by the rule, based on the IP address.
Page 164 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual “Managing Groups and Hosts (LAN Groups)” on page 3-4 for the procedure on how to use this feature. Schedule If you have set firewall rules on the Rules screen, you can configure three different schedules (for example, schedule 1, schedule 2, and schedule 3) for when a rule is to be applied.
Page 165: Features That Increase Traffic
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual “Enabling Source MAC Filtering (Address Filter)” on page 5-20 for the procedure on how to use this feature. Features that Increase Traffic Features that tend to increase WAN-side loading are as follows: • Port forwarding •...
Page 166 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Enable DNS Proxy. Allows the firewall to handle DNS queries from the LAN. • Enable Stealth Mode. Prevents the firewall from responding to incoming requests for unsupported services. As you define your firewall rules, you can further refine the application according to the following criteria: •...
Page 167: Using Qos To Shift The Traffic Mix
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The remote system receives the PCs request and responds using the different port numbers that you have now opened. • This firewall matches the response to the previous request and forwards the response to the PC.
Page 168: Tools For Traffic Management
Changing Passwords and Administrator Settings The default administrator and guest password for the Web Configuration Manager is password. Netgear recommends that you change this password to a more secure password. You can also configure a separate password for the guest account.
Page 169 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Edit User screen is displayed, with the current settings for Administrator displayed in the Select User Type pull-down menu. Figure 9-2 3. Select the Check to Edit Password checkbox. The password fields become active. 4.
Page 170: Enabling Remote Management Access
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your firewall. You must be logged in locally to enable remote management.
Page 171: Using An Snmp Manager
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The firewall’s remote login URL is https://<IP_address> or https://<FullyQualifiedDomainName>.. Note: To maintain security, the SRXN3205 will reject a login that uses http://address rather than the SSL https://address. Note: The first time you remotely connect to the SRXN3205 with a browser via SSL, you may get a warning message regarding the SSL certificate.
Page 172 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Community. The trap community string of the configuration. To create a new SNMP configuration entry: 1. Select Administration > SNMP from the main/submenu and the SNMP screen displays. Figure 9-4 2. Configure the following fields in the Create New SNMP Configuration Entry section: •...
Page 173: Settings Backup And Firmware Upgrade
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Settings Backup and Firmware Upgrade Once you have installed the VPN firewall and have it working properly, you should back up a copy of your settings, in case something gets corrupted. When you backup the settings, these are saved as a file on your computer.
Page 174 To restore settings from a backup file: 1. Next to Restore save settings from file, click the Browse button. 2. Locate and select the previously saved backup file (by default, netgear.cfg). 3. When you have located the file, click the Restore button.
Page 175: Configuring Time Zone Settings
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual After downloading an upgrade file, you may need to unzip (uncompress) it before upgrading the firewall. If release notes are included in the download, read them before continuing. To upgrade the router software: 1.
Page 176 3. If supported in your region, click Automatically Adjust for Daylight Savings Time. 4. Select an NTP Server option: • Use Default NTP Servers. The RTC is updated regularly by contacting a Netgear NTP server on the Internet. A primary and secondary (backup) server are preloaded. •...
Page 177: Monitoring System Performance
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 11 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Wireless-N VPN Firewall. You can be alerted to important events such as {{WAN port rollover}}, WAN traffic limits reached, and login failures and attacks.
Page 178 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-1 2. Enable the traffic meter by clicking the Yes radio box under Do you want to enable Traffic Metering on WAN? The traffic meter will record the volume of Internet traffic passing through the WAN.
Page 179: Activating Notification Of Events And Alerts
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this month limit by. Temporarily increase the Traffic Limit if you have reached the monthly limit, but need to continue accessing the Internet. Select the checkbox and enter the desired increase. (The checkbox will automatically be cleared when saved so that the increase is only applied once.) •...
Page 180 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual your LAN; denied incoming and outgoing service requests; hacker probes and login attempts; and other general information based on the settings you input on the Firewall Logs & E-mail menu. In addition, if you have set up Content Filtering on the Block Sites screen (see “Setting Block Sites (Content Filtering)”...
Page 181 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-2 7. To respond to IDENT protocol messages, check the Respond to Identd from SMTP Server radio box. The Ident Protocol is a weak scheme to verify the sender of e-mail (a common daemon program for providing the ident service is identd).
Page 182: Viewing Firewall Logs
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Click Apply to save your settings. Numerical Code Severity Emergency: System is unusable Alert: Action must be taken immediately Critical: Critical conditions Error: Error conditions Warning: Warning conditions Notice: Normal but significant conditions Informational: Informational messages Debug: Debug level messages Viewing Firewall Logs...
Page 183: Viewing Router Configuration And System Status
The Router Status screen is displayed. Figure 11-3 The following information is displayed: Item Description System Info This is the Netgear product name. Firmware Version This is the current software the router is using. Monitoring System Performance 11-7 v1.0, October 2008...
Page 184: Monitoring The Wan Port Status
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Item Description LAN Port Displays the current settings for MAC address, IP address, DHCP role and IP Subnet Mask that you set in the LAN IP Setup page. DHCP can be either Server or None.
Page 185: Monitoring Attached Devices
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-4 Monitoring Attached Devices The LAN Groups screen contains a table of all IP devices that the VPN firewall has discovered on the local network. To view the LAN Groups screen: 1. Select Network Configuration from the main menu and LAN Settings in the submenu. 2.
Page 186: Reviewing The Dhcp Log
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-5 The Known PCs and Devices table lists all current entries in the LAN Groups database. For each PC or device, the following data is displayed Table 11-2. Known PCs and Devices options Item Description Name...
Page 187: Monitoring Active Users
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select Network Configuration > LAN Setup from the main/submenu, and then click the LAN Setup tab. The LAN Setup screen displays. Figure 11-6 2. Click the DHCP Log link to the right of the tabs. The DHCP Log appears in a popup window. Figure 11-7 3.
Page 188: Viewing Port Triggering Status
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select Monitoring > Active Users from the main/submenu. The Active Users screen is displayed. Figure 11-8 The active user’s username, group, and IP address are listed in the table with a timestamp indicating the time and date that the user logged in.
Page 189: Monitoring Vpn Tunnel Connection Status
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The status window displays the following information: Item Description Rule The name of the port triggering rule associated with this entry. LAN IP Address The IP address of the PC currently using this rule. Open Ports The Incoming ports which are associated the this rule.
Page 190: Reviewing The Vpn Logs
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Select the SSL VPN Connection Status tab and the SLL VPN Connection Status screen displays. Figure 11-12 The active SSL VPN user’s username, group, and IP address are listed in the table with a timestamp indicating the time and date that the user connected.
Page 191: Troubleshooting
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 12 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe Wireless-N VPN Firewall. After each problem description, instructions are provided to help you diagnose and solve the problem. This chapter contains the following sections: •...
Page 192: Power Led Not On
• Verify you are using the 12VDC, 1.5A power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support. LEDs Never Turn Off When the firewall is turned on, the LEDs turns on for about 10 seconds and then turn off.
Page 193 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Check the Ethernet connection between the PC and the firewall as described in the previous section. • Ensure your PC’s IP address is on the same subnet as the firewall. If you are using the recommended addressing scheme, your PC’s address should be in the range of 192.168.1.2 to 192.168.1.254.
Page 194: Troubleshooting The Isp Connection
Web Configuration Manager. To check the WAN IP address: 1. Launch your browser and navigate to an external site such as www.netgear.com 2. Access the Main Menu of the firewall’s configuration at https://192.168.1.1 3. Under the Monitoring menu, click Router Status.
Page 195: Troubleshooting A Tcp/Ip Network Using A Ping Utility
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring the Internet Connection” on page 2-6. If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: •...
Page 196: Testing The Path From Your Pc To A Remote Device
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Wrong physical connections – Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or WAN Port LEDs Not On” on page 12-2. – Check that the corresponding Link LEDs are on for your network interface card and for the hub ports (if any) that are connected to your workstation and firewall.
Page 197: Restoring The Default Configuration And Password
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall’s administration password to password and the IP address to 192.168.1.1. You can erase the current configuration and restore factory defaults in two ways: •...
Page 198: Diagnostics Functions
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Diagnostics Functions You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the VPN firewall, and capturing packets. 1. Select Monitoring > Diagnostics from the main/submenu. The Diagnostics screen displays.
Page 199 A DNS (Domain Name Server) converts the Internet name (for example, lookup www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, Mail or other Server on the Internet, you can request a DNS lookup to find the IP address.
Page 200 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 12-10 Troubleshooting v1.0, October 2008...
Page 201: Default Settings And Technical Specifications
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You can use the reset button located on the rear panel to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, press and hold the reset button for approximately 10 seconds (until the TEST LED blinks rapidly).
Page 202 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table A-1. firewall Default Configuration Settings (continued) Feature Default Behavior Local Network (LAN) Lan IP Address 192.168.1.1 Subnet Mask 255.255.255.0 RIP Direction None RIP Version Disabled RIP Authentication Disabled DHCP Server Enabled DHCP Starting IP Address 192.168.1.2 DHCP Ending IP Address 192.168.1.100...
Page 203: Technical Specifications
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table A-1. firewall Default Configuration Settings (continued) Feature Default Behavior Wireless Wireless Communication Enabled Network Name (SSID) NETGEAR Broadcast Network Name SSID Enabled Security Disabled Transmission Speed Best Country/Region Varies by region 80211.a/b/g/n Radio Frequency Channel Auto 80211.na and 80211.ng Channel Spacing 20/40MHz...
Page 204 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table A-2. firewall Technical Specifications (continued) Feature Specifications Environmental Specifications Operating temperature: 0 to 40 C (32º to 104º F) Operating humidity: 90% maximum relative humidity, noncondensing Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B Interface Specifications...
Page 205 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table A-4. Wireless Technical Specifications Parameter ProSafe Wireless-N VPN Firewall 802.11a Data Rates 6, 9, 12, 18, 24, 36, 48, 54, and 108 Mbps (Auto-rate capable) 802.11na Data Rates Data Rates for Channel Width=20MHz and Guard Interval=short (400ms): Best, 7.2 Mbps, 14.4 Mbps, 21.7 Mbps, 28.9 Mbps, 43.3 Mbps, 57.8 Mbps, 65 Mbps, 72.2 Mbps, 14.44 Mbps, 28.88 Mbps, 43.33 Mbps, 57.77 Mbps, 86.66 Mbps, 115.56 Mbps, 130 Mbps, 144.44 Mbps...
Page 206 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table A-4. Wireless Technical Specifications Parameter ProSafe Wireless-N VPN Firewall 802.11b/bg/ng 2.412 ~ 2.462 GHz (US) 2.457 ~ 2.462 GHz (Spain) Operating Frequencies 2.412 ~ 2.484 GHz (Japan)2.457 ~ 2.472 GHz (France) 2.412 ~ 2.472 GHz (Europe ETSI) 802.11 b/bg/ng 64-bits, 128- and 152-bits WEP, AES, TKIP data encryption Encryption...
Page 207: Appendix B Related Documents
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP ttp://documentation.netgear.com/reference/enu/tcpip/index.htm...
Page 208 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Related Documents v1.0, October 2008...
Page 209 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Index backup and restore settings 9-13 Band selection 1-4 bandwidth capacity 9-1 LAN side 9-1 WAN side 9-2 Banner Message 7-5 access remote management 9-10 Banner Title 7-5 Access Controll screens 4-19 Beacon Interval default setting 4-18 ActiveX web cache control 7-6 BigPond Cable 2-7...
Page 210 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Classical Routing Denial of Service. See DoS. definition of 2-10 DHCP 2-5 command line interface 9-11 DNS server address 3-3 configuration DHCP Address Pool 3-3 automatic by DHCP 1-3 DHCP log connecting the VPN firewall 2-1 monitoring 11-10 Connection Status DHCP server...
Page 211 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual enabling 4-17 firmware downloading 9-14 upgrade 9-14 firmware, upgrading 1-4 Edge Device 6-23 fixed IP address 2-5, 3-7 XAUTH, with ModeConfig 6-20 FQDN 2-11 Edit Group Names 3-7 Fragmentation Length e-mail logs default setting 4-18 enabling notification 5-27, 11-4 fragmented IP packets 9-5 E-mail Server address 11-4...
Page 212 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual inbound rules 5-4 applying 5-19 example 5-12 Known PCs and Devices Inbound Service Rule list of 3-6 modifying 5-9 Inbound Services field descriptions 5-5 L2TP 5-11 increasing traffic 9-5 Port Forwarding 9-5 configuration 3-1 Port Triggering 9-6 using LAN IP setup options 3-1 VPN Tunnels 9-7...
Page 213 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Network Address Translation. See NAT. Network Database MAC address 4-18, 12-6 table 3-6 authentication by ISP 2-13 Network Database Group Names screen 3-7 configuring 2-5 format 2-14, 5-21 Network Time Protocol. See NTP. in LAN groups database 3-7 newsgroup 5-18 restricting access 4-3...
Page 214 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual ping 12-8 Quality of Service. See QoS. Ping On Internet Ports 5-10 point-to-point bridge 1-4 policy hierarchy 7-14 RADIUS Server port filtering configuring 6-24 service blocking 5-3 RADIUS Server Settings 4-14, 4-15 Port Forwarding RADIUS-CHAP 6-22, 6-24 Inbound Rules 5-2, 5-4 AUTH, using with 6-23...
Page 215 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual RIP Configuration menu 3-11, 3-12 Service Based Rules 5-2 router service blocking 5-3 upgrade software 9-15 Outbound Rules 5-2 port filtering 5-3 router administration reducing traffic 9-2 tips on 5-27 service numbers Router Status 2-10 common protocols 5-15 Router Status screen 11-7 Services 5-15...
Page 216 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual firewall, use with 5-2 traffic management 9-8 stateful packet inspection. See SPI. traffic meter 2-14 Static 3-10 troubleshooting 12-1 browsers 12-3 static IP address configuration settings, using sniffer 12-3 configuring 2-8 defaults 12-3 detecting 2-5 ISP connection 12-4 static routes...
Page 217 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual monitoring status 11-13 wireless access point default name 4-17 VPN tunnels deployment of 4-16 about 6-1 verifying connectivity 4-16 Connection Status 6-16 increasing traffic 9-7 wireless connectivity IPsec 5-11 testing 4-6 L2TP 5-11 Wireless Mode 4-6 PPTP 5-11 Wireless Multimedia 1-5...
Page 218 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual XAUTH IPsec host 6-22 types of 6-22 Index-10 v1.0, October 2008...

NETGEAR SRXN3205 - ProSafe Wireless-N VPN Firewall Wireless Router Reference Manual

About this Manual

Chapter 1 Introduction

Chapter 2 Connecting to the Internet (WAN)

Chapter 3 LAN Configuration

Chapter 4 Wireless Configuration

Chapter 5 Firewall Security and Content Filtering

Chapter 6 Virtual Private Networking Using Ipsec

Chapter 7

Virtual Private Networking

Using SSL

Chapter 8 Managing Users, Authentication, and Certificates

Chapter 9 Firewall and Network Management

Chapter 11 Monitoring System Performance

Chapter 12 Troubleshooting

Appendix A

Default Settings and Technical Specifications

Appendix B Related Documents

Quick Links

Reference Manual

Troubleshooting

Related Manuals for NETGEAR SRXN3205 - ProSafe Wireless-N VPN Firewall Wireless Router

Summary of Contents for NETGEAR SRXN3205 - ProSafe Wireless-N VPN Firewall Wireless Router