SRX5308 Reference Manual
Page 7
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and...
SRX5308 Reference Manual
Page 8
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN... 10-6 Testing the LAN Path to Your VPN Firewall 10-7 Testing the Path from Your PC to a Remote Device 10-7 Restoring the Default Configuration and Password 10-8 Problems with Date and Time 10-10...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN... 10-6 Testing the LAN Path to Your VPN Firewall 10-7 Testing the Path from Your PC to a Remote Device 10-7 Restoring the Default Configuration and Password 10-8 Problems with Date and Time 10-10...
SRX5308 Reference Manual
Page 22
...-Line Interface" on page 8-14. 3. The ports has a DB9 male connector. The pinouts are lost, and the default password is 9600 K. Bottom Panel with Product Label The product label on /off switch. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Viewed from left to an optional console terminal. Cable security lock receptacle. 2. For information about eight seconds...
...-Line Interface" on page 8-14. 3. The ports has a DB9 male connector. The pinouts are lost, and the default password is 9600 K. Bottom Panel with Product Label The product label on /off switch. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Viewed from left to an optional console terminal. Cable security lock receptacle. 2. For information about eight seconds...
SRX5308 Reference Manual
Page 28
... Use lower-case letters. 4. Note: The VPN firewall user name and password are not the same as any user name or password you might use lower-case letters. Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. In the Domain drop-down list..." on page 9-10). In the Username field, type admin. In the Password / Passcode field, type password. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection, you might get a warning message regarding the...
... Use lower-case letters. 4. Note: The VPN firewall user name and password are not the same as any user name or password you might use lower-case letters. Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. In the Domain drop-down list..." on page 9-10). In the Username field, type admin. In the Password / Passcode field, type password. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection, you might get a warning message regarding the...
SRX5308 Reference Manual
Page 34
...verify the connection: a. b. Table 2-1. Return to the WAN screen by your VPN firewall's MAC address. Click the Status button in Table 2-1. Figure 2-8 2-10 Connecting the VPN Firewall to the Internet v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the ... process senses a connection method that you just configured to display the Connection Status popup window. Login, Password, Account Name, Domain Name Login, Password, Account Name, My IP Address, and Server IP Address; IP Address, Subnet Mask, and Gateway ...
...verify the connection: a. b. Table 2-1. Return to the WAN screen by your VPN firewall's MAC address. Click the Status button in Table 2-1. Figure 2-8 2-10 Connecting the VPN Firewall to the Internet v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the ... process senses a connection method that you just configured to display the Connection Status popup window. Login, Password, Account Name, Domain Name Login, Password, Account Name, My IP Address, and Server IP Address; IP Address, Subnet Mask, and Gateway ...
SRX5308 Reference Manual
Page 36
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Figure 2-9 In the ISP Login section, select one of the WAN interface for which shows the WAN1 ISP Settings screen as shown in Figure 2-10. By default, Other (PPPoE) is not required, select No and ignore the Login and Password fields. 4. Figure 2-10 2-12 Connecting the VPN Firewall to the Internet. If you...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Figure 2-9 In the ISP Login section, select one of the WAN interface for which shows the WAN1 ISP Settings screen as shown in Figure 2-10. By default, Other (PPPoE) is not required, select No and ignore the Login and Password fields. 4. Figure 2-10 2-12 Connecting the VPN Firewall to the Internet. If you...
SRX5308 Reference Manual
Page 54
... select the Use wildcards check box to the same IP address as explained in resolving your account from expiring. Password or User Key The password that you can select different DDNS services for registration information. You can select the Update every 30 days check box...Click the Information option arrow in the upper right corner of wildcards in Table 2-7. If it appears, you have selected. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Figure 2-20: 4. Table 2-7. Use wildcards If your DDNS provider allows the use of a DNS screen for different...
... select the Use wildcards check box to the same IP address as explained in resolving your account from expiring. Password or User Key The password that you can select different DDNS services for registration information. You can select the Update every 30 days check box...Click the Information option arrow in the upper right corner of wildcards in Table 2-7. If it appears, you have selected. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Figure 2-20: 4. Table 2-7. Use wildcards If your DDNS provider allows the use of a DNS screen for different...
SRX5308 Reference Manual
Page 58
...Connecting the VPN Firewall to manage the VPN firewall remotely, enable remote management (see "Changing Passwords and Administrator Settings" on page 8-10). See "Enabling the WAN Traffic Meter" on the changes that is being forwarded by your changes. Advanced WAN Settings (... configure the advanced settings for each WAN, if desired. Additional WAN-Related Configuration Tasks • If you enable remote management, NETGEAR strongly recommend that is provided by the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 2-8. You can ...
...Connecting the VPN Firewall to manage the VPN firewall remotely, enable remote management (see "Changing Passwords and Administrator Settings" on page 8-10). See "Enabling the WAN Traffic Meter" on the changes that is being forwarded by your changes. Advanced WAN Settings (... configure the advanced settings for each WAN, if desired. Additional WAN-Related Configuration Tasks • If you enable remote management, NETGEAR strongly recommend that is provided by the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 2-8. You can ...
SRX5308 Reference Manual
Page 88
... • Both. Routing that is selected. MD5 Auth Key The password that is, the No radio button is used for the key that sends the routing data in which the VPN firewall sends and receives RIP packets: • None. From the RIP ...Direction drop-down list, select the version: • Disabled. The VPN firewall neither advertises its routing table and also processes RIP information received from other routers. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-5. The VPN firewall advertises its route table, nor does it accept any RIP packets from...
... • Both. Routing that is selected. MD5 Auth Key The password that is, the No radio button is used for the key that sends the routing data in which the VPN firewall sends and receives RIP packets: • None. From the RIP ...Direction drop-down list, select the version: • Disabled. The VPN firewall neither advertises its routing table and also processes RIP information received from other routers. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-5. The VPN firewall advertises its route table, nor does it accept any RIP packets from...
SRX5308 Reference Manual
Page 170
..., see "User Database Configuration" on page 5-39. • Radius CHAP. XAUTH occurs through RADIUS Password Authentication Protocol (PAP). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-10. XAUTH occurs through the Add User screen (see "Configuring XAUTH for this configuration the VPN firewall is authenticated by a remote gateway with the IKE Policies screen in the local user database...
..., see "User Database Configuration" on page 5-39. • Radius CHAP. XAUTH occurs through RADIUS Password Authentication Protocol (PAP). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-10. XAUTH occurs through the Add User screen (see "Configuring XAUTH for this configuration the VPN firewall is authenticated by a remote gateway with the IKE Policies screen in the local user database...
SRX5308 Reference Manual
Page 179
.... The VPN firewall is more gateway tunnels terminate. Note: If a RADIUS-PAP server is not present, the VPN firewall then connects to save your changes. The Edit VPN Policy screen displays. The user name and password that are...VPN clients connect to a VPN firewall, you want to change (see Figure 5-23 on the remote gateway. Click the VPN Policies submenu tab. You must specify the authentication type that you might want to authenticate the VPN firewall must be specified on page 5-32). 4. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To edit a VPN...
.... The VPN firewall is more gateway tunnels terminate. Note: If a RADIUS-PAP server is not present, the VPN firewall then connects to save your changes. The Edit VPN Policy screen displays. The user name and password that are...VPN clients connect to a VPN firewall, you want to change (see Figure 5-23 on the remote gateway. Click the VPN Policies submenu tab. You must specify the authentication type that you might want to authenticate the VPN firewall must be specified on page 5-32). 4. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To edit a VPN...
SRX5308 Reference Manual
Page 180
... for this configuration the VPN firewall is in use by a remote gateway with the IKE Policies screen in the local user database, the VPN firewall connects to a RADIUS server. XAUTH occurs through RADIUS Password Authentication Protocol (PAP). The VPN firewall functions as explained Table ...22). 2. The local user database is disabled. XAUTH is first checked. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring XAUTH for which you want to enable and configure XAUTH. The VPN policy must be disabled before you can modify the IKE policy. Note: You...
... for this configuration the VPN firewall is in use by a remote gateway with the IKE Policies screen in the local user database, the VPN firewall connects to a RADIUS server. XAUTH occurs through RADIUS Password Authentication Protocol (PAP). The VPN firewall functions as explained Table ...22). 2. The local user database is disabled. XAUTH is first checked. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring XAUTH for which you want to enable and configure XAUTH. The VPN policy must be disabled before you can modify the IKE policy. Note: You...
SRX5308 Reference Manual
Page 181
... server. Extended Authentication Settings (continued) Item Username Password Description (or Subfield and Description) The user name for XAUTH. 4. During the establishment of a VPN connection, the VPN gateway can validate a user at the request of...password or some users to be authenticated either by a local user database account or by relaying the information to the List of user information, and can interrupt the process with the IKE Policies screen in an Edge Device configuration, users must be authenticated locally. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...
... server. Extended Authentication Settings (continued) Item Username Password Description (or Subfield and Description) The user name for XAUTH. 4. During the establishment of a VPN connection, the VPN gateway can validate a user at the request of...password or some users to be authenticated either by a local user database account or by relaying the information to the List of user information, and can interrupt the process with the IKE Policies screen in an Edge Device configuration, users must be authenticated locally. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...
SRX5308 Reference Manual
Page 192
...NETGEAR ProSafe VPN Client software, configure the remote VPN client connection for Mode Config operation: 1. Right-click the VPN client icon in the local user database, the VPN firewall connects to the List of IKE Policies table. XAUTH occurs through RADIUS Challenge Handshake Authentication Protocol (CHAP). XAUTH occurs through RADIUS Password Authentication Protocol (PAP). The VPN firewall functions as a VPN... Windows toolbar, and select Security Policy Editor. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-16. The local user database is disabled.
...NETGEAR ProSafe VPN Client software, configure the remote VPN client connection for Mode Config operation: 1. Right-click the VPN client icon in the local user database, the VPN firewall connects to the List of IKE Policies table. XAUTH occurs through RADIUS Challenge Handshake Authentication Protocol (CHAP). XAUTH occurs through RADIUS Password Authentication Protocol (PAP). The VPN firewall functions as a VPN... Windows toolbar, and select Security Policy Editor. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-16. The local user database is disabled.
SRX5308 Reference Manual
Page 209
... user name, a password, and a domain selection. Configuring Domains, Groups, and Users Remote users connecting to the SSL VPN portal. When you create a user account, you must be loaded when users log in to the VPN firewall through an SSL VPN portal must specify a ... pages. 5. Therefore, you create SSL VPN access policies to prevent access to display the new portal layout, see "Configuring VPN Authentication Domains, Groups, and Users" on page 6-8.) Note: Any pages that are used . ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 6-1. Add Portal ...
... user name, a password, and a domain selection. Configuring Domains, Groups, and Users Remote users connecting to the SSL VPN portal. When you create a user account, you must be loaded when users log in to the VPN firewall through an SSL VPN portal must specify a ... pages. 5. Therefore, you create SSL VPN access policies to prevent access to display the new portal layout, see "Configuring VPN Authentication Domains, Groups, and Users" on page 6-8.) Note: Any pages that are used . ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 6-1. Add Portal ...
SRX5308 Reference Manual
Page 226
Click Login. Figure 6-10 6-24 Virtual Private Networking Using SSL Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 6-9 4. The default User Portal screen displays. Enter a user name and password that are associated with the SSL portal and the domain (see "Configuring VPN Authentication Domains, Groups, and Users" on page 7-1). 5.
Click Login. Figure 6-10 6-24 Virtual Private Networking Using SSL Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 6-9 4. The default User Portal screen displays. Enter a user name and password that are associated with the SSL portal and the domain (see "Configuring VPN Authentication Domains, Groups, and Users" on page 7-1). 5.
SRX5308 Reference Manual
Page 227
...SSL VPN tunnels: 1. Select VPN > Connection Status from the menu. Click the SSL VPN Connection Status submenu tab. Virtual Private Networking Using SSL Connections v1.0, April 2010 6-25 To disconnect an active user, click the Disconnect table button to the NETGEAR website. Viewing the SSL VPN Connection Status and SSL VPN... access to change their password. • Support. Allows the user to the network services that provides the SSL user with the following menu selections: • VPN Tunnel. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The default User...
...SSL VPN tunnels: 1. Select VPN > Connection Status from the menu. Click the SSL VPN Connection Status submenu tab. Virtual Private Networking Using SSL Connections v1.0, April 2010 6-25 To disconnect an active user, click the Disconnect table button to the NETGEAR website. Viewing the SSL VPN Connection Status and SSL VPN... access to change their password. • Support. Allows the user to the network services that provides the SSL user with the following menu selections: • VPN Tunnel. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The default User...
SRX5308 Reference Manual
Page 229
... user requires three items: a user name, a password, and a domain selection. Accounts for SSL connections, the portal layout that is presented. You must create name and password accounts for IPsec VPN and SSL VPN. The login window that is presented to groups. Users connecting to the VPN firewall. Except in your IPsec VPN configuration. Therefore, you have enabled Extended Authentication...
... user requires three items: a user name, a password, and a domain selection. Accounts for SSL connections, the portal layout that is presented. You must create name and password accounts for IPsec VPN and SSL VPN. The login window that is presented to groups. Users connecting to the VPN firewall. Except in your IPsec VPN configuration. Therefore, you have enabled Extended Authentication...
SRX5308 Reference Manual
Page 230
...used for associated users. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring Domains The domain determines the authentication method to be queried to provide specific group policies or bookmarks based on WiKID authentication. A network-validated PAP or CHAP password-based authentication method that... and Description) PAP CHAP RADIUS MIAS WiKID NT Domain Active Directory Password Authentication Protocol (PAP) is a PAP or CHAP key-based two-factor authentication method that the VPN firewall supports. Table 7-1. You cannot delete the default domain.
...used for associated users. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring Domains The domain determines the authentication method to be queried to provide specific group policies or bookmarks based on WiKID authentication. A network-validated PAP or CHAP password-based authentication method that... and Description) PAP CHAP RADIUS MIAS WiKID NT Domain Active Directory Password Authentication Protocol (PAP) is a PAP or CHAP key-based two-factor authentication method that the VPN firewall supports. Table 7-1. You cannot delete the default domain.
SRX5308 Reference Manual
Page 232
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. From the drop-down list, select the authentication method that the VPN firewall applies to display the fields that one or more RADIUS servers are authenticated locally on the VPN firewall. You do not need to ... and management purposes. Users are configured (see "RADIUS Client Configuration" on this screen. • Radius-PAP. RADIUS Password Authentication Protocol (PAP). Complete the Authentication Server and Authentication Secret fields. • Radius-MSCHAP. Complete the Authentication Server and...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. From the drop-down list, select the authentication method that the VPN firewall applies to display the fields that one or more RADIUS servers are authenticated locally on the VPN firewall. You do not need to ... and management purposes. Users are configured (see "RADIUS Client Configuration" on this screen. • Radius-PAP. RADIUS Password Authentication Protocol (PAP). Complete the Authentication Server and Authentication Secret fields. • Radius-MSCHAP. Complete the Authentication Server and...