SRX5308 Product Datasheet
Page 1
..., and real-time alerts. LAN-to-WAN Throughput¹ Secure Firewall Quad Gigabit WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of stateful firewall throughput. secure site-to-site tunnels...
..., and real-time alerts. LAN-to-WAN Throughput¹ Secure Firewall Quad Gigabit WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of stateful firewall throughput. secure site-to-site tunnels...
SRX5308 Product Datasheet
Page 2
... Point Telecommuter connects with ProSafe VPN Client Software (VPN01L or VPN05L) Desktop PCs connect with Web browser VPN Tunnel encrypts your data SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Broadband modems Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD should automatically run when inserted into your CD-ROM drive. ALL RIGHTS RESERVED © 2004 NETGEAR, Inc.
... Point Telecommuter connects with ProSafe VPN Client Software (VPN01L or VPN05L) Desktop PCs connect with Web browser VPN Tunnel encrypts your data SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Broadband modems Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD should automatically run when inserted into your CD-ROM drive. ALL RIGHTS RESERVED © 2004 NETGEAR, Inc.
SRX5308 Product Datasheet
Page 3
...support provided for identification purposes only and may vary. Actual performance may be trademarks of NETGEAR, Inc. Other brand names mentioned herein are trademarks of purchase. ¹Throughput measured in...Limit, Bandwidth Limit, SSl VPN, IPsec VPN Email Delivery, Syslog Ping, DNS Lookup, Trace Route Save/restore Configuration, Restore to change without notice. D-SRX5308-0 ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3,...
...support provided for identification purposes only and may vary. Actual performance may be trademarks of NETGEAR, Inc. Other brand names mentioned herein are trademarks of purchase. ¹Throughput measured in...Limit, Bandwidth Limit, SSl VPN, IPsec VPN Email Delivery, Syslog Ping, DNS Lookup, Trace Route Save/restore Configuration, Restore to change without notice. D-SRX5308-0 ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3,...
SRX5308 Reference Manual
Page 1
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10536-01 April 2010 v1.0
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10536-01 April 2010 v1.0
SRX5308 Reference Manual
Page 2
... to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. © 2010 by any means without notice. By registering your Support information card. Other brand and product names are trademarks of the product(s) or circuit layout(s) described herein. Support Information Phone: 1-888-NETGEAR, for readers with your product. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the...
... to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. © 2010 by any means without notice. By registering your Support information card. Other brand and product names are trademarks of the product(s) or circuit layout(s) described herein. Support Information Phone: 1-888-NETGEAR, for readers with your product. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the...
SRX5308 Reference Manual
Page 6
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Testing the Connections and Viewing Status Information 5-16 Testing the VPN Connection 5-16 NETGEAR VPN Client Status and Log Information 5-17 Viewing the VPN Firewall IPsec VPN Connection Status 5-19 Viewing the VPN Firewall IPSec VPN Logs 5-20 Managing IPsec VPN Policies 5-20 Configuring IKE Policies 5-21 Configuring VPN Policies 5-29 Configuring Extended Authentication (XAUTH 5-37 Configuring XAUTH for VPN... Mode Config Operation on the VPN Firewall 5-42 Configuring the ProSafe VPN Client for Mode Config Operation ...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Testing the Connections and Viewing Status Information 5-16 Testing the VPN Connection 5-16 NETGEAR VPN Client Status and Log Information 5-17 Viewing the VPN Firewall IPsec VPN Connection Status 5-19 Viewing the VPN Firewall IPSec VPN Logs 5-20 Managing IPsec VPN Policies 5-20 Configuring IKE Policies 5-21 Configuring VPN Policies 5-29 Configuring Extended Authentication (XAUTH 5-37 Configuring XAUTH for VPN... Mode Config Operation on the VPN Firewall 5-42 Configuring the ProSafe VPN Client for Mode Config Operation ...
SRX5308 Reference Manual
Page 10
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual DMZ to LAN Logs C-19 WAN to DMZ Logs C-19 Other Event Logs ...C-20 Session Limit Logs C-20 Source MAC Filter Logs C-20 Bandwidth Limit Logs C-20 DHCP Logs ...C-21 Appendix D Two-Factor Authentication Why Do I Need Two-Factor Authentication D-1 What Are the Benefits of Two-Factor Authentication D-1 What Is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Appendix E Related Documents Appendix F Notification of Compliance Index x v1.0, April 2010
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual DMZ to LAN Logs C-19 WAN to DMZ Logs C-19 Other Event Logs ...C-20 Session Limit Logs C-20 Source MAC Filter Logs C-20 Bandwidth Limit Logs C-20 DHCP Logs ...C-21 Appendix D Two-Factor Authentication Why Do I Need Two-Factor Authentication D-1 What Are the Benefits of Two-Factor Authentication D-1 What Is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Appendix E Related Documents Appendix F Notification of Compliance Index x v1.0, April 2010
SRX5308 Reference Manual
Page 11
..., CLI text, code URL links • Formats. This manual uses the following formats to the equipment. Failure to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. About This Manual The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to take heed of this type of importance or special interest. Warning: Ignoring this notice might result in personal...
..., CLI text, code URL links • Formats. This manual uses the following formats to the equipment. Failure to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. About This Manual The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to take heed of this type of importance or special interest. Warning: Ignoring this notice might result in personal...
SRX5308 Reference Manual
Page 12
.... xii v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • Scope. This manual is available on the Adobe website at http://kbserver.netgear.com/products/SRX5308.asp. How to Print This Manual Your computer must have the free Adobe Acrobat Reader installed for the VPN firewall according to these specifications: Product Version ProSafe Gigabit Quad WAN SSL VPN Firewall Manual Publication Date April 2010...
.... xii v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • Scope. This manual is available on the Adobe website at http://kbserver.netgear.com/products/SRX5308.asp. How to Print This Manual Your computer must have the free Adobe Acrobat Reader installed for the VPN firewall according to these specifications: Product Version ProSafe Gigabit Quad WAN SSL VPN Firewall Manual Publication Date April 2010...
SRX5308 Reference Manual
Page 14
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Key Features and Capabilities The SRX5308 provides the following key features and capabilities: • Four 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing and failover protection of your Internet connection, providing increased data rate and increased system reliability. • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Key Features and Capabilities The SRX5308 provides the following key features and capabilities: • Four 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing and failover protection of your Internet connection, providing increased data rate and increased system reliability. • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN...
SRX5308 Reference Manual
Page 15
... support for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L). - Supports 125 concurrent IPsec VPN tunnels. • SSL VPN provides remote access for Increased Reliability and Outbound Load Balancing The SRX5308 provides four broadband WAN ports. Introduction 1-3 v1.0, April 2010 IPsec VPN with a single-user license of user repositories. - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Quad-WAN Ports for mobile users to selected...
... support for a wide variety of the NETGEAR ProSafe VPN Client software (VPN01L). - Supports 125 concurrent IPsec VPN tunnels. • SSL VPN provides remote access for Increased Reliability and Outbound Load Balancing The SRX5308 provides four broadband WAN ports. Introduction 1-3 v1.0, April 2010 IPsec VPN with a single-user license of user repositories. - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Quad-WAN Ports for mobile users to selected...
SRX5308 Reference Manual
Page 18
... change the system variables for your product. 1-6 Introduction v1.0, April 20106 The SRX5308 includes the NETGEAR IPsec VPN Wizard so you to log in to the network. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure, and operate the SRX5308 within minutes after connecting it to the Web Management Interface from a remote location...
... change the system variables for your product. 1-6 Introduction v1.0, April 20106 The SRX5308 includes the NETGEAR IPsec VPN Wizard so you to log in to the network. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure, and operate the SRX5308 within minutes after connecting it to the Web Management Interface from a remote location...
SRX5308 Reference Manual
Page 19
... the following items: • ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 appliance • One AC power cable • Rubber feet (4) • One Category 5 (Cat5) Ethernet cable • One rack-mounting kit • ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Installation Guide • Resource CD, including: - ProSafe VPN Client software (VPN01L) If any of the SRX5308 are incorrect, missing, or damaged, contact your NETGEAR dealer. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Package Contents...
... the following items: • ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 appliance • One AC power cable • Rubber feet (4) • One Category 5 (Cat5) Ethernet cable • One rack-mounting kit • ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Installation Guide • Resource CD, including: - ProSafe VPN Client software (VPN01L) If any of the SRX5308 are incorrect, missing, or damaged, contact your NETGEAR dealer. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Package Contents...
SRX5308 Reference Manual
Page 25
... are ready to the instructions in order to as the VPN firewall. A PDF of your VPN firewall: 1. See the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Installation Guide for complete steps. Log in to complete the Internet connection of the Installation Guide is on the NETGEAR website at http://kbserver.netgear.com/products/SRX5308.asp. 2. Connect the cables and restart your network according to...
... are ready to the instructions in order to as the VPN firewall. A PDF of your VPN firewall: 1. See the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Installation Guide for complete steps. Log in to complete the Internet connection of the Installation Guide is on the NETGEAR website at http://kbserver.netgear.com/products/SRX5308.asp. 2. Connect the cables and restart your network according to...
SRX5308 Reference Manual
Page 27
... the browser. Enter https://192.168.1.1 in to the VPN firewall: 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall To connect to the VPN firewall, your computer for DHCP, see the "Preparing Your Network" document, which you assigned to the VPN firewall to log in to the VPN firewall. Note: The VPN firewall factory default IP address is 192.168.1.1. Figure 2-1 Connecting...
... the browser. Enter https://192.168.1.1 in to the VPN firewall: 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall To connect to the VPN firewall, your computer for DHCP, see the "Preparing Your Network" document, which you assigned to the VPN firewall to log in to the VPN firewall. Note: The VPN firewall factory default IP address is 192.168.1.1. Figure 2-1 Connecting...
SRX5308 Reference Manual
Page 58
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 2-8. You can select from 56 Kbps to 1 Gbps, or you can set up the traffic meter for an additional WAN interface, select another WAN interface and repeat these steps. Additional WAN-Related Configuration Tasks • If you click Apply, the VPN firewall... Settings" on page 9-1. 2-34 Connecting the VPN Firewall to save your changes. Warning: Depending on page 8-10). If you enable remote management, NETGEAR strongly recommend that is provided by the VPN firewall. You can select Custom and enter the speed...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 2-8. You can select from 56 Kbps to 1 Gbps, or you can set up the traffic meter for an additional WAN interface, select another WAN interface and repeat these steps. Additional WAN-Related Configuration Tasks • If you click Apply, the VPN firewall... Settings" on page 9-1. 2-34 Connecting the VPN Firewall to save your changes. Warning: Depending on page 8-10). If you enable remote management, NETGEAR strongly recommend that is provided by the VPN firewall. You can select Custom and enter the speed...
SRX5308 Reference Manual
Page 70
... traffic is enabled. The default setting is optional. Note: When you deselect the Enable DNS Proxy radio button, the VPN firewall still services DNS requests that you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for all last names of Johnson, you specify as part of the LDAP server... to this VLAN. 3-10 v1.0, April 2010 LAN Configuration Inter VLAN Routing Enable Inter VLAN Routing This is disabled by default. This setting is optional. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1.
... traffic is enabled. The default setting is optional. Note: When you deselect the Enable DNS Proxy radio button, the VPN firewall still services DNS requests that you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for all last names of Johnson, you specify as part of the LDAP server... to this VLAN. 3-10 v1.0, April 2010 LAN Configuration Inter VLAN Routing Enable Inter VLAN Routing This is disabled by default. This setting is optional. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1.
SRX5308 Reference Manual
Page 83
...8226; c (for country) • dc (for domain) For example, to search the Netgear.net domain for all last names of the LDAP server. Enter a WINS server IP address to use the VPN firewall as a relay. Lease Time Enter a lease time. Enter the following settings: LDAP Server ...address or name of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for which the VPN firewall serves as a DHCP relay agent for which the LDAP search begin. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. Secondary DNS Server This is 0 (zero). ...
...8226; c (for country) • dc (for domain) For example, to search the Netgear.net domain for all last names of the LDAP server. Enter a WINS server IP address to use the VPN firewall as a relay. Lease Time Enter a lease time. Enter the following settings: LDAP Server ...address or name of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for which the VPN firewall serves as a DHCP relay agent for which the LDAP search begin. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. Secondary DNS Server This is 0 (zero). ...
SRX5308 Reference Manual
Page 112
....101 - Access to illustrate this procedure: • NETGEAR VPN firewall: - The following addressing scheme is used to Web server is (simulated) public IP address: 192.168.55.110 4-22 v1.0, April 2010 Firewall Protection LAN IP address: 192.168.1.2 - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 4-12 LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT...
....101 - Access to illustrate this procedure: • NETGEAR VPN firewall: - The following addressing scheme is used to Web server is (simulated) public IP address: 192.168.55.110 4-22 v1.0, April 2010 Firewall Protection LAN IP address: 192.168.1.2 - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 4-12 LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT...
SRX5308 Reference Manual
Page 114
...the Send to LAN Server field, enter the local IP address of the firewall and is exposed to anyone on the WAN1 Secondary Addresses screen (see the home page of the LAN WAN Rules screen. See an example in this address on the Internet for a... April 2010 Firewall Protection ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. You should see "Configuring Secondary WAN Addresses" on your LAN or DMZ as the exposed host, it loses much of the protection of your Web server. Place the rule below all protocols. 2. Warning: For security, NETGEAR strongly recommends that...
...the Send to LAN Server field, enter the local IP address of the firewall and is exposed to anyone on the WAN1 Secondary Addresses screen (see the home page of the LAN WAN Rules screen. See an example in this address on the Internet for a... April 2010 Firewall Protection ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. You should see "Configuring Secondary WAN Addresses" on your LAN or DMZ as the exposed host, it loses much of the protection of your Web server. Place the rule below all protocols. 2. Warning: For security, NETGEAR strongly recommends that...