SRX5308 Product Datasheet
Page 1
... Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of the ProSafe firewall family - This powerful VPN router is perfect for 1 Gbps of session-based WAN load balancing • WAN failover for secure network segmentation • Separate guest traffic from critical production servers. VLAN...
... Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of the ProSafe firewall family - This powerful VPN router is perfect for 1 Gbps of session-based WAN load balancing • WAN failover for secure network segmentation • Separate guest traffic from critical production servers. VLAN...
SRX5308 Product Datasheet
Page 2
... automatically run when inserted into your CD-ROM drive. If the CD does not start automatically, browse to -site • ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk or Laptop Broadband modems Internet PC with GA311 Laptop with...
... automatically run when inserted into your CD-ROM drive. If the CD does not start automatically, browse to -site • ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk or Laptop Broadband modems Internet PC with GA311 Laptop with...
SRX5308 Reference Manual
Page 4
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall 2-3 Understanding the Web Management Interface Menu Layout 2-5 Configuring the Internet Connections 2-7 Automatically Detecting and Connecting 2-7 Setting the VPN Firewall's MAC Address 2-11 Manually Configuring the Internet Connection 2-11 Configuring the WAN Mode 2-16 Configuring Network Address Translation 2-16 Configuring Classical Routing 2-17 Configuring the Auto-Rollover Mode and...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall 2-3 Understanding the Web Management Interface Menu Layout 2-5 Configuring the Internet Connections 2-7 Automatically Detecting and Connecting 2-7 Setting the VPN Firewall's MAC Address 2-11 Manually Configuring the Internet Connection 2-11 Configuring the WAN Mode 2-16 Configuring Network Address Translation 2-16 Configuring Classical Routing 2-17 Configuring the Auto-Rollover Mode and...
SRX5308 Reference Manual
Page 8
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN Tunnel Connection Status 9-18 Viewing the VPN Logs...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN Tunnel Connection Status 9-18 Viewing the VPN Logs...
SRX5308 Reference Manual
Page 61
...the DMZ Port" on page 3-20 • "Managing Routing" on two separate LANs. A virtual LAN (VLAN) is a group of user, or primary application). The resources of your VPN firewall. A VLAN is a local area network with each other without the need for example, by department, type of PCs, ...servers, and other network resources that maps workstations on how the IT manager has set up the VLANs. 3-1 v1.0, April 2010 Hubs...
...the DMZ Port" on page 3-20 • "Managing Routing" on two separate LANs. A virtual LAN (VLAN) is a group of user, or primary application). The resources of your VPN firewall. A VLAN is a local area network with each other without the need for example, by department, type of PCs, ...servers, and other network resources that maps workstations on how the IT manager has set up the VLANs. 3-1 v1.0, April 2010 Hubs...
SRX5308 Reference Manual
Page 62
... or router. • When a port receives an untagged packet, this packet is forwarded to a VLAN based on the PVID. • When a port receives a tagged packet, this packet is forwarded to the default VLAN, or VLAN 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual VLANs have created a VLAN profile and assigned one or more than from the drop-down list on the...
... or router. • When a port receives an untagged packet, this packet is forwarded to a VLAN based on the PVID. • When a port receives a tagged packet, this packet is forwarded to the default VLAN, or VLAN 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual VLANs have created a VLAN profile and assigned one or more than from the drop-down list on the...
SRX5308 Reference Manual
Page 63
... tabs display, with an IP phone that are members of which is connected to the VPN firewall, the other one to another VLAN profile as examples.) Figure 3-1 LAN Configuration 3-3 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual When you created the VLAN profile. The following is a typical scenario for a configuration with the LAN Setup screen in view...
... tabs display, with an IP phone that are members of which is connected to the VPN firewall, the other one to another VLAN profile as examples.) Figure 3-1 LAN Configuration 3-3 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual When you created the VLAN profile. The following is a typical scenario for a configuration with the LAN Setup screen in view...
SRX5308 Reference Manual
Page 64
... fields are displayed in the drop-down list. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual For each VLAN, you create a new VLAN, the DHCP server option is assigned to the Edit VLAN Profile screen. 2. The VLAN profile is enabled. - The unique ID (or tag) assigned to the VPN firewall's LAN. DHCP Server The default VLAN (VLAN 1) has the DHCP Server option enabled by...
... fields are displayed in the drop-down list. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual For each VLAN, you create a new VLAN, the DHCP server option is assigned to the Edit VLAN Profile screen. 2. The VLAN profile is enabled. - The unique ID (or tag) assigned to the VPN firewall's LAN. DHCP Server The default VLAN (VLAN 1) has the DHCP Server option enabled by...
SRX5308 Reference Manual
Page 65
...DNS IP addresses along with two different ISPs) and you do not support forwarding of these types of messages. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The VPN firewall delivers the following settings to any LAN device that requests DHCP: • An IP address from the range ..., the DHCP clients can make the VPN firewall a DHCP relay agent for a VLAN, its clients can obtain IP addresses only from a DHCP server that is enabled for a VLAN, the VPN firewall acts as a proxy for each WAN connection are using a dual-WAN configuration in auto-rollover mode. LAN ...
...DNS IP addresses along with two different ISPs) and you do not support forwarding of these types of messages. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The VPN firewall delivers the following settings to any LAN device that requests DHCP: • An IP address from the range ..., the DHCP clients can make the VPN firewall a DHCP relay agent for a VLAN, its clients can obtain IP addresses only from a DHCP server that is enabled for a VLAN, the VPN firewall acts as a proxy for each WAN connection are using a dual-WAN configuration in auto-rollover mode. LAN ...
SRX5308 Reference Manual
Page 66
.../IP settings, DHCP options, DNS server, and inter-VLAN routing. Note: For information about how to configure a VLAN profile. The LAN submenu tabs display, with the LAN Setup screen in the directory (that run over TCP/IP. Figure 3-2 3-6 v1.0, April 2010 LAN Configuration ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LDAP Server A Lightweight Directory Access Protocol (LDAP...
.../IP settings, DHCP options, DNS server, and inter-VLAN routing. Note: For information about how to configure a VLAN profile. The LAN submenu tabs display, with the LAN Setup screen in the directory (that run over TCP/IP. Figure 3-2 3-6 v1.0, April 2010 LAN Configuration ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LDAP Server A Lightweight Directory Access Protocol (LDAP...
SRX5308 Reference Manual
Page 67
The Edit VLAN Profile screen displays. Figure 3-3 LAN Configuration 3-7 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Either select an entry from the VLAN Profiles table and click the corresponding Edit table button, or add a new VLAN profile by clicking the Add table button under the VLAN Profiles table.
The Edit VLAN Profile screen displays. Figure 3-3 LAN Configuration 3-7 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Either select an entry from the VLAN Profiles table and click the corresponding Edit table button, or add a new VLAN profile by clicking the Add table button under the VLAN Profiles table.
SRX5308 Reference Manual
Page 68
... Web Management Interface. If another device on the IP address that are implementing subnetting, use 255.255.255.0 as a member of a VLAN profile can have the same VLAN ID number. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Note: You can also change the LAN IP address of an IP address. Enter the IP address of your browser...
... Web Management Interface. If another device on the IP address that are implementing subnetting, use 255.255.255.0 as a member of a VLAN profile can have the same VLAN ID number. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Note: You can also change the LAN IP address of an IP address. Enter the IP address of your browser...
SRX5308 Reference Manual
Page 69
... the LAN is specified, the VPN firewall uses the VLAN IP address as the primary DNS server IP address. If no address is assigned an IP address between this address as the primary DNS server IP address. This specifies the duration for a DHCP server somewhere else on your network. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. This...
... the LAN is specified, the VPN firewall uses the VLAN IP address as the primary DNS server IP address. If no address is assigned an IP address between this address as the primary DNS server IP address. This specifies the duration for a DHCP server somewhere else on your network. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. This...
SRX5308 Reference Manual
Page 70
...location in the directory tree from which inter VLAN routing is disabled by commas. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. When the Enable Inter VLAN Routing radio button is not selected, traffic from other VLANs is not routed to VLANs for which the LDAP search begins. Search ...: cn=Johnson,dc=Netgear,dc=net Port The port number for Web and email security. Select the Enable DNS Proxy radio button to enable the VPN firewall to its LAN IP address. Enter the following settings. Inter VLAN Routing Enable Inter VLAN Routing This is optional...
...location in the directory tree from which inter VLAN routing is disabled by commas. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. When the Enable Inter VLAN Routing radio button is not selected, traffic from other VLANs is not routed to VLANs for which the LDAP search begins. Search ...: cn=Johnson,dc=Netgear,dc=net Port The port number for Web and email security. Select the Enable DNS Proxy radio button to enable the VPN firewall to its LAN IP address. Enter the following settings. Inter VLAN Routing Enable Inter VLAN Routing This is optional...
SRX5308 Reference Manual
Page 71
... settings to allow up to 16 VLANs to each be mapped to physical addresses (that is discarded except responses to save your settings. You can change these default traffic rules, see Chapter 4, "Firewall Protection." For information about the DHCP log, see Figure 3-2 on ...a unique MAC address. Configuring VLAN MAC Addresses and LAN Advanced Settings By default, all inbound traffic is , MAC addresses). The LAN submenu tabs display, with the LAN Setup screen in view (see "Viewing the DHCP Log" on page 3-6). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4.
... settings to allow up to 16 VLANs to each be mapped to physical addresses (that is discarded except responses to save your settings. You can change these default traffic rules, see Chapter 4, "Firewall Protection." For information about the DHCP log, see Figure 3-2 on ...a unique MAC address. Configuring VLAN MAC Addresses and LAN Advanced Settings By default, all inbound traffic is , MAC addresses). The LAN submenu tabs display, with the LAN Setup screen in view (see "Viewing the DHCP Log" on page 3-6). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4.
SRX5308 Reference Manual
Page 72
....0, April 2010 LAN Configuration Click Apply to the Internet, but you can disable the broadcast of ARP packets for the default VLAN. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. From the MAC Address for the default VLAN.) 5. The IP addresses that are assigned as secondary IP addresses must be unique and must not be distinct. Figure 3-4 3. Configuring...
....0, April 2010 LAN Configuration Click Apply to the Internet, but you can disable the broadcast of ARP packets for the default VLAN. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. From the MAC Address for the default VLAN.) 5. The IP addresses that are assigned as secondary IP addresses must be unique and must not be distinct. Figure 3-4 3. Configuring...
SRX5308 Reference Manual
Page 73
... the primary LAN, WAN, and DMZ IP addresses and subnet addresses that any secondary LAN addresses are already configured on page 3-6). 2. The LAN Settings submenu tabs display, with subnet 255.255.255.0 To add a secondary LAN IP address to the default VLAN: 1. In the ... LAN IP addresses that you ensure that are different from the menu. Enter the secondary address that were added to the VPN firewall. 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual It is an example of the screen, enter the following is important that you want to assign to the LAN...
... the primary LAN, WAN, and DMZ IP addresses and subnet addresses that any secondary LAN addresses are already configured on page 3-6). 2. The LAN Settings submenu tabs display, with subnet 255.255.255.0 To add a secondary LAN IP address to the default VLAN: 1. In the ... LAN IP addresses that you ensure that are different from the menu. Enter the secondary address that were added to the VPN firewall. 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual It is an example of the screen, enter the following is important that you want to assign to the LAN...
SRX5308 Reference Manual
Page 76
...device is assigned a static IP address, you can select a different LAN group from the Group drop-down list in the network database. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 3-6 The Known PCs and Devices table lists the entries in the Add Known PCs and Devices section or on the PC... or device has changed. • MAC Address. If a PC or device is assigned. • Action. The VLAN to add a meaningful name). The Edit table button that do not support the NetBIOS protocol, the name is appended by an asterisk. • IP...
...device is assigned a static IP address, you can select a different LAN group from the Group drop-down list in the network database. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 3-6 The Known PCs and Devices table lists the entries in the Add Known PCs and Devices section or on the PC... or device has changed. • MAC Address. If a PC or device is assigned. • Action. The VLAN to add a meaningful name). The Edit table button that do not support the NetBIOS protocol, the name is appended by an asterisk. • IP...
SRX5308 Reference Manual
Page 77
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding PCs or Devices to the Network Database To add PCs... button to add the PC or device to the network database: 1. From the drop-down list, select the VLAN profile to this PC or device is assigned in Table 3-2. LAN Configuration v1.0, April 2010 3-17 From the ...interface. If the IP address type is statically assigned on PC). The MAC address format is the default VLAN group.) 2. Directs the VPN firewall's DHCP server to always assign the specified IP address to which the PC or device is assigned. (...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding PCs or Devices to the Network Database To add PCs... button to add the PC or device to the network database: 1. From the drop-down list, select the VLAN profile to this PC or device is assigned in Table 3-2. LAN Configuration v1.0, April 2010 3-17 From the ...interface. If the IP address type is statically assigned on PC). The MAC address format is the default VLAN group.) 2. Directs the VPN firewall's DHCP server to always assign the specified IP address to which the PC or device is assigned. (...
SRX5308 Reference Manual
Page 82
... address outside the LAN address pool, such as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for the VLAN, or if you want to function as 192.168.1.101). End IP Enter the ending IP address. Enables you have configured it...address. The IP address 192.168.1.100 is the default setting. The subnet mask specifies the network number portion of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. DHCP Disable DHCP Server If another device on your network is assigned an IP address between the ...
... address outside the LAN address pool, such as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for the VLAN, or if you want to function as 192.168.1.101). End IP Enter the ending IP address. Enables you have configured it...address. The IP address 192.168.1.100 is the default setting. The subnet mask specifies the network number portion of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. DHCP Disable DHCP Server If another device on your network is assigned an IP address between the ...