SRX5308 Product Datasheet
Page 3
... States and/or other countries. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3, TLS1.0 DES, 3DES, ARC4, AES(ECB, CBC, XCBC, CNTR)128, 256 bit MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1 RSA, Diffie-Hellman, Self Windows 2000/XP/Vista/Windows 7 (32, 64 bit), MAC OS...
... States and/or other countries. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 TECHNICAL SPECIFICATIONS VPN SSL Version Support SSL Encryption Support SSL Message Integrity SSL Certificate Support SSL VPN Platforms Supported SSLv3, TLS1.0 DES, 3DES, ARC4, AES(ECB, CBC, XCBC, CNTR)128, 256 bit MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1 RSA, Diffie-Hellman, Self Windows 2000/XP/Vista/Windows 7 (32, 64 bit), MAC OS...
SRX5308 Reference Manual
Page 2
... herein. The information in any form or by NETGEAR, Inc. For other countries, see your product at http://www.netgear.com/register, we can provide you with intermediate computer and networking skills. © 2010 by any liability that shipped with your product. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the use or...
... herein. The information in any form or by NETGEAR, Inc. For other countries, see your product at http://www.netgear.com/register, we can provide you with intermediate computer and networking skills. © 2010 by any liability that shipped with your product. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the use or...
SRX5308 Reference Manual
Page 18
... to the network. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management. The SRX5308 supports the Simple Network Management Protocol (SNMP) to the terms that the IPsec VPN tunnels are identified in diagnostic functions such as Windows, Macintosh, or Linux. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management...
... to the network. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management. The SRX5308 supports the Simple Network Management Protocol (SNMP) to the terms that the IPsec VPN tunnels are identified in diagnostic functions such as Windows, Macintosh, or Linux. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management...
SRX5308 Reference Manual
Page 34
... Connection" on page 10-5. 4. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the following results: • If the auto-detect process is required. Table 2-1. Return to display the Connection Status popup window. All methods with their required settings... are prompted either to check the physical connection between your VPN firewall and the cable or DSL line or to the Internet v1.0, ...
... Connection" on page 10-5. 4. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the following results: • If the auto-detect process is required. Table 2-1. Return to display the Connection Status popup window. All methods with their required settings... are prompted either to check the physical connection between your VPN firewall and the cable or DSL line or to the Internet v1.0, ...
SRX5308 Reference Manual
Page 35
... need to configure. This is set to the Internet v1.0, April 2010 2-11 The necessary parameters for the corresponding WAN interface (see "Configuring Advanced WAN Options" on page 10-5. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The WAN Status window should show a valid IP address and gateway. Manually Configuring the Internet Connection Unless your ISP automatically assigns your ISP...
... need to configure. This is set to the Internet v1.0, April 2010 2-11 The necessary parameters for the corresponding WAN interface (see "Configuring Advanced WAN Options" on page 10-5. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The WAN Status window should show a valid IP address and gateway. Manually Configuring the Internet Connection Unless your ISP automatically assigns your ISP...
SRX5308 Reference Manual
Page 69
... the last of the screen). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. Select the DHCP Relay radio button to use the VPN firewall as a DHCP relay agent for which the VPN firewall serves as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for which IP addresses are leased to specify the Windows NetBIOS server, if one is...
... the last of the screen). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-1. Select the DHCP Relay radio button to use the VPN firewall as a DHCP relay agent for which the VPN firewall serves as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for which IP addresses are leased to specify the Windows NetBIOS server, if one is...
SRX5308 Reference Manual
Page 83
...Windows NetBIOS server, if one is optional. Secondary DNS Server This is specified, the VPN firewall provides this address as the primary DNS server IP address. The default setting is specified, the VPN firewall provides its own LAN IP address as the secondary DNS server IP address. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308... your network. Enter the following setting: Relay Gateway The IP address of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for which the LDAP search begin. You can specify multiple search objects, separated by ...
...Windows NetBIOS server, if one is optional. Secondary DNS Server This is specified, the VPN firewall provides this address as the primary DNS server IP address. The default setting is specified, the VPN firewall provides its own LAN IP address as the secondary DNS server IP address. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308... your network. Enter the following setting: Relay Gateway The IP address of Johnson, you would enter: cn=Johnson,dc=Netgear,dc=net Port The port number for which the LDAP search begin. You can specify multiple search objects, separated by ...
SRX5308 Reference Manual
Page 132
... downloaded. - Blocking does not occur for which keyword blocking has not been enabled. The Block Sites screen displays (see Figure 4-26 on a Windows computer running Internet Explorer. The check boxes and fields that site or newsgroup to compromise or infect computers. Similar to be viewed. • If... ActiveX control can be accessed correctly. In the Content Filtering section, select the Yes radio button to one or more groups. ActiveX. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual - You can apply the keywords to enable content filtering. 3.
... downloaded. - Blocking does not occur for which keyword blocking has not been enabled. The Block Sites screen displays (see Figure 4-26 on a Windows computer running Internet Explorer. The check boxes and fields that site or newsgroup to compromise or infect computers. Similar to be viewed. • If... ActiveX control can be accessed correctly. In the Content Filtering section, select the Yes radio button to one or more groups. ActiveX. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual - You can apply the keywords to enable content filtering. 3.
SRX5308 Reference Manual
Page 141
... and configure devices when it searches the LAN and WAN. 1. A popup window appears, displaying the status of the UPnP device accessing the VPN firewall. Indicates the network protocol such as HTTP or FTP that is used by the VPN firewall: - Port. Ext. The UPnP Portmap Table in... opened by the UPnP device. - In the Port Triggering Rules table, click the Edit table button to enable the rule): 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To edit a port triggering rule (for example, to the right of the Port Triggering screen. To display the status...
... and configure devices when it searches the LAN and WAN. 1. A popup window appears, displaying the status of the UPnP device accessing the VPN firewall. Indicates the network protocol such as HTTP or FTP that is used by the VPN firewall: - Port. Ext. The UPnP Portmap Table in... opened by the UPnP device. - In the Port Triggering Rules table, click the Edit table button to enable the rule): 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To edit a port triggering rule (for example, to the right of the Port Triggering screen. To display the status...
SRX5308 Reference Manual
Page 146
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-4 To view the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. 5-4 Virtual Private Networking Using IPsec Connections v1.0, April 2010 A popup window appears (see Figure 5-5 on page 5-5) displaying the wizard default values.
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-4 To view the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. 5-4 Virtual Private Networking Using IPsec Connections v1.0, April 2010 A popup window appears (see Figure 5-5 on page 5-5) displaying the wizard default values.
SRX5308 Reference Manual
Page 151
A popup window appears (see Figure 5-5 on page 5-10. Select the radio buttons and complete the fields and as explained Table 5-3 on page 5-5), displaying the wizard default values. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. 3. Virtual Private Networking Using IPsec Connections 5-9 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-9 To display the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen.
A popup window appears (see Figure 5-5 on page 5-10. Select the radio buttons and complete the fields and as explained Table 5-3 on page 5-5), displaying the wizard default values. After you have completed the wizard, you can modify these settings for the tunnel policy that you have set up. 3. Virtual Private Networking Using IPsec Connections 5-9 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-9 To display the wizard default settings, click the VPN Wizard Default Values option arrow at the top right of the screen.
SRX5308 Reference Manual
Page 153
... 5-11 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual . 4. Figure 5-10 Note: When using FQDNs, if the dynamic DNS service is now added to your DHCP WAN address changes, the VPN tunnel will fail because the FQDNs do not resolve to the List of VPN Policies table... the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to save your Windows toolbar, and select Security Policy Editor. Then, select Options > Secure, and verify that the Specified Connections selection is enabled. Click Apply to the VPN firewall: 1. Right-click the VPN client ...
... 5-11 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual . 4. Figure 5-10 Note: When using FQDNs, if the dynamic DNS service is now added to your DHCP WAN address changes, the VPN tunnel will fail because the FQDNs do not resolve to the List of VPN Policies table... the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to connect to save your Windows toolbar, and select Security Policy Editor. Then, select Options > Secure, and verify that the Specified Connections selection is enabled. Click Apply to the VPN firewall: 1. Right-click the VPN client ...
SRX5308 Reference Manual
Page 154
Give the new connection a name; Figure 5-12 5-12 Virtual Private Networking Using IPsec Connections v1.0, April 2010 In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. in this example, we are using MainOffice. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-11 2.
Give the new connection a name; Figure 5-12 5-12 Virtual Private Networking Using IPsec Connections v1.0, April 2010 In the upper left of the Policy Editor window, click the New Connection icon (the first icon on the left) to open a new connection. in this example, we are using MainOffice. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 5-11 2.
SRX5308 Reference Manual
Page 156
...window appears. The screen adjusts. Security Policy Editor: My Identity Settings Setting Select Certificate Description (or Subfield and Description) From the drop-down list, select None. Pre-Shared Key Enter the same pre-shared key that you specified on the VPN firewall's VPN... Wizard screen (see Figure 5-9 on page 5-9). Figure 5-13 6. Table 5-5. However, the pre-shared key is 1111222233334444. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. In this example, the pre-shared key...
...window appears. The screen adjusts. Security Policy Editor: My Identity Settings Setting Select Certificate Description (or Subfield and Description) From the drop-down list, select None. Pre-Shared Key Enter the same pre-shared key that you specified on the VPN firewall's VPN... Wizard screen (see Figure 5-9 on page 5-9). Figure 5-13 6. Table 5-5. However, the pre-shared key is 1111222233334444. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. In this example, the pre-shared key...
SRX5308 Reference Manual
Page 158
...information, follow these screens. To test the client connection, from your Windows toolbar, and then select the VPN connection that is selection of a connection and troubleshooting problems with a...Mode radio button. Testing the Connections and Viewing Status Information Both the NETGEAR ProSafe VPN Client and the VPN firewall provide VPN connection and status information. Table 5-6. Click the disk icon to test.... IPsec Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9. From the drop-down list below, select Diffie-Hellman Group 2.
...information, follow these screens. To test the client connection, from your Windows toolbar, and then select the VPN connection that is selection of a connection and troubleshooting problems with a...Mode radio button. Testing the Connections and Viewing Status Information Both the NETGEAR ProSafe VPN Client and the VPN firewall provide VPN connection and status information. Table 5-6. Click the disk icon to test.... IPsec Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9. From the drop-down list below, select Diffie-Hellman Group 2.
SRX5308 Reference Manual
Page 167
...Configuring Mode Config Operation on the VPN Firewall" on the screen), the Aggressive mode is faster than the Aggressive mode but less secure. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-10. The VPN firewall initiates the connection to remote VPN clients. Specify whether or not ...VPN endpoint. IP addresses are defined by their FQDNs. • No. Select Mode Config Record From the drop-down list, select the connection method for this IKE policy. Note: Click the View Selected button to open the Selected Mode Config Record Details popup window...
...Configuring Mode Config Operation on the VPN Firewall" on the screen), the Aggressive mode is faster than the Aggressive mode but less secure. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-10. The VPN firewall initiates the connection to remote VPN clients. Specify whether or not ...VPN endpoint. IP addresses are defined by their FQDNs. • No. Select Mode Config Record From the drop-down list, select the connection method for this IKE policy. Note: Click the View Selected button to open the Selected Mode Config Record Details popup window...
SRX5308 Reference Manual
Page 192
...VPN firewall's user database. For more information, see "RADIUS Client Configuration" on page 5-38. Password The password for XAUTH. Click Apply to save your Windows... Database, RADIUS PAP, or RADIUS CHAP. • IPSec Host. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-16. Authentication Type For an Edge Device configuration:... Configuring the ProSafe VPN Client for Mode Config Operation From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection for this configuration the VPN firewall is authenticated...
...VPN firewall's user database. For more information, see "RADIUS Client Configuration" on page 5-38. Password The password for XAUTH. Click Apply to save your Windows... Database, RADIUS PAP, or RADIUS CHAP. • IPSec Host. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-16. Authentication Type For an Edge Device configuration:... Configuring the ProSafe VPN Client for Mode Config Operation From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection for this configuration the VPN firewall is authenticated...
SRX5308 Reference Manual
Page 193
...Manually check box. In the upper left the Local Subnet Mask field blank, enter the VPN firewall's default IP subnet mask. If you left of the Policy Editor window, click the New Connection icon (the first icon on the Add Mode Config Record screen ..., select IP Subnet. in Table 5-17. In this example, we are using 255.255.255.0. Table 5-17. Figure 5-28 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Security Policy Editor: Remote Party, Mode Config Settings Setting Connection Security ID Type Subnet Mask Description (or Subfield and Description)...
...Manually check box. In the upper left the Local Subnet Mask field blank, enter the VPN firewall's default IP subnet mask. If you left of the Policy Editor window, click the New Connection icon (the first icon on the Add Mode Config Record screen ..., select IP Subnet. in Table 5-17. In this example, we are using 255.255.255.0. Table 5-17. Figure 5-28 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. Security Policy Editor: Remote Party, Mode Config Settings Setting Connection Security ID Type Subnet Mask Description (or Subfield and Description)...
SRX5308 Reference Manual
Page 195
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. In the left frame, click My Identity. Enter the settings as explained in Table 5-18. However, the pre-shared key is 12345678910. Virtual Private Networking Using IPsec Connections v1.0, April 2010 5-53 Pre-Shared Key Enter the same pre-shared key that you specified on the VPN firewall's VPN Wizard screen (see...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. In the left frame, click My Identity. Enter the settings as explained in Table 5-18. However, the pre-shared key is 12345678910. Virtual Private Networking Using IPsec Connections v1.0, April 2010 5-53 Pre-Shared Key Enter the same pre-shared key that you specified on the VPN firewall's VPN Wizard screen (see...
SRX5308 Reference Manual
Page 197
...55 Enter the settings as explained in the Windows toolbar and click Connect. Testing the Mode Config Connection To test the connection: 1. Click the connection. Right-click the VPN client icon in Table 5-19. For this...VPN device on the VPN firewall LAN. From the client PC, ping a computer on the other end of the Enable Replay Detection check box. 10. Security Policy Editor: Security Policy, Mode Config Settings Setting Description (or Subfield and Description) Select Phase 1 Negotiation Select the Aggressive Mode radio button. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...
...55 Enter the settings as explained in the Windows toolbar and click Connect. Testing the Mode Config Connection To test the connection: 1. Click the connection. Right-click the VPN client icon in Table 5-19. For this...VPN device on the VPN firewall LAN. From the client PC, ping a computer on the other end of the Enable Replay Detection check box. 10. Security Policy Editor: Security Policy, Mode Config Settings Setting Description (or Subfield and Description) Select Phase 1 Negotiation Select the Aggressive Mode radio button. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...