SSL312 User Manual
Page 5
... ...xii Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
... ...xii Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
SSL312 User Manual
Page 6
...Sample LDAP Attributes 3-7 LDAP Attribute Rules 3-8 Sample LDAP Users and Attributes Settings 3-8 Querying an LDAP Server 3-9 Configuring for LDAP Authentication 3-9 Kerberos Authentication (Active Directory 3-11 Troubleshooting Active Directory Authentication 3-12 Deleting a Domain ...3-12 ...Policies ...4-3 Editing Global Policy Settings 4-4 Adding and Editing Global Policies 4-6 Defining and Editing Global Bookmarks 4-7 Groups Configuration ...4-8 Adding a New Group 4-8 Editing Group Settings 4-9 Defining and Editing Group Policies 4-11 Defining and Editing Group Bookmarks 4-12...
...Sample LDAP Attributes 3-7 LDAP Attribute Rules 3-8 Sample LDAP Users and Attributes Settings 3-8 Querying an LDAP Server 3-9 Configuring for LDAP Authentication 3-9 Kerberos Authentication (Active Directory 3-11 Troubleshooting Active Directory Authentication 3-12 Deleting a Domain ...3-12 ...Policies ...4-3 Editing Global Policy Settings 4-4 Adding and Editing Global Policies 4-6 Defining and Editing Global Bookmarks 4-7 Groups Configuration ...4-8 Adding a New Group 4-8 Editing Group Settings 4-9 Defining and Editing Group Policies 4-11 Defining and Editing Group Bookmarks 4-12...
SSL312 User Manual
Page 7
... Services 5-10 Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Two Approaches for VPN 6-1 SSL VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration 7-2 Static Route Configuration 7-4 Network Host Table Settings 7-6 Configuring DNS Settings 7-7 Setting Date...
... Services 5-10 Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Two Approaches for VPN 6-1 SSL VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration 7-2 Static Route Configuration 7-4 Network Host Table Settings 7-6 Configuring DNS Settings 7-7 Setting Date...
SSL312 User Manual
Page 8
Erasing the Configuration and Restoring the Default Settings 7-13 Upgrading the SSL VPN Concentrator Firmware 7-13 Additional Notes on the Management Interface 7-14 Chapter 8 Monitoring and Logging SSL VPN Concentrator Status 8-1 Active Users ...8-3 Event Log ...8-4 Log Settings ...8-5 Diagnostics ...8-9 Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-2 Appendix B Related Documents Index viii v2.1, November 2008
Erasing the Configuration and Restoring the Default Settings 7-13 Upgrading the SSL VPN Concentrator Firmware 7-13 Additional Notes on the Management Interface 7-14 Chapter 8 Monitoring and Logging SSL VPN Concentrator Status 8-1 Active Users ...8-3 Event Log ...8-4 Log Settings ...8-5 Diagnostics ...8-9 Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-2 Appendix B Related Documents Index viii v2.1, November 2008
SSL312 User Manual
Page 9
... special interest. Warning: Ignoring this manual are described in the following paragraphs: • Typographical Conventions. About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight a procedure that will configure the SSL312. You should have intermediate computer and Internet skills. Tip: This format is used to highlight information of note could...
... special interest. Warning: Ignoring this manual are described in the following paragraphs: • Typographical Conventions. About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight a procedure that will configure the SSL312. You should have intermediate computer and Internet skills. Tip: This format is used to highlight information of note could...
SSL312 User Manual
Page 12
...; v2.1 firmware -xii v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November 2008 Description of Changes • Restructured the contents so that common setup and configuration tasks are easier to find •...
...; v2.1 firmware -xii v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November 2008 Description of Changes • Restructured the contents so that common setup and configuration tasks are easier to find •...
SSL312 User Manual
Page 14
Java: Sun JRE 1.1 or higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for the SSL VPN portal, not the web management interface. • Microsoft Windows: ... wide variety of user repositories. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. Browsers: Microsoft Internet Explorer 5.1.or higher Mozilla Firefox 1.x - supports VPN tunnel, VNC, Network Places and ...
Java: Sun JRE 1.1 or higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for the SSL VPN portal, not the web management interface. • Microsoft Windows: ... wide variety of user repositories. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. Browsers: Microsoft Internet Explorer 5.1.or higher Mozilla Firefox 1.x - supports VPN tunnel, VNC, Network Places and ...
SSL312 User Manual
Page 17
... power cord provided with the SSL VPN Concentrator. Refer to Chapter 5, "Configuring the Remote Access Web Portal". Refer to Chapter 2, "Installing the SSL312". • Setting up SSL312 user accounts: creating individual user accounts, grouping users by common access privileges, and defining those privileges. Introduction 1-5 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is...
... power cord provided with the SSL VPN Concentrator. Refer to Chapter 5, "Configuring the Remote Access Web Portal". Refer to Chapter 2, "Installing the SSL312". • Setting up SSL312 user accounts: creating individual user accounts, grouping users by common access privileges, and defining those privileges. Introduction 1-5 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is...
SSL312 User Manual
Page 19
... the Internet and the decrypted connection to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for Further Configuration Choosing a Network Topology The physical connection of these topics...
... the Internet and the decrypted connection to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for Further Configuration Choosing a Network Topology The physical connection of these topics...
SSL312 User Manual
Page 20
... 2008 Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to the appropriate corporate network servers. . NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall. In later steps, you will use the following settings when configuring for most networks.
... 2008 Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to the appropriate corporate network servers. . NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall. In later steps, you will use the following settings when configuring for most networks.
SSL312 User Manual
Page 21
... protocols. The user's subsequent requests for initial configuration including reassignment of unloading SSL traffic from a remote user is 10.0.0.1. Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). Therefore, the SSL VPN Concentrator should always be as well protected since the firewall can not inspect this traffic. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure...
... protocols. The user's subsequent requests for initial configuration including reassignment of unloading SSL traffic from a remote user is 10.0.0.1. Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). Therefore, the SSL VPN Concentrator should always be as well protected since the firewall can not inspect this traffic. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure...
SSL312 User Manual
Page 22
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Prepare a PC with a static IP address of 192.168.1.10 and 255.255.255.0 as the subnet mask. 3. If this PC is https://10.0.0.1. 2-4 Installing the SSL312 v2.1, November 2008 Connect an Ethernet...SSL VPN Concentrator web management interface. Configure your browser and entering https://192.168.1.1 (for management is lit: either the 10 Mbps or the 100 Mbps LED should light showing that the system has initialized. • One of the concentrator must have administrative access to the SSL VPN Concentrator to the SSL312...
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. Prepare a PC with a static IP address of 192.168.1.10 and 255.255.255.0 as the subnet mask. 3. If this PC is https://10.0.0.1. 2-4 Installing the SSL312 v2.1, November 2008 Connect an Ethernet...SSL VPN Concentrator web management interface. Configure your browser and entering https://192.168.1.1 (for management is lit: either the 10 Mbps or the 100 Mbps LED should light showing that the system has initialized. • One of the concentrator must have administrative access to the SSL VPN Concentrator to the SSL312...
SSL312 User Manual
Page 23
.... A certificate security warning may appear. Figure 2-3 3. From the Domain drop-down menu, select geardomain. 5. Click Yes or OK to access and configure administrative settings. Installing the SSL312 2-5 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. When prompted, enter admin for the User Name and password for the Password, both in to log in lower case...
.... A certificate security warning may appear. Figure 2-3 3. From the Domain drop-down menu, select geardomain. 5. Click Yes or OK to access and configure administrative settings. Installing the SSL312 2-5 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. When prompted, enter admin for the User Name and password for the Password, both in to log in lower case...
SSL312 User Manual
Page 24
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-4 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • Configure DNS server IP address • Configure a default route 2-6 Installing the SSL312 v2.1, November 2008
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-4 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • Configure DNS server IP address • Configure a default route 2-6 Installing the SSL312 v2.1, November 2008
SSL312 User Manual
Page 25
... Gateway for the ethernet-1 interface is your chosen Ethernet Port 1 IP Address and Subnet Mask. In the Network menu, click the Interfaces radio button. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. d. b. b. a. If you plan a routing topology, the Default Gateway for the ethernet-2 interface is your...
... Gateway for the ethernet-1 interface is your chosen Ethernet Port 1 IP Address and Subnet Mask. In the Network menu, click the Interfaces radio button. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. d. b. b. a. If you plan a routing topology, the Default Gateway for the ethernet-2 interface is your...
SSL312 User Manual
Page 26
... Port that you changed to the corporate network. Note: If the default portal (SSL-VPN) is connected to another user-defined portal, the administration portal, SSL-VPN, can now continue the configuration of the server. 2-8 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. Log in your chosen topology. • For a single arm topology, connect Ethernet Port...
... Port that you changed to the corporate network. Note: If the default portal (SSL-VPN) is connected to another user-defined portal, the administration portal, SSL-VPN, can now continue the configuration of the server. 2-8 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. Log in your chosen topology. • For a single arm topology, connect Ethernet Port...
SSL312 User Manual
Page 27
... the information you include in your network. Obtaining a Certificate from a Certificate Authority To obtain a certificate from NETGEAR. Under the System Configuration menu in your CSR. To generate a new Certificate Signing Request (CSR) file: 1. Note: If you ...certificates, upload a new certificate and generate a Certificate Signing Request (CSR). NETGEAR recommends that will trigger a warning from a commercial CA provides a strong assurance of the server. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual You can obtain a certificate from a CA, you must generate ...
... the information you include in your network. Obtaining a Certificate from a Certificate Authority To obtain a certificate from NETGEAR. Under the System Configuration menu in your CSR. To generate a new Certificate Signing Request (CSR) file: 1. Note: If you ...certificates, upload a new certificate and generate a Certificate Signing Request (CSR). NETGEAR recommends that will trigger a warning from a commercial CA provides a strong assurance of the server. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual You can obtain a certificate from a CA, you must generate ...
SSL312 User Manual
Page 29
... to the instructions later in the left navigation pane, select Certificates. Under the System Configuration menu in this file to a disk location. In the Digital Certificate Management section,...SSL VPN Concentrator. To generate a self-signed certificate file: 1. The Create CSR screen will display as shown in the previous section. 2. The Certificates menu will display. Installing the SSL312 v2.1, November 2008 2-11 You will display. A file download screen will need to provide this chapter. When you receive your PC. 7. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312...
... to the instructions later in the left navigation pane, select Certificates. Under the System Configuration menu in this file to a disk location. In the Digital Certificate Management section,...SSL VPN Concentrator. To generate a self-signed certificate file: 1. The Create CSR screen will display as shown in the previous section. 2. The Certificates menu will display. Installing the SSL312 v2.1, November 2008 2-11 You will display. A file download screen will need to provide this chapter. When you receive your PC. 7. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312...
SSL312 User Manual
Page 30
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. Click Save to save the file to the Cert Description table. If the zipped file does not contain these two files, the zipped ... Generate a Self-signed Certificate checkbox to the SSL VPN Concentrator. This file includes a server.crt and a server.key key file. 6. Note: Do not upload the CSR file to generate a new CRT. 5. Under the System Configuration menu in your disk or network drive. 3. The password for the NETGEAR default certificate is displayed in the Current Certificates...
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3. Click Save to save the file to the Cert Description table. If the zipped file does not contain these two files, the zipped ... Generate a Self-signed Certificate checkbox to the SSL VPN Concentrator. This file includes a server.crt and a server.key key file. 6. Note: Do not upload the CSR file to generate a new CRT. 5. Under the System Configuration menu in your disk or network drive. 3. The password for the NETGEAR default certificate is displayed in the Current Certificates...
SSL312 User Manual
Page 33
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Steps for Further Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains (Chapter 3, "Authenticating Users"). • Define user and group settings (Chapter 4, "Setting Up User and Group Access Policies"). Installing the SSL312 v2.1, November 2008 2-15
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Steps for Further Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains (Chapter 3, "Authenticating Users"). • Define user and group settings (Chapter 4, "Setting Up User and Group Access Policies"). Installing the SSL312 v2.1, November 2008 2-15