SSL312 User Manual
Page 1
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, California 95134 USA 202-10208-05 November 2008 v2.1
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, California 95134 USA 202-10208-05 November 2008 v2.1
SSL312 User Manual
Page 2
... obtain technical support. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this equipment does cause harmful interference to radio or ...names are registered trademarks of their respective holders. If you may cause undesired operation. All rights reserved. Trademarks NETGEAR, the NETGEAR logo, ProSafe and Auto Uplink are designed to provide reasonable protection against harmful interference in the United States Radio Frequency Interference ...
... obtain technical support. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this equipment does cause harmful interference to radio or ...names are registered trademarks of their respective holders. If you may cause undesired operation. All rights reserved. Trademarks NETGEAR, the NETGEAR logo, ProSafe and Auto Uplink are designed to provide reasonable protection against harmful interference in the United States Radio Frequency Interference ...
SSL312 User Manual
Page 3
...in the operating instructions. Please refer to U.S. Export This software product and related technology is hereby certified that the ProSafe SSL VPN Concentrator 25 has been suppressed in accordance with the conditions set out in accordance with the regulations. This product includes software developed...other countries. iii v2.1, November 2008 Compliance is compliant with all such laws and regulations. EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is verified by testing to export or import regulations in the OpenSSL Toolkit (http://www.openssl.org/). Bestä...
...in the operating instructions. Please refer to U.S. Export This software product and related technology is hereby certified that the ProSafe SSL VPN Concentrator 25 has been suppressed in accordance with the conditions set out in accordance with the regulations. This product includes software developed...other countries. iii v2.1, November 2008 Compliance is compliant with all such laws and regulations. EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is verified by testing to export or import regulations in the OpenSSL Toolkit (http://www.openssl.org/). Bestä...
SSL312 User Manual
Page 5
... Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
... Chapter 1 Introduction About the ProSafe SSL VPN Concentrator 25 1-1 Key Features ...1-1 Web Browser Requirements 1-2 What's in the Box ...1-3 Hardware Description ...1-3 Front Panel ...1-4 Back Panel ...1-5 Steps for Deploying the SSL312 1-5 Chapter 2 Installing the SSL312 Choosing a Network Topology 2-1 Single Arm ...2-1 Routing ...2-2 Initial Connection to the SSL VPN Concentrator 2-3 Accessing the Management Interface 2-4 Configuring Basic Network Settings 2-6 Installing the SSL VPN Concentrator 2-8 Managing Certificates ...2-8 Obtaining a Certificate...
SSL312 User Manual
Page 6
Steps for Further Configuration 2-15 Chapter 3 Authenticating Users Authentication Domains 3-1 Local User Database Authentication 3-2 RADIUS and NT Domain Authentication 3-3 Configuring for RADIUS Domain Authentication 3-4 Configuring for NT Domain Authentication 3-5 LDAP Authentication ...3-7 Sample LDAP Attributes 3-7 LDAP Attribute Rules 3-8 Sample LDAP Users and Attributes Settings 3-8 Querying an LDAP Server 3-9 Configuring for LDAP Authentication 3-9 Kerberos Authentication (Active Directory 3-11 Troubleshooting Active Directory Authentication 3-12 Deleting a Domain ...3-12 ...
Steps for Further Configuration 2-15 Chapter 3 Authenticating Users Authentication Domains 3-1 Local User Database Authentication 3-2 RADIUS and NT Domain Authentication 3-3 Configuring for RADIUS Domain Authentication 3-4 Configuring for NT Domain Authentication 3-5 LDAP Authentication ...3-7 Sample LDAP Attributes 3-7 LDAP Attribute Rules 3-8 Sample LDAP Users and Attributes Settings 3-8 Querying an LDAP Server 3-9 Configuring for LDAP Authentication 3-9 Kerberos Authentication (Active Directory 3-11 Troubleshooting Active Directory Authentication 3-12 Deleting a Domain ...3-12 ...
SSL312 User Manual
Page 7
... for Portal Services 5-10 Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Two Approaches for VPN 6-1 SSL VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration...
... for Portal Services 5-10 Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Two Approaches for VPN 6-1 SSL VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration...
SSL312 User Manual
Page 8
Erasing the Configuration and Restoring the Default Settings 7-13 Upgrading the SSL VPN Concentrator Firmware 7-13 Additional Notes on the Management Interface 7-14 Chapter 8 Monitoring and Logging SSL VPN Concentrator Status 8-1 Active Users ...8-3 Event Log ...8-4 Log Settings ...8-5 Diagnostics ...8-9 Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-2 Appendix B Related Documents Index viii v2.1, November 2008
Erasing the Configuration and Restoring the Default Settings 7-13 Upgrading the SSL VPN Concentrator Firmware 7-13 Additional Notes on the Management Interface 7-14 Chapter 8 Monitoring and Logging SSL VPN Concentrator Status 8-1 Active Users ...8-3 Event Log ...8-4 Log Settings ...8-5 Diagnostics ...8-9 Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-2 Appendix B Related Documents Index viii v2.1, November 2008
SSL312 User Manual
Page 9
...manual uses the following formats to highlight special messages: Note: This format is used to install and configure the SSL312. The information in the following paragraphs: • Typographical Conventions. You should have intermediate computer and Internet skills... is intended for administrators who will save time or resources. About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight a procedure that will configure the SSL312. Warning: Ignoring this type of this manual are described in this manual is used...
...manual uses the following formats to highlight special messages: Note: This format is used to install and configure the SSL312. The information in the following paragraphs: • Typographical Conventions. You should have intermediate computer and Internet skills... is intended for administrators who will save time or resources. About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight a procedure that will configure the SSL312. Warning: Ignoring this type of this manual are described in this manual is used...
SSL312 User Manual
Page 10
... •A button that displays the table of the full manual and individual chapters. Double-click on the NETGEAR, Inc. Printing this Manual To print this notice could result in personal injury or death. • Scope... NETGEAR, Inc. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is written for the SSL VPN Concentrator according to these specifications: Product Version Manual Publication Date ProSafe SSL VPN Concentrator 25 SSL312 November 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR ...
... •A button that displays the table of the full manual and individual chapters. Double-click on the NETGEAR, Inc. Printing this Manual To print this notice could result in personal injury or death. • Scope... NETGEAR, Inc. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is written for the SSL VPN Concentrator according to these specifications: Product Version Manual Publication Date ProSafe SSL VPN Concentrator 25 SSL312 November 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR ...
SSL312 User Manual
Page 11
... PDF of This Chapter link at the top left of the window. The Acrobat reader is dedicated to print the page contents. • Printing a Chapter. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in a browser window. - Use the Complete PDF Manual link at the top right of any page in the upper left of...
... PDF of This Chapter link at the top left of the window. The Acrobat reader is dedicated to print the page contents. • Printing a Chapter. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Each page in a browser window. - Use the Complete PDF Manual link at the top right of any page in the upper left of...
SSL312 User Manual
Page 12
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November ... topics • Added a link to a Microsoft Word template for creating an end-user guide • Refined Portal layout behavior • Added Full Tunnel Support for VPN Tunnels • Removed references to SNMP - not supported • Bug fixes • v1.5 firmware • Expanded feature set. • v2.0 firmware • Added two-factor...
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November ... topics • Added a link to a Microsoft Word template for creating an end-user guide • Refined Portal layout behavior • Added Full Tunnel Support for VPN Tunnels • Removed references to SNMP - not supported • Bug fixes • v1.5 firmware • Expanded feature set. • v2.0 firmware • Added two-factor...
SSL312 User Manual
Page 13
... client, such as Microsoft Internet Explorer, Mozilla Firefox, or Apple Safari. • Supports 25 concurrent sessions. • Provides granular access to administer, through a number of the NETGEAR® ProSafe™ SSL VPN Concentrator 25 SSL312. Once the authentication and negotiation of the SSL312 ("Hardware Description" on page 1-3), and a description of the front and back panels of encryption information is...
... client, such as Microsoft Internet Explorer, Mozilla Firefox, or Apple Safari. • Supports 25 concurrent sessions. • Provides granular access to administer, through a number of the NETGEAR® ProSafe™ SSL VPN Concentrator 25 SSL312. Once the authentication and negotiation of the SSL312 ("Hardware Description" on page 1-3), and a description of the front and back panels of encryption information is...
SSL312 User Manual
Page 14
... required for a wide variety of user repositories. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. HTTP and HTTPS proxy and reverse proxy - Browsers: Microsoft Internet Explorer 5.1.or higher Mozilla Firefox 1.x - Java: Sun JRE 1.1 or higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or...
... required for a wide variety of user repositories. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with JavaScript, cookies, and SSL enabled. HTTP and HTTPS proxy and reverse proxy - Browsers: Microsoft Internet Explorer 5.1.or higher Mozilla Firefox 1.x - Java: Sun JRE 1.1 or higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or...
SSL312 User Manual
Page 15
... Explorer. The default browser in the Box The product package should contain the following items: • ProSafe SSL VPN Concentrator 25 SSL312 • A power cord specific to take advantage of the full suite of applications. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual support JavaScript, Java, cookies, SSL and ActiveX to your region. • Straight through Category 5 Ethernet cable. • A serial cable (included...
... Explorer. The default browser in the Box The product package should contain the following items: • ProSafe SSL VPN Concentrator 25 SSL312 • A power cord specific to take advantage of the full suite of applications. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual support JavaScript, Java, cookies, SSL and ActiveX to your region. • Straight through Category 5 Ethernet cable. • A serial cable (included...
SSL312 User Manual
Page 16
... described below: 1. on either the 10M or 100M interface. • A blinking green LED indicates activity on while initializing. (~2 minutes) • Loading software - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Front Panel The SSL VPN Concentrator front panel hardware is on (prolonged) This LED will blink for serial DTE connections. 5. No power • On - Two 10/100M Ethernet ports...
... described below: 1. on either the 10M or 100M interface. • A blinking green LED indicates activity on while initializing. (~2 minutes) • Loading software - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Front Panel The SSL VPN Concentrator front panel hardware is on (prolonged) This LED will blink for serial DTE connections. 5. No power • On - Two 10/100M Ethernet ports...
SSL312 User Manual
Page 17
... to Chapter 5, "Configuring the Remote Access Web Portal". Refer to Chapter 2, "Installing the SSL312". • Setting up SSL312 user accounts: creating individual user accounts, grouping users by common access privileges, and defining those privileges. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is shown below and consists of the power On/ Off...
... to Chapter 5, "Configuring the Remote Access Web Portal". Refer to Chapter 2, "Installing the SSL312". • Setting up SSL312 user accounts: creating individual user accounts, grouping users by common access privileges, and defining those privileges. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Back Panel The SSL VPN Concentrator back panel hardware is shown below and consists of the power On/ Off...
SSL312 User Manual
Page 18
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-6 Introduction v2.1, November 2008
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-6 Introduction v2.1, November 2008
SSL312 User Manual
Page 19
... connection. Single Arm In the single arm, or one port, topology, the SSL VPN Concentrator's Ethernet Port 1 is connected to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for...
... connection. Single Arm In the single arm, or one port, topology, the SSL VPN Concentrator's Ethernet Port 1 is connected to install the ProSafe SSL VPN Concentrator 25 SSL312. As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for...
SSL312 User Manual
Page 20
... connected to the firewall. • If your firewall. Ethernet Port 1 is connected in parallel with your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall performs NAT, you will use the following settings when configuring for most networks. Firewall/Router IP Address ...
... connected to the firewall. • If your firewall. Ethernet Port 1 is connected in parallel with your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual services are decrypted by your firewall performs NAT, you will use the following settings when configuring for most networks. Firewall/Router IP Address ...
SSL312 User Manual
Page 21
... address is described in the following steps: Installing the SSL312 2-3 v2.1, November 2008 Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Also, the SSL VPN Concentrator only enforces access policies on SSL VPN traffic, not on the corporate network. 10.0.0.254 10...
... address is described in the following steps: Installing the SSL312 2-3 v2.1, November 2008 Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT). NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Also, the SSL VPN Concentrator only enforces access policies on SSL VPN traffic, not on the corporate network. 10.0.0.254 10...