SRX5308 Product Datasheet
Page 1
... WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to separate guest traffic from critical production servers • SSL VPN - QoS, WAN traffic metering, and bandwidth profiling gives you to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of session-based load-balancing as well as failover protection to ensure maximum throughput and reliable connectivity...
... WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to separate guest traffic from critical production servers • SSL VPN - QoS, WAN traffic metering, and bandwidth profiling gives you to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of session-based load-balancing as well as failover protection to ensure maximum throughput and reliable connectivity...
SRX5308 Product Datasheet
Page 2
... NAT Modes Routing DHCP DDNS VLANs Quad-WAN Fail-over WAN Load Balancing Modes VPN IPsec Encryption/Authentication Key Exchange IPsec NAT Traversal (VPN Passthrough) IPsec Access Modes IPsec VPN Wizard 924 Mbps 180 Mbps 21 Mbps 200,000 254 125 50 Port/Service Blocking, Denial-of-service (DoS) Prevention, Stealth Mode, Block TCP Flood, Block UDP Flood, WAN/LAN Ping Response Control Port Range Forwarding, Port Triggering, DNS proxy, MAC Address Cloning/spoofing, NTP Support, UPnP, AutoUplink on Switch Ports, L3 Quality of Service (QoS),LAN-to-WAN and WAN-to-LAN(ToS), Bandwidth Profiling Web...
... NAT Modes Routing DHCP DDNS VLANs Quad-WAN Fail-over WAN Load Balancing Modes VPN IPsec Encryption/Authentication Key Exchange IPsec NAT Traversal (VPN Passthrough) IPsec Access Modes IPsec VPN Wizard 924 Mbps 180 Mbps 21 Mbps 200,000 254 125 50 Port/Service Blocking, Denial-of-service (DoS) Prevention, Stealth Mode, Block TCP Flood, Block UDP Flood, WAN/LAN Ping Response Control Port Range Forwarding, Port Triggering, DNS proxy, MAC Address Cloning/spoofing, NTP Support, UPnP, AutoUplink on Switch Ports, L3 Quality of Service (QoS),LAN-to-WAN and WAN-to-LAN(ToS), Bandwidth Profiling Web...
SRX5308 Product Datasheet
Page 3
...Warranty ORDERING INFORMATION North America Europe Asia ACCESSORIES ProSafe Client Software ProSafe Network Management Software PROSUPPORT SERVICE PACKS OnCall 24x7, Category 1 XPressHW, Category 1 HTTP/HTTPS, SNMP v2c, Telnet Accepted Packets, Dropped Packets, System, Source MAC filter, Session Limit, Bandwidth Limit, SSl VPN, IPsec VPN Email Delivery, Syslog Ping, DNS Lookup, Trace Route Save/restore Configuration, Restore to change without notice. and other countries. Information is subject to Factory Defaults, Firmware Upgrades via Web Browser, Display Statistics 4/4 1 64 MB/512 MB...
...Warranty ORDERING INFORMATION North America Europe Asia ACCESSORIES ProSafe Client Software ProSafe Network Management Software PROSUPPORT SERVICE PACKS OnCall 24x7, Category 1 XPressHW, Category 1 HTTP/HTTPS, SNMP v2c, Telnet Accepted Packets, Dropped Packets, System, Source MAC filter, Session Limit, Bandwidth Limit, SSl VPN, IPsec VPN Email Delivery, Syslog Ping, DNS Lookup, Trace Route Save/restore Configuration, Restore to change without notice. and other countries. Information is subject to Factory Defaults, Firmware Upgrades via Web Browser, Display Statistics 4/4 1 64 MB/512 MB...
SRX5308 Reference Manual
Page 2
© 2010 by any liability that shipped with your Support information card. No part of this publication may occur due to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. Microsoft, Windows, and Windows NT are registered trademarks of NETGEAR, Inc. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the use or application of their respective holders. NETGEAR, INC. NETGEAR does not assume any means without notice. For other countries, see your...
© 2010 by any liability that shipped with your Support information card. No part of this publication may occur due to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall. Microsoft, Windows, and Windows NT are registered trademarks of NETGEAR, Inc. The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the use or application of their respective holders. NETGEAR, INC. NETGEAR does not assume any means without notice. For other countries, see your...
SRX5308 Reference Manual
Page 8
...-2 Power LED Not On 10-2 Test LED Never Turns Off 10-2 LAN or WAN Port LEDs Not On 10-3 Troubleshooting the Web Management Interface 10-3 When You Enter a URL or IP Address a Time-Out Error Occurs 10-4 Troubleshooting the ISP Connection 10-5 Troubleshooting a TCP/IP Network Using the Ping Utility 10-6 Testing the LAN Path to Your VPN Firewall 10-7 Testing the Path from Your PC to a Remote Device 10-7 Restoring the Default Configuration and Password 10-8 Problems with Date and Time 10-10 Accessing the Knowledge Base...
...-2 Power LED Not On 10-2 Test LED Never Turns Off 10-2 LAN or WAN Port LEDs Not On 10-3 Troubleshooting the Web Management Interface 10-3 When You Enter a URL or IP Address a Time-Out Error Occurs 10-4 Troubleshooting the ISP Connection 10-5 Troubleshooting a TCP/IP Network Using the Ping Utility 10-6 Testing the LAN Path to Your VPN Firewall 10-7 Testing the Path from Your PC to a Remote Device 10-7 Restoring the Default Configuration and Password 10-8 Problems with Date and Time 10-10 Accessing the Knowledge Base...
SRX5308 Reference Manual
Page 9
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System B-8 Virtual Private Networks B-9 VPN Road Warrior (Client-to-Gateway B-11 VPN Gateway-to-...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System B-8 Virtual Private Networks B-9 VPN Road Warrior (Client-to-Gateway B-11 VPN Gateway-to-...
SRX5308 Reference Manual
Page 10
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual DMZ to LAN Logs C-19 WAN to DMZ Logs C-19 Other Event Logs ...C-20 Session Limit Logs C-20 Source MAC Filter Logs C-20 Bandwidth Limit Logs C-20 DHCP Logs ...C-21 Appendix D Two-Factor Authentication Why Do I Need Two-Factor Authentication D-1 What Are the Benefits of Two-Factor Authentication D-1 What Is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Appendix E Related Documents Appendix F Notification of Compliance Index x v1.0, April 2010
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual DMZ to LAN Logs C-19 WAN to DMZ Logs C-19 Other Event Logs ...C-20 Session Limit Logs C-20 Source MAC Filter Logs C-20 Bandwidth Limit Logs C-20 DHCP Logs ...C-21 Appendix D Two-Factor Authentication Why Do I Need Two-Factor Authentication D-1 What Are the Benefits of Two-Factor Authentication D-1 What Is Two-Factor Authentication D-2 NETGEAR Two-Factor Authentication Solutions D-2 Appendix E Related Documents Appendix F Notification of Compliance Index x v1.0, April 2010
SRX5308 Reference Manual
Page 11
... to highlight special messages: Note: This format is used to highlight a procedure that will save time or resources. xi v1.0, April 2010 Warning: Ignoring this type of this manual is a safety warning. About This Manual The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the equipment. Failure to take heed of note might result in a malfunction or damage to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall.
... to highlight special messages: Note: This format is used to highlight a procedure that will save time or resources. xi v1.0, April 2010 Warning: Ignoring this type of this manual is a safety warning. About This Manual The NETGEAR174; ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual describes how to the equipment. Failure to take heed of note might result in a malfunction or damage to install, configure, and troubleshoot a ProSafe Gigabit Quad WAN SSL VPN Firewall.
SRX5308 Reference Manual
Page 18
... VPN routers and clients. • SNMP. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management. Browser-based configuration allows you can install, configure, and operate the SRX5308 within minutes after connecting it to the network. For security, you to easily configure the SRX5308 from an SNMP-compliant system manager. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address...
... VPN routers and clients. • SNMP. Maintenance and Support NETGEAR offers the following features simplify installation and management tasks: • Browser-based management. Browser-based configuration allows you can install, configure, and operate the SRX5308 within minutes after connecting it to the network. For security, you to easily configure the SRX5308 from an SNMP-compliant system manager. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can limit remote management access to a specified remote IP address...
SRX5308 Reference Manual
Page 68
... 2 Port 3 Port 4 / DMZ IP Setup IP Address Subnet Mask DHCP Disable DHCP Server Enter a unique name for the VLAN profile. Note: Always make the ports members of the default VLAN. For example, if you will manually configure the network settings of all port check boxes to disable the DHCP server. The subnet mask specifies the network number portion of the VPN firewall (the factory default is the DHCP server for the default VLAN; ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Enter a unique ID number for the VLAN profile. Note: If you change the LAN...
... 2 Port 3 Port 4 / DMZ IP Setup IP Address Subnet Mask DHCP Disable DHCP Server Enter a unique name for the VLAN profile. Note: Always make the ports members of the default VLAN. For example, if you will manually configure the network settings of all port check boxes to disable the DHCP server. The subnet mask specifies the network number portion of the VPN firewall (the factory default is the DHCP server for the default VLAN; ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. Enter a unique ID number for the VLAN profile. Note: If you change the LAN...
SRX5308 Reference Manual
Page 83
... of the LDAP server. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. This specifies the duration for which IP addresses are leased to search the Netgear.net domain for the LDAP server. LAN Configuration v1.0, April 2010 3-23 If an IP address is specified, the VPN firewall provides this address as a DHCP relay agent for domain) For example, to clients. DMZ Setup Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Server Primary DNS (continued) Server This is optional...
... of the LDAP server. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 3-3. This specifies the duration for which IP addresses are leased to search the Netgear.net domain for the LDAP server. LAN Configuration v1.0, April 2010 3-23 If an IP address is specified, the VPN firewall provides this address as a DHCP relay agent for domain) For example, to clients. DMZ Setup Settings (continued) Setting Description (or Subfield and Description) Enable DHCP Server Primary DNS (continued) Server This is optional...
SRX5308 Reference Manual
Page 93
... Rule LAN WAN DMZ WAN LAN DMZ Maximum Number of Supported Rules Maximum Number of Maximum Number of Maximum Number of Outbound Rules Inbound Rules Supported Rules 200 200 200 200 200 200 200 200 200 300 300 600 The maximum number of supported outbound rules is 300. Additional services can be applied to a combination of LAN-WAN traffic, DMZ-WAN traffic, and LAN-DMZ traffic. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The firewall rules for blocking and allowing traffic on the VPN firewall can be added to the list of services in the factory default...
... Rule LAN WAN DMZ WAN LAN DMZ Maximum Number of Supported Rules Maximum Number of Maximum Number of Maximum Number of Outbound Rules Inbound Rules Supported Rules 200 200 200 200 200 200 200 200 200 300 300 600 The maximum number of supported outbound rules is 300. Additional services can be applied to a combination of LAN-WAN traffic, DMZ-WAN traffic, and LAN-DMZ traffic. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The firewall rules for blocking and allowing traffic on the VPN firewall can be added to the list of services in the factory default...
SRX5308 Reference Manual
Page 110
...added to save your changes. The rule is allowed. Enter the settings as explained in Table 4-2 on page 4-8. 3. The new rule is now added to the DMZ) is automatically enabled. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. LAN DMZ Inbound Services Rules The Inbound Services table lists all inbound traffic (from the LAN to the Inbound Services table. 4-20 v1.0, April 2010 Firewall Protection Figure 4-10 2. Click Apply. By default, all existing rules for inbound traffic. To create a new inbound LAN DMZ service rule: 1. The Add LAN DMZ Inbound Service...
...added to save your changes. The rule is allowed. Enter the settings as explained in Table 4-2 on page 4-8. 3. The new rule is now added to the DMZ) is automatically enabled. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. LAN DMZ Inbound Services Rules The Inbound Services table lists all inbound traffic (from the LAN to the Inbound Services table. 4-20 v1.0, April 2010 Firewall Protection Figure 4-10 2. Click Apply. By default, all existing rules for inbound traffic. To create a new inbound LAN DMZ service rule: 1. The Add LAN DMZ Inbound Service...
SRX5308 Reference Manual
Page 158
... accompanying Proposal 1 screen. In the example that you want to open or change the settings on the Authentication (Phase 1) screen or its accompanying Proposal 1 and Proposal 2 screens, nor on page 5-17, select Connect... > My Connections\MainOffice. 5-16 Virtual Private Networking Using IPsec Connections v1.0, April 2010 Note: You do not need to test. Enable Replay Detection Leave the default setting, which is useful for these steps. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9.
... accompanying Proposal 1 screen. In the example that you want to open or change the settings on the Authentication (Phase 1) screen or its accompanying Proposal 1 and Proposal 2 screens, nor on page 5-17, select Connect... > My Connections\MainOffice. 5-16 Virtual Private Networking Using IPsec Connections v1.0, April 2010 Note: You do not need to test. Enable Replay Detection Leave the default setting, which is useful for these steps. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9.
SRX5308 Reference Manual
Page 163
... the Add VPN Policy screen (see Figure 5-23 on page 5-32) are used for data transfer. The VPN tunnel is used. - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys that are accessed, and the first matching IKE policy is used to start negotiations with the remote VPN gateway: - IKE policies are specified in the List...
... the Add VPN Policy screen (see Figure 5-23 on page 5-32) are used for data transfer. The VPN tunnel is used. - ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Configuring IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys that are accessed, and the first matching IKE policy is used to start negotiations with the remote VPN gateway: - IKE policies are specified in the List...
SRX5308 Reference Manual
Page 171
... each remote VPN endpoint, then the policy order is displayed in view (see Table 5-10 on each VPN gateway must have a certificate from the menu. You manually enter all settings on page 5-22). The use the VPN Wizard to manage the VPN policies already created. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. The remote VPN endpoint must have a matching SA, otherwise it refuses the connection. Modify the settings that is both a public key and a private key. Select VPN > IPSec VPN...
... each remote VPN endpoint, then the policy order is displayed in view (see Table 5-10 on each VPN gateway must have a certificate from the menu. You manually enter all settings on page 5-22). The use the VPN Wizard to manage the VPN policies already created. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. The remote VPN endpoint must have a matching SA, otherwise it refuses the connection. Modify the settings that is both a public key and a private key. Select VPN > IPSec VPN...
SRX5308 Reference Manual
Page 197
... Networking Using IPsec Connections v1.0, April 2010 5-55 If you require a VPN tunnel to save the configuration, or select File > Save from the Security Policy Editor menu. 11. Testing the Mode Config Connection To test the connection: 1. Enable Replay Detection Leave the default setting, which is idle, for any reason. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9. Click the disk icon to remain connected, you configured appears, in the Windows toolbar and click Connect. From the drop-down list below, select Diffie-Hellman Group...
... Networking Using IPsec Connections v1.0, April 2010 5-55 If you require a VPN tunnel to save the configuration, or select File > Save from the Security Policy Editor menu. 11. Testing the Mode Config Connection To test the connection: 1. Enable Replay Detection Leave the default setting, which is idle, for any reason. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 9. Click the disk icon to remain connected, you configured appears, in the Windows toolbar and click Connect. From the drop-down list below, select Diffie-Hellman Group...
SRX5308 Reference Manual
Page 309
....x.x: Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server. These cables could be in the range of 192.168.1.2 to 192.168.1.254. Troubleshooting and Using Online Support v1.0, April 2010 10-3 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not know the current IP address, reset the VPN firewall's configuration to factory defaults. These auto-generated addresses are unable...
....x.x: Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server. These cables could be in the range of 192.168.1.2 to 192.168.1.254. Troubleshooting and Using Online Support v1.0, April 2010 10-3 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not know the current IP address, reset the VPN firewall's configuration to factory defaults. These auto-generated addresses are unable...
SRX5308 Reference Manual
Page 382
... Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual tabs, submenu (Web Management Interface) 2-5 tags, meta 6-6 TCP flood, blocking 4-27 time-out 4-30 TCP/IP, network, troubleshooting 10-6 technical specifications A-2 technical support, NETGEAR ii Telnet, management 8-12 Test LED 1-8, 10-2 time settings 8-21 troubleshooting 10-10 time-out error, troubleshooting 10-4 sessions 4-30 tips for administrators, firewall and content filtering 4-2 ToS (Type of Service. See ToS. upgrading, firmware 8-19 UPnP (Universal Plug and Play), configuring 4-51 user database 5-37 user name, default...
... Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual tabs, submenu (Web Management Interface) 2-5 tags, meta 6-6 TCP flood, blocking 4-27 time-out 4-30 TCP/IP, network, troubleshooting 10-6 technical specifications A-2 technical support, NETGEAR ii Telnet, management 8-12 Test LED 1-8, 10-2 time settings 8-21 troubleshooting 10-10 time-out error, troubleshooting 10-4 sessions 4-30 tips for administrators, firewall and content filtering 4-2 ToS (Type of Service. See ToS. upgrading, firmware 8-19 UPnP (Universal Plug and Play), configuring 4-51 user database 5-37 user name, default...
SRX5308 Reference Manual
Page 384
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual W WAN advanced settings 2-32 aliases 2-25 auto-rollover mode configuring 2-18 DDNS 2-28 description 2-16 settings 2-19 VPN IPsec 5-1 bandwidth capacity 8-1 classical routing mode 2-17 connection speed and type 2-34 connection type, viewing 9-14 default port MAC addresses 9-14 failure detection method 2-16, 2-18, 2-20 inbound rules DMZ WAN 4-17 LAN WAN 4-13 interfaces, primary and backup 2-18 LEDs 1-9, 10-3 load balancing mode configuring 2-21 DDNS 2-28 description 2-16 settings 2-22 VPN IPsec 5-1 mode status, viewing 9-13 NAT ...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual W WAN advanced settings 2-32 aliases 2-25 auto-rollover mode configuring 2-18 DDNS 2-28 description 2-16 settings 2-19 VPN IPsec 5-1 bandwidth capacity 8-1 classical routing mode 2-17 connection speed and type 2-34 connection type, viewing 9-14 default port MAC addresses 9-14 failure detection method 2-16, 2-18, 2-20 inbound rules DMZ WAN 4-17 LAN WAN 4-13 interfaces, primary and backup 2-18 LEDs 1-9, 10-3 load balancing mode configuring 2-21 DDNS 2-28 description 2-16 settings 2-22 VPN IPsec 5-1 mode status, viewing 9-13 NAT ...