Client-to-Box VPN using Certificate Authentication
Page 4
Sign your certificate request using your device. Version 2.0 CA keys, router1.crt - generated self certificate request (router), cacert.crt - CA certification, cakey.pem - Load CA certificate: "cacert.crt" and your signed certificate: "router1.crt" on your newly created CA: Openssl x509 -req -days 365 -in router1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial out router1.crt router1.csr - Reboot your router. They now should display like this: 8- signed certificate (router). 7- 6-
Sign your certificate request using your device. Version 2.0 CA keys, router1.crt - generated self certificate request (router), cacert.crt - CA certification, cakey.pem - Load CA certificate: "cacert.crt" and your signed certificate: "router1.crt" on your newly created CA: Openssl x509 -req -days 365 -in router1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial out router1.crt router1.csr - Reboot your router. They now should display like this: 8- signed certificate (router). 7- 6-
SRX5308 Reference Manual
Page 8
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN...28 Rebooting the VPN Firewall 9-28 Capturing Packets 9-28 Chapter 10 Troubleshooting and Using Online Support Basic Functioning ...10-2 Power LED Not On 10-2 Test LED Never Turns Off 10-2 LAN or WAN ...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN...28 Rebooting the VPN Firewall 9-28 Capturing Packets 9-28 Chapter 10 Troubleshooting and Using Online Support Basic Functioning ...10-2 Power LED Not On 10-2 Test LED Never Turns Off 10-2 LAN or WAN ...
SRX5308 Reference Manual
Page 9
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System...
SRX5308 Reference Manual
Page 18
... traceroute, DNS lookup, and remote reboot. • Remote management. The SRX5308 includes the NETGEAR IPsec VPN Wizard so you to log in to the network. The SRX5308 allows you can easily configure IPsec VPN tunnels according to ensure that are interoperable...Network Consortium (VPNC) to the recommendations of addresses. • Visual monitoring. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure, and operate the SRX5308 within minutes after connecting it to the Web Management Interface from a remote ...
... traceroute, DNS lookup, and remote reboot. • Remote management. The SRX5308 includes the NETGEAR IPsec VPN Wizard so you to log in to the network. The SRX5308 allows you can easily configure IPsec VPN tunnels according to ensure that are interoperable...Network Consortium (VPNC) to the recommendations of addresses. • Visual monitoring. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure, and operate the SRX5308 within minutes after connecting it to the Web Management Interface from a remote ...
SRX5308 Reference Manual
Page 80
...be dedicated as a hardware DMZ port to safely provide services to them , but there are other applications that are incompatible with them . ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type drop-down list on the LAN Groups...Network Database" on page 1-7) and configure an IP address and subnet mask for the DMZ port. 3-20 v1.0, April 2010 LAN Configuration Reboot the PC or device, or access its IP configuration and force a DHCP release and renew. Enabling the DMZ port and allowing traffic ...
...be dedicated as a hardware DMZ port to safely provide services to them , but there are other applications that are incompatible with them . ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type drop-down list on the LAN Groups...Network Database" on page 1-7) and configure an IP address and subnet mask for the DMZ port. 3-20 v1.0, April 2010 LAN Configuration Reboot the PC or device, or access its IP configuration and force a DHCP release and renew. Enabling the DMZ port and allowing traffic ...
SRX5308 Reference Manual
Page 97
... the Reserved (DHCP Client) feature in the following sections: • "Setting LAN WAN Rules" on page 4-11 • "Setting DMZ WAN Rules" on page 4-48 for inbound traffic and that is rebooted. Consider using the external WAN IP address will fail. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • If your external IP address is assigned dynamically by your...
... the Reserved (DHCP Client) feature in the following sections: • "Setting LAN WAN Rules" on page 4-11 • "Setting DMZ WAN Rules" on page 4-48 for inbound traffic and that is rebooted. Consider using the external WAN IP address will fail. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual • If your external IP address is assigned dynamically by your...
SRX5308 Reference Manual
Page 268
.... SNMP lets you issue the CLI save command after a reboot or power cycle unless you monitor and manage your VPN firewall from an SNMP manager. Select Administration > SNMP from a communications terminal when the VPN firewall is used in network management systems to log in the form... control network devices, and to end the CLI session. SNMP is still set ) by the Internet Engineering Task Force (IETF). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Using the Command-Line Interface You can then be queried (and sometimes set to its factory defaults (or use your ...
.... SNMP lets you issue the CLI save command after a reboot or power cycle unless you monitor and manage your VPN firewall from an SNMP manager. Select Administration > SNMP from a communications terminal when the VPN firewall is used in network management systems to log in the form... control network devices, and to end the CLI session. SNMP is still set ) by the Internet Engineering Task Force (IETF). ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Using the Command-Line Interface You can then be queried (and sometimes set to its factory defaults (or use your ...
SRX5308 Reference Manual
Page 273
... page 8-17). An alert message appears indicating the status of the screen. Do not try to take effect. All firewall rules, VPN policies, LAN/WAN settings, and other settings are erased. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. The VPN firewall reboots. The Router Status screen displays, showing the firmware version in the System Info section of the restore operation. After...
... page 8-17). An alert message appears indicating the status of the screen. Do not try to take effect. All firewall rules, VPN policies, LAN/WAN settings, and other settings are erased. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 3. The VPN firewall reboots. The Router Status screen displays, showing the firmware version in the System Info section of the restore operation. After...
SRX5308 Reference Manual
Page 274
... and select the firmware file that the VPN firewall has the new software installed. Note: In some time, at http://www.netgear.com/support: a. Go to your browser...release notes included with the software to the VPN firewall until the VPN firewall finishes the upgrade! ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To download a firmware version and upgrade the VPN firewall: 1. Note the following: • ... reach the download page. The reboot process is saved to erase the configuration and manually reconfigure your VPN firewall after several minutes when the Test...
... and select the firmware file that the VPN firewall has the new software installed. Note: In some time, at http://www.netgear.com/support: a. Go to your browser...release notes included with the software to the VPN firewall until the VPN firewall finishes the upgrade! ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To download a firmware version and upgrade the VPN firewall: 1. Note the following: • ... reach the download page. The reboot process is saved to erase the configuration and manually reconfigure your VPN firewall after several minutes when the Test...
SRX5308 Reference Manual
Page 283
... log packets from an NTP server. • Login Attempts. Logs a message when the VPN firewall has been rebooted through the Web Management Interface. (No message is SRX5308. WAN link status-related events are logged. • Secure Login Attempts. Other Event Logs Source ...v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. All VPN events are logged. • Reboots. Logs a message when a secure login is logged: • LAN to WAN • LAN to DMZ • DMZ to WAN • WAN to LAN • DMZ to LAN • WAN to DMZ System Logs...
... log packets from an NTP server. • Login Attempts. Logs a message when the VPN firewall has been rebooted through the Web Management Interface. (No message is SRX5308. WAN link status-related events are logged. • Secure Login Attempts. Other Event Logs Source ...v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. All VPN events are logged. • Reboots. Logs a message when a secure login is logged: • LAN to WAN • LAN to DMZ • DMZ to WAN • WAN to LAN • DMZ to LAN • WAN to DMZ System Logs...
SRX5308 Reference Manual
Page 300
...assigned a static IP address, you need to Group 1. By default, a PC or device is appended by other means. Note: If the VPN firewall is rebooted, the data in view (Figure 3-2 on page 9-25). The MAC address of the PC or device. The VLAN to select the PC ...see Figure 9-16 on page 3-6). 2. Collectively, these entries make up the network database. The current IP address of the LAN Setup screen. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The Known PCs and Devices table contains a list of all the existing log entries, click the Clear Log button. 9-24 Monitoring...
...assigned a static IP address, you need to Group 1. By default, a PC or device is appended by other means. Note: If the VPN firewall is rebooted, the data in view (Figure 3-2 on page 9-25). The MAC address of the PC or device. The VLAN to select the PC ...see Figure 9-16 on page 3-6). 2. Collectively, these entries make up the network database. The current IP address of the LAN Setup screen. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The Known PCs and Devices table contains a list of all the existing log entries, click the Clear Log button. 9-24 Monitoring...
SRX5308 Reference Manual
Page 301
... Up a DNS Address" on page 9-27. • "Displaying the Routing Table" on page 9-28. • "Rebooting the VPN Firewall" on page 9-28. • "Capturing Packets" on page 9-28. Monitoring System Access and Performance v1.0, April 2010 9-25 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 9-16 Using the Diagnostics Utilities From the Diagnostics screen you can perform diagnostics...
... Up a DNS Address" on page 9-27. • "Displaying the Routing Table" on page 9-28. • "Rebooting the VPN Firewall" on page 9-28. • "Capturing Packets" on page 9-28. Monitoring System Access and Performance v1.0, April 2010 9-25 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 9-16 Using the Diagnostics Utilities From the Diagnostics screen you can perform diagnostics...
SRX5308 Reference Manual
Page 304
... the Internet are dropped. Figure 9-18 Rebooting the VPN Firewall You can perform a remote reboot (restart), for example, LAN users accessing the Internet). The VPN firewall reboots. (If you can show if traffic is not operating normally. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Displaying the Routing Table Displaying the internal routing table can assist NETGEAR Technical Support in diagnosing routing problems. To...
... the Internet are dropped. Figure 9-18 Rebooting the VPN Firewall You can perform a remote reboot (restart), for example, LAN users accessing the Internet). The VPN firewall reboots. (If you can show if traffic is not operating normally. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Displaying the Routing Table Displaying the internal routing table can assist NETGEAR Technical Support in diagnosing routing problems. To...
SRX5308 Reference Manual
Page 309
...: When connecting the VPN firewall's WAN ports to one or two devices that provide the Internet connections, use the cables that are unable to access the VPN firewall's Web Management Interface from the PC to the VPN firewall and reboot your PC. • If your VPN firewall's IP address has... procedure is explained in the range of 169.254.x.x. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not know the current IP address, reset the VPN firewall's configuration to factory defaults. These cables could be in...
...: When connecting the VPN firewall's WAN ports to one or two devices that provide the Internet connections, use the cables that are unable to access the VPN firewall's Web Management Interface from the PC to the VPN firewall and reboot your PC. • If your VPN firewall's IP address has... procedure is explained in the range of 169.254.x.x. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual LAN or WAN Port LEDs Not On If either the LAN LEDs or WAN LEDs do not know the current IP address, reset the VPN firewall's configuration to factory defaults. These cables could be in...
SRX5308 Reference Manual
Page 310
...on page 2-11). • If the computer is working , ensure that it again. • Make sure that Caps Lock is password. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Tip: If you do , ensure that your changes are lost. • Click the Refresh or Reload button in the Web browser...the Internet Connection" on . If they do not want to revert to the factory default settings and lose your configuration settings, you can reboot the VPN firewall and use a fixed (static) IP address, check the subnet mask, default gateway, DNS, and IP addresses on the LAN work ...
...on page 2-11). • If the computer is working , ensure that it again. • Make sure that Caps Lock is password. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Tip: If you do , ensure that your changes are lost. • Click the Refresh or Reload button in the Web browser...the Internet Connection" on . If they do not want to revert to the factory default settings and lose your configuration settings, you can reboot the VPN firewall and use a fixed (static) IP address, check the subnet mask, default gateway, DNS, and IP addresses on the LAN work ...
SRX5308 Reference Manual
Page 315
... after several minutes when the Test LED on using them. Warning: When you intend on the front panel goes off. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 10-1 The VPN firewall reboots. All firewall rules, VPN policies, LAN/WAN settings, and other settings are erased. Back up your settings if you push the hardware reset button or click the software...
... after several minutes when the Test LED on using them. Warning: When you intend on the front panel goes off. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 10-1 The VPN firewall reboots. All firewall rules, VPN policies, LAN/WAN settings, and other settings are erased. Back up your settings if you push the hardware reset button or click the software...
SRX5308 Reference Manual
Page 317
... a hard reset (for more information, see "Reverting to reboot. VPN Firewall Default Configuration Settings Feature Router Login User login URL Administrator user name (case-sensitive) Administrator login password (case-sensitive) Guest user name (case-sensitive) Guest login password (case-sensitive) Internet Connection WAN MAC address WAN MTU size Port speed Local Network (LAN) LAN IP...
... a hard reset (for more information, see "Reverting to reboot. VPN Firewall Default Configuration Settings Feature Router Login User login URL Administrator user name (case-sensitive) Administrator login password (case-sensitive) Guest user name (case-sensitive) Guest login password (case-sensitive) Internet Connection WAN MAC address WAN MTU size Port speed Local Network (LAN) LAN IP...
SRX5308 Reference Manual
Page 341
... Interface. System Logs: System Startup Message Jan 1 15:22:28 [SRX5308] [ledTog] [SYSTEM START-UP] System Started Explanation Log generated when the system is rebooted from host with IP address 192.168.1.214. Recommended Action None System Logs... 192.168.1.214 Explanation Secure login/logout of the device. Recommended Action None Reboot This section describes log messages generated during system startup. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Login/Logout This section describes logs generated by the administrative interfaces of...
... Interface. System Logs: System Startup Message Jan 1 15:22:28 [SRX5308] [ledTog] [SYSTEM START-UP] System Started Explanation Log generated when the system is rebooted from host with IP address 192.168.1.214. Recommended Action None System Logs... 192.168.1.214 Explanation Secure login/logout of the device. Recommended Action None Reboot This section describes log messages generated during system startup. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Login/Logout This section describes logs generated by the administrative interfaces of...
SRX5308 Reference Manual
Page 373
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual CRL (Certificate Revocation List) 7-19, 7-24 crossover cable 1-5, 10-3 CSR (Certificate Signing Request) 7-21 custom services, firewall 4-3, 4-31 customer support, NETGEAR ii D Data Encryption Standard. See DMZ. See DoS attacks. See ...3-8, 3-22 settings 3-8, 3-22 VLANs 3-4 WINS server 3-9, 3-23 diagnostics 9-25 capturing packets 9-25 DNS lookup 9-25 ping 9-25 rebooting 9-25 routing table 9-25 Differentiated Services Code Point. disabling, ping replies 4-28 DMZ (demilitarized zone) DHCP address pool 3-22 DNS servers...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual CRL (Certificate Revocation List) 7-19, 7-24 crossover cable 1-5, 10-3 CSR (Certificate Signing Request) 7-21 custom services, firewall 4-3, 4-31 customer support, NETGEAR ii D Data Encryption Standard. See DMZ. See DoS attacks. See ...3-8, 3-22 settings 3-8, 3-22 VLANs 3-4 WINS server 3-9, 3-23 diagnostics 9-25 capturing packets 9-25 DNS lookup 9-25 ping 9-25 rebooting 9-25 routing table 9-25 Differentiated Services Code Point. disabling, ping replies 4-28 DMZ (demilitarized zone) DHCP address pool 3-22 DNS servers...
SRX5308 Reference Manual
Page 380
...-1 (Secure Hash Algorithm 1) IKE policies 5-27 Index-10 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual RADIUS-CHAP 5-28, 5-37, 5-38, 7-4 RADIUS-MSCHAP(v2) 7-4 RADIUS-PAP 5-28, 5-37, 5-38, 7-4 server, configuring 5-39 rate-limiting, traffic 2-34 read/write access 7-9 read-only access 7-9 rebooting, remotely 9-28 reducing traffic blocking sites 8-4 overview 8-2 service blocking 8-2 source MAC...
...-1 (Secure Hash Algorithm 1) IKE policies 5-27 Index-10 v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual RADIUS-CHAP 5-28, 5-37, 5-38, 7-4 RADIUS-MSCHAP(v2) 7-4 RADIUS-PAP 5-28, 5-37, 5-38, 7-4 server, configuring 5-39 rate-limiting, traffic 2-34 read/write access 7-9 read-only access 7-9 rebooting, remotely 9-28 reducing traffic blocking sites 8-4 overview 8-2 service blocking 8-2 source MAC...