SRX5308 Reference Manual
Page 7
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and Users...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and Users...
SRX5308 Reference Manual
Page 9
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Appendix A Default Settings and Technical Specifications Appendix B Network Planning for Multiple WAN Ports What to Consider Before You Begin B-1 Cabling and Computer Hardware Requirements B-3 Computer Network Configuration Requirements B-3 Internet Configuration Requirements B-3 Overview of the Planning Process B-5 Inbound Traffic ...B-7 Inbound Traffic to a Single WAN Port System B-7 Inbound Traffic to a Dual WAN Port System...
SRX5308 Reference Manual
Page 16
...defend against hacker attacks. Incoming traffic from reaching your LAN. • Content filtering. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual A Powerful, True Firewall with NAT. Permits scheduling of firewall policies by NAT. Automatically detects and thwarts denial of your local computers or a service... 20104 You can also configure the SRX5308 to send immediate alert messages to one of service (DoS) attacks such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the SRX5308 to log and report attempts to you...
...defend against hacker attacks. Incoming traffic from reaching your LAN. • Content filtering. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual A Powerful, True Firewall with NAT. Permits scheduling of firewall policies by NAT. Automatically detects and thwarts denial of your local computers or a service... 20104 You can also configure the SRX5308 to send immediate alert messages to one of service (DoS) attacks such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the SRX5308 to log and report attempts to you...
SRX5308 Reference Manual
Page 17
...Provider (ISP). When DHCP is a protocol for you to run a login program. • Quality of full-duplex or half-duplex operation. Introduction 1-5 v1.0, April 2010 The SRX5308 provides the following protocol support: • IP address sharing by your... connection. PPPoE is enabled and no DNS addresses are autosensing and capable of Service (QoS). The SRX5308 incorporates Auto UplinkTM technology. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Autosensing Ethernet Connections with Type of Service (ToS) and Differentiated Services Code Point (DSCP...
...Provider (ISP). When DHCP is a protocol for you to run a login program. • Quality of full-duplex or half-duplex operation. Introduction 1-5 v1.0, April 2010 The SRX5308 provides the following protocol support: • IP address sharing by your... connection. PPPoE is enabled and no DNS addresses are autosensing and capable of Service (QoS). The SRX5308 incorporates Auto UplinkTM technology. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Autosensing Ethernet Connections with Type of Service (ToS) and Differentiated Services Code Point (DSCP...
SRX5308 Reference Manual
Page 27
... browser. Enter https://192.168.1.1 in to the VPN firewall. Figure 2-1 Connecting the VPN Firewall to the VPN firewall: 1. If you change the IP address, you must use the IP address that you can access from the VPN firewall via DHCP. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall To connect to the VPN firewall, your computer for DHCP, see the "Preparing...
... browser. Enter https://192.168.1.1 in to the VPN firewall. Figure 2-1 Connecting the VPN Firewall to the VPN firewall: 1. If you change the IP address, you must use the IP address that you can access from the VPN firewall via DHCP. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Logging In to the VPN Firewall To connect to the VPN firewall, your computer for DHCP, see the "Preparing...
SRX5308 Reference Manual
Page 28
Click Login. Follow the directions of your Internet connection. 5. In the Username field, type admin. In the Domain drop-down list, leave the default selection, which is geardomain. 6. Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. The Web Management Interface ...: The VPN firewall user name and password are not the same as any user name or password you might use lower-case letters. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection,...
Click Login. Follow the directions of your Internet connection. 5. In the Username field, type admin. In the Domain drop-down list, leave the default selection, which is geardomain. 6. Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. The Web Management Interface ...: The VPN firewall user name and password are not the same as any user name or password you might use lower-case letters. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection,...
SRX5308 Reference Manual
Page 29
... you select a configuration menu link, the letters are displayed in white against a blue background. • Option arrows. Connecting the VPN Firewall to the Internet 2-5 v1.0, April 2010 When you select a submenu tab, the text is displayed in white against an orange background...the Web Management Interface provides access to all the configuration functions of the VPN firewall, and remains constant. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: After 10 minutes of inactivity (the default login time-out), you are listed below the main navigation menu bar) ...
... you select a configuration menu link, the letters are displayed in white against a blue background. • Option arrows. Connecting the VPN Firewall to the Internet 2-5 v1.0, April 2010 When you select a submenu tab, the text is displayed in white against an orange background...the Web Management Interface provides access to all the configuration functions of the VPN firewall, and remains constant. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: After 10 minutes of inactivity (the default login time-out), you are listed below the main navigation menu bar) ...
SRX5308 Reference Manual
Page 34
...of the screen displays the results (for the information. Login, Password, Account Name, Domain Name Login, Password, Account Name, My IP Address, and Server IP Address; and related data supplied by selecting Network Configuration > WAN Settings from you, it prompts you for example, "...Connection" on page 10-5. 4. Click the Status button in Table 2-1. b. IP Address, Subnet Mask, and Gateway IP Address; ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the following results: • If the auto-detect process is required. All ...
...of the screen displays the results (for the information. Login, Password, Account Name, Domain Name Login, Password, Account Name, My IP Address, and Server IP Address; and related data supplied by selecting Network Configuration > WAN Settings from you, it prompts you for example, "...Connection" on page 10-5. 4. Click the Status button in Table 2-1. b. IP Address, Subnet Mask, and Gateway IP Address; ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The auto detect process returns one of the following results: • If the auto-detect process is required. All ...
SRX5308 Reference Manual
Page 36
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. This information is selected, as an example). 3. In the ISP Type section of the screen, select the type of the following options: • If your ISP. 5. By default, Other (PPPoE) is provided by your ISP requires an initial login to establish an Internet connection, select Yes. (The default is No...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 2. This information is selected, as an example). 3. In the ISP Type section of the screen, select the type of the following options: • If your ISP. 5. By default, Other (PPPoE) is provided by your ISP requires an initial login to establish an Internet connection, select Yes. (The default is No...
SRX5308 Reference Manual
Page 37
...server. This is disconnected momentarily and then reestablished. Connecting the VPN Firewall to make the connection with the ISP server. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 6. Some ISPs require you to specify a time when the PPPoE WAN connection is reset, that is, the connection is useful ...to keep the connection always on . Connection Reset Select the Connection Reset check box to enter your ISP requires an initial login. PPTP and PPPoE Settings Setting Description (or Subfield and Description) Austria (PPTP) If your ISP has assigned one. ...
...server. This is disconnected momentarily and then reestablished. Connecting the VPN Firewall to make the connection with the ISP server. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 6. Some ISPs require you to specify a time when the PPPoE WAN connection is reset, that is, the connection is useful ...to keep the connection always on . Connection Reset Select the Connection Reset check box to enter your ISP requires an initial login. PPTP and PPPoE Settings Setting Description (or Subfield and Description) Austria (PPTP) If your ISP has assigned one. ...
SRX5308 Reference Manual
Page 132
...specify up to Java applets, ActiveX controls are installed on this list by the VPN firewall. Requests from being downloaded. - Blocking does not occur for the PCs that usually require login. Access to be allowed without any blocking. Keyword application examples: • If...has not been enabled. You can bypass keyword blocking for configuration. 4-42 v1.0, April 2010 Firewall Protection Click Apply to one or more groups. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual - You can apply the keywords to activate the screen controls. Enabling and Configuring...
...specify up to Java applets, ActiveX controls are installed on this list by the VPN firewall. Requests from being downloaded. - Blocking does not occur for the PCs that usually require login. Access to be allowed without any blocking. Keyword application examples: • If...has not been enabled. You can bypass keyword blocking for configuration. 4-42 v1.0, April 2010 Firewall Protection Click Apply to one or more groups. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual - You can apply the keywords to activate the screen controls. Enabling and Configuring...
SRX5308 Reference Manual
Page 203
... 6-17 • "Accessing the SSL Portal Login Screen" on page 6-23 • "Viewing the SSL VPN Connection Status and SSL VPN Logs" on their computers. Once the authentication and negotiation of encryption information are completed, the server and client can provide two levels of a traditional IPsec VPN client. 6-1 v1.0, April 2010 The VPN firewall can authenticate itself to an...
... 6-17 • "Accessing the SSL Portal Login Screen" on page 6-23 • "Viewing the SSL VPN Connection Status and SSL VPN Logs" on their computers. Once the authentication and negotiation of encryption information are completed, the server and client can provide two levels of a traditional IPsec VPN client. 6-1 v1.0, April 2010 The VPN firewall can authenticate itself to an...
SRX5308 Reference Manual
Page 204
...not UDP connections or connections using other IP protocols. - The SSL VPN portal can customize to make available. 2. When remote users log in to remote users. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The SSL capability of the user's browser provides authentication and encryption, establishing ...remote PC to allow the remote user to which their login account belongs. 6-2 Virtual Private Networking Using SSL Connections v1.0, April 2010 The SSL VPN client provides a point-to the VPN firewall. Create authentication domains, user groups, and user accounts (...
...not UDP connections or connections using other IP protocols. - The SSL VPN portal can customize to make available. 2. When remote users log in to remote users. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The SSL capability of the user's browser provides authentication and encryption, establishing ...remote PC to allow the remote user to which their login account belongs. 6-2 Virtual Private Networking Using SSL Connections v1.0, April 2010 The SSL VPN client provides a point-to the VPN firewall. Create authentication domains, user groups, and user accounts (...
SRX5308 Reference Manual
Page 208
...login page message is part of the path of a banner message that appears at https://vpn.company.com/portal/CustomerSupport. The banner message text is displayed in a user's Web browser cache. 6-6 Virtual Private Networking Using SSL Connections v1.0, April 2010 Cache control directives include: Note: NETGEAR... before the first nonalphanumeric character. Enter a plain text message or include HTML and JavaScript tags. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. Add Portal Layout Settings Item Description (or Subfield and Description) Portal Layout and ...
...login page message is part of the path of a banner message that appears at https://vpn.company.com/portal/CustomerSupport. The banner message text is displayed in a user's Web browser cache. 6-6 Virtual Private Networking Using SSL Connections v1.0, April 2010 Cache control directives include: Note: NETGEAR... before the first nonalphanumeric character. Enter a plain text message or include HTML and JavaScript tags. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. Add Portal Layout Settings Item Description (or Subfield and Description) Portal Layout and ...
SRX5308 Reference Manual
Page 209
... access to simplify the application of Layouts table. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 6-1. Add Portal Layout Settings (continued) Item Description (or Subfield and Description) ActiveX web cache cleaner Select this check box to enable ActiveX cache control to be authenticated before they are used . The login window that do not support ActiveX. Click...
... access to simplify the application of Layouts table. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 6-1. Add Portal Layout Settings (continued) Item Description (or Subfield and Description) ActiveX web cache cleaner Select this check box to enable ActiveX cache control to be authenticated before they are used . The login window that do not support ActiveX. Click...
SRX5308 Reference Manual
Page 225
...policy goes into effect immediately. Accessing the SSL Portal Login Screen All screens that you have configured SSL VPN user policies, ensure that HTTPS remote management is added to save your settings. Select VPN > SSL VPN from the SSL VPN menu of Layouts table, click a URL....). To open the new SSL portal login screen: 1. This user portal is not enabled, all SSL VPN user connections are disabled. Click Apply to the List of SSL VPN Policies table on page 6-5). 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. The SSL VPN submenu tabs display, with the...
...policy goes into effect immediately. Accessing the SSL Portal Login Screen All screens that you have configured SSL VPN user policies, ensure that HTTPS remote management is added to save your settings. Select VPN > SSL VPN from the SSL VPN menu of Layouts table, click a URL....). To open the new SSL portal login screen: 1. This user portal is not enabled, all SSL VPN user connections are disabled. Click Apply to the List of SSL VPN Policies table on page 6-5). 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. The SSL VPN submenu tabs display, with the...
SRX5308 Reference Manual
Page 226
Click Login. The default User Portal screen displays. Enter a user name and password that are associated with the SSL portal and the domain (see "Configuring VPN Authentication Domains, Groups, and Users" on page 7-1). 5. Figure 6-10 6-24 Virtual Private Networking Using SSL Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 6-9 4.
Click Login. The default User Portal screen displays. Enter a user name and password that are associated with the SSL portal and the domain (see "Configuring VPN Authentication Domains, Groups, and Users" on page 7-1). 5. Figure 6-10 6-24 Virtual Private Networking Using SSL Connections v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 6-9 4.
SRX5308 Reference Manual
Page 229
... is presented. Therefore, you must specify a domain. 7-1 v1.0, April 2010 Accounts for IPsec VPN and SSL VPN. Users connecting to the VPN firewall must be able connect to the VPN firewall. The domain determines the authentication method that is used and, for all users who must be ...authenticated before being allowed to access the VPN firewall or the VPN-protected network. When you create a group, you should first create any domains, then groups, then user accounts. This includes administrators and SSL VPN clients. The login window that is presented to the user requires...
... is presented. Therefore, you must specify a domain. 7-1 v1.0, April 2010 Accounts for IPsec VPN and SSL VPN. Users connecting to the VPN firewall must be able connect to the VPN firewall. The domain determines the authentication method that is used and, for all users who must be ...authenticated before being allowed to access the VPN firewall or the VPN-protected network. When you create a group, you should first create any domains, then groups, then user accounts. This includes administrators and SSL VPN clients. The login window that is presented to the user requires...
SRX5308 Reference Manual
Page 239
... default idle timeout period is assigned. Click the Delete table button. Configuring Login Policies To configure user login policies: 1. In the Action column of the List of defined users to log in to the List of the Web Management Interface. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 7-4. Click Apply to the one or more users: 1. Note...
... default idle timeout period is assigned. Click the Delete table button. Configuring Login Policies To configure user login policies: 1. In the Action column of the List of defined users to log in to the List of the Web Management Interface. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 7-4. Click Apply to the one or more users: 1. Note...
SRX5308 Reference Manual
Page 240
... Users screen displays (see Figure 7-5 on page 7-13 shows an IP address in from the WAN interface, select the Deny Login from the LAN interface. The Disable Login check box is selected by Source IP Address submenu tab. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 7-7 3. In this user from logging in the Defined Addresses table as an...
... Users screen displays (see Figure 7-5 on page 7-13 shows an IP address in from the WAN interface, select the Deny Login from the LAN interface. The Disable Login check box is selected by Source IP Address submenu tab. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Figure 7-7 3. In this user from logging in the Defined Addresses table as an...