SRX5308 Product Datasheet
Page 1
LAN-to-WAN Throughput¹ Secure Firewall Quad Gigabit WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of stateful firewall throughput. The SRX5308 features a hardware-accelerated data flow architecture that furnishes multidimensional security including...
LAN-to-WAN Throughput¹ Secure Firewall Quad Gigabit WAN Ports VLAN Support SSL and IPsec VPN Remote Access Bandwidth Management Easy to Use Reliable NETGEAR Hardware 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Data Sheet Ultra High Performance Business-class Firewall Security The flagship model of stateful firewall throughput. The SRX5308 features a hardware-accelerated data flow architecture that furnishes multidimensional security including...
SRX5308 Product Datasheet
Page 2
... connect with Web browser VPN Tunnel encrypts your data SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Broadband modems Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD should automatically run when inserted into your CD-ROM drive. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk...
... connect with Web browser VPN Tunnel encrypts your data SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Broadband modems Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD should automatically run when inserted into your CD-ROM drive. ProSafe174; Quad WAN Gigabit SSL VPN Firewall SRX5308 Gigabit Ethernet Fast Ethernet GSM7224-200 ProSafe 24-port Gigabit Managed Switch STM300 ProSecure Web and Email Security Appliance SRX5308 ProSafe Quad WAN Gigabit SSL VPN Firewall Remote Access via Kiosk...
SRX5308 Reference Manual
Page 6
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Testing the Connections and Viewing Status Information 5-16 Testing the VPN Connection 5-16 NETGEAR VPN Client Status and Log Information 5-17 Viewing the VPN Firewall IPsec VPN Connection Status 5-19 Viewing the VPN Firewall IPSec VPN Logs 5-20 Managing IPsec VPN Policies 5-20 Configuring IKE Policies 5-21 Configuring VPN Policies 5-29 Configuring Extended Authentication (XAUTH 5-37 Configuring XAUTH for VPN Clients 5-38...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Testing the Connections and Viewing Status Information 5-16 Testing the VPN Connection 5-16 NETGEAR VPN Client Status and Log Information 5-17 Viewing the VPN Firewall IPsec VPN Connection Status 5-19 Viewing the VPN Firewall IPSec VPN Logs 5-20 Managing IPsec VPN Policies 5-20 Configuring IKE Policies 5-21 Configuring VPN Policies 5-29 Configuring Extended Authentication (XAUTH 5-37 Configuring XAUTH for VPN Clients 5-38...
SRX5308 Reference Manual
Page 7
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and Users...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Adding New Network Resources 6-14 Editing Network Resources to Specify Addresses 6-15 Configuring User, Group, and Global Policies 6-17 Viewing Policies ...6-18 Adding a Policy ...6-19 Accessing the SSL Portal Login Screen 6-23 Viewing the SSL VPN Connection Status and SSL VPN Logs 6-25 Chapter 7 Managing Users, Authentication, and Certificates Configuring VPN Authentication Domains, Groups, and Users...
SRX5308 Reference Manual
Page 8
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN Tunnel Connection Status 9-18 Viewing the...
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Chapter 9 Monitoring System Access and Performance Enabling the WAN Traffic Meter 9-1 Activating Notification of Events, Alerts, and Syslogs 9-5 Viewing Status and Log Screens 9-9 Viewing the System (Router) Status and Statistics 9-10 Viewing the VLAN Status 9-16 Viewing and Disconnecting Active Users 9-17 Viewing the VPN Tunnel Connection Status 9-18 Viewing the...
SRX5308 Reference Manual
Page 18
..., traceroute, DNS lookup, and remote reboot. • Remote management. The SNMP system configuration lets you can limit remote management access to the terms that the IPsec VPN tunnels are identified in the Warranty and Support information card provided with other VPNC-compliant VPN routers and clients. • SNMP. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure...
..., traceroute, DNS lookup, and remote reboot. • Remote management. The SNMP system configuration lets you can limit remote management access to the terms that the IPsec VPN tunnels are identified in the Warranty and Support information card provided with other VPNC-compliant VPN routers and clients. • SNMP. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Easy Installation and Management You can install, configure...
SRX5308 Reference Manual
Page 28
The Web Management Interface appears, displaying the Router Status screen. (For information about this screen, see "Viewing the System (Router) Status and Statistics" on page 9-10). Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. In the Domain drop-down ...Login. Use lower-case letters. 4. Follow the directions of your Internet connection. 5. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection, you might get a warning message regarding the...
The Web Management Interface appears, displaying the Router Status screen. (For information about this screen, see "Viewing the System (Router) Status and Statistics" on page 9-10). Figure 2-2 2-4 Connecting the VPN Firewall to accept the SSL certificate. 3. In the Domain drop-down ...Login. Use lower-case letters. 4. Follow the directions of your Internet connection. 5. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The first time that you remotely connect to the VPN firewall with a browser via an SSL connection, you might get a warning message regarding the...
SRX5308 Reference Manual
Page 58
...enable remote management, NETGEAR strongly recommend that you made, when you can select Custom and enter the speed in Kbps in the field below . 5. From the drop-down list, select the maximum upload speed that is provided by the VPN firewall. ...Remote Management Access" on page 8-10). Additional WAN-Related Configuration Tasks • If you can set up the traffic meter for an additional WAN interface, select another WAN interface and repeat these steps. Click Apply to the Internet: DSL, ADLS, Cable Modem, T1, T3, or Other. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...
...enable remote management, NETGEAR strongly recommend that you made, when you can select Custom and enter the speed in Kbps in the field below . 5. From the drop-down list, select the maximum upload speed that is provided by the VPN firewall. ...Remote Management Access" on page 8-10). Additional WAN-Related Configuration Tasks • If you can set up the traffic meter for an additional WAN interface, select another WAN interface and repeat these steps. Click Apply to the Internet: DSL, ADLS, Cable Modem, T1, T3, or Other. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308...
SRX5308 Reference Manual
Page 92
..." on page 7-1 and "Configuring Remote Management Access" on page 9-5. A firewall has two default rules, one for outbound. For information about how to 600 rules on page 4-40) - The firewall logs can configure up to configure logging and notifications, see "Performance Management" on page 4-3) - For more information, see "Activating Notification of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Administrator Tips...
..." on page 7-1 and "Configuring Remote Management Access" on page 9-5. A firewall has two default rules, one for outbound. For information about how to 600 rules on page 4-40) - The firewall logs can configure up to configure logging and notifications, see "Performance Management" on page 4-3) - For more information, see "Activating Notification of the VPN firewall. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Administrator Tips...
SRX5308 Reference Manual
Page 225
..." on page 6-24). This user portal is not enabled, all SSL VPN user connections are disabled. Virtual Private Networking Using SSL Connections v1.0, April 2010 6-23 Click Apply to the List of Layouts table, click a URL. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. If HTTPS remote management is not the same as an example). In the Portal URL column of...
..." on page 6-24). This user portal is not enabled, all SSL VPN user connections are disabled. Virtual Private Networking Using SSL Connections v1.0, April 2010 6-23 Click Apply to the List of Layouts table, click a URL. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 4. If HTTPS remote management is not the same as an example). In the Portal URL column of...
SRX5308 Reference Manual
Page 262
... the types of these tools. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Assigning Bandwidth Profiles When you configure a separate secure password for the administrator account to a more information about bandwidth profiles, see "Creating Bandwidth Profiles" on page 8-21. To modify the administrator user account settings, including the password: 1. System Management System management tasks are both password. See...
... the types of these tools. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Assigning Bandwidth Profiles When you configure a separate secure password for the administrator account to a more information about bandwidth profiles, see "Creating Bandwidth Profiles" on page 8-21. To modify the administrator user account settings, including the password: 1. System Management System management tasks are both password. See...
SRX5308 Reference Manual
Page 264
... IP address. Configuring Remote Management Access An administrator can change the admin and guest default passwords before continuing (see "Configuring Login Policies" on page 7-11. By default, the administrator can reconfigure the VPN firewall and misuse it in from a WAN interface. Click Apply to password and 5 minutes, respectively. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. Because a malicious WAN user can log...
... IP address. Configuring Remote Management Access An administrator can change the admin and guest default passwords before continuing (see "Configuring Login Policies" on page 7-11. By default, the administrator can reconfigure the VPN firewall and misuse it in from a WAN interface. Click Apply to password and 5 minutes, respectively. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual 5. Because a malicious WAN user can log...
SRX5308 Reference Manual
Page 265
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To configure the VPN firewall for remote management: 1. Select Administration > Remote Management from the menu. The Remote Management screen displays. Enter the settings as explained in Table 8-1 on page 8-9. Figure 8-3 2. Network and System Management v1.0, April 2010 8-11
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To configure the VPN firewall for remote management: 1. Select Administration > Remote Management from the menu. The Remote Management screen displays. Enter the settings as explained in Table 8-1 on page 8-9. Figure 8-3 2. Network and System Management v1.0, April 2010 8-11
SRX5308 Reference Manual
Page 266
... following IP address settings: • Everyone. Enter a single IP address. 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 8-1. As an option, you click Apply. You must use an SSL connection to disable HTTPS remote management (which is enabled, you must enter https:// (not http://) and type the VPN firewall's WAN IP address in your browser: https://172.16.0.123. Select the...
... following IP address settings: • Everyone. Enter a single IP address. 3. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 8-1. As an option, you click Apply. You must use an SSL connection to disable HTTPS remote management (which is enabled, you must enter https:// (not http://) and type the VPN firewall's WAN IP address in your browser: https://172.16.0.123. Select the...
SRX5308 Reference Manual
Page 267
... Login Policies" on page 7-11). Network and System Management v1.0, April 2010 8-13 Note: To maintain security, the VPN firewall rejects a login that your ISP assigned to the VPN firewall's Web Management Interface, check if administrative access through a WAN interface is displayed. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual . Note: If you are unable to remotely connect to a single IP address or a small...
... Login Policies" on page 7-11). Network and System Management v1.0, April 2010 8-13 Note: To maintain security, the VPN firewall rejects a login that your ISP assigned to the VPN firewall's Web Management Interface, check if administrative access through a WAN interface is displayed. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual . Note: If you are unable to remotely connect to a single IP address or a small...
SRX5308 Reference Manual
Page 318
... v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table A-1. VPN Firewall Default Configuration Settings (continued) Feature Default Behavior (continued) RIP authentication DHCP server DHCP starting IP address DHCP starting IP address Disabled Enabled 192.168.1.2 192.168.1.100 Management Time zone Time zone adjusted for daylight savings time SNMP Remote management GMT Disabled Disabled Disabled Firewall Inbound (communications coming...
... v1.0, April 2010 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table A-1. VPN Firewall Default Configuration Settings (continued) Feature Default Behavior (continued) RIP authentication DHCP server DHCP starting IP address DHCP starting IP address Disabled Enabled 192.168.1.2 192.168.1.100 Management Time zone Time zone adjusted for daylight savings time SNMP Remote management GMT Disabled Disabled Disabled Firewall Inbound (communications coming...
SRX5308 Reference Manual
Page 322
...NETGEAR strongly advises you to change the default management password to a specific WAN port. - For load balancing mode, decide which protocols should be bound to a strong password before enabling remote management. You can also add your network management approach. • The VPN firewall is capable of being managed remotely, but this manual, the WAN...volume of both WAN ports. 3. b. Plan your own service protocols to route the traffic of data traffic each WAN port or you are using the same ISP to the list. 2. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual ...
...NETGEAR strongly advises you to change the default management password to a specific WAN port. - For load balancing mode, decide which protocols should be bound to a strong password before enabling remote management. You can also add your network management approach. • The VPN firewall is capable of being managed remotely, but this manual, the WAN...volume of both WAN ports. 3. b. Plan your own service protocols to route the traffic of data traffic each WAN port or you are using the same ISP to the list. 2. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual ...
SRX5308 Reference Manual
Page 371
....org 2-27, 2-30 A AAA (authentication, authorization, and accounting) 5-39 AC input 1-10 access, remote management 8-10 account name, PPTP and PPPoE 2-13 action buttons (Web Management Interface) 2-6 active directory 7-2, 7-5 active routes 3-26 ActiveX controls, blocking 4-42 Web cache cleaner, SSL VPN 6-7 address reservation 3-19 Address Resolution Protocol. See extended authentication (XAUTH). See ARP. administrator default...
....org 2-27, 2-30 A AAA (authentication, authorization, and accounting) 5-39 AC input 1-10 access, remote management 8-10 account name, PPTP and PPPoE 2-13 action buttons (Web Management Interface) 2-6 active directory 7-2, 7-5 active routes 3-26 ActiveX controls, blocking 4-42 Web cache cleaner, SSL VPN 6-7 address reservation 3-19 Address Resolution Protocol. See extended authentication (XAUTH). See ARP. administrator default...
SRX5308 Reference Manual
Page 380
...firewall 4-3, 4-4 service numbers, common protocols 4-32 services, customizing 4-3, 4-31 Session Initiation Protocol. routing log messages, explanation C-18 RSA signatures 5-27 rules, See inbound rules, outbound rules. See SIP. remote management access 8-10 settings 8-12 troubleshooting 8-13 remote...Algorithm 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual RADIUS-CHAP 5-28, 5-37, 5-38, 7-4 RADIUS-MSCHAP(v2) 7-4 RADIUS-PAP 5-28, 5-37, 5-38, 7-4 server, configuring 5-39 rate-limiting, traffic 2-34 read/write access 7-9 read-only access 7-9 rebooting, remotely 9-28 reducing...
...firewall 4-3, 4-4 service numbers, common protocols 4-32 services, customizing 4-3, 4-31 Session Initiation Protocol. routing log messages, explanation C-18 RSA signatures 5-27 rules, See inbound rules, outbound rules. See SIP. remote management access 8-10 settings 8-12 troubleshooting 8-13 remote...Algorithm 1. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual RADIUS-CHAP 5-28, 5-37, 5-38, 7-4 RADIUS-MSCHAP(v2) 7-4 RADIUS-PAP 5-28, 5-37, 5-38, 7-4 server, configuring 5-39 rate-limiting, traffic 2-34 read/write access 7-9 read-only access 7-9 rebooting, remotely 9-28 reducing...
SRX5308 Reference Manual
Page 382
... 10-4 date and time 10-10 defaults 10-4 ISP connection 10-5 LEDs 10-2, 10-3 NTP 10-10 remote management 8-13 testing the LAN path 10-7 testing your setup 10-7 time-out error 10-4 using the utilities 9-25 Web...4-30 understanding log messages C-1 Universal Plug and Play. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual tabs, submenu (Web Management Interface) 2-5 tags, meta 6-6 TCP flood, blocking 4-27 time-out 4-30 TCP/IP, network, troubleshooting 10-6 technical specifications A-2 technical support, NETGEAR ii Telnet, management 8-12 Test LED 1-8, 10-2 time settings 8-21 ...
... 10-4 date and time 10-10 defaults 10-4 ISP connection 10-5 LEDs 10-2, 10-3 NTP 10-10 remote management 8-13 testing the LAN path 10-7 testing your setup 10-7 time-out error 10-4 using the utilities 9-25 Web...4-30 understanding log messages C-1 Universal Plug and Play. ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual tabs, submenu (Web Management Interface) 2-5 tags, meta 6-6 TCP flood, blocking 4-27 time-out 4-30 TCP/IP, network, troubleshooting 10-6 technical specifications A-2 technical support, NETGEAR ii Telnet, management 8-12 Test LED 1-8, 10-2 time settings 8-21 ...