SRXN3205 Reference Manual
Page 8
...VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode 2-10 Configuring Dynamic DNS 2-11 Configuring the Advanced WAN Options (Optional 2-12 Additional WAN Related Configuration 2-14 Chapter 3 LAN Configuration Configuring the LAN Setup Options 3-1 Using the VPN Firewall as a DHCP Server 3-3 Configuring DHCP Address Reservation 3-4 Managing Groups and Hosts (LAN Groups 3-4 Viewing the LAN Groups Database 3-5 Adding Devices to the LAN Groups Database 3-6 Changing Group Names in the LAN Groups Database 3-7 Configuring Multi Home LAN IP Addresses 3-8 Configuring Static Routes...
...VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode 2-10 Configuring Dynamic DNS 2-11 Configuring the Advanced WAN Options (Optional 2-12 Additional WAN Related Configuration 2-14 Chapter 3 LAN Configuration Configuring the LAN Setup Options 3-1 Using the VPN Firewall as a DHCP Server 3-3 Configuring DHCP Address Reservation 3-4 Managing Groups and Hosts (LAN Groups 3-4 Viewing the LAN Groups Database 3-5 Adding Devices to the LAN Groups Database 3-6 Changing Group Names in the LAN Groups Database 3-7 Configuring Multi Home LAN IP Addresses 3-8 Configuring Static Routes...
SRXN3205 Reference Manual
Page 18
.... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs for easy monitoring of status and activity • Flash memory for firmware upgrade • AC-DC power adapter for Web services, Web addresses, and keywords within Web addresses. Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a "normal" connection such...
.... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs for easy monitoring of status and activity • Flash memory for firmware upgrade • AC-DC power adapter for Web services, Web addresses, and keywords within Web addresses. Each Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a "normal" connection such...
SRXN3205 Reference Manual
Page 20
... a pre-installed VPN client on their computers. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for the 2.4 GHz band or the 5 GHz bands. • Upgradeable Firmware. Firmware is not broadcast, assuring only clients configured with the correct SSID can use the SRXN3205 to gain access to a file and restored. • Secure and Economical Operation. Adjustable power output allows more secure or economical operation. • Autosensing Ethernet Connection with customizable user portals and support for each radio mode are easily...
... a pre-installed VPN client on their computers. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for the 2.4 GHz band or the 5 GHz bands. • Upgradeable Firmware. Firmware is not broadcast, assuring only clients configured with the correct SSID can use the SRXN3205 to gain access to a file and restored. • Secure and Economical Operation. Adjustable power output allows more secure or economical operation. • Autosensing Ethernet Connection with customizable user portals and support for each radio mode are easily...
SRXN3205 Reference Manual
Page 27
...VPN Firewall SRXN3205 Reference Manual Chapter 2 Connecting to the Internet (WAN) The initial Internet configuration of the Installation Guide is on the product CD and on the NETGEAR web site at: http://kbserver.netgear.com. 2. See "Configuring the Internet Connection (WAN)" on page 2-2. 3. A PDF of the SRXN3205 ProSafe Wireless-N VPN Firewall is detailed separately in to the Internet (WAN) 2-1 v1.0, October 2008 Configure the Internet connection(s). This chapter contains the following sections: • "Understanding the Connection Steps" • "Logging into the VPN Firewall...
...VPN Firewall SRXN3205 Reference Manual Chapter 2 Connecting to the Internet (WAN) The initial Internet configuration of the Installation Guide is on the product CD and on the NETGEAR web site at: http://kbserver.netgear.com. 2. See "Configuring the Internet Connection (WAN)" on page 2-2. 3. A PDF of the SRXN3205 ProSafe Wireless-N VPN Firewall is detailed separately in to the Internet (WAN) 2-1 v1.0, October 2008 Configure the Internet connection(s). This chapter contains the following sections: • "Understanding the Connection Steps" • "Logging into the VPN Firewall...
SRXN3205 Reference Manual
Page 38
... feature. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To configure Dynamic DNS: 1. The Current WAN Mode section reports the currently configured WAN mode. The fields corresponding to renew your DDNS account. In the Host and Domain Name field, enter the entire FQDN name that match the configured WAN Mode will use of the DDNS service providers and set up an account. Enter the Password, or User Key, for example: .dyndns.org). If your dynamic DNS provider requires...
... feature. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To configure Dynamic DNS: 1. The Current WAN Mode section reports the currently configured WAN mode. The fields corresponding to renew your DDNS account. In the Host and Domain Name field, enter the entire FQDN name that match the configured WAN Mode will use of the DDNS service providers and set up an account. Enter the Password, or User Key, for example: .dyndns.org). If your dynamic DNS provider requires...
SRXN3205 Reference Manual
Page 39
... change. However, if your ISP requires MAC authentication, then select either of these options: • Use this Computer's MAC address to have the firewall use the MAC address of the WAN port. This is rarely required, and should not be done unless you are sure it ; Use the half-duplex settings unless you are sure your ISP connection. a. This is the default. b. Figure 2-11 Need new screenshot 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual...
... change. However, if your ISP requires MAC authentication, then select either of these options: • Use this Computer's MAC address to have the firewall use the MAC address of the WAN port. This is rarely required, and should not be done unless you are sure it ; Use the half-duplex settings unless you are sure your ISP connection. a. This is the default. b. Figure 2-11 Need new screenshot 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual...
SRXN3205 Reference Manual
Page 44
.... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual addresses will be assigned by setting the Starting IP Address and Ending IP Address. Configuring DHCP Address Reservation A computer (or device) will always receive the same IP address, if you may wish to DHCP client requests from a pool of your network will accept and respond to save part of this firewall is updated by other network devices. The LAN Groups Database is enabled, and will be assigned until the next time the...
.... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual addresses will be assigned by setting the Starting IP Address and Ending IP Address. Configuring DHCP Address Reservation A computer (or device) will always receive the same IP address, if you may wish to DHCP client requests from a pool of your network will accept and respond to save part of this firewall is updated by other network devices. The LAN Groups Database is enabled, and will be assigned until the next time the...
SRXN3205 Reference Manual
Page 59
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. This nullifies the wireless network "discovery" feature of the screen. 6. Type your network name in the Name (SSID) field on the LAN connected to the SRXN3205. If you in discovering where the errors in setting up your security settings are 802.11[a only, b only, g only, g and b, 11ng, or 11a]. 8. Prepare a PC as the Wireless Security Type. 9. Completing Wireless Setup (No Security) The purpose of the Wireless Settings screen. Select your...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. This nullifies the wireless network "discovery" feature of the screen. 6. Type your network name in the Name (SSID) field on the LAN connected to the SRXN3205. If you in discovering where the errors in setting up your security settings are 802.11[a only, b only, g only, g and b, 11ng, or 11a]. 8. Prepare a PC as the Wireless Security Type. 9. Completing Wireless Setup (No Security) The purpose of the Wireless Settings screen. Select your...
SRXN3205 Reference Manual
Page 62
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you in making your selections: • Print out the "SSID and WEP/WPA Settings Setup Form" on page 4-9 • To configure WEP encryption for Open Systems or Shared Key, see "Configuring WEP" on page 4-11. • To configure WPA-PSK, see "Configuring WPA-PSK" on page...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you in making your selections: • Print out the "SSID and WEP/WPA Settings Setup Form" on page 4-9 • To configure WEP encryption for Open Systems or Shared Key, see "Configuring WEP" on page 4-11. • To configure WPA-PSK, see "Configuring WPA-PSK" on page...
SRXN3205 Reference Manual
Page 63
... area network. All wireless nodes in the same network must be able to set it by using up or is responsible for the primary and secondary RADIUS servers: Server Name/IP Address: Primary Secondary RADIUS Port Shared Key Wireless Configuration 4-9 v1.0, October 2008 Key WPA RADIUS Settings. For WPA, record the following settings for the network will not connect unless they are set to 32 alphanumeric characters. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual SSID and WEP/WPA Settings Setup Form 802.11b/g/n Configuration For a new wireless network...
... area network. All wireless nodes in the same network must be able to set it by using up or is responsible for the primary and secondary RADIUS servers: Server Name/IP Address: Primary Secondary RADIUS Port Shared Key Wireless Configuration 4-9 v1.0, October 2008 Key WPA RADIUS Settings. For WPA, record the following settings for the network will not connect unless they are set to 32 alphanumeric characters. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual SSID and WEP/WPA Settings Setup Form 802.11b/g/n Configuration For a new wireless network...
SRXN3205 Reference Manual
Page 64
... keys in the same positions as the first step. • SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. For WPA, record the following settings for more security. Note: If you configure in the wireless adapter card. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 802.11a/n Configuration For a new wireless network, print or copy this information in a safe place. 4-10 v1.0, October 2008 Wireless Configuration Write your customized SSID...
... keys in the same positions as the first step. • SSID: The Service Set Identification (SSID) requires the identity or name of the wireless local area network. For WPA, record the following settings for more security. Note: If you configure in the wireless adapter card. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 802.11a/n Configuration For a new wireless network, print or copy this information in a safe place. 4-10 v1.0, October 2008 Wireless Configuration Write your customized SSID...
SRXN3205 Reference Manual
Page 69
... default is the default WPA encryption. 4. The wireless adapter hardware and driver must also support WPA2. and WPA2 client software for your wireless adapter; Enter the RADIUS Server Settings: • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. - Configuring WPA and WPA2 with RADIUS in the Wireless Settings menu...
... default is the default WPA encryption. 4. The wireless adapter hardware and driver must also support WPA2. and WPA2 client software for your wireless adapter; Enter the RADIUS Server Settings: • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server Name, IP Address, RADIUS Port (number), and Shared Key are required for communication with the RADIUS Server. - Configuring WPA and WPA2 with RADIUS in the Wireless Settings menu...
SRXN3205 Reference Manual
Page 70
... for the best coverage in this chapter. 3. The default is 1812. - The port number of all the antennas for file and printer access on your settings. This is elevated, such as Mozilla Firefox, Netscape, or Internet Explorer to connect, see Chapter 12, "Troubleshooting." ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - IP Address. Verifying Wireless Connectivity (Security) Using a Client PC with an 802.11b/g/n or 802.11a/n wireless adapter with the correct wireless and security settings for connection to the SRXN3205 (SSID, WEP/WPA, MAC ACL...
... for the best coverage in this chapter. 3. The default is 1812. - The port number of all the antennas for file and printer access on your settings. This is elevated, such as Mozilla Firefox, Netscape, or Internet Explorer to connect, see Chapter 12, "Troubleshooting." ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - IP Address. Verifying Wireless Connectivity (Security) Using a Client PC with an 802.11b/g/n or 802.11a/n wireless adapter with the correct wireless and security settings for connection to the SRXN3205 (SSID, WEP/WPA, MAC ACL...
SRXN3205 Reference Manual
Page 71
... default VPN firewall name is set with the DHCP client Enabled. Verify you can use these settings to the SRXN3205. 7. Advanced Wireless Settings Configuring Advanced Wireless Settings The Advanced screen of the Wireless Settings menu is printed on your Wireless Settings for all of your switch. However, you still have wireless connections to fine tune the overall performance of the 802.11a/n and 802.11b/g/n modes. Connect Ethernet cable(s) from main/submenu. 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. The default name is used to a AC power outlet...
... default VPN firewall name is set with the DHCP client Enabled. Verify you can use these settings to the SRXN3205. 7. Advanced Wireless Settings Configuring Advanced Wireless Settings The Advanced screen of the Wireless Settings menu is printed on your Wireless Settings for all of your switch. However, you still have wireless connections to fine tune the overall performance of the 802.11a/n and 802.11b/g/n modes. Connect Ethernet cable(s) from main/submenu. 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. The default name is used to a AC power outlet...
SRXN3205 Reference Manual
Page 103
... and NETGEAR VPN Client configuration procedures for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The parameters used by the VPN wizard are based on both sides of the ProSafe Wireless-N VPN Firewall to configure a VPN tunnel between your local network and a remote network or computer. The VPN Wizard efficiently guides you through the setup procedure with the Wizard" • "Viewing or Modifying IKE and VPN Policy Settings" • "Managing VPN Tunnel Policies" • "Manually Assigning IP Addresses to Remote Users...
... and NETGEAR VPN Client configuration procedures for the network connection: Security Association, traffic selectors, authentication algorithm, and encryption. The parameters used by the VPN wizard are based on both sides of the ProSafe Wireless-N VPN Firewall to configure a VPN tunnel between your local network and a remote network or computer. The VPN Wizard efficiently guides you through the setup procedure with the Wizard" • "Viewing or Modifying IKE and VPN Policy Settings" • "Managing VPN Tunnel Policies" • "Manually Assigning IP Addresses to Remote Users...
SRXN3205 Reference Manual
Page 109
... VPN client policies (IKE and VPN) that will use Netgear's ProSafe VPN Client software. Each PC will allow remote PCs to configure a VPN connection between a Windows PC and the SRXN3205 firewall. Select the VPN Client radio button for the pre-shared key. 5. The default is displayed showing the VPN Client policy as "client". 4. Virtual Private Networking Using IPsec 6-7 v1.0, October 2008 Enter a value for type of the connection. The PCs may be directly connected to the local user database, you can augment user authentication security...
... VPN client policies (IKE and VPN) that will use Netgear's ProSafe VPN Client software. Each PC will allow remote PCs to configure a VPN connection between a Windows PC and the SRXN3205 firewall. Select the VPN Client radio button for the pre-shared key. 5. The default is displayed showing the VPN Client policy as "client". 4. Virtual Private Networking Using IPsec 6-7 v1.0, October 2008 Enter a value for type of the connection. The PCs may be directly connected to the local user database, you can augment user authentication security...
SRXN3205 Reference Manual
Page 119
... using the template security proposal information configured in the Mode Config record. Note: After configuring a Mode Config record, you must be edited. WAN IP address: 172.21.4.1 - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Manually Assigning IP Addresses to Remote Users (ModeConfig) To simply the process of the network. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration...
... using the template security proposal information configured in the Mode Config record. Note: After configuring a Mode Config record, you must be edited. WAN IP address: 172.21.4.1 - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Manually Assigning IP Addresses to Remote Users (ModeConfig) To simply the process of the network. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration...
SRXN3205 Reference Manual
Page 122
... user account is disabled by default. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. Right-click the VPN client icon in the IKE Policies Table. Give the connection a descriptive name such as a VPN concentrator where one of the Policy Editor window, click the New Policy editor icon. c. XAUTH is not present, the firewall will need to specify the user name and password to the RADIUS server...
... user account is disabled by default. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. Right-click the VPN client icon in the IKE Policies Table. Give the connection a descriptive name such as a VPN concentrator where one of the Policy Editor window, click the New Policy editor icon. c. XAUTH is not present, the firewall will need to specify the user name and password to the RADIUS server...
SRXN3205 Reference Manual
Page 201
... hold the reset button for a shorter period of time will simply cause your device to their factory defaults. firewall Default Configuration Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Default Behavior https://192.168.1.1 admin password Uses default address as printed on the rear panel to reset all settings to reboot. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You can use the reset button located on...
... hold the reset button for a shorter period of time will simply cause your device to their factory defaults. firewall Default Configuration Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Default Behavior https://192.168.1.1 admin password Uses default address as printed on the rear panel to reset all settings to reboot. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You can use the reset button located on...
SRXN3205 Reference Manual
Page 214
... RADIUS-PAP 6-22 XAUTH, using with 6-23 Range 4-2 reception range equipment placement 4-2 reducing traffic 9-2 Block Sites 9-4 service blocking 9-2 Source MAC Filtering 9-4 remote management 9-10 access 9-10 configuration 9-10 remote users assigning addresses 6-17 ModeConfig 6-17 reserved IP address configuring 3-4 in LAN groups database 3-7 restrictions 3-7 resources defining 7-13 restore saved settings 9-13 restricting access MAC address, using in firewall rules 5-3 QoS. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual ping 12-8 Ping On Internet Ports 5-10 point-to-point bridge...
... RADIUS-PAP 6-22 XAUTH, using with 6-23 Range 4-2 reception range equipment placement 4-2 reducing traffic 9-2 Block Sites 9-4 service blocking 9-2 Source MAC Filtering 9-4 remote management 9-10 access 9-10 configuration 9-10 remote users assigning addresses 6-17 ModeConfig 6-17 reserved IP address configuring 3-4 in LAN groups database 3-7 restrictions 3-7 resources defining 7-13 restore saved settings 9-13 restricting access MAC address, using in firewall rules 5-3 QoS. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual ping 12-8 Ping On Internet Ports 5-10 point-to-point bridge...