SRXN3205 Reference Manual
Page 7
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL...
SRXN3205 Reference Manual
Page 8
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode 2-10 Configuring Dynamic DNS 2-11 Configuring the Advanced WAN Options (Optional 2-12 Additional WAN Related Configuration 2-14 Chapter 3 LAN Configuration Configuring the LAN Setup Options 3-1 Using the VPN Firewall as a DHCP Server 3-3 Configuring DHCP Address Reservation 3-4 Managing Groups and Hosts (LAN Groups 3-4 Viewing the LAN Groups Database 3-5 Adding Devices to the LAN Groups Database...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode 2-10 Configuring Dynamic DNS 2-11 Configuring the Advanced WAN Options (Optional 2-12 Additional WAN Related Configuration 2-14 Chapter 3 LAN Configuration Configuring the LAN Setup Options 3-1 Using the VPN Firewall as a DHCP Server 3-3 Configuring DHCP Address Reservation 3-4 Managing Groups and Hosts (LAN Groups 3-4 Viewing the LAN Groups Database 3-5 Adding Devices to the LAN Groups Database...
SRXN3205 Reference Manual
Page 9
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
SRXN3205 Reference Manual
Page 10
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended Authentication...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended Authentication...
SRXN3205 Reference Manual
Page 11
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 ... Zone Settings 9-15 Chapter 11 Monitoring System Performance Enabling the Traffic Meter 11-1 Activating Notification of Events and Alerts 11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System Status 11-7 Monitoring the WAN Port Status 11-8 Monitoring Attached Devices 11-9 Reviewing the DHCP Log 11-10 Monitoring Active ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 ... Zone Settings 9-15 Chapter 11 Monitoring System Performance Enabling the Traffic Meter 11-1 Activating Notification of Events and Alerts 11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System Status 11-7 Monitoring the WAN Port Status 11-8 Monitoring Attached Devices 11-9 Reviewing the DHCP Log 11-10 Monitoring Active ...
SRXN3205 Reference Manual
Page 12
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never Turn Off 12-2 LAN or WAN Port LEDs Not On 12-2 Troubleshooting the Web Configuration...IP Network Using a Ping Utility 12-5 Testing the LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never Turn Off 12-2 LAN or WAN Port LEDs Not On 12-2 Troubleshooting the Web Configuration...IP Network Using a Ping Utility 12-5 Testing the LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12...
SRXN3205 Reference Manual
Page 13
...Scope The conventions, formats, and scope of this type of importance or special interest. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About This Manual The NETGEAR® ProSafe™ Wireless-N VPN FirewallReference Manual describes how to highlight information of note may result in a malfunction or damage... Command prompt, CLI text, code URL links • Formats. Tip: This format is used to configure and troubleshoot a ProSafe Wireless-N VPN Firewall. Warning: Ignoring this manual are described in this manual is used to highlight special messages: Note: This...
...Scope The conventions, formats, and scope of this type of importance or special interest. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About This Manual The NETGEAR® ProSafe™ Wireless-N VPN FirewallReference Manual describes how to highlight information of note may result in a malfunction or damage... Command prompt, CLI text, code URL links • Formats. Tip: This format is used to configure and troubleshoot a ProSafe Wireless-N VPN Firewall. Warning: Ignoring this manual are described in this manual is used to highlight special messages: Note: This...
SRXN3205 Reference Manual
Page 17
.... • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for secure wired and wireless connections. The SRXN3205 is a plug-and-play device that can be installed and configured within minutes. Moreover, the ProSafe Wireless-N VPN Firewall supports wireless connections over the wider range and more robust connections afforded by 802.11N and 802.11a...
.... • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for secure wired and wireless connections. The SRXN3205 is a plug-and-play device that can be installed and configured within minutes. Moreover, the ProSafe Wireless-N VPN Firewall supports wireless connections over the wider range and more robust connections afforded by 802.11N and 802.11a...
SRXN3205 Reference Manual
Page 18
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs for easy monitoring of cable to make the right connection. 1-2 Introduction v1.0, October 2008 You can also configure the firewall...NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you at specified intervals. Each Ethernet port will then configure ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs for easy monitoring of cable to make the right connection. 1-2 Introduction v1.0, October 2008 You can also configure the firewall...NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to Internet locations or services that you at specified intervals. Each Ethernet port will then configure ...
SRXN3205 Reference Manual
Page 19
... C-4. • IP Address Sharing by simulating a dial-up to "Internet Configuration Requirements" on your local network. • DNS Proxy. The firewall allows many networked PCs to other IPsec gateways and clients. - Introduction 1-3 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing...
... C-4. • IP Address Sharing by simulating a dial-up to "Internet Configuration Requirements" on your local network. • DNS Proxy. The firewall allows many networked PCs to other IPsec gateways and clients. - Introduction 1-3 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing...
SRXN3205 Reference Manual
Page 20
... Secure Sockets Layer (SSL) protocol, commonly used . • Access Control. Supports up to 5 IPse VPN sessions and up to a file and restored. • Secure and Economical Operation. Configuration settings can connect. • Configuration Backup. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for each radio mode are easily identified. 1-4 Introduction v1.0, October 2008 Provides...
... Secure Sockets Layer (SSL) protocol, commonly used . • Access Control. Supports up to 5 IPse VPN sessions and up to a file and restored. • Secure and Economical Operation. Configuration settings can connect. • Configuration Backup. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for each radio mode are easily identified. 1-4 Introduction v1.0, October 2008 Provides...
SRXN3205 Reference Manual
Page 21
... Network Management Protocol (SNMP) to let you can install, configure, and operate the ProSafe Wireless-N VPN Firewall within minutes after connecting it to the network. System Requirements Before installing the SRXN3205, ensure your type of ISP account. • VPN Wizard. The firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the Virtual Private Network...
... Network Management Protocol (SNMP) to let you can install, configure, and operate the ProSafe Wireless-N VPN Firewall within minutes after connecting it to the network. System Requirements Before installing the SRXN3205, ensure your type of ISP account. • VPN Wizard. The firewall includes the NETGEAR VPN Wizard to easily configure IPsec VPN tunnels according to the recommendations of the Virtual Private Network...
SRXN3205 Reference Manual
Page 23
.... Off n/a 5 GHz Blink (Green) WLAN 802.11n/a (5GHz) mode is not supplied to factory default settings, erasing all configuration settings and restores the default password. 3 LAN Ports LAN connections Four Auto MDI/MDIX, Gigabit Ethernet ports. Green = 1000M 4 WAN... upgrading or resetting to the firewall. Amber = 100M; Hold in for 15 seconds (until the TEST light flashes). Description of Front Panel Items Item Activity Description PWR (Power) On Green Off Power is supplied to defaults). ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 1-1. This...
.... Off n/a 5 GHz Blink (Green) WLAN 802.11n/a (5GHz) mode is not supplied to factory default settings, erasing all configuration settings and restores the default password. 3 LAN Ports LAN connections Four Auto MDI/MDIX, Gigabit Ethernet ports. Green = 1000M 4 WAN... upgrading or resetting to the firewall. Amber = 100M; Hold in for 15 seconds (until the TEST light flashes). Description of Front Panel Items Item Activity Description PWR (Power) On Green Off Power is supplied to defaults). ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 1-1. This...
SRXN3205 Reference Manual
Page 25
..., Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for configuring the firewall, SSL VPN users should choose a browser that Java is only required for the SSL VPN portal, not the Web Management Interface. Introduction 1-9 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check...
..., Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for configuring the firewall, SSL VPN users should choose a browser that Java is only required for the SSL VPN portal, not the Web Management Interface. Introduction 1-9 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check...
SRXN3205 Reference Manual
Page 27
... CD and on the NETGEAR web site at: http://kbserver.netgear.com. 2. Configure the Internet connection(s). Connecting to complete the basic Internet connection of your network according to the instructions in the printed installation guide included in the product package. Each of these tasks is detailed separately in this chapter. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter...
... CD and on the NETGEAR web site at: http://kbserver.netgear.com. 2. Configure the Internet connection(s). Connecting to complete the basic Internet connection of your network according to the instructions in the printed installation guide included in the product package. Each of these tasks is detailed separately in this chapter. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter...
SRXN3205 Reference Manual
Page 28
... steps: 1. Open a browser, and enter https://192.168.1.1 in the browser. Click Login. The login window displays in the address field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) The Web Configuration Manager appears, displaying the Router Status menu as the default.
... steps: 1. Open a browser, and enter https://192.168.1.1 in the browser. Click Login. The login window displays in the address field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) The Web Configuration Manager appears, displaying the Router Status menu as the default.
SRXN3205 Reference Manual
Page 29
.... • Tab. Each option is the selected subcategory (in a layered structure of the menu active window, are organized in the submenu). ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Navigating the Menus The Web Configuration Manager menus are one or more tabs, further subdividing the currently selected subcategory if necessary. • Option arrow. The horizontal grey bar...
.... • Tab. Each option is the selected subcategory (in a layered structure of the menu active window, are organized in the submenu). ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Navigating the Menus The Web Configuration Manager menus are one or more tabs, further subdividing the currently selected subcategory if necessary. • Option arrow. The horizontal grey bar...
SRXN3205 Reference Manual
Page 30
Auto Detect will display the results:. Select Network Configuration > WAN Settings from the menu/submenu. Figure 2-3 2. Figure 2-4 2-4 v1.0, October 2008 Connecting to support. If Auto Detect is successful, a status bar at the bottom of the menu will probe the WAN port for a range of connection methods and suggest one that your ISP appears to the Internet (WAN) Click Auto Detect at the top of the menu. The WAN tabs appear on screen with the WAN ISP Settings tab in view. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. a.
Auto Detect will display the results:. Select Network Configuration > WAN Settings from the menu/submenu. Figure 2-3 2. Figure 2-4 2-4 v1.0, October 2008 Connecting to support. If Auto Detect is successful, a status bar at the bottom of the menu will probe the WAN port for a range of connection methods and suggest one that your ISP appears to the Internet (WAN) Click Auto Detect at the top of the menu. The WAN tabs appear on screen with the WAN ISP Settings tab in view. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. a.
SRXN3205 Reference Manual
Page 32
...) v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The WAN Status window should show a valid IP address and gateway. In the ISP Login options, choose one of these options: • If your ISP requires an initial login to .......... 5. To manually configure your WAN ISP configuration was not successful, skip ahead to the NETGEAR Web site. If...
...) v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The WAN Status window should show a valid IP address and gateway. In the ISP Login options, choose one of these options: • If your ISP requires an initial login to .......... 5. To manually configure your WAN ISP configuration was not successful, skip ahead to the NETGEAR Web site. If...
SRXN3205 Reference Manual
Page 33
Name of your ISP's domain or your domain name if your connection type is PPPoE. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. If you have installed login software such as a login protocol: Connecting to wait before disconnecting. 6. In most cases, you use from the ...In the ISP Type options, select the type of minutes to the Internet (WAN) 2-7 v1.0, October 2008 If your ISP will require an initial login.) 5. Configure the following fields: • Account Name. Valid account name for a period of time, click Idle Time and in the timeout field enter the number of...
Name of your ISP's domain or your domain name if your connection type is PPPoE. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. If you have installed login software such as a login protocol: Connecting to wait before disconnecting. 6. In most cases, you use from the ...In the ISP Type options, select the type of minutes to the Internet (WAN) 2-7 v1.0, October 2008 If your ISP will require an initial login.) 5. Configure the following fields: • Account Name. Valid account name for a period of time, click Idle Time and in the timeout field enter the number of...