SRXN3205 Reference Manual
Page 3
.... Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. This software is provided 'as is in source and binary forms, with or without his specific prior written permission. TERMS Redistribution and use in the second category (information equipment to be used in a residential area or an adjacent area thereto) and...
.... Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. This software is provided 'as is in source and binary forms, with or without his specific prior written permission. TERMS Redistribution and use in the second category (information equipment to be used in a residential area or an adjacent area thereto) and...
SRXN3205 Reference Manual
Page 5
...: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Altered source versions must be plainly marked as such, and ...by RFCs (Request for any source distribution. PPP Zlib Copyright (c) 1989 Carnegie Mellon University. Permission is ', without specific prior written permission. This notice may not be misrepresented as -is granted to anyone to such distribution and use acknowledge...
...: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Altered source versions must be plainly marked as such, and ...by RFCs (Request for any source distribution. PPP Zlib Copyright (c) 1989 Carnegie Mellon University. Permission is ', without specific prior written permission. This notice may not be misrepresented as -is granted to anyone to such distribution and use acknowledge...
SRXN3205 Reference Manual
Page 12
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
SRXN3205 Reference Manual
Page 14
...-click on the NETGEAR, Inc. online knowledge base for the firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in the ...browsing forwards or backwards through the manual one page at http://kbserver.netgear.com/products/SRXN3205.asp. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is dedicated to access the full NETGEAR, Inc. Failure to take heed of this manual, you can choose...
...-click on the NETGEAR, Inc. online knowledge base for the firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in the ...browsing forwards or backwards through the manual one page at http://kbserver.netgear.com/products/SRXN3205.asp. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is dedicated to access the full NETGEAR, Inc. Failure to take heed of this manual, you can choose...
SRXN3205 Reference Manual
Page 36
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on your... firewall rule. Classical Routing In classical routing mode, the firewall performs routing, but requires separate valid static Internet IP address for Internet access by your PCs, and you can map incoming traffic on the other public IP addresses to specific PCs... with multiple public IP addresses, you can use one of the WAN port, you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on your... firewall rule. Classical Routing In classical routing mode, the firewall performs routing, but requires separate valid static Internet IP address for Internet access by your PCs, and you can map incoming traffic on the other public IP addresses to specific PCs... with multiple public IP addresses, you can use one of the WAN port, you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see...
SRXN3205 Reference Manual
Page 56
... radio frequency Channels to establish and can consume more battery power on your configuration choices. For complete performance specifications, see Appendix A, "Default Settings and Technical Specifications." Some types of security connections can take slightly longer to reduce interference. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your...
... radio frequency Channels to establish and can consume more battery power on your configuration choices. For complete performance specifications, see Appendix A, "Default Settings and Technical Specifications." Some types of security connections can take slightly longer to reduce interference. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your...
SRXN3205 Reference Manual
Page 76
... blocked by outsiders to private resources, selectively allowing only specific outside users to block traffic are based on the traffic's category of service. • Outbound Rules (service blocking). Allow all access from outside . ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion...
... blocked by outsiders to private resources, selectively allowing only specific outside users to block traffic are based on the traffic's category of service. • Outbound Rules (service blocking). Allow all access from outside . ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion...
SRXN3205 Reference Manual
Page 81
...most specific services or addresses). Go to the LAN WAN Rules tab, shown in the Rules Table, beginning at the top (those with the most strict rules at the top and proceeding to the bottom, before applying the default rule. The LAN WAN Rules tab displays. ProSafe Wireless-N VPN Firewall SRXN3205 ...Reference Manual Viewing the Firewall Rules To view the firewall rules, go to Security > Firewall from the drop-down menu.
...most specific services or addresses). Go to the LAN WAN Rules tab, shown in the Rules Table, beginning at the top (those with the most strict rules at the top and proceeding to the bottom, before applying the default rule. The LAN WAN Rules tab displays. ProSafe Wireless-N VPN Firewall SRXN3205 ...Reference Manual Viewing the Firewall Rules To view the firewall rules, go to Security > Firewall from the drop-down menu.
SRXN3205 Reference Manual
Page 82
... ports that allowing inbound services opens holes in the LAN WAN Rules tab: 5-8 Firewall Security and Content Filtering v1.0, October 2008 Click Add under the Outbound Services Table. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. You can also tailor these rules to save your specific needs (see "Administrator Tips" on this screen. Note: This feature is displayed...
... ports that allowing inbound services opens holes in the LAN WAN Rules tab: 5-8 Firewall Security and Content Filtering v1.0, October 2008 Click Add under the Outbound Services Table. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. You can also tailor these rules to save your specific needs (see "Administrator Tips" on this screen. Note: This feature is displayed...
SRXN3205 Reference Manual
Page 84
... various types of service attack in NAT mode, all packets going to the Remote VPN Gateway are listed on LAN Ports. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to a Ping request from a SYN flood attack. • LAN Security ...Checks - To allow the firewall to respond to do not reach him, thus ...
... various types of service attack in NAT mode, all packets going to the Remote VPN Gateway are listed on LAN Ports. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to a Ping request from a SYN flood attack. • LAN Security ...Checks - To allow the firewall to respond to do not reach him, thus ...
SRXN3205 Reference Manual
Page 91
...you defined an outbound or inbound rule to set up a schedule for when blocking occurs or when access is restricted. If you chose Specific Times, enter the Start Time and End Time (Hour, Minute, AM/PM) to Schedule 1. Figure 5-9 2. Click Apply to save ...Schedule 2 and Schedule 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in effect. 3. The firewall allows you to specify when blocking will be enforced by configuring one of day, select either All Days or Specific Days. Select Security > ...
...you defined an outbound or inbound rule to set up a schedule for when blocking occurs or when access is restricted. If you chose Specific Times, enter the Start Time and End Time (Hour, Minute, AM/PM) to Schedule 1. Figure 5-9 2. Click Apply to save ...Schedule 2 and Schedule 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in effect. 3. The firewall allows you to specify when blocking will be enforced by configuring one of day, select either All Days or Specific Days. Select Security > ...
SRXN3205 Reference Manual
Page 129
... their corporate resources, bypassing the need for a customizable, secure, user portal experience from virtually any available platform. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol...
... their corporate resources, bypassing the need for a customizable, secure, user portal experience from virtually any available platform. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their computers. Using the familiar Secure Sockets Layer (SSL) protocol...
SRXN3205 Reference Manual
Page 135
...steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 To add servers, follow these services, you must specify a group. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC...applications available to specific defined network services. 5. Any pages that will be authenticated before being allowed to the SSL firewall must create name and password accounts for Port Forwarding Port Forwarding provides access to confirm your SSL VPN users. Your choices...
...steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 To add servers, follow these services, you must specify a group. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC...applications available to specific defined network services. 5. Any pages that will be authenticated before being allowed to the SSL firewall must create name and password accounts for Port Forwarding Port Forwarding provides access to confirm your SSL VPN users. Your choices...
SRXN3205 Reference Manual
Page 140
... that the following networks are currently connected. Make a new entry with the correct specifications. 2. Restarting forces clients to be changed, follow these steps: 1. To add an SSL VPN Tunnel client route, follow these steps: 1. Enter the appropriate Subnet Mask. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. Access...
... that the following networks are currently connected. Make a new entry with the correct specifications. 2. Restarting forces clients to be changed, follow these steps: 1. To add an SSL VPN Tunnel client route, follow these steps: 1. Enter the appropriate Subnet Mask. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. Access...
SRXN3205 Reference Manual
Page 142
.... Enter the mask length in the Defined Resource Addresses table, as : 1. A specific hierarchy is defined as shown in the IP Address/Name field. • If you selected. 8. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. From the Object Type pull-down menu, select either IP Address or... administrator can define and apply user, group and global policies to different SSL VPN services. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 Virtual Private Networking Using SSL v1.0, October 2008 ...
.... Enter the mask length in the Defined Resource Addresses table, as : 1. A specific hierarchy is defined as shown in the IP Address/Name field. • If you selected. 8. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. From the Object Type pull-down menu, select either IP Address or... administrator can define and apply user, group and global policies to different SSL VPN services. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 Virtual Private Networking Using SSL v1.0, October 2008 ...
SRXN3205 Reference Manual
Page 143
... view the existing policies, follow these steps: Virtual Private Networking Using SSL v1.0, October 2008 7-15 If two or more specific than the IP address range defined in Policy 2. A single host name is more IP address ranges are configured, then the...and ftp.company.com, which resolves to the predefined network resource, FTP Servers. Note: The user would be granted access by Policy 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a policy configured for a range of IP addresses takes precedence over a policy configured for a single IP address ...
... view the existing policies, follow these steps: Virtual Private Networking Using SSL v1.0, October 2008 7-15 If two or more specific than the IP address range defined in Policy 2. A single host name is more IP address ranges are configured, then the...and ftp.company.com, which resolves to the predefined network resource, FTP Servers. Note: The user would be granted access by Policy 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a policy configured for a range of IP addresses takes precedence over a policy configured for a single IP address ...
SRXN3205 Reference Manual
Page 145
...a Defined Resource and relevant Permission (PERMIT or DENY) from the pull-down menus. The Add Policies screen appears. 4. Depending upon your selection, specific options to the right are activated or inactivated as described in the following: • If you choose Network Resource, you'll need to enter ...section, review the Apply Policy To options and click one. Open the pull-down menu and choose the individual user's name. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this...
...a Defined Resource and relevant Permission (PERMIT or DENY) from the pull-down menus. The Add Policies screen appears. 4. Depending upon your selection, specific options to the right are activated or inactivated as described in the following: • If you choose Network Resource, you'll need to enter ...section, review the Apply Policy To options and click one. Open the pull-down menu and choose the individual user's name. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this...
SRXN3205 Reference Manual
Page 162
...Administrators only! Single address. Features that Reduce Traffic Features of the VPN firewall that can control specific outbound traffic (from LAN to WAN). Warning: This feature is applied to a range of addresses. 9-2 Firewall and Network Management v1.0, October 2008 The rule will be much ...are as follows: • Service blocking • Block sites • Source MAC filtering Service Blocking You can be listed. Any. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will...
...Administrators only! Single address. Features that Reduce Traffic Features of the VPN firewall that can control specific outbound traffic (from LAN to WAN). Warning: This feature is applied to a range of addresses. 9-2 Firewall and Network Management v1.0, October 2008 The rule will be much ...are as follows: • Service blocking • Block sites • Source MAC filtering Service Blocking You can be listed. Any. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will...
SRXN3205 Reference Manual
Page 165
... have not defined any fragmented IP packets. • UDP Flooding. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for the procedure on special rules: • VPN Passthrough. Inbound Services lists all inbound traffic. If you can control specific inbound traffic (from SYN flood attack. Each rule lets you...
... have not defined any fragmented IP packets. • UDP Flooding. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for the procedure on special rules: • VPN Passthrough. Inbound Services lists all inbound traffic. If you can control specific inbound traffic (from SYN flood attack. Each rule lets you...
SRXN3205 Reference Manual
Page 179
... to see "E-Mail Notifications of Event Logs and Alerts" on page 5-27). 4. Click the Traffic by . For example, your VPN firewall will automatically be displayed in order for this function to work . All access to and from the pull-down menus. • Send...Traffic Counter immediately. • Restart Traffic Counter at a specific time and day of the month. Temporarily increase the Traffic Limit if you have reached the monthly limit, but need to continue accessing the Internet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this function to work (...
... to see "E-Mail Notifications of Event Logs and Alerts" on page 5-27). 4. Click the Traffic by . For example, your VPN firewall will automatically be displayed in order for this function to work . All access to and from the pull-down menus. • Send...Traffic Counter immediately. • Restart Traffic Counter at a specific time and day of the month. Temporarily increase the Traffic Limit if you have reached the monthly limit, but need to continue accessing the Internet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this function to work (...