SRXN3205 Reference Manual
Page 11
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 ... Time Zone Settings 9-15 Chapter 11 Monitoring System Performance Enabling the Traffic Meter 11-1 Activating Notification of Events and Alerts 11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System Status 11-7 Monitoring the WAN Port Status 11-8 Monitoring Attached Devices 11-9 Reviewing the DHCP Log 11-10 Monitoring...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 ... Time Zone Settings 9-15 Chapter 11 Monitoring System Performance Enabling the Traffic Meter 11-1 Activating Notification of Events and Alerts 11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System Status 11-7 Monitoring the WAN Port Status 11-8 Monitoring Attached Devices 11-9 Reviewing the DHCP Log 11-10 Monitoring...
SRXN3205 Reference Manual
Page 18
... of cable to make the right connection. 1-2 Introduction v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and... Web addresses. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. You can connect to the correct configuration....
... of cable to make the right connection. 1-2 Introduction v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and... Web addresses. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to defend against hacker attacks. You can connect to the correct configuration....
SRXN3205 Reference Manual
Page 28
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) To log in lower case for the User Name and password for the Password. 3. Enter admin in to the firewall, follow these steps: ...1. The login window displays in the address field. Figure 2-1 2. Figure 2-2 2-2 v1.0, October 2008 Connecting to get an IP address via DHCP. The Web Configuration Manager appears, displaying the Router Status menu as the default...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) To log in lower case for the User Name and password for the Password. 3. Enter admin in to the firewall, follow these steps: ...1. The login window displays in the address field. Figure 2-1 2. Figure 2-2 2-2 v1.0, October 2008 Connecting to get an IP address via DHCP. The Web Configuration Manager appears, displaying the Router Status menu as the default...
SRXN3205 Reference Manual
Page 36
... to the Internet (WAN) PCs on your LAN can use any private IP address range, and these addresses to specific PCs on your LAN. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on page 1-6). 2-10 v1.0, October 2008 Connecting to you, and you ... you only have assigned one address as the primary shared address for Internet access by your PCs, and you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see "Front Panel Features" on...
... to the Internet (WAN) PCs on your LAN can use any private IP address range, and these addresses to specific PCs on your LAN. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on page 1-6). 2-10 v1.0, October 2008 Connecting to you, and you ... you only have assigned one address as the primary shared address for Internet access by your PCs, and you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see "Front Panel Features" on...
SRXN3205 Reference Manual
Page 37
... running on this network can register a domain name and have a dynamic IP address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Dynamic DNS Note: Dynamic DNS enables you to employ some VPN configurations that name linked with your IP address by others on the Internet. If your ...ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not know in the WAN IP address, so that allows routers...
... running on this network can register a domain name and have a dynamic IP address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring Dynamic DNS Note: Dynamic DNS enables you to employ some VPN configurations that name linked with your IP address by others on the Internet. If your ...ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not know in the WAN IP address, so that allows routers...
SRXN3205 Reference Manual
Page 39
... default address. otherwise, select 10M. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Port Speed. If you cannot establish an Internet connection and the WAN Link or Speed LED blinks continuously, you may need to manually select the port speed. This is displayed. Connecting to change. a. b. Each computer or router on your firewall can automatically determine the connection...
... default address. otherwise, select 10M. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Port Speed. If you cannot establish an Internet connection and the WAN Link or Speed LED blinks continuously, you may need to manually select the port speed. This is displayed. Connecting to change. a. b. Each computer or router on your firewall can automatically determine the connection...
SRXN3205 Reference Manual
Page 51
...field (for identification and management). 4. The new static route will not be between 1 and 15). 11. It allows a router to exchange its routing tables and adapt to the Static Route table. This must be advertised in internal networks (LANs). Enter the... route leads. 7. Enter the Destination IP Address to the right of the tab. If the destination is disabled by default. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Select Network Configuration > Routing from the main/sub-menu. 2. Click Apply to dynamically adjust its routing information ...
...field (for identification and management). 4. The new static route will not be between 1 and 15). 11. It allows a router to exchange its routing tables and adapt to the Static Route table. This must be advertised in internal networks (LANs). Enter the... route leads. 7. Enter the Destination IP Address to the right of the tab. If the destination is disabled by default. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Select Network Configuration > Routing from the main/sub-menu. 2. Click Apply to dynamically adjust its routing information ...
SRXN3205 Reference Manual
Page 52
... routing table. • Out Only. From the RIP Direction pull-down menu, choose the version from other routers. 4. This effectively disables RIP. • In Only. The default section disables RIP versions. • RIP-1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The RIP Configuration menu displays. This is the most commonly supported version. 3-12 v1.0, October 2008...
... routing table. • Out Only. From the RIP Direction pull-down menu, choose the version from other routers. 4. This effectively disables RIP. • In Only. The default section disables RIP versions. • RIP-1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The RIP Configuration menu displays. This is the most commonly supported version. 3-12 v1.0, October 2008...
SRXN3205 Reference Manual
Page 55
... and Settings" on page 4-8 • "Advanced Wireless Settings" on page 4-17 • "Wireless Equipment Placement and Range Guidelines" on page 4-2 Wireless Configuration 4-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 4 Wireless Configuration This chapter describes how to set up your ProSafe Wireless-N VPN Firewall for use the following topics to set up your ProSafe Wireless-N VPN Firewall SRXN3205 for wireless connectivity to your needs. It is...
... and Settings" on page 4-8 • "Advanced Wireless Settings" on page 4-17 • "Wireless Equipment Placement and Range Guidelines" on page 4-2 Wireless Configuration 4-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 4 Wireless Configuration This chapter describes how to set up your ProSafe Wireless-N VPN Firewall for use the following topics to set up your ProSafe Wireless-N VPN Firewall SRXN3205 for wireless connectivity to your needs. It is...
SRXN3205 Reference Manual
Page 70
... on your firewall to the SRXN3205 (SSID, WEP/WPA, MAC ACL, etc.), verify connectivity by using a browser such as , on page 4-2 earlier in the ProSafe Wireless-N VPN Firewall. The port number of the RADIUS Server. If they do not match, no wireless connection will be made. Note: If you deploy your firewall in your network. IP Address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference...
... on your firewall to the SRXN3205 (SSID, WEP/WPA, MAC ACL, etc.), verify connectivity by using a browser such as , on page 4-2 earlier in the ProSafe Wireless-N VPN Firewall. The port number of the RADIUS Server. If they do not match, no wireless connection will be made. Note: If you deploy your firewall in your network. IP Address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference...
SRXN3205 Reference Manual
Page 75
... by applications and services, such as the Internet), while allowing communication between the two. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 5 Firewall Security and Content Filtering This chapter describes how to set up your firewall and use the content filtering features of router that protects one network (the "trusted" network, such as your network. You can establish...
... by applications and services, such as the Internet), while allowing communication between the two. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 5 Firewall Security and Content Filtering This chapter describes how to set up your firewall and use the content filtering features of router that protects one network (the "trusted" network, such as your network. You can establish...
SRXN3205 Reference Manual
Page 76
... added to the list of services in the factory default list. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from one for outbound traffic. User-defined...). Outbound rules (LAN to WAN) determine what outside except responses to requests from the LAN side. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic...
... added to the list of services in the factory default list. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your network from one for outbound traffic. User-defined...). Outbound rules (LAN to WAN) determine what outside except responses to requests from the LAN side. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic...
SRXN3205 Reference Manual
Page 88
Note: For security, NETGEAR strongly recommends that should be configured with user defined values. You can also have the firewall log any external address according to use Instant Messenger during working hours, you want to specify total ...Filtering v1.0, October 2008 Session limiting is per user (IP) allowed across the router. Timeout values can create an outbound rule to Session Limit:" shows total number of the device. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. LAN WAN Outbound Rule: Blocking Instant Messenger To block Instant Messenger ...
Note: For security, NETGEAR strongly recommends that should be configured with user defined values. You can also have the firewall log any external address according to use Instant Messenger during working hours, you want to specify total ...Filtering v1.0, October 2008 Session limiting is per user (IP) allowed across the router. Timeout values can create an outbound rule to Session Limit:" shows total number of the device. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. LAN WAN Outbound Rule: Blocking Instant Messenger To block Instant Messenger ...
SRXN3205 Reference Manual
Page 96
... Logging option for this rule. - The scenario for this rule. - Matching IP but inconsistent MAC address in IP/MAC Table. The router will be modified: - IP Addresses: Displays the IP Addresses for this rule. - To remove an entry from Host1 to any external... Log Dropped Packets: Displays logging option for this rule. IP/MAC Bind Table lists the currently defined IP/MAC Bind rules: - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Matching MAC but allow the traffic coming from Host2 & Host3 but inconsistent IP address in IP/MAC Binding table. ...
... Logging option for this rule. - The scenario for this rule. - Matching IP but inconsistent MAC address in IP/MAC Table. The router will be modified: - IP Addresses: Displays the IP Addresses for this rule. - To remove an entry from Host1 to any external... Log Dropped Packets: Displays logging option for this rule. IP/MAC Bind Table lists the currently defined IP/MAC Bind rules: - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Matching MAC but allow the traffic coming from Host2 & Host3 but inconsistent IP address in IP/MAC Binding table. ...
SRXN3205 Reference Manual
Page 109
... are unknown in advance. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a VPN Client to SRXN3205 Connection This section describes how to view the policy details. The VPN Policies screen is srxn_remote.com. 6. Enter a value for type of the connection. This procedure was developed and tested using: • Netgear SRXN3205 ProSafe Wireless-N VPN Firewall • Netgear ProSafe VPN Client • NAT router: Netgear FVX538 Configuring the SRXN3205 1. Enter the Local...
... are unknown in advance. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a VPN Client to SRXN3205 Connection This section describes how to view the policy details. The VPN Policies screen is srxn_remote.com. 6. Enter a value for type of the connection. This procedure was developed and tested using: • Netgear SRXN3205 ProSafe Wireless-N VPN Firewall • Netgear ProSafe VPN Client • NAT router: Netgear FVX538 Configuring the SRXN3205 1. Enter the Local...
SRXN3205 Reference Manual
Page 115
... with higher security, but is not supplied to the remote VPN Server. • Direction / Type. • Both • Initiator • Responder • Exchange Mode. If FQDN, User FQDN or DER ASN1 DN is selected, the router will set the default to Aggressive Mode. • Mode ...(This setting must have this value as its Local ID.) • IKE SA Parameters - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in Aggressive Mode, enabling this will disable Main...
... with higher security, but is not supplied to the remote VPN Server. • Direction / Type. • Both • Initiator • Responder • Exchange Mode. If FQDN, User FQDN or DER ASN1 DN is selected, the router will set the default to Aggressive Mode. • Mode ...(This setting must have this value as its Local ID.) • IKE SA Parameters - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in Aggressive Mode, enabling this will disable Main...
SRXN3205 Reference Manual
Page 116
... the RADIUS server can be configured in the Certificates page. PAP is not supported for a Pre-shared Key. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - Pre-shared Key Note: The " (Double Quote) character is selected, the router will disable the Pre-shared key text box and uses the Active Self Certificate uploaded in order for a simple...
... the RADIUS server can be configured in the Certificates page. PAP is not supported for a Pre-shared Key. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - Pre-shared Key Note: The " (Double Quote) character is selected, the router will disable the Pre-shared key text box and uses the Active Self Certificate uploaded in order for a simple...
SRXN3205 Reference Manual
Page 117
...noted by a remote gateway with a username and password combination. Managing VPN Policies The VPN Policies screen allows you have a matching SA, or it will automatically be used . (In this mode, the router acts as required. You can create two types of the policies ...policy will refuse the connection. The VPN tunnel is authenticated by an "*" next to the policy name). VPN Policy You can edit policies, enable or disable policies, or delete them entirely. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is created according to the parameters in...
...noted by a remote gateway with a username and password combination. Managing VPN Policies The VPN Policies screen allows you have a matching SA, or it will automatically be used . (In this mode, the router acts as required. You can create two types of the policies ...policy will refuse the connection. The VPN tunnel is authenticated by an "*" next to the policy name). VPN Policy You can edit policies, enable or disable policies, or delete them entirely. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is created according to the parameters in...
SRXN3205 Reference Manual
Page 174
...firmware that your settings or all of the VPN firewall router statistics, including the firmware version. All firewall rules, VPN policies, LAN/WAN settings and other settings will be lost ! Please backup your VPN firewall is displayed, showing all your firmware, the... the firewall to the NETGEAR Web site at http://www.netgear.com/support and click Downloads. 2. After rebooting, the firewall's password will be password and the LAN IP address will appear indicating the status of the VPN firewall firmware from the main menu. ProSafe Wireless-N VPN Firewall SRXN3205 Reference ...
...firmware that your settings or all of the VPN firewall router statistics, including the firmware version. All firewall rules, VPN policies, LAN/WAN settings and other settings will be lost ! Please backup your VPN firewall is displayed, showing all your firmware, the... the firewall to the NETGEAR Web site at http://www.netgear.com/support and click Downloads. 2. After rebooting, the firewall's password will be password and the LAN IP address will appear indicating the status of the VPN firewall firmware from the main menu. ProSafe Wireless-N VPN Firewall SRXN3205 Reference ...
SRXN3205 Reference Manual
Page 175
... go online, turn off , wait a few more seconds before continuing. After the VPN firewall has rebooted, click Monitoring and confirm the new firmware version to verify that your firewall after upgrading it before upgrading the firewall. In the Router Upgrade section, click Browse. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual After downloading an upgrade file, you may need to unzip...
... go online, turn off , wait a few more seconds before continuing. After the VPN firewall has rebooted, click Monitoring and confirm the new firmware version to verify that your firewall after upgrading it before upgrading the firewall. In the Router Upgrade section, click Browse. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual After downloading an upgrade file, you may need to unzip...