SRXN3205 Reference Manual
Page 4
... software must display the following acknowledgment: "This product includes software developed by Tim Hudson ([email protected]). RSA Data Security, Inc. iv 1.0, October 2008 Open SSL MD5 Copyright (c) 1998-2000 The OpenSSL Project. Redistributions of the OpenSSL Project. 6. License to endorse or promote products derived from the RSA Data Security, Inc...
... software must display the following acknowledgment: "This product includes software developed by Tim Hudson ([email protected]). RSA Data Security, Inc. iv 1.0, October 2008 Open SSL MD5 Copyright (c) 1998-2000 The OpenSSL Project. Redistributions of the OpenSSL Project. 6. License to endorse or promote products derived from the RSA Data Security, Inc...
SRXN3205 Reference Manual
Page 7
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL 1-3 Wireless Networking...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL 1-3 Wireless Networking...
SRXN3205 Reference Manual
Page 10
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN...Adding A New Host Name 7-9 Configuring the SSL VPN Client 7-9 Configuring the Client IP Address Range 7-11 Adding Routes for VPN Tunnel Clients 7-12 Replacing and Deleting Client Routes...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN...Adding A New Host Name 7-9 Configuring the SSL VPN Client 7-9 Configuring the Client IP Address Range 7-11 Adding Routes for VPN Tunnel Clients 7-12 Replacing and Deleting Client Routes...
SRXN3205 Reference Manual
Page 17
.... Moreover, the ProSafe Wireless-N VPN Firewall supports wireless connections over the wider range and more robust connections afforded by 802.11N and 802.11a wireless networks. The SRXN3205 also supports wireless bridging. The SRXN3205 is a complete security solution with advanced IPsec and SSL VPN technologies for secure wired and wireless connections. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet...
.... Moreover, the ProSafe Wireless-N VPN Firewall supports wireless connections over the wider range and more robust connections afforded by 802.11N and 802.11a wireless networks. The SRXN3205 also supports wireless bridging. The SRXN3205 is a complete security solution with advanced IPsec and SSL VPN technologies for secure wired and wireless connections. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet...
SRXN3205 Reference Manual
Page 18
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs .... You can control access to defend against hacker attacks. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to Internet content by day and time. • Logs security events such as ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation and management • Front panel LEDs .... You can control access to defend against hacker attacks. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to Internet content by day and time. • Logs security events such as ...
SRXN3205 Reference Manual
Page 19
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). This feature eliminates... (DNS) addresses, to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with broad protocol support for Both IPsec and SSL The firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). This feature eliminates... (DNS) addresses, to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with broad protocol support for Both IPsec and SSL The firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and...
SRXN3205 Reference Manual
Page 20
... Explorer or Apple Safari. - Supports up to 5 IPse VPN sessions and up to a file and restored. • Secure and Economical Operation. Connects to 5 SSL and VPN sessions. The SRXN3205 allows you to corporate resources based upon user type or group...2008 Provides granular access to configure the 802.11 wireless options for the 2.4 GHz band or the 5 GHz bands. • Upgradeable Firmware. Wireless Networking Features • Dual Band Selection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for mobile users to your Web...
... Explorer or Apple Safari. - Supports up to 5 IPse VPN sessions and up to a file and restored. • Secure and Economical Operation. Connects to 5 SSL and VPN sessions. The SRXN3205 allows you to corporate resources based upon user type or group...2008 Provides granular access to configure the 802.11 wireless options for the 2.4 GHz band or the 5 GHz bands. • Upgradeable Firmware. Wireless Networking Features • Dual Band Selection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for mobile users to your Web...
SRXN3205 Reference Manual
Page 25
... on the bottom of the SRXN3205's enclosure if you need a reminder of applications. Note that supports JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Wireless-N VPN Firewall, an administrator must use with...
... on the bottom of the SRXN3205's enclosure if you need a reminder of applications. Note that supports JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of the following factory default information: IP Address User Name Password Figure 1-3 Qualified Web Browsers To configure the ProSafe Wireless-N VPN Firewall, an administrator must use with...
SRXN3205 Reference Manual
Page 62
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you...following main menus: • Go to "Firewall Security and Content Filtering" in Chapter 5 for the Security menu settings • Go to "Virtual Private Networking Using IPsec" in Chapter 6 for the VPN IPsec tunnel settings • Go to "Virtual Private Networking Using SSL" in Chapter 7 for the VPN SSL tunnel settings • Go to "Managing ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to aid you...following main menus: • Go to "Firewall Security and Content Filtering" in Chapter 5 for the Security menu settings • Go to "Virtual Private Networking Using IPsec" in Chapter 6 for the VPN IPsec tunnel settings • Go to "Virtual Private Networking Using SSL" in Chapter 7 for the VPN SSL tunnel settings • Go to "Managing ...
SRXN3205 Reference Manual
Page 129
... to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Once the authentication and negotiation of the user's Virtual Private Networking Using SSL 7-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users...
... to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Once the authentication and negotiation of the user's Virtual Private Networking Using SSL 7-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users...
SRXN3205 Reference Manual
Page 130
... DNS server IP addresses, allowing the remote PC to remote users. Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the firewall. For example, Port Forwarding: - When remote users log in several ways. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to the remote PC that you will...
... DNS server IP addresses, allowing the remote PC to remote users. Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the firewall. For example, Port Forwarding: - When remote users log in several ways. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to the remote PC that you will...
SRXN3205 Reference Manual
Page 131
...that will resolve the names to remote clients, as well as DNS addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can be issued to the servers using the list you have created... one or more quickly create and configure network policies. 8. In the VPN tunnel option, the firewall creates a virtual network adapter on the local network. Because you must assign a group when creating a SSL VPN user account, the user account is created after you have created the ...
...that will resolve the names to remote clients, as well as DNS addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that determine network resource access for your SSL VPN users, you can be issued to the servers using the list you have created... one or more quickly create and configure network policies. 8. In the VPN tunnel option, the firewall creates a virtual network adapter on the local network. Because you must assign a group when creating a SSL VPN user account, the user account is created after you have created the ...
SRXN3205 Reference Manual
Page 132
..., to the portal layout name. Note: The default portal address is the SSL-VPN portal. The Portal Layouts screen displays. The firewall administrator may define individual layouts for the SSL firewall by clicking the default button in the configuration of the desired portal layout....options. The layout configuration includes the menu layout, theme, portal pages to the SSL-VPN portal. You can also make any portal the default portal for the SSL VPN portal. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by selecting from the main/submenu, and then...
..., to the portal layout name. Note: The default portal address is the SSL-VPN portal. The Portal Layouts screen displays. The firewall administrator may define individual layouts for the SSL firewall by clicking the default button in the configuration of the desired portal layout....options. The layout configuration includes the menu layout, theme, portal pages to the SSL-VPN portal. You can also make any portal the default portal for the SSL VPN portal. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by selecting from the main/submenu, and then...
SRXN3205 Reference Manual
Page 133
...a different URL than the default portal. For example, if your SSL VPN portal is 4096 characters. b. c. Also enter the banner message text in the Portal Layout Name field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. Only alphanumeric characters, hyphen (-), and ...underscore (_) are accessed at https://vpn.company.com, and you enter other URLs, this name is case ...
...a different URL than the default portal. For example, if your SSL VPN portal is 4096 characters. b. c. Also enter the banner message text in the Portal Layout Name field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. Only alphanumeric characters, hyphen (-), and ...underscore (_) are accessed at https://vpn.company.com, and you enter other URLs, this name is case ...
SRXN3205 Reference Manual
Page 134
... users log in to prevent out-of-date web pages, themes, and data being stored in a user's web browser cache. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout. The ActiveX...when the user logs out or closes the web browser window. Check the Enable HTTP meta tags for security reasons and to the SSL VPN portal. e. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual on login page checkbox to show the banner title and banner message text on the Login screen as shown below Figure...
... users log in to prevent out-of-date web pages, themes, and data being stored in a user's web browser cache. Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout. The ActiveX...when the user logs out or closes the web browser window. Check the Enable HTTP meta tags for security reasons and to the SSL VPN portal. e. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual on login page checkbox to show the banner title and banner message text on the Login screen as shown below Figure...
SRXN3205 Reference Manual
Page 135
...connectivity. • Port Forwarding. Click Apply to access. Configuring Domains, Groups, and Users Remote users connecting to the SSL firewall must specify the internal addresses and TCP applications (port numbers) that will be presented. To add servers, follow these services..."Operation succeeded" message appears at the top of Layouts table. To define these steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. When you create a group, you should create any needed domains first, then groups, then ...
...connectivity. • Port Forwarding. Click Apply to access. Configuring Domains, Groups, and Users Remote users connecting to the SSL firewall must specify the internal addresses and TCP applications (port numbers) that will be presented. To add servers, follow these services..."Operation succeeded" message appears at the top of Layouts table. To define these steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. When you create a group, you should create any needed domains first, then groups, then ...
SRXN3205 Reference Manual
Page 136
... tunneled. The table below lists many commonly used TCP applications and port numbers. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Table 7-1. Users can specify the port number together with the host name or IP address. 7-8 Virtual Private Networking Using SSL v1.0, October 2008 Figure 7-4 2. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab.
... tunneled. The table below lists many commonly used TCP applications and port numbers. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Table 7-1. Users can specify the port number together with the host name or IP address. 7-8 Virtual Private Networking Using SSL v1.0, October 2008 Figure 7-4 2. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab.
SRXN3205 Reference Manual
Page 137
.... 5. Some additional considerations are: Virtual Private Networking Using SSL 7-9 v1.0, October 2008 Select the Port Forwarding tab, shown in Port Forwarding. The "Operation succeeded" message appears at familiar addresses such as mail.example.com or ftp.example.com rather than by IP addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Host Name Resolution allows users to...
.... 5. Some additional considerations are: Virtual Private Networking Using SSL 7-9 v1.0, October 2008 Select the Port Forwarding tab, shown in Port Forwarding. The "Operation succeeded" message appears at familiar addresses such as mail.example.com or ftp.example.com rather than by IP addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Host Name Resolution allows users to...
SRXN3205 Reference Manual
Page 138
... traffic destined for corporate traffic only. 7-10 Virtual Private Networking Using SSL v1.0, October 2008 Add a client route to configure the VPN tunnel client to connect to the Internet. All other traffic is sent to the corporate network using the VPN tunnel. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • So that the virtual (PPP) interface address of...
... traffic destined for corporate traffic only. 7-10 Virtual Private Networking Using SSL v1.0, October 2008 Add a client route to configure the VPN tunnel client to connect to the Internet. All other traffic is sent to the corporate network using the VPN tunnel. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • So that the virtual (PPP) interface address of...
SRXN3205 Reference Manual
Page 139
...IP address in the client address range. Click Apply. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range to be appended to incomplete DNS search strings. 4. The SSL VPN Client screen displays. Select Enable Full Tunnel Support unless... and Secondary DNS Server IP addresses to VPN tunnel clients, then define the address range. Virtual Private Networking Using SSL v1.0, October 2008 7-11 Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. VPN tunnel clients are not required. 3. (...
...IP address in the client address range. Click Apply. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range to be appended to incomplete DNS search strings. 4. The SSL VPN Client screen displays. Select Enable Full Tunnel Support unless... and Secondary DNS Server IP addresses to VPN tunnel clients, then define the address range. Virtual Private Networking Using SSL v1.0, October 2008 7-11 Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. VPN tunnel clients are not required. 3. (...