SRXN3205 Reference Manual
Page 9
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
SRXN3205 Reference Manual
Page 10
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended...
SRXN3205 Reference Manual
Page 17
... supports wireless bridging. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to safeguard your networks along with a powerful and flexible firewall to your Internet connection. • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources and all of the wireless clients. The SRXN3205...
... supports wireless bridging. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to safeguard your networks along with a powerful and flexible firewall to your Internet connection. • Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources and all of the wireless clients. The SRXN3205...
SRXN3205 Reference Manual
Page 19
...number of the NETGEAR ProSafe VPN Client software (VPN01L) - The firewall allows many networked PCs to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently ...firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and branch offices, or between a central office and telecommuters. Introduction 1-3 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall...
...number of the NETGEAR ProSafe VPN Client software (VPN01L) - The firewall allows many networked PCs to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently ...firewall supports IPsec and SSL virtual private network (VPN) connections. • IPsec VPN delivers full network access between a central office and branch offices, or between a central office and telecommuters. Introduction 1-3 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall...
SRXN3205 Reference Manual
Page 20
...or the 5 GHz bands. • Upgradeable Firmware. Wireless Networking Features • Dual Band Selection. Connects to selected corporate resources without requiring a pre-installed VPN client on their computers. - Supports up to 5 IPse VPN sessions and up to do so, command-line interface can... for a wide variety of popular browsers, such as Microsoft Internet Explorer or Apple Safari. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for mobile users to 10/100/1000 Mbps IEEE 802.3 Ethernet networks. • LED Indicators....
...or the 5 GHz bands. • Upgradeable Firmware. Wireless Networking Features • Dual Band Selection. Connects to selected corporate resources without requiring a pre-installed VPN client on their computers. - Supports up to 5 IPse VPN sessions and up to do so, command-line interface can... for a wide variety of popular browsers, such as Microsoft Internet Explorer or Apple Safari. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for mobile users to 10/100/1000 Mbps IEEE 802.3 Ethernet networks. • LED Indicators....
SRXN3205 Reference Manual
Page 21
... configure, and operate the ProSafe Wireless-N VPN Firewall within minutes after connecting it to the network. The following requirements: • Category 5 UTP straight through Ethernet cable with other VPNC-compliant VPN firewalls and clients. • SNMP. The firewall supports the Simple Network Management... Before installing the SRXN3205, ensure your type of personal computer, such as Windows, Macintosh, or Linux. The firewall's front panel LEDs provide an easy way to a specified remote IP address or range of ISP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Easy ...
... configure, and operate the ProSafe Wireless-N VPN Firewall within minutes after connecting it to the network. The following requirements: • Category 5 UTP straight through Ethernet cable with other VPNC-compliant VPN firewalls and clients. • SNMP. The firewall supports the Simple Network Management... Before installing the SRXN3205, ensure your type of personal computer, such as Windows, Macintosh, or Linux. The firewall's front panel LEDs provide an easy way to a specified remote IP address or range of ISP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Easy ...
SRXN3205 Reference Manual
Page 22
... items: • ProSafe Wireless-N VPN Firewall • Rubber feet (4) with adhesive backing • One AC-DC power adapter (12V, 1.5A) with cord (approximately 6 ft, or 183 cm) • Three dual-band antennas (SMA connectors): 2 dipole (long); 1 patch (square) • One Straight through Category 5 (Cat5) Ethernet cable. • Installation Guide, SRXN3205 ProSafe Wireless-N VPN Firewall . • Resource CD, including: - ProSafe VPN Client Software -
... items: • ProSafe Wireless-N VPN Firewall • Rubber feet (4) with adhesive backing • One AC-DC power adapter (12V, 1.5A) with cord (approximately 6 ft, or 183 cm) • Three dual-band antennas (SMA connectors): 2 dipole (long); 1 patch (square) • One Straight through Category 5 (Cat5) Ethernet cable. • Installation Guide, SRXN3205 ProSafe Wireless-N VPN Firewall . • Resource CD, including: - ProSafe VPN Client Software -
SRXN3205 Reference Manual
Page 42
...you change the default IP address 192.168.1.1 to 10.0.0.1, you must then open a new connection to its DHCP clients. 3-2 LAN Configuration v1.0, October 2008 Your firewall will function as the subnet mask. 3. If the DHCP server is enabled, enter the following settings: • ...the new IP address and log in your browser to reconnect to the firewall's LAN. • If another device on the IP address that you will manually configure all the computers connected to the Web Configuration Manager. • IP Subnet Mask. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual .
...you change the default IP address 192.168.1.1 to 10.0.0.1, you must then open a new connection to its DHCP clients. 3-2 LAN Configuration v1.0, October 2008 Your firewall will function as the subnet mask. 3. If the DHCP server is enabled, enter the following settings: • ...the new IP address and log in your browser to reconnect to the firewall's LAN. • If another device on the IP address that you will manually configure all the computers connected to the Web Configuration Manager. • IP Subnet Mask. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual .
SRXN3205 Reference Manual
Page 43
... still service DNS requests sent to its own LAN IP address as the LAN IP address of the firewall. Click Apply to a client. • Enable DNS Proxy. Any new DHCP client joining the LAN will provide this address and the Ending IP Address. The IP address 192.168.1.100 is...address pool. If this address as the DNS server for which a DHCP-provided IP address will provide the ISP's DNS server IP addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Starting IP Address. The assigned default gateway address is allowed and all computers connected to Chapter...
... still service DNS requests sent to its own LAN IP address as the LAN IP address of the firewall. Click Apply to a client. • Enable DNS Proxy. Any new DHCP client joining the LAN will provide this address and the Ending IP Address. The IP address 192.168.1.100 is...address pool. If this address as the DNS server for which a DHCP-provided IP address will provide the ISP's DNS server IP addresses. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Starting IP Address. The assigned default gateway address is allowed and all computers connected to Chapter...
SRXN3205 Reference Manual
Page 44
... server. To reserve an IP address, manually enter the device in the LAN Groups tab, specifying Reserved (DHCP Client), as the firewall's LAN IP address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual addresses will be assigned to DHCP client requests from a pool of addresses specified in this menu. Using the default addressing scheme, you would define a range between...
... server. To reserve an IP address, manually enter the device in the LAN Groups tab, specifying Reserved (DHCP Client), as the firewall's LAN IP address. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual addresses will be assigned to DHCP client requests from a pool of addresses specified in this menu. Using the default addressing scheme, you would define a range between...
SRXN3205 Reference Manual
Page 45
... the LAN Groups Database, follow these restrictions by the DHCP server will appear in the DHCP server. You can also create Firewall Rules to apply to Block or Allow Traffic" on page 5-20). The LAN Setup tab displays. The ARP scan will ... October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Scanning the Network. The local network is identified by the Block Sites feature (see "Enabling Source MAC Filtering (Address Filter)" on page 5-2). - However, sometimes the name of the LAN Groups Database are not DHCP clients. Some advantages ...
... the LAN Groups Database, follow these restrictions by the DHCP server will appear in the DHCP server. You can also create Firewall Rules to apply to Block or Allow Traffic" on page 5-20). The LAN Setup tab displays. The ARP scan will ... October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Scanning the Network. The local network is identified by the Block Sites feature (see "Enabling Source MAC Filtering (Address Filter)" on page 5-2). - However, sometimes the name of the LAN Groups Database are not DHCP clients. Some advantages ...
SRXN3205 Reference Manual
Page 46
... entry manually if the IP address on the computer has been changed. • MAC Address. For DHCP clients of the selected entry by the DHCP server, then the Name will not change. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the LAN Groups tab and the LAN Groups tab displays. For each computer or device, the...
... entry manually if the IP address on the computer has been changed. • MAC Address. For DHCP clients of the selected entry by the DHCP server, then the Name will not change. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click the LAN Groups tab and the LAN Groups tab displays. For each computer or device, the...
SRXN3205 Reference Manual
Page 47
... of the eight available groups: 1. Enter the IP address that this computer or device is Reserved (DHCP Client), the firewall will reserve the IP address for the associated MAC address. • MAC Address. From the pull-down menu, choose how ... or Marketing. The IP address is the default group.) 2. Reserved (DHCP Client). Click Add. You can rename these group names to the Known PCs and Devices table. LAN Configuration 3-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • IP Address Type. The MAC address format is six ...
... of the eight available groups: 1. Enter the IP address that this computer or device is Reserved (DHCP Client), the firewall will reserve the IP address for the associated MAC address. • MAC Address. From the pull-down menu, choose how ... or Marketing. The IP address is the default group.) 2. Reserved (DHCP Client). Click Add. You can rename these group names to the Known PCs and Devices table. LAN Configuration 3-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • IP Address Type. The MAC address format is six ...
SRXN3205 Reference Manual
Page 59
... fully exposed to the SRXN3205. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Prepare a PC as the Wireless Security Type. 9. From the Region pull-down menu, select the region where the SRXN3205 will greatly aid you want your wireless settings. Select your VPN firewall: Wireless Configuration 4-5 v1.0, October 2008 Click Apply at the defaults, including None as the wireless PC Client with Netgear Support. 7. The default...
... fully exposed to the SRXN3205. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Prepare a PC as the Wireless Security Type. 9. From the Region pull-down menu, select the region where the SRXN3205 will greatly aid you want your wireless settings. Select your VPN firewall: Wireless Configuration 4-5 v1.0, October 2008 Click Apply at the defaults, including None as the wireless PC Client with Netgear Support. 7. The default...
SRXN3205 Reference Manual
Page 60
... need to save your wireless LAN. Configure the Wireless LAN settings based on the NETGEAR website. Select an "only" option if all the options on your wireless settings. This is the static, legacy mode. Click Apply to experiment with least interference. this mode also supports legacy 802.11b and 802.11g clients. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select...
... need to save your wireless LAN. Configure the Wireless LAN settings based on the NETGEAR website. Select an "only" option if all the options on your wireless settings. This is the static, legacy mode. Click Apply to experiment with least interference. this mode also supports legacy 802.11b and 802.11g clients. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select...
SRXN3205 Reference Manual
Page 61
... match, you have the same SSID you configured in to save any other wireless networks within several hundred feet of a client computer must match what you notice interference problems or are configuring the SRXN3205 from main/submenu. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. From your VPN firewall. Use the default user name of admin and default password of your...
... match, you have the same SSID you configured in to save any other wireless networks within several hundred feet of a client computer must match what you notice interference problems or are configuring the SRXN3205 from main/submenu. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. From your VPN firewall. Use the default user name of admin and default password of your...
SRXN3205 Reference Manual
Page 66
... with 8-63 characters. 5. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK Not all wireless adapters support WPA2. Nevertheless, the wireless adapter hardware and driver must also support WPA. Ensure your settings. Enter a value for Key Lifetime text box in the Passphrase text box (Network Key) with Service Pack 3 or above include the client software that supports...
... with 8-63 characters. 5. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK Not all wireless adapters support WPA2. Nevertheless, the wireless adapter hardware and driver must also support WPA. Ensure your settings. Enter a value for Key Lifetime text box in the Passphrase text box (Network Key) with Service Pack 3 or above include the client software that supports...
SRXN3205 Reference Manual
Page 67
... out. 2. Consult the product document for your wireless adapter; Wireless Configuration v1.0, October 2008 4-13 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK and WPA2-PSK Not all wireless adapters support WPA. The wireless adapter hardware and driver must also support WPA. • Service Pack 3 does not include the client software that supports WPA. When you select the...
... out. 2. Consult the product document for your wireless adapter; Wireless Configuration v1.0, October 2008 4-13 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring WPA-PSK and WPA2-PSK Not all wireless adapters support WPA. The wireless adapter hardware and driver must also support WPA. • Service Pack 3 does not include the client software that supports WPA. When you select the...
SRXN3205 Reference Manual
Page 68
... RADIUS Port. This is the default WPA encryption. 4. AES is shared between the VPN firewall and the RADIUS Server while authenticating the supplicant (wireless client). 5. TKIP is required on the client. Server Name. The port number of the RADIUS Server. Select RADIUS from the WPA...on the right. Click on the TKIP radio button for communication with RADIUS Not all wireless adapters support WPA2. Configuring WPA2 with the RADIUS Server. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you select the WPA2 data encryption, only the feature selections for ...
... RADIUS Port. This is the default WPA encryption. 4. AES is shared between the VPN firewall and the RADIUS Server while authenticating the supplicant (wireless client). 5. TKIP is required on the client. Server Name. The port number of the RADIUS Server. Select RADIUS from the WPA...on the right. Click on the TKIP radio button for communication with RADIUS Not all wireless adapters support WPA2. Configuring WPA2 with the RADIUS Server. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you select the WPA2 data encryption, only the feature selections for ...
SRXN3205 Reference Manual
Page 69
... RADIUS Server while authenticating the supplicant (wireless client). 5. When you select the WPA and WPA2 data encryption, only the feature selections for Encryption on screen, while the other options and features remain grayed out. 2. Click on configuring WPA2 settings. The Wireless Configuration v1.0, October 2008 4-15 RADIUS Port. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server...
... RADIUS Server while authenticating the supplicant (wireless client). 5. When you select the WPA and WPA2 data encryption, only the feature selections for Encryption on screen, while the other options and features remain grayed out. 2. Click on configuring WPA2 settings. The Wireless Configuration v1.0, October 2008 4-15 RADIUS Port. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The Server...