SRXN3205 Reference Manual
Page 7
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Contents About This Manual Conventions, Formats, and Scope xiii How to Use This Manual xiv How to Print this Manual xiv Revision History ...xv Chapter 1 Introduction Key Firewall Features ...1-1 A Powerful, True Firewall with Content Filtering 1-2 Autosensing Ethernet Connections with Auto Uplink 1-2 Extensive Protocol Support 1-3 Advanced VPN Support for Both IPsec and SSL...
SRXN3205 Reference Manual
Page 17
...; "Default IP Address, Login Name, and Password Location" • "Qualified Web Browsers" Key Firewall Features The firewall portion provides the following key features: • A single 10/100/1000 Mbps Gigabit Ethernet WAN port for your local Ethernet and wireless networks via a broadband cable or DSL modem. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall...
...; "Default IP Address, Login Name, and Password Location" • "Qualified Web Browsers" Key Firewall Features The firewall portion provides the following key features: • A single 10/100/1000 Mbps Gigabit Ethernet WAN port for your local Ethernet and wireless networks via a broadband cable or DSL modem. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall...
SRXN3205 Reference Manual
Page 25
..., Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for the SSL VPN portal, not the Web Management Interface. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the SRXN3205's enclosure if you need a reminder of applications. Note that Java is...
..., Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for the SSL VPN portal, not the Web Management Interface. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the SRXN3205's enclosure if you need a reminder of applications. Note that Java is...
SRXN3205 Reference Manual
Page 28
.... Open a browser, and enter https://192.168.1.1 in the browser. Click Login. The Web Configuration Manager appears, displaying the Router Status menu as the default. The login window displays in the address field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) Enter admin...
.... Open a browser, and enter https://192.168.1.1 in the browser. Click Login. The Web Configuration Manager appears, displaying the Router Status menu as the default. The login window displays in the address field. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Logging into the VPN Firewall To connect to the firewall, your computer needs to be configured to the Internet (WAN) Enter admin...
SRXN3205 Reference Manual
Page 32
...establish an Internet connection. If a successful connection is not required, click No and ignore the Login and Password fields. To manually configure your entries. Figure 2-6 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The WAN Status window should show a valid IP address and gateway. If the ... evaluate your WAN ISP Settings: 1. Click Test to "Manually Configuring the Internet Connection" following this is the default). • If a login is made, NETGEAR's Web site appears. If the automatic WAN ISP configurations failed, you will attempt to connect to the Internet ...
...establish an Internet connection. If a successful connection is not required, click No and ignore the Login and Password fields. To manually configure your entries. Figure 2-6 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The WAN Status window should show a valid IP address and gateway. If the ... evaluate your WAN ISP Settings: 1. Click Test to "Manually Configuring the Internet Connection" following this is the default). • If a login is made, NETGEAR's Web site appears. If the automatic WAN ISP configurations failed, you will attempt to connect to the Internet ...
SRXN3205 Reference Manual
Page 33
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. In most cases, you use from the three listed options. (By default, "Other (PPPoE)" is Austria Telecom or any other ISP that uses PPTP as a login protocol: Connecting to the Internet (WAN) 2-7 v1.0, October 2008 In the ISP Type options, select the type of minutes ...to keep the connection always on. Select Other (PPPoE). Figure 2-7 (If your connection is PPPoE. If you have installed login software such as WinPoET or Enternet, then your connection type is PPPoE, PPTP or BigPond Cable, your ISP is selected, as...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. In most cases, you use from the three listed options. (By default, "Other (PPPoE)" is Austria Telecom or any other ISP that uses PPTP as a login protocol: Connecting to the Internet (WAN) 2-7 v1.0, October 2008 In the ISP Type options, select the type of minutes ...to keep the connection always on. Select Other (PPPoE). Figure 2-7 (If your connection is PPPoE. If you have installed login software such as WinPoET or Enternet, then your connection type is PPPoE, PPTP or BigPond Cable, your ISP is selected, as...
SRXN3205 Reference Manual
Page 133
...access the sub-site at https://vpn.company.com/portal/sales. The maximum length of the login page message is case sensitive. ...VPN portal is hosted at https://vpn.company.com, and you enter other URLs, this name is 4096 characters. Only alphanumeric characters, hyphen (-), and underscore (_) are accessed at the top of characters or spaces, the layout name will appear at a different URL than the default.... Enter a plain text message or include HTML and JavaScript tags. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. This name will be truncated before they ...
...access the sub-site at https://vpn.company.com/portal/sales. The maximum length of the login page message is case sensitive. ...VPN portal is hosted at https://vpn.company.com, and you enter other URLs, this name is 4096 characters. Only alphanumeric characters, hyphen (-), and underscore (_) are accessed at the top of characters or spaces, the layout name will appear at a different URL than the default.... Enter a plain text message or include HTML and JavaScript tags. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. This name will be truncated before they ...
SRXN3205 Reference Manual
Page 147
... to the default domain (geardomain) and are only needed domains first, then groups, then user accounts. To create a domain: 1. Users connecting to the firewall must create name and password accounts for SSL VPN connections, the portal layout that will be authenticated before being allowed to access the firewall or the VPN-protected network. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual...
... to the default domain (geardomain) and are only needed domains first, then groups, then user accounts. To create a domain: 1. Users connecting to the firewall must create name and password accounts for SSL VPN connections, the portal layout that will be authenticated before being allowed to access the firewall or the VPN-protected network. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual...
SRXN3205 Reference Manual
Page 151
... Authentication, and Certificates 8-5 v1.0, October 2008 In this is checked by default for admin and guest. 4. Note: For security reasons, Deny Login from WAN Interface is the period at which an idle user will be ...Login Policies You can also require or prohibit logging in only from certain IP addresses or using particular browsers. The new user appears in to save and apply your settings. To prohibit this user from WAN Interface checkbox. Click Apply to the firewall, select the Disable Login checkbox. 3. Idle Timeout. ProSafe Wireless-N VPN Firewall SRXN3205...
... Authentication, and Certificates 8-5 v1.0, October 2008 In this is checked by default for admin and guest. 4. Note: For security reasons, Deny Login from WAN Interface is the period at which an idle user will be ...Login Policies You can also require or prohibit logging in only from certain IP addresses or using particular browsers. The new user appears in to save and apply your settings. To prohibit this user from WAN Interface checkbox. Click Apply to the firewall, select the Disable Login checkbox. 3. Idle Timeout. ProSafe Wireless-N VPN Firewall SRXN3205...
SRXN3205 Reference Manual
Page 169
.... 5. (Optional) To change the idle timeout for an administrator login session, enter a new number of minutes in the Select User Type pull-down menu. Note: After a factory default reset, the password and timeout value will be changed back to Edit Password checkbox. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Edit User screen is too large, you...
.... 5. (Optional) To change the idle timeout for an administrator login session, enter a new number of minutes in the Select User Type pull-down menu. Note: After a factory default reset, the password and timeout value will be changed back to Edit Password checkbox. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Edit User screen is too large, you...
SRXN3205 Reference Manual
Page 170
... sure to change the default configuration password of the firewall to enable HTTPS remote management (enabled by default). The Remote Management screen displays. . See "Setting User Login Policies" on page 8-5 for instructions on how to do this. When accessing your firewall from the Internet, the... numbers, and symbols. You must be a mixture of your firewall. For example, if your WAN IP address is 172.16.0.123, type the following in locally to 30 characters. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Remote Management Access Using the Remote Management page, ...
... sure to change the default configuration password of the firewall to enable HTTPS remote management (enabled by default). The Remote Management screen displays. . See "Setting User Login Policies" on page 8-5 for instructions on how to do this. When accessing your firewall from the Internet, the... numbers, and symbols. You must be a mixture of your firewall. For example, if your WAN IP address is 172.16.0.123, type the following in locally to 30 characters. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Remote Management Access Using the Remote Management page, ...
SRXN3205 Reference Manual
Page 171
...default user policy, are unable to remotely connect to the SRXN3205 after enabling HTTPS remote management, check whether other user policies, such as TZO, you may get a warning message regarding the SSL certificate. For example, enter tracert SRXN3205...configurations, statistics collection, performance, and security. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The firewall's remote login URL is displayed. Note: The first time you disable HTTPS remote management, all SSL VPN user connections will reject a login that your SRXN3205 by : • IP Address. Note...
...default user policy, are unable to remotely connect to the SRXN3205 after enabling HTTPS remote management, check whether other user policies, such as TZO, you may get a warning message regarding the SSL certificate. For example, enter tracert SRXN3205...configurations, statistics collection, performance, and security. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The firewall's remote login URL is displayed. Note: The first time you disable HTTPS remote management, all SSL VPN user connections will reject a login that your SRXN3205 by : • IP Address. Note...
SRXN3205 Reference Manual
Page 180
... e-mail notification enabled to receive the logs in the Log Identifier field. If you can view the logs by default. b. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual your SMTP server requires user authentication, select the required authentication type-either the IP address or Internet name...server. Then enter the user name and password to identify which are required To configure logging and notifications: 1. Enter either Login Plain or CRAM-MD5. Selecting all events will be sent (for authentication. 11-4 v1.0, October 2008 Monitoring System Performance ...
... e-mail notification enabled to receive the logs in the Log Identifier field. If you can view the logs by default. b. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual your SMTP server requires user authentication, select the required authentication type-either the IP address or Internet name...server. Then enter the user name and password to identify which are required To configure logging and notifications: 1. Enter either Login Plain or CRAM-MD5. Selecting all events will be sent (for authentication. 11-4 v1.0, October 2008 Monitoring System Performance ...
SRXN3205 Reference Manual
Page 193
... in the previous section. • Ensure your PC's IP address is on page 12-7. The factory default login name is admin and the password is in the Web browser. Troubleshooting v1.0, October 2008 12-3 Note:...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Check the Ethernet connection between the PC and the firewall as described in the range of 192.168.1.2 to be sure to click the APPLY button before moving to locate the firewall's LAN interface address. • Ensure you don't know the current IP address, clear the firewall's configuration to factory defaults...
... in the previous section. • Ensure your PC's IP address is on page 12-7. The factory default login name is admin and the password is in the Web browser. Troubleshooting v1.0, October 2008 12-3 Note:...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Check the Ethernet connection between the PC and the firewall as described in the range of 192.168.1.2 to be sure to click the APPLY button before moving to locate the firewall's LAN interface address. • Ensure you don't know the current IP address, clear the firewall's configuration to factory defaults...
SRXN3205 Reference Manual
Page 201
firewall Default Configuration Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Default Behavior https://192.168.1.1 admin password Uses default address as printed on the rear panel to reset all settings to their factory defaults. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You...
firewall Default Configuration Settings Feature Router Login User Login URL User Name (case sensitive) Login Password (case sensitive) Internet Connection WAN MAC Address WAN MTU Size Port Speed Default Behavior https://192.168.1.1 admin password Uses default address as printed on the rear panel to reset all settings to their factory defaults. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You...
SRXN3205 Reference Manual
Page 209
...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Index A access remote management 9-10 Access Controll screens 4-19 ActiveX web cache control 7-6 Add LAN WAN Inbound Service 5-9 Add LAN WAN Outbound Service 5-8 Add Mode Config Record screen 6-18 Add Resource Addresses menu 7-14 Adding 5-15 address reservation 3-4 administrator login timeout 9-9 Advailable Wireless... Stations 4-19 Advanced Options MTU Size 2-13 Port Speed 2-13 Router's MAC Address 2-13 Advanced screens of Wireless Settings 4-17 Allow 4-5 ...
...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Index A access remote management 9-10 Access Controll screens 4-19 ActiveX web cache control 7-6 Add LAN WAN Inbound Service 5-9 Add LAN WAN Outbound Service 5-8 Add Mode Config Record screen 6-18 Add Resource Addresses menu 7-14 Adding 5-15 address reservation 3-4 administrator login timeout 9-9 Advailable Wireless... Stations 4-19 Advanced Options MTU Size 2-13 Port Speed 2-13 Router's MAC Address 2-13 Advanced screens of Wireless Settings 4-17 Allow 4-5 ...
SRXN3205 Reference Manual
Page 211
F factory default login 1-9 factory default settings revert to 9-13 firewall connecting to 6-23 Inbound Rules default definition 5-2 field descriptions 5-5 order of precedence 5-7 Port Forwarding 5-2, 5-4 rules for use 5-4 v1.0, October... tags 7-6 I IGP 3-11 IKE Policy about 5-1 firewall protection 5-1 firmware downloading 9-14 upgrade 9-14 firmware, upgrading 1-4 fixed IP address 2-5, 3-7 FQDN 2-11 Fragmentation Length default setting 4-18 fragmented IP packets 9-5 fully qualified domain name. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual enabling 4-17 E Edge Device 6-23 XAUTH...
F factory default login 1-9 factory default settings revert to 9-13 firewall connecting to 6-23 Inbound Rules default definition 5-2 field descriptions 5-5 order of precedence 5-7 Port Forwarding 5-2, 5-4 rules for use 5-4 v1.0, October... tags 7-6 I IGP 3-11 IKE Policy about 5-1 firewall protection 5-1 firmware downloading 9-14 upgrade 9-14 firmware, upgrading 1-4 fixed IP address 2-5, 3-7 FQDN 2-11 Fragmentation Length default setting 4-18 fragmented IP packets 9-5 fully qualified domain name. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual enabling 4-17 E Edge Device 6-23 XAUTH...
SRXN3205 Reference Manual
Page 212
...2-6 connecting to 2-1 Internet connection manual configuration 2-6 IP address default 4-7 IP addresses auto-generated 12-3 DHCP address pool 3-4 multi home LAN 3-4 reserved 3-4 router default 3-2 IP Subnet Mask router default 3-2 IPsec 5-11 IPsec Connection Status screen 11-13 IPSec... 12-2 Load Balancing use with DDNS 2-11 logging in default login 2-2 login policy restrict by browser 8-7 restrict by IP address 8-6 restrict by port 8-5 Index-4 v1.0, October 2008 See IGP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual inbound rules 5-4 example 5-12 Inbound Service Rule...
...2-6 connecting to 2-1 Internet connection manual configuration 2-6 IP address default 4-7 IP addresses auto-generated 12-3 DHCP address pool 3-4 multi home LAN 3-4 reserved 3-4 router default 3-2 IP Subnet Mask router default 3-2 IPsec 5-11 IPsec Connection Status screen 11-13 IPSec... 12-2 Load Balancing use with DDNS 2-11 logging in default login 2-2 login policy restrict by browser 8-7 restrict by IP address 8-6 restrict by port 8-5 Index-4 v1.0, October 2008 See IGP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual inbound rules 5-4 example 5-12 Inbound Service Rule...
SRXN3205 Reference Manual
Page 213
Network Address Translation. Network Database table 3-6 Network Database Group Names screen 3-7 Network Time Protocol. See NTP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual M MAC address 4-18, 12-6 authentication by ISP 2-13 configuring 2-5 format 2-14, 5-21 in...5-9 Outbound Services field descriptions 5-3 P package contents 1-6 packet capture 12-9 password default 4-7 passwords and login timeout changing 9-8 passwords,restoring 12-7 performance degradation causes of 4-2 N NAS Identifier 6-25 NAT configuring 2-10 firewall, use with 5-2 multi-NAT 5-13 one-to-one mapping 2-10 one-to...
Network Address Translation. Network Database table 3-6 Network Database Group Names screen 3-7 Network Time Protocol. See NTP. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual M MAC address 4-18, 12-6 authentication by ISP 2-13 configuring 2-5 format 2-14, 5-21 in...5-9 Outbound Services field descriptions 5-3 P package contents 1-6 packet capture 12-9 password default 4-7 passwords and login timeout changing 9-8 passwords,restoring 12-7 performance degradation causes of 4-2 N NAS Identifier 6-25 NAT configuring 2-10 firewall, use with 5-2 multi-NAT 5-13 one-to-one mapping 2-10 one-to...
SRXN3205 Reference Manual
Page 216
See QoS. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual firewall, use with 5-2 stateful packet inspection. traceroute 12-8 tracert use with DDNS 9-11 traffic increasing 9-5 reducing 9-2 Index-8 traffic management 9-8 traffic meter 2-14 troubleshooting 12-1 browsers 12-3 configuration settings, using sniffer 12-3 defaults 12-3 ISP connection 12-4 NTP 12-7 testing your setup 12-6 Web configuration 12-2 ... A-5 Time setting 9-15 troubleshooting 12-7 time daylight savings, troubleshooting 12-7 Time Zone settings 9-15 Time Zone screen 9-15 timeout, administrator login 9-9 ToS.
See QoS. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual firewall, use with 5-2 stateful packet inspection. traceroute 12-8 tracert use with DDNS 9-11 traffic increasing 9-5 reducing 9-2 Index-8 traffic management 9-8 traffic meter 2-14 troubleshooting 12-1 browsers 12-3 configuration settings, using sniffer 12-3 defaults 12-3 ISP connection 12-4 NTP 12-7 testing your setup 12-6 Web configuration 12-2 ... A-5 Time setting 9-15 troubleshooting 12-7 time daylight savings, troubleshooting 12-7 Time Zone settings 9-15 Time Zone screen 9-15 timeout, administrator login 9-9 ToS.