SRXN3205 Reference Manual
Page 2
... reception, which the receiver is hereby certified that the ProSafe Wireless-N VPN Firewall has been suppressed in a particular installation. Certificate of the Manufacturer/Importer It is connected. • Consult...ProSafe Wireless-N VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. ii 1.0, October 2008 Lesen Sie dazu bitte die Anmerkungen in the operating instructions. Please refer to the notes in der Betriebsanleitung. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe...
... reception, which the receiver is hereby certified that the ProSafe Wireless-N VPN Firewall has been suppressed in a particular installation. Certificate of the Manufacturer/Importer It is connected. • Consult...ProSafe Wireless-N VPN Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. ii 1.0, October 2008 Lesen Sie dazu bitte die Anmerkungen in the operating instructions. Please refer to the notes in der Betriebsanleitung. Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSafe...
SRXN3205 Reference Manual
Page 11
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 Setting User Login Policies 8-5 Managing Certificates ...8-8 Viewing and Loading CA Certificates 8-8 Viewing Active Self Certificates 8-9 Obtaining a Self Certificate from a Certificate Authority 8-10 Managing your Certificate Revocation List (CRL 8-13 Chapter 9 Firewall...11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates Adding Authentication Domains, Groups, and Users 8-1 Creating a Domain 8-1 Creating a Group ...8-3 Creating a New User Account 8-4 Setting User Login Policies 8-5 Managing Certificates ...8-8 Viewing and Loading CA Certificates 8-8 Viewing Active Self Certificates 8-9 Obtaining a Self Certificate from a Certificate Authority 8-10 Managing your Certificate Revocation List (CRL 8-13 Chapter 9 Firewall...11-3 Viewing Firewall Logs 11-6 Viewing Router Configuration and System...
SRXN3205 Reference Manual
Page 62
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to...6 for the VPN IPsec tunnel settings • Go to "Virtual Private Networking Using SSL" in Chapter 7 for the VPN SSL tunnel settings • Go to "Managing Users, Authentication, and Certificates" in Chapter 8 for the Users menu • Go to "Firewall and Network Management" in Chapter 9 for the Administration menu 4-8 Wireless Configuration v1.0, ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Security Types and Settings Configure the Wireless Security Types based on the level of security you need using one of the following methods and print out the form provided to...6 for the VPN IPsec tunnel settings • Go to "Virtual Private Networking Using SSL" in Chapter 7 for the VPN SSL tunnel settings • Go to "Managing Users, Authentication, and Certificates" in Chapter 8 for the Users menu • Go to "Firewall and Network Management" in Chapter 9 for the Administration menu 4-8 Wireless Configuration v1.0, ...
SRXN3205 Reference Manual
Page 104
.... 4. This method does not require using the VPN Wizard: 1. To set up a gateway VPN Tunnel using a CA (Certificate Authority). 6-2 Virtual Private Networking Using IPsec v1.0, October 2008 Enter an appropriate name for the connection. Click the VPN Wizard tab and the VPN Wizard screen displays. Enter a Pre-shared Key. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating Gateway to Gateway...
.... 4. This method does not require using the VPN Wizard: 1. To set up a gateway VPN Tunnel using a CA (Certificate Authority). 6-2 Virtual Private Networking Using IPsec v1.0, October 2008 Enter an appropriate name for the connection. Click the VPN Wizard tab and the VPN Wizard screen displays. Enter a Pre-shared Key. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating Gateway to Gateway...
SRXN3205 Reference Manual
Page 111
...Certificate pull-down menu, choose Domain Name. 10. Click Enter Key and then enter your computer's Network Adapter. Virtual Private Networking Using IPsec 6-9 v1.0, October 2008 This key will appear. 1. Leave Virtual Adapter disabled, and click your preshared key, and click OK. In the left frame, click Security Policy. ProSafe Wireless-N VPN Firewall SRXN3205... Reference Manual 7. Your current IP address will be shared by all users of the SRXN3205 policy "client". 3. Figure 6-6 8.
...Certificate pull-down menu, choose Domain Name. 10. Click Enter Key and then enter your computer's Network Adapter. Virtual Private Networking Using IPsec 6-9 v1.0, October 2008 This key will appear. 1. Leave Virtual Adapter disabled, and click your preshared key, and click OK. In the left frame, click Security Policy. ProSafe Wireless-N VPN Firewall SRXN3205... Reference Manual 7. Your current IP address will be shared by all users of the SRXN3205 policy "client". 3. Figure 6-6 8.
SRXN3205 Reference Manual
Page 116
... for RSA-Signature to authenticate users (under the VPN Client menu on the User Database page). - In that case, a certificate must match the remote VPN.) - Authentication Method. PAP is selected, the router will disable the Pre-shared key text box and... uses the Active Self Certificate uploaded in the User Database to detect whether the Peer is not supported for a simple password based key. ProSafe Wireless-N VPN Firewall SRXN3205 ...
... for RSA-Signature to authenticate users (under the VPN Client menu on the User Database page). - In that case, a certificate must match the remote VPN.) - Authentication Method. PAP is selected, the router will disable the Pre-shared key text box and... uses the Active Self Certificate uploaded in the User Database to detect whether the Peer is not supported for a simple password based key. ProSafe Wireless-N VPN Firewall SRXN3205 ...
SRXN3205 Reference Manual
Page 117
... for authentication reduces the amount of VPN policies. For each VPN gateway must have a certificate from the CA. In this situation, the order of certificates for the VPN tunnel are : 1. The VPN tunnel is used to create a VPN policy, only the Auto method is... Association). 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is enabled (green circle) or disabled (grey circle). VPN Policy You can also be sent via a VPN tunnel. 2. To use of the policies is available. • Manual. The use a CA, each certificate, there is ...
... for authentication reduces the amount of VPN policies. For each VPN gateway must have a certificate from the CA. In this situation, the order of certificates for the VPN tunnel are : 1. The VPN tunnel is used to create a VPN policy, only the Auto method is... Association). 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is enabled (green circle) or disabled (grey circle). VPN Policy You can also be sent via a VPN tunnel. 2. To use of the policies is available. • Manual. The use a CA, each certificate, there is ...
SRXN3205 Reference Manual
Page 123
... firewall; Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. Click on Key Exchange (Phase 2) on the left -side of the menu, click My Identity and enter the following information: a. in the SRXN3205 IKE menu. From the Select Certificate ...The Internal Network IP Address should be checked. 4. a. Enable Replay Detection should be longer, such as 8 hours [28800 seconds] 6. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual d. From the left -side of the IKE policy you configured in this example it is "local_id.com". b. c. To ...
... firewall; Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. Click on Key Exchange (Phase 2) on the left -side of the menu, click My Identity and enter the following information: a. in the SRXN3205 IKE menu. From the Select Certificate ...The Internal Network IP Address should be checked. 4. a. Enable Replay Detection should be longer, such as 8 hours [28800 seconds] 6. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual d. From the left -side of the IKE policy you configured in this example it is "local_id.com". b. c. To ...
SRXN3205 Reference Manual
Page 147
... you create a group, you have access. Managing Users, Authentication, and Certificates 8-1 v1.0, October 2008 Users connecting to groups. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates This chapter contains the following sections: • "Adding Authentication Domains, Groups, and Users" • "Managing Certificates" Adding Authentication Domains, Groups, and Users You must create name and...
... you create a group, you have access. Managing Users, Authentication, and Certificates 8-1 v1.0, October 2008 Users connecting to groups. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates This chapter contains the following sections: • "Adding Authentication Domains, Groups, and Users" • "Managing Certificates" Adding Authentication Domains, Groups, and Users You must create name and...
SRXN3205 Reference Manual
Page 148
Select the Authentication Type. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-1 2. The Add Domain screen displays. The required fields are activated in the Domain Name field. Click Add. b. Figure 8-2 3. Configure the following fields: a. ... Fields None Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Workgroup 8-2 Managing Users, Authentication, and Certificates v1.0, October 2008
Select the Authentication Type. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-1 2. The Add Domain screen displays. The required fields are activated in the Domain Name field. Click Add. b. Figure 8-2 3. Configure the following fields: a. ... Fields None Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Authentication Secret Authentication Server, Workgroup 8-2 Managing Users, Authentication, and Certificates v1.0, October 2008
SRXN3205 Reference Manual
Page 149
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Authentication Type Active Directory LDAP Required Authentication Information Fields Authentication Server, Active Directory Domain Authentication Server, LDAP Base DN c. Select Users > Groups...groups simplifies the configuration of VPN policies when different sets of the menu: a. Configure the new group settings in the User menu are defined in the Add New Group section of users will be automatically logged out of the Web Configuration Manager Managing Users, Authentication, and Certificates 8-3 v1.0, October 2008 For...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Authentication Type Active Directory LDAP Required Authentication Information Fields Authentication Server, Active Directory Domain Authentication Server, LDAP Base DN c. Select Users > Groups...groups simplifies the configuration of VPN policies when different sets of the menu: a. Configure the new group settings in the User menu are defined in the Add New Group section of users will be automatically logged out of the Web Configuration Manager Managing Users, Authentication, and Certificates 8-3 v1.0, October 2008 For...
SRXN3205 Reference Manual
Page 150
... d. Select either Administrator, SSL VPN User, or IPsec VPN User. Select from the main/submenu and the Users screen displays. . Password/Confirm Password. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Select Users >... Users from a list of Groups, ready for use in user account setup. The user will be associated with the domain that is associated with that group. The password can contain alphanumeric characters, dash, and underscore. 8-4 Managing Users, Authentication, and Certificates...
... d. Select either Administrator, SSL VPN User, or IPsec VPN User. Select from the main/submenu and the Users screen displays. . Password/Confirm Password. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 3. Select Users >... Users from a list of Groups, ready for use in user account setup. The user will be associated with the domain that is associated with that group. The password can contain alphanumeric characters, dash, and underscore. 8-4 Managing Users, Authentication, and Certificates...
SRXN3205 Reference Manual
Page 151
... certain IP addresses or using particular browsers. To configure user login policies: 1. Managing Users, Authentication, and Certificates 8-5 v1.0, October 2008 Idle Timeout. The new user appears in to log into the Web Configuration Manager. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual e. You can restrict the ability of Users table, click Policies adjacent to the user policy...
... certain IP addresses or using particular browsers. To configure user login policies: 1. Managing Users, Authentication, and Certificates 8-5 v1.0, October 2008 Idle Timeout. The new user appears in to log into the Web Configuration Manager. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual e. You can restrict the ability of Users table, click Policies adjacent to the user policy...
SRXN3205 Reference Manual
Page 152
... Deny Login from Defined Addresses to deny logging in from Defined Addresses to add additional addresses or subnets. 8-6 Managing Users, Authentication, and Certificates v1.0, October 2008 To specify a subnet of IP addresses, select IP Network from the Source Address Type pull-down menu. Figure 8-7...that you will specify • the Allow Login only from the IP addresses that you will specify. 3. Click Apply. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in the Network Address/IP address field. 6. Select the by Source IP Address tab and the...
... Deny Login from Defined Addresses to deny logging in from Defined Addresses to add additional addresses or subnets. 8-6 Managing Users, Authentication, and Certificates v1.0, October 2008 To specify a subnet of IP addresses, select IP Network from the Source Address Type pull-down menu. Figure 8-7...that you will specify • the Allow Login only from the IP addresses that you will specify. 3. Click Apply. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in the Network Address/IP address field. 6. Select the by Source IP Address tab and the...
SRXN3205 Reference Manual
Page 153
... add additional browsers, then click Apply to the Defined Browsers table. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in from the Client Browser pulldown menu and click Add to move the defined browser to save your changes. Managing Users, Authentication, and Certificates 8-7 v1.0, October 2008 Figure 8-8 2. The by Client Browser tab. From the...
... add additional browsers, then click Apply to the Defined Browsers table. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in from the Client Browser pulldown menu and click Add to move the defined browser to save your changes. Managing Users, Authentication, and Certificates 8-7 v1.0, October 2008 Figure 8-8 2. The by Client Browser tab. From the...
SRXN3205 Reference Manual
Page 154
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing Certificates The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to you by a CA identifying your device. Ideally, the signature is from a well-known commercial Certificate Authority (CA) such as it provides no protection against identity theft of the server's identity. The date after which the certificate becomes invalid. 8-8 Managing...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing Certificates The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to you by a CA identifying your device. Ideally, the signature is from a well-known commercial Certificate Authority (CA) such as it provides no protection against identity theft of the server's identity. The date after which the certificate becomes invalid. 8-8 Managing...
SRXN3205 Reference Manual
Page 155
....0, October 2008 The name you used to you by a CA and available for use. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To view the VPN Certificates: Select VPN > Certificates from a CA, you will also receive the CA certificate. Click Upload. The top section of your registered business name or official company name. This is listed: • Name. Store the CA...
....0, October 2008 The name you used to you by a CA and available for use. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To view the VPN Certificates: Select VPN > Certificates from a CA, you will also receive the CA certificate. Click Upload. The top section of your registered business name or official company name. This is listed: • Name. Store the CA...
SRXN3205 Reference Manual
Page 156
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Serial Number. The name of the Certificates screen. 2. Configure the following values: - Hash Algorithm: MD5 or SHA2. - The date on which other organizations, you should renew the certificate before it expires. To request a self certificate from a CA, you include in your firewall. Enter a descriptive name that will identify this name will see...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Serial Number. The name of the Certificates screen. 2. Configure the following values: - Hash Algorithm: MD5 or SHA2. - The date on which other organizations, you should renew the certificate before it expires. To request a self certificate from a CA, you include in your firewall. Enter a descriptive name that will identify this name will see...
SRXN3205 Reference Manual
Page 157
.... • Domain Name - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-11 3. Otherwise, you can enter it here. Click Generate. If you have an Internet domain name, you should leave this field blank. • E-mail Address - Enter the e-mail address of a technical contact in your organization. 4. Figure 8-12 Managing Users, Authentication, and Certificates v1.0, October 2008...
.... • Domain Name - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-11 3. Otherwise, you can enter it here. Click Generate. If you have an Internet domain name, you should leave this field blank. • E-mail Address - Enter the e-mail address of a technical contact in your organization. 4. Figure 8-12 Managing Users, Authentication, and Certificates v1.0, October 2008...
SRXN3205 Reference Manual
Page 158
... section. b. Submit the CA form. Figure 8-14 8-12 Managing Users, Authentication, and Certificates v1.0, October 2008 Submit your saved text file (including "----BEGIN CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST"). d. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. In the Self Certificate Requests table, click View under the Action column to CA text box into a text file, including all of the...
... section. b. Submit the CA form. Figure 8-14 8-12 Managing Users, Authentication, and Certificates v1.0, October 2008 Submit your saved text file (including "----BEGIN CERTIFICATE REQUEST---" and "---END CERTIFICATE REQUEST"). d. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. In the Self Certificate Requests table, click View under the Action column to CA text box into a text file, including all of the...