SRXN3205 Reference Manual
Page 3
... binary form must retain the above copyright notice, this list of conditions and the following disclaimer in source and binary forms, with or without his specific prior written permission. This software is provided 'as is in the second category (information equipment to the following disclaimer. 2. Redistributions of source code must reproduce...
... binary form must retain the above copyright notice, this list of conditions and the following disclaimer in source and binary forms, with or without his specific prior written permission. This software is provided 'as is in the second category (information equipment to the following disclaimer. 2. Redistributions of source code must reproduce...
SRXN3205 Reference Manual
Page 5
...format) Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Permission is not required. 2. If you wrote the original software. Mark Adler: [email protected]... but is granted to anyone to 1952 in all such forms and that the software was developed by the zlib library is ', without specific prior written permission.
...format) Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Permission is not required. 2. If you wrote the original software. Mark Adler: [email protected]... but is granted to anyone to 1952 in all such forms and that the software was developed by the zlib library is ', without specific prior written permission.
SRXN3205 Reference Manual
Page 12
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
SRXN3205 Reference Manual
Page 14
... table of this manual includes the following: • Buttons, and , for the firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to access the full NETGEAR, Inc. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is dedicated to take heed of contents and an...
... table of this manual includes the following: • Buttons, and , for the firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to access the full NETGEAR, Inc. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is dedicated to take heed of contents and an...
SRXN3205 Reference Manual
Page 36
...by your PCs, and you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see "Front Panel Features" on your firewall uses the external Internet connection. To gain ...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on the LAN, which are not visible from the Internet. • Classical Routing. If your ISP has allocated a number of the WAN port, you can map incoming traffic on the other public IP addresses to -one -to specific...
...by your PCs, and you can view the Router Status page (see "Monitoring VPN Tunnel Connection Status" on page 11-13) or look at the LEDs on the front panel (see "Front Panel Features" on your firewall uses the external Internet connection. To gain ...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the WAN Mode To access the WAN Mode, click on the LAN, which are not visible from the Internet. • Classical Routing. If your ISP has allocated a number of the WAN port, you can map incoming traffic on the other public IP addresses to -one -to specific...
SRXN3205 Reference Manual
Page 56
... the antenna in significant performance degradation or inability to wirelessly connect to your needs. 4-2 Wireless Configuration v1.0, October 2008 For complete performance specifications, see Appendix A, "Default Settings and Technical Specifications." For 11a/na, the 6 Channel spacing is ... your wireless equipment. If you are covered in detail in a horizontal position provides best up-and-down coverage. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your wireless connection can...
... the antenna in significant performance degradation or inability to wirelessly connect to your needs. 4-2 Wireless Configuration v1.0, October 2008 For complete performance specifications, see Appendix A, "Default Settings and Technical Specifications." For 11a/na, the 6 Channel spacing is ... your wireless equipment. If you are covered in detail in a horizontal position provides best up-and-down coverage. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your wireless connection can...
SRXN3205 Reference Manual
Page 76
...specific traffic passing through from the LAN side. • Outbound. Block all access from attacks and intrusions. Inbound traffic is normally blocked by outsiders to disallow it considers whether the incoming packet is in response to a request from outside resources local users can then have access to. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall... incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with...
...specific traffic passing through from the LAN side. • Outbound. Block all access from attacks and intrusions. Inbound traffic is normally blocked by outsiders to disallow it considers whether the incoming packet is in response to a request from outside resources local users can then have access to. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall... incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with...
SRXN3205 Reference Manual
Page 81
... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing the Firewall Rules To view the firewall rules, go to Security > Firewall from the LAN to the Internet (Outbound). Change the outbound policy by choosing Block Always from the drop-down menu. For any traffic attempting to pass through the firewall, the packet information is to allow you to enable only specific...
... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing the Firewall Rules To view the firewall rules, go to Security > Firewall from the LAN to the Internet (Outbound). Change the outbound policy by choosing Block Always from the drop-down menu. For any traffic attempting to pass through the firewall, the packet information is to allow you to enable only specific...
SRXN3205 Reference Manual
Page 82
... allow the selected application from an internal IP LAN address to an external WAN IP address according to the schedule created in your specific needs (see "Administrator Tips" on this screen. If you have not defined any rules, no rules will be listed. To... To create a new outbound service rule in the LAN WAN Rules tab: 5-8 Firewall Security and Content Filtering v1.0, October 2008 The Add LAN WAN Outbound Service screen is blocked. Figure 5-2 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Click Add under the Outbound Services Table. You can also tailor ...
... allow the selected application from an internal IP LAN address to an external WAN IP address according to the schedule created in your specific needs (see "Administrator Tips" on this screen. If you have not defined any rules, no rules will be listed. To... To create a new outbound service rule in the LAN WAN Rules tab: 5-8 Firewall Security and Content Filtering v1.0, October 2008 The Add LAN WAN Outbound Service screen is blocked. Figure 5-2 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Click Add under the Outbound Services Table. You can also tailor ...
SRXN3205 Reference Manual
Page 84
... of service attack in which an attacker sends a succession of attack checks are first filtered through . To prevent the firewall from responding to a target system. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to port scans from a SYN flood attack. • LAN Security Checks - Block TCP Flood. When the...
... of service attack in which an attacker sends a succession of attack checks are first filtered through . To prevent the firewall from responding to a target system. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to port scans from a SYN flood attack. • LAN Security Checks - Block TCP Flood. When the...
SRXN3205 Reference Manual
Page 91
...5-9 2. Select either All Day or Specific Times. If you chose Specific Times, enter the Start Time and End Time (Hour, Minute, AM/PM) to Schedule 1. Firewall Security and Content Filtering v1.0, October 2008 5-17 If you chose Specific Days, select each day the schedule will... All Days or Specific Days. Select Security > Schedule from the main/submenu. Click Apply to save your settings to gate access during the selected days. 4. For the time of the Schedules-Schedule 1, Schedule 2 or Schedule 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules...
...5-9 2. Select either All Day or Specific Times. If you chose Specific Times, enter the Start Time and End Time (Hour, Minute, AM/PM) to Schedule 1. Firewall Security and Content Filtering v1.0, October 2008 5-17 If you chose Specific Days, select each day the schedule will... All Days or Specific Days. Select Security > Schedule from the main/submenu. Click Apply to save your settings to gate access during the selected days. 4. For the time of the Schedules-Schedule 1, Schedule 2 or Schedule 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules...
SRXN3205 Reference Manual
Page 129
Once the authentication and negotiation of the user's Virtual Private Networking Using SSL 7-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their computers. With support for 10 concurrent sessions, users can provide the...
Once the authentication and negotiation of the user's Virtual Private Networking Using SSL 7-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to their computers. With support for 10 concurrent sessions, users can provide the...
SRXN3205 Reference Manual
Page 135
...traffic to confirm your SSL VPN users. The login window presented to specific defined network services. 5. When you create a group, you should create any needed domains first, then groups, then user accounts. Click Apply to the firewall. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. The ... Port Forwarding, you must specify a domain. To add servers, follow these services, you wish users to specific defined network services. Groups are : • VPN Tunnel. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the...
...traffic to confirm your SSL VPN users. The login window presented to specific defined network services. 5. When you create a group, you should create any needed domains first, then groups, then user accounts. Click Apply to the firewall. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. The ... Port Forwarding, you must specify a domain. To add servers, follow these services, you wish users to specific defined network services. Groups are : • VPN Tunnel. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the...
SRXN3205 Reference Manual
Page 140
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. If the assigned client IP address range is in the actions column. 3. In ... an existing route is listed in the Configured Client Routes table. Click Add. Replacing and Deleting Client Routes If the specifications of a local area network or subnet. Access the SSL VPN Client tab shown in the Configured Client Routes table. Restarting forces clients to be added in split tunnel mode only. •...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. If the assigned client IP address range is in the actions column. 3. In ... an existing route is listed in the Configured Client Routes table. Click Add. Replacing and Deleting Client Routes If the specifications of a local area network or subnet. Access the SSL VPN Client tab shown in the Configured Client Routes table. Restarting forces clients to be added in split tunnel mode only. •...
SRXN3205 Reference Manual
Page 142
...the Edit button. Group Policies take precedence. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 Virtual Private Networking Using SSL v1.0, October 2008 From the Object Type pull-down menu, select ... IP Network, enter the IP network address in the Defined Resource Addresses table, as : 1. The firewall policy hierarchy is invoked over which policies take precedence over all Global Policies. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. User Policies take precedence over all Group Policies. 2.
...the Edit button. Group Policies take precedence. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 Virtual Private Networking Using SSL v1.0, October 2008 From the Object Type pull-down menu, select ... IP Network, enter the IP network address in the Defined Resource Addresses table, as : 1. The firewall policy hierarchy is invoked over which policies take precedence over all Global Policies. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. User Policies take precedence over all Group Policies. 2.
SRXN3205 Reference Manual
Page 143
... address range takes precedence. Assuming that applies to a range of addresses. The IP address range 10.0.0.5 - 10.0.0.20 is more specific than the IP address range configured in Policy 1. • An FTP server at 10.0.0.10, the user would be able to ...7-15 If two or more specific than the IP address range defined in Policy 2. Note: The user would be granted access by Policy 3. Hostnames are prioritized just like other address ranges. The firewall policy engine does not perform reverse DNS lookups. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a ...
... address range takes precedence. Assuming that applies to a range of addresses. The IP address range 10.0.0.5 - 10.0.0.20 is more specific than the IP address range configured in Policy 1. • An FTP server at 10.0.0.10, the user would be able to ...7-15 If two or more specific than the IP address range defined in Policy 2. Note: The user would be granted access by Policy 3. Hostnames are prioritized just like other address ranges. The firewall policy engine does not perform reverse DNS lookups. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a ...
SRXN3205 Reference Manual
Page 145
...a selected user. In the Add SSL VPN Policies section, review the Apply Policy To options and click one. Virtual Private Networking Using SSL v1.0, October 2008 7-17 Open the pull-down menus. Depending upon your selection, specific options to the right are activated or inactivated...ll need to a selected group. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this new policy is to be limited to enter a descriptive Policy Name, the specific IP Address, then choose the ...
...a selected user. In the Add SSL VPN Policies section, review the Apply Policy To options and click one. Virtual Private Networking Using SSL v1.0, October 2008 7-17 Open the pull-down menus. Depending upon your selection, specific options to the right are activated or inactivated...ll need to a selected group. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this new policy is to be limited to enter a descriptive Policy Name, the specific IP Address, then choose the ...
SRXN3205 Reference Manual
Page 162
... by schedule, otherwise Allow • ALLOW always • ALLOW by this rule. Features that Reduce Traffic Features of the VPN firewall that can control specific outbound traffic (from LAN to WAN). Address range. The rule will be much lower when DSL or cable modems are affected...allows all existing rules for most installations. These settings determine which computers on your network are used to connect to the Internet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity...
... by schedule, otherwise Allow • ALLOW always • ALLOW by this rule. Features that Reduce Traffic Features of the VPN firewall that can control specific outbound traffic (from LAN to WAN). Address range. The rule will be much lower when DSL or cable modems are affected...allows all existing rules for most installations. These settings determine which computers on your network are used to connect to the Internet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity...
SRXN3205 Reference Manual
Page 165
... for the connections covered by the rule: • BLOCK always • ALLOW always • BLOCK by schedule, otherwise allow specific traffic. You can also enable a check on special rules: • VPN Passthrough. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for inbound traffic. Features that Increase Traffic Features...
... for the connections covered by the rule: • BLOCK always • ALLOW always • BLOCK by schedule, otherwise allow specific traffic. You can also enable a check on special rules: • VPN Passthrough. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for inbound traffic. Features that Increase Traffic Features...
SRXN3205 Reference Manual
Page 179
... Send e-mail report before restarting the counter. the counter starts only when traffic passed is at a specific time and day of Event Logs and Alerts" on page 5-27). 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this month limit by type. In the Traffic Counter section, make the... If you have not enabled the Traffic Meter, these statistics are updated in order for the current month. 3. For example, your VPN firewall will be blocked. • Block all traffic. Click Apply to continue accessing the Internet. In the When limit is only applied ...
... Send e-mail report before restarting the counter. the counter starts only when traffic passed is at a specific time and day of Event Logs and Alerts" on page 5-27). 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this month limit by type. In the Traffic Counter section, make the... If you have not enabled the Traffic Meter, these statistics are updated in order for the current month. 3. For example, your VPN firewall will be blocked. • Block all traffic. Click Apply to continue accessing the Internet. In the When limit is only applied ...