SRXN3205 Reference Manual
Page 10
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN...Adding A New Host Name 7-9 Configuring the SSL VPN Client 7-9 Configuring the Client IP Address Range 7-11 Adding Routes for VPN Tunnel Clients 7-12 Replacing and Deleting Client Routes...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN...Adding A New Host Name 7-9 Configuring the SSL VPN Client 7-9 Configuring the Client IP Address Range 7-11 Adding Routes for VPN Tunnel Clients 7-12 Replacing and Deleting Client Routes...
SRXN3205 Reference Manual
Page 17
....11N and 802.11a wireless networks. The SRXN3205 is a complete security solution with a powerful and flexible firewall to your networks along with advanced IPsec and SSL VPN technologies for extremely fast data transfer between local network resources and all of the wireless clients. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to...
....11N and 802.11a wireless networks. The SRXN3205 is a complete security solution with a powerful and flexible firewall to your networks along with advanced IPsec and SSL VPN technologies for extremely fast data transfer between local network resources and all of the wireless clients. Introduction 1-1 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 1 Introduction The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to...
SRXN3205 Reference Manual
Page 18
...the need to worry about crossover cables, as to the correct configuration. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation ... or a 1000 Mbps Gigabit Ethernet network. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to make the right connection. 1-2 Introduction v1.0, October 2008 The...
...the need to worry about crossover cables, as to the correct configuration. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Advanced IPsec and SSL VPN support • Advanced stateful packet inspection (SPI) firewall with multi-NAT support • Easy, web-based setup for installation ... or a 1000 Mbps Gigabit Ethernet network. Autosensing Ethernet Connections with Content Filtering Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet inspection (SPI) to make the right connection. 1-2 Introduction v1.0, October 2008 The...
SRXN3205 Reference Manual
Page 19
... other IPsec gateways and clients. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with the single-user...
... other IPsec gateways and clients. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with the single-user...
SRXN3205 Reference Manual
Page 20
... 5 GHz bands. • Upgradeable Firmware. Configuration settings can use the SRXN3205 to gain access to using only your LAN. • Hidden Mode. Connects to 5 SSL and VPN sessions. In addition to your Web browser, and can connect. • Configuration Backup. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for each radio mode are easily identified...
... 5 GHz bands. • Upgradeable Firmware. Configuration settings can use the SRXN3205 to gain access to using only your LAN. • Hidden Mode. Connects to 5 SSL and VPN sessions. In addition to your Web browser, and can connect. • Configuration Backup. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for each radio mode are easily identified...
SRXN3205 Reference Manual
Page 25
... web browsers are qualified for use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for the SSL VPN portal, not the Web Management Interface. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the...
... web browsers are qualified for use Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with the firewall's Web Management Interface for the SSL VPN portal, not the Web Management Interface. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the...
SRXN3205 Reference Manual
Page 129
... concurrent sessions, users can easily access the remote network for e-commerce transactions, the SRXN3205 can authenticate itself to an SSL-enabled client, such as a standard web browser. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to the remote user...
... concurrent sessions, users can easily access the remote network for e-commerce transactions, the SRXN3205 can authenticate itself to an SSL-enabled client, such as a standard web browser. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to the remote user...
SRXN3205 Reference Manual
Page 130
..., the domain is created after you choose to which they see a portal page that you have access. The SSL VPN Client provides a PPP (point-to the firewall. Because you must specify a domain to make available. 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to -point) connection between the client and the...
..., the domain is created after you choose to which they see a portal page that you have access. The SSL VPN Client provides a PPP (point-to the firewall. Because you must specify a domain to make available. 2. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual browser provides authentication and encryption, establishing a secure connection to -point) connection between the client and the...
SRXN3205 Reference Manual
Page 131
... address ranges, and services. Policies determine access to network resources and addresses for restricted users; ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that will function as if it provides an ideal way to communicate remote access instructions, support... individual users, groups, or everyone. You can more SSL VPN user accounts. In the VPN tunnel option, the firewall creates a virtual network adapter on the remote PC that determine network resource access for your SSL VPN users, you have created. 6. Configure the policies. ...
... address ranges, and services. Policies determine access to network resources and addresses for restricted users; ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual When you define the SSL VPN policies that will function as if it provides an ideal way to communicate remote access instructions, support... individual users, groups, or everyone. You can more SSL VPN user accounts. In the VPN tunnel option, the firewall creates a virtual network adapter on the remote PC that determine network resource access for your SSL VPN users, you have created. 6. Configure the policies. ...
SRXN3205 Reference Manual
Page 132
... layout. You can add additional portal layouts. The default portal layout is displayed. 7-4 Virtual Private Networking Using SSL v1.0, October 2008 To create a New Portal Layout: 1. The Add Portal Layout screen is the SSL-VPN portal. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by clicking the default button in the configuration of a Domain. Note...
... layout. You can add additional portal layouts. The default portal layout is displayed. 7-4 Virtual Private Networking Using SSL v1.0, October 2008 To create a New Portal Layout: 1. The Add Portal Layout screen is the SSL-VPN portal. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Portal Layouts are applied by clicking the default button in the configuration of a Domain. Note...
SRXN3205 Reference Manual
Page 133
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. Enter a descriptive name for the Portal Layout Name. For example, if your SSL VPN portal is hosted at https://vpn.company.com/portal/sales. If you created a portal layout named "sales", then users will be truncated before they log in the Banner Title field.... maximum length of the menu, configure the following entries: a. In the Portal Site Title field, enter a title that unlike most other types of the SSL VPN portal URL. To display a banner message to users before the first non-alphanumeric character. b.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2 3. Enter a descriptive name for the Portal Layout Name. For example, if your SSL VPN portal is hosted at https://vpn.company.com/portal/sales. If you created a portal layout named "sales", then users will be truncated before they log in the Banner Title field.... maximum length of the menu, configure the following entries: a. In the Portal Site Title field, enter a title that unlike most other types of the SSL VPN portal URL. To display a banner message to users before the first non-alphanumeric character. b.
SRXN3205 Reference Manual
Page 134
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual on login page checkbox to the SSL VPN portal. d. e. The ActiveX web cache control will prompt the user to delete all temporary Internet files, cookies and browser history when the user... include: These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. The web cache cleaner will be ignored by web browsers that don't support ActiveX. 7-6 Virtual Private Networking Using SSL v1.0, October 2008 Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual on login page checkbox to the SSL VPN portal. d. e. The ActiveX web cache control will prompt the user to delete all temporary Internet files, cookies and browser history when the user... include: These directives help prevent clients browsers from caching SSL VPN portal pages and other web content. The web cache cleaner will be ignored by web browsers that don't support ActiveX. 7-6 Virtual Private Networking Using SSL v1.0, October 2008 Note: NETGEAR strongly recommends enabling HTTP meta tags for cache control checkbox...
SRXN3205 Reference Manual
Page 135
...define the internal host machines (servers) and TCP applications available to simplify the application of access policies. To define these steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 Your choices are not selected will be presented. You must specify the internal addresses and TCP applications (port numbers) that will...specific defined network services. When you create a group, you must create name and password accounts for Port Forwarding Port Forwarding provides access to the firewall. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4.
...define the internal host machines (servers) and TCP applications available to simplify the application of access policies. To define these steps: Virtual Private Networking Using SSL 7-7 v1.0, October 2008 Your choices are not selected will be presented. You must specify the internal addresses and TCP applications (port numbers) that will...specific defined network services. When you create a group, you must create name and password accounts for Port Forwarding Port Forwarding provides access to the firewall. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4.
SRXN3205 Reference Manual
Page 136
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab. Users can specify the port number together with the host name or IP address. 7-8 Virtual Private Networking Using SSL v1.0, October 2008 In the Add New Application for Port Forwarding section, enter the IP address of the application...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab. Users can specify the port number together with the host name or IP address. 7-8 Virtual Private Networking Using SSL v1.0, October 2008 In the Add New Application for Port Forwarding section, enter the IP address of the application...
SRXN3205 Reference Manual
Page 137
... servers using Port Forwarding. In the Fully Qualified Domain Name field, enter the full server name. 5. Click Add. Configuring the SSL VPN Client The SSL VPN Client within the SRXN3205 will be able to name. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Adding A New Host Name Once the server IP address and port information has been configured, remote users will...
... servers using Port Forwarding. In the Fully Qualified Domain Name field, enter the full server name. 5. Click Add. Configuring the SSL VPN Client The SSL VPN Client within the SRXN3205 will be able to name. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Adding A New Host Name Once the server IP address and port information has been configured, remote users will...
SRXN3205 Reference Manual
Page 139
...Note: In split tunneling, appropriate client routes must be added to allow traffic to the VPN tunnel clients. 5. Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. Enter Primary and Secondary DNS Server IP addresses to be assigned to be ...address range. 7. client routes are now able to connect to VPN tunnel clients, then define the address range. To configure the client IP address range: 1. The SSL VPN Client screen displays. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range...
...Note: In split tunneling, appropriate client routes must be added to allow traffic to the VPN tunnel clients. 5. Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. Enter Primary and Secondary DNS Server IP addresses to be assigned to be ...address range. 7. client routes are now able to connect to VPN tunnel clients, then define the address range. To configure the client IP address range: 1. The SSL VPN Client screen displays. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range...
SRXN3205 Reference Manual
Page 140
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. If an existing route is in the Configured Client Routes table. In the ... than the corporate network, or the corporate network has multiple subnets, you can delete it. 7-12 Virtual Private Networking Using SSL v1.0, October 2008 Enter the appropriate Subnet Mask. 4. To add an SSL VPN Tunnel client route, follow these steps: 1. Replacing and Deleting Client Routes If the specifications of the tab and the...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for any reason, you must define Client Routes. If an existing route is in the Configured Client Routes table. In the ... than the corporate network, or the corporate network has multiple subnets, you can delete it. 7-12 Virtual Private Networking Using SSL v1.0, October 2008 Enter the appropriate Subnet Mask. 4. To add an SSL VPN Tunnel client route, follow these steps: 1. Replacing and Deleting Client Routes If the specifications of the tab and the...
SRXN3205 Reference Manual
Page 141
...individually updating all of service to apply to the resource: either VPN Tunnel or Port Forwarding. 4. Defining network resources is optional; Adding New Network Resources To define a network resource: 1. Select VPN > SSL VPN from the main/submenu, and then select the Resources tab. ... and services. Virtual Private Networking Using SSL v1.0, October 2008 7-13 If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Using Network Resource Objects to ...
...individually updating all of service to apply to the resource: either VPN Tunnel or Port Forwarding. 4. Defining network resources is optional; Adding New Network Resources To define a network resource: 1. Select VPN > SSL VPN from the main/submenu, and then select the Resources tab. ... and services. Virtual Private Networking Using SSL v1.0, October 2008 7-13 If your server or network configuration changes, by using individual IP addresses or IP networks rather than predefined network resources. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Using Network Resource Objects to ...
SRXN3205 Reference Manual
Page 142
... 7-7. Configuring User, Group, and Global Policies An administrator can define and apply user, group and global policies to different SSL VPN services. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the... addresses and to predefined network resource objects, IP addresses, address ranges, or all Global Policies. 3. Group Policies take precedence. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 ...
... 7-7. Configuring User, Group, and Global Policies An administrator can define and apply user, group and global policies to different SSL VPN services. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the... addresses and to predefined network resource objects, IP addresses, address ranges, or all Global Policies. 3. Group Policies take precedence. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. If two or more user, group, or global policies are configured, the most specific policy takes precedence. 7-14 ...
SRXN3205 Reference Manual
Page 144
... for your selected Query option. Figure 7-9 2. Make your selection from the main/submenu, and select the Policies tab. Select VPN > SSL VPN from the following Query options: • Click Global to view all global policies. • Click Group to view group policies...choose the relevant user's name from the main/submenu, and then select the Policies tab. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Figure 7-8 2. The Policies screen will display the list for each of SSL VPN Policies will display. Adding a Policy To add a policy, follow these steps: 1. Click...
... for your selected Query option. Figure 7-9 2. Make your selection from the main/submenu, and select the Policies tab. Select VPN > SSL VPN from the following Query options: • Click Global to view all global policies. • Click Group to view group policies...choose the relevant user's name from the main/submenu, and then select the Policies tab. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Figure 7-8 2. The Policies screen will display the list for each of SSL VPN Policies will display. Adding a Policy To add a policy, follow these steps: 1. Click...