SRXN3205 Reference Manual
Page 3
Read instructions for correct handling. Redistributions of source code must not be used in source and binary forms, with or without his specific prior written permission. Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. TERMS Redistribution and use in a residential area or an adjacent area thereto) ...
Read instructions for correct handling. Redistributions of source code must not be used in source and binary forms, with or without his specific prior written permission. Additional Copyrights AES Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. TERMS Redistribution and use in a residential area or an adjacent area thereto) ...
SRXN3205 Reference Manual
Page 5
... Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Permission is ', without specific prior written permission. If you wrote the original software. This notice may not be held liable for any damages...
... Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number SRXN3205 October 2008 VPN Firewall ProSafe Wireless-N VPN Firewall Business English 202-10416-01 1.0 v 1.0, October 2008 Permission is ', without specific prior written permission. If you wrote the original software. This notice may not be held liable for any damages...
SRXN3205 Reference Manual
Page 12
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Port Triggering Status 11-12 Monitoring VPN Tunnel Connection Status 11-13 Reviewing the VPN Logs 11-14 Chapter 12 Troubleshooting Basic Functions ...12-1 Power LED Not On 12-2 LEDs Never ... LAN Path to Your VPN Firewall 12-5 Testing the Path from Your PC to a Remote Device 12-6 Restoring the Default Configuration and Password 12-7 Problems with Date and Time 12-7 Diagnostics Functions 12-8 Appendix A Default Settings and Technical Specifications Default Settings ...A-1 Technical Specifications A-3 Appendix B Related ...
SRXN3205 Reference Manual
Page 14
... To print this manual, you can choose one page at http://kbserver.netgear.com/products/SRXN3205.asp. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is written for browsing forwards or backwards through ...firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to print the page contents. Each page in the HTML version of this manual includes the following options, according to access the full NETGEAR...
... To print this manual, you can choose one page at http://kbserver.netgear.com/products/SRXN3205.asp. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Danger: This is written for browsing forwards or backwards through ...firewall according to these specifications: Product Manual Publication Date ProSafe Wireless-N VPN Firewall October 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to print the page contents. Each page in the HTML version of this manual includes the following options, according to access the full NETGEAR...
SRXN3205 Reference Manual
Page 36
...mode, the firewall performs routing, but requires separate valid static Internet IP address for routing private IP addresses within a campus environment. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring... the other public IP addresses to specific PCs on your LAN. This method allows the firewall to you, and you can choose... classical routing. Network Address Translation Network Address Translation (NAT) allows all PCs on your ISP has allocated a number of the WAN port, you can view the Router Status page (see "Monitoring VPN...
...mode, the firewall performs routing, but requires separate valid static Internet IP address for routing private IP addresses within a campus environment. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring... the other public IP addresses to specific PCs on your LAN. This method allows the firewall to you, and you can choose... classical routing. Network Address Translation Network Address Translation (NAT) allows all PCs on your ISP has allocated a number of the WAN port, you can view the Router Status page (see "Monitoring VPN...
SRXN3205 Reference Manual
Page 56
... performance degradation or inability to wirelessly connect to establish and can be received well beyond your wireless equipment. For 11a/na, the 6 Channel spacing is not needed. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your security settings and placement. For complete performance specifications, see Appendix A, "Default Settings...
... performance degradation or inability to wirelessly connect to establish and can be received well beyond your wireless equipment. For 11a/na, the 6 Channel spacing is not needed. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Wireless Equipment Placement and Range Guidelines The operating distance or range of your security settings and placement. For complete performance specifications, see Appendix A, "Default Settings...
SRXN3205 Reference Manual
Page 76
...rules (WAN to LAN) restrict access by the firewall unless the traffic is normally blocked by outsiders to private resources, selectively allowing only specific outside . Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect... very limited stateful inspection in response to a request from attacks and intrusions. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for...
...rules (WAN to LAN) restrict access by the firewall unless the traffic is normally blocked by outsiders to private resources, selectively allowing only specific outside . Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect... very limited stateful inspection in response to a request from attacks and intrusions. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual A firewall incorporates the functions of a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for...
SRXN3205 Reference Manual
Page 81
...beginning at the top (those with the most specific services or addresses). To change the default outbound policy, follow these steps: 1. Firewall Security and Content Filtering 5-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing the Firewall Rules To view the firewall rules, go to the LAN WAN Rules tab...Internet (Outbound). The default policy of Precedence for Rules As you define new rules, they are added to block specific types of a packet. Firewall rules can be applied to the tables in the Rules menu as the last item in the list, as shown...
...beginning at the top (those with the most specific services or addresses). To change the default outbound policy, follow these steps: 1. Firewall Security and Content Filtering 5-7 v1.0, October 2008 ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing the Firewall Rules To view the firewall rules, go to the LAN WAN Rules tab...Internet (Outbound). The default policy of Precedence for Rules As you define new rules, they are added to block specific types of a packet. Firewall rules can be applied to the tables in the Rules menu as the last item in the list, as shown...
SRXN3205 Reference Manual
Page 82
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Note: This feature is for your changes and reset the fields on this screen. Remember that are necessary for Advanced Administrators only! Click Add under the Outbound Services Table. Figure 5-2 2. You can also tailor these rules to save your network. Configure the parameters and click Apply to your firewall.... If you have not defined any rules, no rules will cause serious problems. To create a new outbound service rule in your specific needs (see "Administrator Tips"...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Note: This feature is for your changes and reset the fields on this screen. Remember that are necessary for Advanced Administrators only! Click Add under the Outbound Services Table. Figure 5-2 2. You can also tailor these rules to save your network. Configure the parameters and click Apply to your firewall.... If you have not defined any rules, no rules will cause serious problems. To create a new outbound service rule in your specific needs (see "Administrator Tips"...
SRXN3205 Reference Manual
Page 84
... Checks - When the system responds, the attacker doesn't complete the connection, thus saturating the server with an ICMP Destination Unreachable packet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to do not reach him, thus making the attacker's network location anonymous. As a result, the distant host will (1) check...
... Checks - When the system responds, the attacker doesn't complete the connection, thus saturating the server with an ICMP Destination Unreachable packet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you have a specific reason to do not reach him, thus making the attacker's network location anonymous. As a result, the distant host will (1) check...
SRXN3205 Reference Manual
Page 91
... the default selection, along with tabs for Schedule 2 and Schedule 3. Repeat this procedure to Schedule 1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in effect. 3. If you chose Specific Days, select each day the schedule will be in the Block Sites menu, or if you...
... the default selection, along with tabs for Schedule 2 and Schedule 3. Repeat this procedure to Schedule 1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Setting Schedules to Block or Allow Traffic If you enabled Content Filtering in effect. 3. If you chose Specific Days, select each day the schedule will be in the Block Sites menu, or if you...
SRXN3205 Reference Manual
Page 129
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to the remote user: • VPN Tunnel The SRXN3205 can provide the full network connectivity of a VPN tunnel using the remote user's browser in the place of a traditional IPsec VPN client. This chapter...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 7 Virtual Private Networking Using SSL The SRXN3205 ProSafe Wireless-N VPN Firewall provides a hardware-based SSL VPN solution designed specifically to provide remote access for mobile users to the remote user: • VPN Tunnel The SRXN3205 can provide the full network connectivity of a VPN tunnel using the remote user's browser in the place of a traditional IPsec VPN client. This chapter...
SRXN3205 Reference Manual
Page 135
...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Your new layout appears in the List of the tab. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC. Therefore, you must specify a domain. Provides access to specific... defined network services. In the SSL VPN Portal Pages to the SSL firewall must specify a group. Adding Servers To configure Port Forwarding, you must be presented. Configuring ...
...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 4. Your new layout appears in the List of the tab. To configure Domains, Groups, and Users, see "Adding Authentication Domains, Groups, and Users" on the user's PC. Therefore, you must specify a domain. Provides access to specific... defined network services. In the SSL VPN Portal Pages to the SSL firewall must specify a group. Adding Servers To configure Port Forwarding, you must be presented. Configuring ...
SRXN3205 Reference Manual
Page 140
.... Replacing and Deleting Client Routes If the specifications of the tab and the new client route is in Figure 7-5. 2. Restart the firewall if VPN tunnel clients are located across the VPN over the SSL tunnel: Note: VPN client routs need to reconnect and receive new... new entry with the correct specifications. 2. Restarting forces clients to be added in split tunnel mode only. • The subnet containing the client IP address (PPP interface), as determined by the class of a local area network or subnet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for...
.... Replacing and Deleting Client Routes If the specifications of the tab and the new client route is in Figure 7-5. 2. Restart the firewall if VPN tunnel clients are located across the VPN over the SSL tunnel: Note: VPN client routs need to reconnect and receive new... new entry with the correct specifications. 2. Restarting forces clients to be added in split tunnel mode only. • The subnet containing the client IP address (PPP interface), as determined by the class of a local area network or subnet. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Routes for...
SRXN3205 Reference Manual
Page 142
...Configuring User, Group, and Global Policies An administrator can define and apply user, group and global policies to different SSL VPN services. Group Policies take precedence. The new configuration appears in Figure 7-7. Figure 7-7 6. From the Object Type pull-down ...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. Adjacent to the resource. Enter the mask length in the Network Address field. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the IP network address in the Mask Length (0-31) field. 7. A specific...
...Configuring User, Group, and Global Policies An administrator can define and apply user, group and global policies to different SSL VPN services. Group Policies take precedence. The new configuration appears in Figure 7-7. Figure 7-7 6. From the Object Type pull-down ...ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. Adjacent to the resource. Enter the mask length in the Network Address field. Enter the Port Range or Port Number for the IP Address or IP Network you selected IP Network, enter the IP network address in the Mask Length (0-31) field. 7. A specific...
SRXN3205 Reference Manual
Page 143
... ranges are prioritized just like other address ranges. However, the prioritization is more specific than the IP address range configured in Policy 1. • An FTP server at 10.0.0.10, the user would not be granted access by Policy 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a policy configured for a range of addresses. Assuming that applies...
... ranges are prioritized just like other address ranges. However, the prioritization is more specific than the IP address range configured in Policy 1. • An FTP server at 10.0.0.10, the user would not be granted access by Policy 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, a policy configured for a range of addresses. Assuming that applies...
SRXN3205 Reference Manual
Page 145
Virtual Private Networking Using SSL v1.0, October 2008 7-17 Click Add. See "Adding New Network Resources " on page 8-1. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this new... Domains, Groups, and Users" on page 7-13. • If you choose IP Address, you'll need to enter a descriptive Policy Name, the specific IP Address, then choose the Service and relevant Permission from the pulldown menus. Open the pull-down menus. The Add Policies screen appears. 4. Note: ...
Virtual Private Networking Using SSL v1.0, October 2008 7-17 Click Add. See "Adding New Network Resources " on page 8-1. 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Click Global if this new policy is to exclude all users and groups. • Click Group if this new... Domains, Groups, and Users" on page 7-13. • If you choose IP Address, you'll need to enter a descriptive Policy Name, the specific IP Address, then choose the Service and relevant Permission from the pulldown menus. Open the pull-down menus. The Add Policies screen appears. 4. Note: ...
SRXN3205 Reference Manual
Page 162
... to the following criteria: • LAN Users. All PCs and devices on the traffic being carried, the WAN side of the VPN firewall that can be called upon to decrease WAN-side loading are used to connect to the Internet. As a result and depending on your... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are as follows: • Service blocking • Block sites • Source MAC filtering Service Blocking You can control specific ...
... to the following criteria: • LAN Users. All PCs and devices on the traffic being carried, the WAN side of the VPN firewall that can be called upon to decrease WAN-side loading are used to connect to the Internet. As a result and depending on your... ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are as follows: • Service blocking • Block sites • Source MAC filtering Service Blocking You can control specific ...
SRXN3205 Reference Manual
Page 165
... any fragmented IP packets. • UDP Flooding. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for the procedure on special rules: • VPN Passthrough. You can control specific inbound traffic (from WAN to block or allow ...8226; ALLOW by schedule, otherwise allow specific traffic. Warning: This feature is for the connections covered by the rule...
... any fragmented IP packets. • UDP Flooding. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See "Enabling Source MAC Filtering (Address Filter)" on page 5-20 for the procedure on special rules: • VPN Passthrough. You can control specific inbound traffic (from WAN to block or allow ...8226; ALLOW by schedule, otherwise allow specific traffic. Warning: This feature is for the connections covered by the rule...
SRXN3205 Reference Manual
Page 179
... the Traffic Limit if you have reached the monthly limit, but need to restart the Traffic Counter immediately. • Restart Traffic Counter at Specific Time. Select the checkbox and enter the desired increase. (The checkbox will be blocked. • Block all traffic. Select this function to... Alerts" on page 5-27). 4. In the Traffic Counter section, make the following choice: • Block all traffic except E-mail. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this up. 5. Fill in order for the current month. 3. All access to work . Go to the...
... the Traffic Limit if you have reached the monthly limit, but need to restart the Traffic Counter immediately. • Restart Traffic Counter at Specific Time. Select the checkbox and enter the desired increase. (The checkbox will be blocked. • Block all traffic. Select this function to... Alerts" on page 5-27). 4. In the Traffic Counter section, make the following choice: • Block all traffic except E-mail. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Increase this up. 5. Fill in order for the current month. 3. All access to work . Go to the...