Netgear SRX5308 Specifications

350 East Plumeria DriveSan Jose, CA 95134USAJuly 29, 2011202-10536-021.0ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Reference Manual

Introduction10ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Key Features and CapabilitiesThe VPN firewall provides the following key features and

Firewall Protection100ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 LAN DMZ Inbound Services RulesThe Inbound Services table lists all existing ru

Firewall Protection101 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Inbound Rules ExamplesLAN WAN Inbound Rule: Hosting a Local Public Web ServerI

Firewall Protection102ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 52. LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT MappingI

Firewall Protection103 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Tip: If you arrange with your ISP to have more than one public IP address for

Firewall Protection104ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. From the Service drop-down list, select HTTP for a web server.5. From the

Firewall Protection105 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 54. Outbound Rules ExampleOutbound rules let you prevent users from usi

Firewall Protection106ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 55. Configure Other Firewall FeaturesYou can configure attack checks, s

Firewall Protection107 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 56. 2. Enter the settings as explained in the following table:Table 2

Firewall Protection108ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings. LAN Security Checks.Block UDP flood Sel

Firewall Protection109 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Set Session LimitsThe session limits feature allows you to specify the total n

Introduction11 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Advanced VPN Support for Both IPSec and SSLThe VPN firewall supports IPSec and SSL VPN

Firewall Protection110ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as explained in the following table:4. Click Apply to

Firewall Protection111 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage the Application Level Gateway for SIP SessionsThe application level gat

Firewall Protection112ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Add Customized ServicesServices are functions performed by server computers at

Firewall Protection113 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Add Customer Service section of the screen, enter the settings as e

Firewall Protection114ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete one or more services:1. In the Custom Services table, select the

Firewall Protection115 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 62. 5. In the IP Address fields, type an IP address.6. Click the Add

Firewall Protection116ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Create Quality of Service (QoS) ProfilesA Quality of Service (QoS) profile def

Firewall Protection117 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 63. The screen displays the List of QoS Profiles table with the user-d

Firewall Protection118ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The new QoS profile is added to the Lis

Firewall Protection119 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308For example, when a new connection is established by a device, the device loca

Introduction12ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Security FeaturesThe VPN firewall is equipped with several features designed to mainta

Firewall Protection120ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 66. 3. Enter the settings as explained in the following table:Table 2

Firewall Protection121 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The new bandwidth profile is added to t

Firewall Protection122ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 67. 2. In the Scheduled Days section, select one of the following rad

Firewall Protection123 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Content FilteringIf you want to restrict internal LAN users from access to cer

Firewall Protection124ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 You can apply the keywords to one or more groups. Requests from the PCs in the

Firewall Protection125 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 68.

Firewall Protection126ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Enter the settings as explained in the following table:5. Click Apply to

Firewall Protection127 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: For additional ways of restricting outbound traffic, see Outbound Rules

Firewall Protection128ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To remove one or more entries from the table:1. Select the check box to the

Firewall Protection129 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 70. 2. Enter the settings as explained in the following table:3. Cli

Introduction13 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• DNS proxy. When DHCP is enabled and no DNS addresses are specified, the VPN fire

Firewall Protection130ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit an IP/MAC binding:1. In the IP/MAC Bindings table, click the Edit t

Firewall Protection131 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To add a port triggering rule:1. Select Security > Port Triggering. The

Firewall Protection132ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit a port triggering rule (for example, to enable the rule):1. In the

Firewall Protection133 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 73. 2. To enable the UPnP feature, select the Yes radio button. (The

13455. Virtual Private NetworkingUsing IPSec ConnectionsThis chapter describes how to use the IP security (IPSec) virtual private networking (VPN) f

Virtual Private Networking Using IPSec Connections135 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 74. Figure 75. The following table summa

Virtual Private Networking Using IPSec Connections136ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Use the IPSec VPN Wizard for Client and Gateway

Virtual Private Networking Using IPSec Connections137 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 77. To view the wizard default settings

Virtual Private Networking Using IPSec Connections138ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 78. 2. Complete the settings as explai

Virtual Private Networking Using IPSec Connections139 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Tip: To ensure that tunnels stay active, after

Introduction14ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Package ContentsThe VPN firewall product package contains the following items:• Pr

Virtual Private Networking Using IPSec Connections140ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Activate the IPSec VPN connection:a. Select

Virtual Private Networking Using IPSec Connections141 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Use the VPN Wizard Configure the Gateway for a

Virtual Private Networking Using IPSec Connections142ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings. The IPSe

Virtual Private Networking Using IPSec Connections143 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 83. Note: When using FQDNs, if the dyn

Virtual Private Networking Using IPSec Connections144ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a PC that has t

Virtual Private Networking Using IPSec Connections145 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 85. 2. Select the A router or a VPN ga

Virtual Private Networking Using IPSec Connections146ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 87. 5. This screen is a summary screen

Virtual Private Networking Using IPSec Connections147 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308c. Specify the settings that are explained in

Virtual Private Networking Using IPSec Connections148ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 89. b. Specify the default lifetimes i

Virtual Private Networking Using IPSec Connections149 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure the Authentication Settings (Phase 1

Introduction15 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 1. Table 1. LED descriptionsLED Activity DescriptionPower On (green) Power is

Virtual Private Networking Using IPSec Connections150ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: This is the name for the authentication p

Virtual Private Networking Using IPSec Connections151 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to use the new settings immedia

Virtual Private Networking Using IPSec Connections152ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 8. Click Apply to use the new settings immedia

Virtual Private Networking Using IPSec Connections153 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 94. 3. Specify the settings that are e

Virtual Private Networking Using IPSec Connections154ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to use the new settings immedia

Virtual Private Networking Using IPSec Connections155 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Connection and View Connection and Sta

Virtual Private Networking Using IPSec Connections156ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 97. • Use the system-tray icon. Rig

Virtual Private Networking Using IPSec Connections157 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 101. View the VPN Firewall IPSec VPN Con

Virtual Private Networking Using IPSec Connections158ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 View the VPN Firewall IPSec VPN Logs To view t

Virtual Private Networking Using IPSec Connections159 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage IPSec VPN PoliciesAfter you have used th

Introduction16ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Rear PanelThe rear panel of the VPN firewall includes a console port, a reset button,

Virtual Private Networking Using IPSec Connections160ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 IKE Policies Screen To access the IKE Policies

Virtual Private Networking Using IPSec Connections161 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Click the Delete table button.To add or edi

Virtual Private Networking Using IPSec Connections162ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Complete the settings as explained the foll

Virtual Private Networking Using IPSec Connections163 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LocalSelect Local Gateway From the drop-down li

Virtual Private Networking Using IPSec Connections164ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Authentication Method Select one of the followi

Virtual Private Networking Using IPSec Connections165 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The IKE

Virtual Private Networking Using IPSec Connections166ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 In addition, a certification authority (CA) can

Virtual Private Networking Using IPSec Connections167 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Each policy contains the data that are explaine

Virtual Private Networking Using IPSec Connections168ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Manually Add or Edit a VPN Policy To manually

Virtual Private Networking Using IPSec Connections169 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Complete the settings as explained the foll

Introduction17 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Bottom Panel with Product LabelThe product label on the bottom of the VPN firewall’s e

Virtual Private Networking Using IPSec Connections170ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Traffic SelectionLocal IP From the drop-down li

Virtual Private Networking Using IPSec Connections171 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308SPI-Outgoing The Security Parameters Index (SPI

Virtual Private Networking Using IPSec Connections172ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The VPN

Virtual Private Networking Using IPSec Connections173 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: If a RADIUS-PAP server is enabled for au

Virtual Private Networking Using IPSec Connections174ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.User Data

Virtual Private Networking Using IPSec Connections175 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 108. 2. Complete the settings as expla

Virtual Private Networking Using IPSec Connections176ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.Note: Yo

Virtual Private Networking Using IPSec Connections177 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: After configuring a Mode Config record,

Virtual Private Networking Using IPSec Connections178ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 110. 3. Complete the settings as expla

Virtual Private Networking Using IPSec Connections179 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The new

Introduction18ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Using the Rack-Mounting KitUse the mounting kit for the VPN firewall to install the ap

Virtual Private Networking Using IPSec Connections180ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 111. 7. On the Add IKE Policy screen,

Virtual Private Networking Using IPSec Connections181 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The settings that are explained in the f

Virtual Private Networking Using IPSec Connections182ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 RemoteIdentifier Type From the drop-down list,

Virtual Private Networking Using IPSec Connections183 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53088. Click Apply to save your settings. The IKE

Virtual Private Networking Using IPSec Connections184ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a PC that has t

Virtual Private Networking Using IPSec Connections185 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 113. 3. Change the name of the authent

Virtual Private Networking Using IPSec Connections186ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Specify the settings that are explained in

Virtual Private Networking Using IPSec Connections187 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53087. Specify the settings that are explained in

Virtual Private Networking Using IPSec Connections188ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The IPSec pane displays in the Configuration Pa

Virtual Private Networking Using IPSec Connections189 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to use the new settings immedia

1922. Connecting the VPN Firewall to the InternetThis chapter contains the following sections:• Internet and WAN Configuration Tasks• Log In

Virtual Private Networking Using IPSec Connections190ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Specify the following default lifetimes in

Virtual Private Networking Using IPSec Connections191 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 120. 3. From the client PC, ping a com

Virtual Private Networking Using IPSec Connections192ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Keep-alivesThe keep-alive feature mai

Virtual Private Networking Using IPSec Connections193 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.Configure

Virtual Private Networking Using IPSec Connections194ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. In the IKE SA Parameters section of the scr

Virtual Private Networking Using IPSec Connections195 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 123. 3. Select the Enable NetBIOS chec

19666. Virtual Private NetworkingUsing SSL ConnectionsThe VPN firewall provides a hardware-based SSL VPN solution designed specifically to provide r

Virtual Private Networking Using SSL Connections197 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The SSL VPN client provides a point-to-point (PPP

Virtual Private Networking Using SSL Connections198ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Because you need to assign a group when creating

Virtual Private Networking Using SSL Connections199 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The VPN firewall’s default portal address

2ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 © 2010–2011 NETGEAR, Inc. All rights reservedNo part of this publication may be reproduced, transmi

Connecting the VPN Firewall to the Internet20ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Configure the WAN mode. Select either NAT or classi

Virtual Private Networking Using SSL Connections200ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 125. 3. Complete the settings as explain

Virtual Private Networking Using SSL Connections201 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The new po

Virtual Private Networking Using SSL Connections202ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete one or more portal layouts:1. On the

Virtual Private Networking Using SSL Connections203 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 126. 2. In the Add New Application for P

Virtual Private Networking Using SSL Connections204ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click the Add table button. The new applicati

Virtual Private Networking Using SSL Connections205 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308To delete a name from the List of Configured Host

Virtual Private Networking Using SSL Connections206ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 127. 2. Complete the settings as explain

Virtual Private Networking Using SSL Connections207 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings. VPN tunnel

Virtual Private Networking Using SSL Connections208ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the Configured Client Routes table, to the

Virtual Private Networking Using SSL Connections209 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308- Port Forwarding. The resource applies only

Connecting the VPN Firewall to the Internet21 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The VPN firewall factory default IP address is 1

Virtual Private Networking Using SSL Connections210ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The new co

Virtual Private Networking Using SSL Connections211 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Network resources are prioritized just like other

Virtual Private Networking Using SSL Connections212ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 130. 2. Make your selection from the fol

Virtual Private Networking Using SSL Connections213 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 131. 3. Complete the settings as explain

Virtual Private Networking Using SSL Connections214ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Add SSL VPN PoliciesApply Policy ForSelect one of

Virtual Private Networking Using SSL Connections215 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The policy

Virtual Private Networking Using SSL Connections216ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: If you have configured SSL VPN user polici

Virtual Private Networking Using SSL Connections217 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 132. 3. Enter a user name and password t

Virtual Private Networking Using SSL Connections218ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Change Password. Allows the user to change

21977. Managing Users, Authentication, and CertificatesThis chapter describes how to manage users, authentication, and security certificates for IPS

Connecting the VPN Firewall to the Internet22ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 6. Note: After 10 minutes of inactivity (the d

Managing Users, Authentication, and Certificates220ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 determines the network resources to which the ass

Managing Users, Authentication, and Certificates221 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 136. The List of Domains table displays t

Managing Users, Authentication, and Certificates222ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as explained in the follow

Managing Users, Authentication, and Certificates223 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The domain

Managing Users, Authentication, and Certificates224ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Groups for VPN PoliciesThe use of group

Managing Users, Authentication, and Certificates225 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 138. The List of Groups table displays th

Managing Users, Authentication, and Certificates226ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 default group; you can only delete the domain wit

Managing Users, Authentication, and Certificates227 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure User AccountsWhen you create a user acc

Managing Users, Authentication, and Certificates228ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Click the Add table button. The Add User scre

Managing Users, Authentication, and Certificates229 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete one or more user accounts:1. In the

Connecting the VPN Firewall to the Internet23 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Web Management Interface Menu LayoutThe following figur

Managing Users, Authentication, and Certificates230ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: For security reasons, the Deny Login from

Managing Users, Authentication, and Certificates231 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53086. In the Add Defined Addresses section of the s

Managing Users, Authentication, and Certificates232ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 144. 4. In the Defined Browsers Status s

Managing Users, Authentication, and Certificates233 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Change Passwords and Other User SettingsFor any u

Managing Users, Authentication, and Certificates234ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.Manage Digi

Managing Users, Authentication, and Certificates235 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308You can obtain a digital certificate from a well-

Managing Users, Authentication, and Certificates236ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage CA Certificates To view and upload truste

Managing Users, Authentication, and Certificates237 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage Self-Signed CertificatesInstead of obtaini

Managing Users, Authentication, and Certificates238ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 148. Certificates, screen 2 of 32. In th

Managing Users, Authentication, and Certificates239 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click the Generate table button. A new SCR is

Connecting the VPN Firewall to the Internet24ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Auto Detect. Enable the VPN firewall to detect th

Managing Users, Authentication, and Certificates240ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 c. When prompted for the requested data, copy th

Managing Users, Authentication, and Certificates241 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage the Certificate Revocation ListA Certifica

24288. Network and System ManagementThis chapter describes the tools for managing the network traffic to optimize its performance and the system man

Network and System Management243 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Using four WAN ports in load balancing mode increases the bandwidth

Network and System Management244ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 on the Services screen (see Services-Based Rules on page 83 and Add

Network and System Management245 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Source MAC FilteringIf you want to reduce outgoing traffic by preven

Network and System Management246ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 When you define inbound firewall rules, you can further refine their

Network and System Management247 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308request rather than a response to a requests from the LAN network. A

Network and System Management248ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 QoS profile to firewall rules. The QoS is set individually for each

Network and System Management249 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To modify the administrator user account settings, including the p

Connecting the VPN Firewall to the Internet25 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Automatically Detecting and Connecting To automaticall

Network and System Management250ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. As an option, you can change the idle time-out for an administra

Network and System Management251 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure the VPN firewall for remote management:1. Select Adm

Network and System Management252ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Enter the settings as explained in the following table:3. Click

Network and System Management253 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: For enhanced security, and if practical, restrict remote mana

Network and System Management254ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To access the CLI:1. From your computer’s command-line prompt, en

Network and System Management255 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Create New SNMP Configuration Entry section of the screen

Network and System Management256ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage the VPN Firewall’s SNMP System InformationThe following VPN f

Network and System Management257 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To display the Settings Backup and Firmware Upgrade screen:Select

Network and System Management258ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Restore SettingsWARNING!Restore only settings that were backed up fr

Network and System Management259 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WARNING!When you push the hardware reset button or click the softwar

Connecting the VPN Firewall to the Internet26ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 11. 3. Click the Auto Detect button at the bot

Network and System Management260ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING!Do not try to go online, turn off the VPN firewall, shut dow

Network and System Management261 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The bottom of the screen displays the current weekday, date, time, t

Network and System Management262ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.Note: If you select the defau

26399. Monitoring System Access and PerformanceThis chapter describes the system monitoring features of the VPN firewall. You can be alerted to impo

Monitoring System Access and Performance264ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 159. 2. Enter the settings for the WAN1 port as

Monitoring System Access and Performance265 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.4. If you want to

Monitoring System Access and Performance266ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The contents of the WAN2 Traffic Meter, WAN3 Traffic Mete

Monitoring System Access and Performance267 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 161. The LAN Traffic Meter table show the followi

Monitoring System Access and Performance268ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Enter the settings as explained in the following tabl

Monitoring System Access and Performance269 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 163. To edit a LAN traffic meter account:1. In t

Connecting the VPN Firewall to the Internet27 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• If the auto detect process does not find a connec

Monitoring System Access and Performance270ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 164.

Monitoring System Access and Performance271 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as explained in the following tabl

Monitoring System Access and Performance272ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable E-Mail LogsDo you want logs to be emailed to you?S

Monitoring System Access and Performance273 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.Note: Enabling log

Monitoring System Access and Performance274ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 165. You can refresh the logs, clear the logs, or

Monitoring System Access and Performance275 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308View the System (Router) Status and StatisticsThe Router

Monitoring System Access and Performance276ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 166. View the Detailed Status Screen To view the

Monitoring System Access and Performance277 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 167. The following table explains the fields of t

Monitoring System Access and Performance278ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 VLAN ID The VLAN ID that you assigned to this port on the

Monitoring System Access and Performance279 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The default MAC addresses for the LAN and WAN port

Connecting the VPN Firewall to the Internet28ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: For more information about the WAN Connection St

Monitoring System Access and Performance280ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The following table explains the fields of the Router Sta

Monitoring System Access and Performance281 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To view the VLAN Status screen:Select Monitoring > R

Monitoring System Access and Performance282ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 169. The active user’s user name, group, and IP ad

Monitoring System Access and Performance283 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To view the status of current SSL VPN tunnels:Select VP

Monitoring System Access and Performance284ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 172. To view the SSL VPN log:Select Monitoring &g

Monitoring System Access and Performance285 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308View the Port Triggering Status To view the status of th

Monitoring System Access and Performance286ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 175. The Connection Status screen displays the in

Monitoring System Access and Performance287 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308View the Attached Devices and DHCP LogThe LAN Groups scre

Monitoring System Access and Performance288ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 drop-down list in the Add Known PCs and Devices section o

Monitoring System Access and Performance289 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Use the Diagnostics UtilitiesFrom the Diagnostics screen

Connecting the VPN Firewall to the Internet29 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308In the ISP Login section, select one of the following o

Monitoring System Access and Performance290ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Send a ping packet request to trace the route and t

Monitoring System Access and Performance291 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308appears as a popup window. (The IP addresses that are sho

Monitoring System Access and Performance292ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 180. 2. From the Select Network drop-down list,

2931010. Troubleshooting and Using Online SupportThis chapter provides troubleshooting tips and information for the VPN firewall. After each problem

Troubleshooting and Using Online Support294ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Basic FunctioningAfter you turn on power to the VPN firew

Troubleshooting and Using Online Support295 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN or WAN Port LEDs Not OnIf either the LAN LEDs or WAN

Troubleshooting and Using Online Support296ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Make sure that your browser has Java, JavaScript, o

Troubleshooting and Using Online Support297 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click the Status button in the Action column of the W

Troubleshooting and Using Online Support298ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Troubleshoot a TCP/IP Network Using the Ping UtilityMost

Troubleshooting and Using Online Support299 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Path from Your PC to a Remote DeviceAfter verify

3ContentsChapter 1 IntroductionWhat Is the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308? . . .9Key Features and Capabilities . . . . . . . . . .

Connecting the VPN Firewall to the Internet30ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 7. In the Internet (IP) Address section of the screen,

Troubleshooting and Using Online Support300ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 181. The VPN firewall reboots. During the reboot p

Troubleshooting and Using Online Support301 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Time is off by 1 hour. Cause: The VPN firewall does

302AA. Default Settings and Technical SpecificationsYou can use the reset button located on the rear panel to reset all settings to their factory de

Default Settings and Technical Specifications303ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the physical and technical

Default Settings and Technical Specifications304ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the IPSec VPN specification

Default Settings and Technical Specifications305ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the SSL VPN specifications

306BB. Network Planning for Multiple WAN PortsThis appendix describes the factors to consider when planning a network using a firewall that has more

Network Planning for Multiple WAN Ports307ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Set up your accounts.a. Obtain active Internet services

Network Planning for Multiple WAN Ports308ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Computer Network Configuration RequirementsThe VPN firewall

Network Planning for Multiple WAN Ports309ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Internet Connection InformationPrint this page with the Int

Connecting the VPN Firewall to the Internet31 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53088. In the Domain Name Server (DNS) Servers section of

Network Planning for Multiple WAN Ports310ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Overview of the Planning ProcessThe areas that require plan

Network Planning for Multiple WAN Ports311ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 183. Features such as multiple exposed hosts are no

Network Planning for Multiple WAN Ports312ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Inbound Traffic to a Single WAN Port SystemThe Internet IP

Network Planning for Multiple WAN Ports313ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: Load balancing is implemented for outgoing traffic a

Network Planning for Multiple WAN Ports314ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Dual WAN ports in auto-rollover mode. A dual WAN port

Network Planning for Multiple WAN Ports315ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Road Warrior: Single Gateway WAN Port (Reference Case)I

Network Planning for Multiple WAN Ports316ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 192. The purpose of the FQDN in this case is to togg

Network Planning for Multiple WAN Ports317ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Dual-gateway WAN ports for load balancingVPN Gateway-

Network Planning for Multiple WAN Ports318ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308After a rollover of a gateway WAN port, the previously inac

Network Planning for Multiple WAN Ports319ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Telecommuter (Client-to-Gateway through a NAT Router)No

Connecting the VPN Firewall to the Internet32ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 9. Click Test to evaluate your entries. The VPN firewa

Network Planning for Multiple WAN Ports320ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 199. The IP addresses of the gateway WAN ports can b

Network Planning for Multiple WAN Ports321ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 201. The IP addresses of the gateway WAN ports can b

322CC. System Logs and Error MessagesThis appendix provides examples and explanations of system logs and error message. When applicable, a recommend

System Logs and Error Messages323ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308System Log MessagesThis section describes log messages that belong t

System Logs and Error Messages324ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Login/LogoutThis section describes logs generated by the administrat

System Logs and Error Messages325ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Firewall RestartThis section describes logs that are generated when

System Logs and Error Messages326ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308ICMP Redirect LogsMulticast/Broadcast LogsWAN StatusThis section des

System Logs and Error Messages327ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308This section describes the logs generated when the WAN mode is set t

System Logs and Error Messages328ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308PPP LogsThis section describes the WAN PPP connection logs. The PPP

System Logs and Error Messages329ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• PPTP Idle Timeout LogsExplanation Message 1: PPPoE connection

Connecting the VPN Firewall to the Internet33 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Network Address TranslationNetwork Address Tr

System Logs and Error Messages330ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• PPP Authentication LogsResolved DNS NamesThis section describe

System Logs and Error Messages331ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 97. System logs: IPSec VPN tunnel, tunnel establishmentMessag

System Logs and Error Messages332ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 98. System logs: IPSec VPN tunnel, SA lifetime (150 sec in ph

System Logs and Error Messages333ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 99. System logs: IPSec VPN tunnel, SA lifetime (150 sec in ph

System Logs and Error Messages334ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 101. System logs: IPSec VPN tunnel, Dead Peer Detection andke

System Logs and Error Messages335ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308SSL VPN LogsThis section describes the log messages that are generat

System Logs and Error Messages336ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Traffic Meter LogsRouting LogsThis section explains the logging mess

System Logs and Error Messages337ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN to DMZ LogsDMZ to WAN LogsWAN to LAN LogsDMZ to LAN LogsTable 10

System Logs and Error Messages338ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WAN to DMZ LogsOther Event LogsThis section describes the log messag

System Logs and Error Messages339ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Bandwidth Limit LogsDHCP LogsThis section explains the log messages

Connecting the VPN Firewall to the Internet34ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure the Auto-Rollover Mode and Failure Detection

System Logs and Error Messages340ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Explanation Message 1: The DHCP server is listening on eth0.1.Messag

341DD. Two-Factor AuthenticationThis appendix provides an overview of Two-Factor Authentication, and an example of how to implement the WiKID soluti

Two-Factor Authentication342ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Quick to deploy and manage. The WiKID solution integrates seamlessl

Two-Factor Authentication343ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To use WiKID (for end users):1. Launch the WiKID token software, enter

Two-Factor Authentication344ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 204.

345EE. Notification of ComplianceNETGEAR Wired ProductsRegulatory Compliance InformationThis section includes user requirements for operating this p

Notification of Compliance346ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308FCC Radio Frequency Interference Warnings & InstructionsThis equipme

347IndexNumerics10BaseT, 100BaseT, and 1000BaseT 533322.org 42–45AAAA (authentication, authorization, and accounting) 174AC input 16access, remote man

348ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308on LAN port 108proxy (server) 123sessions 110sites to reduce traffic 244trafficscheduling of 121wh

349ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Differentiated Services Code Point (DSCP) 46, 117Diffie-Hellman (DH) group 164, 172, 179DiffServ (

Connecting the VPN Firewall to the Internet35 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Load Balancing Settings section of the scree

350ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IP groupsassigning in inbound rules 89assigning in outbound rules 85creating 114LAN groupsassignin

351ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308See also VPN tunnelsIPSec VPN logs 158IPSec VPN Wizardclient-to-gateway tunnels, setting up 141def

352ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308maximum transmission unit (MTU) 53MD5 (Message-Digest algorithm 5)IKE polices 163ModeConfig 179RIP

353ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308pingingauto-rollover 34responding on Internet ports 107responding on LAN ports 108troubleshooting

354ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308requirements, hardware 307reserved IP addresses 72reset button 16restarting the traffic meter (or

355ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308status 218tunnel description 196user account 227–228user portal 217viewing logs 283stateful packet

356ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308UPnP (Universal Plug and Play), configuring 132user accounts, configuring 227user database 172user

357ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN IPSec 134mode status, viewing 278NAT mode 33secondary IP addresses 41single port mode 32WAN al

Connecting the VPN Firewall to the Internet36ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The default time to roll over after the primary

Connecting the VPN Firewall to the Internet37 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308routes all outbound HTTPS traffic from the computers on

Connecting the VPN Firewall to the Internet38ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 then a new FTP session could start on the WAN2 interfac

Connecting the VPN Firewall to the Internet39 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 21. 4. Configure the protocol binding settings

4ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Advanced WAN Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51Additio

Connecting the VPN Firewall to the Internet40ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your settings. The protocol bin

Connecting the VPN Firewall to the Internet41 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Secondary WAN AddressesYou can set up a singl

Connecting the VPN Firewall to the Internet42ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click the Secondary Addresses option arrow in the u

Connecting the VPN Firewall to the Internet43 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308If your network has a permanently assigned IP address,

Connecting the VPN Firewall to the Internet44ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 23. 3. Click the Information option arrow in t

Connecting the VPN Firewall to the Internet45 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 24. 4. Access the website of the DDNS service

Connecting the VPN Firewall to the Internet46ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure WAN QoS ProfilesThe VPN firewall can support

Connecting the VPN Firewall to the Internet47 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 25. 2. To enable QoS, select the Yes radio but

Connecting the VPN Firewall to the Internet48ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 26. 3. Enter the settings as explained in the

Connecting the VPN Firewall to the Internet49 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The profile is a

5ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Set Up IP/MAC Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Connecting the VPN Firewall to the Internet50ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To add a priority QoS profile:1. Select Network Conf

Connecting the VPN Firewall to the Internet51 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The profile is a

Connecting the VPN Firewall to the Internet52ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: You can also configure the failure detection met

Connecting the VPN Firewall to the Internet53 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Enter the settings as explained in the following ta

Connecting the VPN Firewall to the Internet54ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your changes.WARNING!Depending

5533. LAN ConfigurationThis chapter describes how to configure the advanced LAN features of your VPN firewall. This chapter contains the following s

LAN Configuration56ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • They are easy to manage. The addition of nodes, as well as moves and other

LAN Configuration57 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN port are forwarded to the default VLAN with PVID 1; packets that leave the LA

LAN Configuration58ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: For information about how to add and edit a VLAN profile, including its D

LAN Configuration59 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DNS ProxyWhen the DNS Proxy option is enabled for a VLAN, the VPN firewall acts a

6ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Edit Network Resources to Specify Addresses . . . . . . . . . . . . . . . . . .209Configure User, G

LAN Configuration60ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Either select an entry from the VLAN Profiles table and click the correspondi

LAN Configuration61 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the following table:Table 12. Edit VLAN P

LAN Configuration62ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable DHCP ServerSelect the Enable DHCP Server radio button to enable the VPN fi

LAN Configuration63 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.Note: For information about how to manage

LAN Configuration64ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Once you have completed the LAN setup, all outbound traffic is allowed and

LAN Configuration65 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure a VLAN to have a unique MAC address:1. Select Network Configurati

LAN Configuration66ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 It is important that you ensure that any secondary LAN addresses are different fr

LAN Configuration67 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To edit a secondary LAN IP address:1. On the LAN Multi-homing screen (see the

LAN Configuration68ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • There is no need to reserve an IP address for a PC in the DHCP server. All

LAN Configuration69 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The Known PCs and Devices table lists the entries in the network database. For ea

7ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308View the WAN Port Connection Status. . . . . . . . . . . . . . . . . . . . . . . . .285View the Atta

LAN Configuration70ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Click the Add table button to add the PC or device to the Known PCs and Devic

LAN Configuration71 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Deleting PCs or Devices from the Network Database To delete one or more PCs or d

LAN Configuration72ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Set Up Address ReservationWhen you specify a reserved IP address for a PC or devi

LAN Configuration73 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To enable and configure the DMZ port: 1. Select Network Configuration > DMZ

LAN Configuration74ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 DHCP Disable DHCP Server If another device on your network is the DHCP server for

LAN Configuration75 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.Note: The DMZ LED next to LAN port 4 (see

LAN Configuration76ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The VPN firewall automatically sets up routes between VLANs and secondary

LAN Configuration77 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the following table:4. Click Apply to sav

LAN Configuration78ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Routing Information ProtocolRouting Information Protocol (RIP), RFC 245

LAN Configuration79 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the following table:Table 16. RIP Configu

8ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Firewall Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

LAN Configuration80ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.Static Route ExampleIn this example, we ass

8144. Firewall ProtectionThis chapter describes how to use the firewall features of the VPN firewall to protect your network. This chapter contains

Firewall Protection82ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Administrator TipsConsider the following operational items:1. As an option, yo

Firewall Protection83 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The maximum number of supported outbound rules is 300, and the maximum number o

Firewall Protection84ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING!Allowing inbound services opens security holes in your VPN firewall. En

Firewall Protection85 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN Users The settings that determine which computers on your network are affec

Firewall Protection86ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Inbound Rules (Port Forwarding)If you have enabled Network Address Translation

Firewall Protection87 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308screen to keep the PC’s IP address constant (see Set Up Address Reservation on

Firewall Protection88ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Table 19. Inbound rules overview Setting DescriptionService The service or ap

Firewall Protection89 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN Users The settings that determine which computers on your network are affec

911. IntroductionThis chapter provides an overview of the features and capabilities of the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308. This c

Firewall Protection90ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Some residential broadband ISP accounts do not allow you to run any serv

Firewall Protection91 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 41. Set LAN WAN RulesThe default outbound policy is to allow all traffic

Firewall Protection92ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 42. 2. Next to Default Outbound Policy, select Block Always from the d

Firewall Protection93 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN WAN Outbound Services RulesYou can define rules that specify exceptions to

Firewall Protection94ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 LAN WAN Inbound Services RulesThe Inbound Services table lists all existing rul

Firewall Protection95 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Set DMZ WAN RulesThe firewall rules for traffic between the DMZ and the Interne

Firewall Protection96ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete or disable one or more rules:1. Select the check box to the left o

Firewall Protection97 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ WAN Inbound Services RulesThe Inbound Services table lists all existing rul

Firewall Protection98ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Set LAN DMZ RulesThe LAN DMZ Rules screen allows you to create rules that defin

Firewall Protection99 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete or disable one or more rules:1. Select the check box to the left o