Netgear SRX5308 User Manual

350 East Plumeria DriveSan Jose, CA 95134USAJuly, 2012202-10536-04v1.0ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Reference Manual

10ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ to LAN Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

LAN Configuration100ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as explained in the following table. The IPv6 address poo

LAN Configuration101 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your changes.IPv6 LAN Address PoolsIf you configure a st

LAN Configuration102ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 56. 2. Enter the settings as explained in the following table:3. Click

LAN Configuration103 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6 LAN Prefixes for Prefix DelegationIf you configure a stateless DHCPv6 serve

LAN Configuration104ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for th

LAN Configuration105 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure the Router Advertisement Daemon for the LAN:1. Select Network Co

LAN Configuration106ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your changes.Advertisement Prefixes for the LANYou need

LAN Configuration107 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 59. 2. Enter the settings as explained in the following table:3. Click

LAN Configuration108ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings. To delete one or more advertisement pref

LAN Configuration109 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. In the Add Secondary LAN IP Address section of the screen, enter the followi

1111. IntroductionThis chapter provides an overview of the features and capabilities of the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 and ex

LAN Configuration110ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 By default, the DMZ port and both inbound and outbound DMZ traffic are disabled.

LAN Configuration111 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 61. 2. Enter the settings as explained in the following table: Table 22

LAN Configuration112ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 DHCP for DMZ Connected ComputersDisable DHCP Server If another device on your ne

LAN Configuration113 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.DMZ Port for IPv6 TrafficThe DMZ Setup (IP

LAN Configuration114ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Stateful DHCPv6 server. The IPv6 clients in the DMZ obtain an interface IP add

LAN Configuration115 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the following table: Table 23. DMZ Setup

LAN Configuration116ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.IPv6 DMZ Address PoolsIf you configure a s

LAN Configuration117 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as explained in the following table:3. Click Apply to sa

LAN Configuration118ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Hosts and routers in the LAN use NDP to determine the link-layer addresses and r

LAN Configuration119 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 64. 4. Enter the settings as explained in the following table:Table 26.

Introduction12ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The VPN firewall is a security solution that protects your network from attacks and in

LAN Configuration120ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your changes.Advertisement Prefixes for the DMZYou need

LAN Configuration121 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 65. 2. Enter the settings as explained in the following table:3. Click

LAN Configuration122ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings. To delete one or more advertisement pref

LAN Configuration123 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 66. 2. Click the Add table button under the Static Routes table. The Ad

LAN Configuration124ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The new static route is added to the Stat

LAN Configuration125 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 68. 3. Enter the settings as explained in the following table: Table 29

LAN Configuration126ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.RIP Version By default, the RIP version is

LAN Configuration127 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv4 Static Route ExampleIn this example, we assume the following:• The VPN fire

LAN Configuration128ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 69. 3. Click the Add table button under the Static Routes table. The Ad

LAN Configuration129 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings. The new static route is added to the List

Introduction13 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• One console port for local management.• SNMP support with SNMPv1, SNMPv2c, and SNMPv

13044. Firewall ProtectionThis chapter describes how to use the firewall features of the VPN firewall to protect your network. The chapter contains

Firewall Protection131 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308incoming packet is in response to an outgoing request, but true stateful packe

Firewall Protection132ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 A firewall has two default rules, one for inbound traffic and one for outbound

Firewall Protection133 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Outbound Rules (Service Blocking)The VPN firewall allows you to block the use

Firewall Protection134ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 LAN Users The settings that determine which computers on your network are affe

Firewall Protection135 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Inbound Rules (Port Forwarding)If you have enabled Network Address Translation

Firewall Protection136ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Whether or not DHCP is enabled, how the computer accesses the server’s LAN add

Firewall Protection137 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 33. Inbound rules overview Setting Description Inbound RulesService Th

Firewall Protection138ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 LAN Users These settings apply to a LAN WAN inbound rule when the WAN mode is

Firewall Protection139 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: Some residential broadband ISP accounts do not allow you to run any ser

Introduction14ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 - Allows browser-based, platform-independent remote access through a number of popular

Firewall Protection140ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 71. For any traffic attempting to pass through the firewall, the packet

Firewall Protection141 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 72. 2. From the Default Outbound Policy drop-down list, select Block

Firewall Protection142ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 73. 3. From the Default Outbound Policy drop-down list, select Block

Firewall Protection143 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Create LAN WAN Outbound Service RulesYou can define rules that specify excepti

Firewall Protection144ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Unless your selection from the Action drop-down list is BLOCK always, you also

Firewall Protection145 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Create LAN WAN Inbound Service RulesThe Inbound Services table lists all exist

Firewall Protection146ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Enter the settings as explained in Table 33 on page 137. In addition to se

Firewall Protection147 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in Table 33 on page 137. In addition to se

Firewall Protection148ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 78. To change an existing outbound or inbound service rule, in the Acti

Firewall Protection149 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 79. To change an existing outbound or inbound service rule, in the Act

Introduction15 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308network, a 1000-Mbps Gigabit Ethernet network, or a combination of these networks. All

Firewall Protection150ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 IPv4 DMZ WAN Outbound Service Rules To create a new IPv4 DMZ WAN outbound rul

Firewall Protection151 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6 DMZ WAN Outbound Service Rules To create a new IPv6 DMZ WAN outbound rul

Firewall Protection152ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 IPv4 DMZ WAN Inbound Service Rules To create a new IPv4 DMZ WAN inbound rule:

Firewall Protection153 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6 DMZ WAN Inbound Service Rules To create a new IPv6 DMZ WAN inbound rule:

Firewall Protection154ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 There is no drop-down list that lets you set the default outbound policy as th

Firewall Protection155 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 85. To change an existing outbound or inbound service rule, in the Act

Firewall Protection156ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 IPv4 LAN DMZ Outbound Service Rules To create a new IPv4 LAN DMZ outbound rul

Firewall Protection157 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 87. 3. Enter the settings as explained in Table 32 on page 133. In ad

Firewall Protection158ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 88. 2. Enter the settings as explained in Table 33 on page 137. In ad

Firewall Protection159 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 89. 3. Enter the settings as explained in Table 33 on page 137. In ad

Introduction16ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Auto-detection of ISP. The VPN firewall automatically senses the type of Internet co

Firewall Protection160ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 90. IPv4 LAN WAN Inbound Rule: Allow a Videoconference from Restricted

Firewall Protection161 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 91. IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT Ma

Firewall Protection162ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: If you arrange with your ISP to have more than one public IP address for

Firewall Protection163 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308this address on the WAN2 Secondary Addresses screen (see Configure Secondary W

Firewall Protection164ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:For security, NETGEAR strongly recommends that you avoid creating an e

Firewall Protection165 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 95. IPv6 DMZ WAN Outbound Rule: Allow a Group of DMZ User to Access an

Firewall Protection166ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Other Firewall Features• Attack Checks• Set Limits for IPv4 Sessions

Firewall Protection167 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as explained in the following table:Table 34. Attack C

Firewall Protection168ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.IPv6 Attack Checks To enable IPv6 attac

Firewall Protection169 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308address. A ping can be used as a diagnostic tool. Keep this check box cleared

Introduction17 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Hardware Features• Front Panel• Rear Panel• Bottom Panel with Product LabelThe front p

Firewall Protection170ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as explained in the following table:4. Click Apply to

Firewall Protection171 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage the Application Level Gateway for SIP SessionsThe application level gat

Firewall Protection172ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: A schedule narrows down the period during which a firewall rule is appl

Firewall Protection173 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 101. 2. In the Add Customer Service section of the screen, enter the

Firewall Protection174ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 102. 2. Modify the settings that you wish to change (see the previous

Firewall Protection175 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Add New Custom IP Group section of the screen, do the following:•

Firewall Protection176ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete an IP group:1. In the Custom IP Groups table, select the check bo

Firewall Protection177 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 105. 2. Under the List of Bandwidth Profiles table, click the Add tab

Firewall Protection178ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The new bandwidth profile is added to t

Firewall Protection179 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Create Quality of Service Profiles for IPv4 Firewall RulesA Quality of Service

Introduction18ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Table 1. LED descriptions LED Activity DescriptionPower On (green) Power is supplied

Firewall Protection180ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 108. 3. Enter the settings as explained in the following table.4. Cl

Firewall Protection181 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To edit a QoS profile:1. In the List of QoS Profiles table, click the Edit

Firewall Protection182ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Several types of blocking are available:• Web component blocking. You can bloc

Firewall Protection183 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• If the keyword “.com” is specified, only websites with other domain suffixes

Firewall Protection184ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. In the Web Components section of the screen, select the components that yo

Firewall Protection185 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Set a Schedule to Block or Allow Specific TrafficSchedules define the time fra

Firewall Protection186ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable Source MAC FilteringThe Source MAC Filter screen enables you to permit

Firewall Protection187 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The MAC Address field in the Add Source

Firewall Protection188ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 There are three possible scenarios in relation to the addresses in the IP/MAC

Firewall Protection189 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your changes. 4. In the IP/MAC Bindings sections of t

Introduction19 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Rear PanelThe rear panel of the VPN firewall includes a console port, a Factory Defaul

Firewall Protection190ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Click the Stop button. Wait until the Poll Interval field becomes availabl

Firewall Protection191 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. In the IP/MAC Bindings sections of the screen, enter the settings as expla

Firewall Protection192ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click the Set Interval button. Wait for the confirmation that the operatio

Firewall Protection193 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 116. 2. In the Add Port Triggering Rule section, enter the settings a

Firewall Protection194ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To remove one or more port triggering rules from the table:1. Select the ch

Firewall Protection195 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The UPnP Portmap Table in the lower part of the screen shows the IP addresses

19655. Virtual Private Networking Using IPSec and L2TP ConnectionsThis chapter describes how to use the IP security (IPSec) virtual private networki

Virtual Private Networking Using IPSec and L2TP Connections197 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following diagrams and table show

Virtual Private Networking Using IPSec and L2TP Connections198ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Use the IPSec VPN Wizard for Client an

Virtual Private Networking Using IPSec and L2TP Connections199 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308following screen contains some example

2ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 © 2010–2012 NETGEAR, Inc. All rights reserved.No part of this publication may be reproduced, trans

Introduction20ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Choose a Location for the VPN FirewallThe VPN firewall is suitable for use in an offic

Virtual Private Networking Using IPSec and L2TP Connections200ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 123. 2. Complete the settings

Virtual Private Networking Using IPSec and L2TP Connections201 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Tip: To ensure that tunnels stay acti

Virtual Private Networking Using IPSec and L2TP Connections202ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 124. 4. Configure a VPN polic

Virtual Private Networking Using IPSec and L2TP Connections203 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Create an IPv6 Gateway-to-Gateway VPN

Virtual Private Networking Using IPSec and L2TP Connections204ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To view the wizard default settings, c

Virtual Private Networking Using IPSec and L2TP Connections205 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Tip: To ensure that tunnels stay acti

Virtual Private Networking Using IPSec and L2TP Connections206ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Activate the IPSec VPN connection:

Virtual Private Networking Using IPSec and L2TP Connections207 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Use the VPN Wizard to Configure the Ga

Virtual Private Networking Using IPSec and L2TP Connections208ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections209 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 133. Note: When you are using

Introduction21 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Log In to the VPN FirewallNote: To connect the VPN firewall physically to your networ

Virtual Private Networking Using IPSec and L2TP Connections210ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a comp

Virtual Private Networking Using IPSec and L2TP Connections211 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 135. 3. Select the A router o

Virtual Private Networking Using IPSec and L2TP Connections212ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 137. 6. This screen is a summ

Virtual Private Networking Using IPSec and L2TP Connections213 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308c. Specify the settings that are expl

Virtual Private Networking Using IPSec and L2TP Connections214ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 139. b. Specify the default l

Virtual Private Networking Using IPSec and L2TP Connections215 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure the Authentication Settings

Virtual Private Networking Using IPSec and L2TP Connections216ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: This is the name for the authen

Virtual Private Networking Using IPSec and L2TP Connections217 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections218ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 8. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections219 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 144. 3. Specify the settings

Introduction22ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The first time that you remotely connect to the VPN firewall with a browser thr

Virtual Private Networking Using IPSec and L2TP Connections220ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections221 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Connection and View Connectio

Virtual Private Networking Using IPSec and L2TP Connections222ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 147. • Use the system-tray ico

Virtual Private Networking Using IPSec and L2TP Connections223 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308NETGEAR VPN Client Status and Log Info

Virtual Private Networking Using IPSec and L2TP Connections224ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 interval period, enter a new value in

Virtual Private Networking Using IPSec and L2TP Connections225 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage IPSec VPN Policies• Manage IKE

Virtual Private Networking Using IPSec and L2TP Connections226ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 examples.) To display the IPv6 setting

Virtual Private Networking Using IPSec and L2TP Connections227 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: You cannot delete or edit an IK

Virtual Private Networking Using IPSec and L2TP Connections228ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Complete the settings as explained

Virtual Private Networking Using IPSec and L2TP Connections229 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Identifier From the drop-down list, se

Introduction23 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Web Management Interface Menu LayoutThe following figure shows the menu at the top the

Virtual Private Networking Using IPSec and L2TP Connections230ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Authentication Method Select one of th

Virtual Private Networking Using IPSec and L2TP Connections231 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections232ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 endpoints (the local ID endpoint and t

Virtual Private Networking Using IPSec and L2TP Connections233 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Each policy contains the data that are

Virtual Private Networking Using IPSec and L2TP Connections234ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Specify the IP version for which y

Virtual Private Networking Using IPSec and L2TP Connections235 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 158. Add New VPN Policy screen

Virtual Private Networking Using IPSec and L2TP Connections236ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Policy Type From the drop-down list, s

Virtual Private Networking Using IPSec and L2TP Connections237 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Traffic SelectionLocal IP From the dro

Virtual Private Networking Using IPSec and L2TP Connections238ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Key-Out The encryption key for the out

Virtual Private Networking Using IPSec and L2TP Connections239 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings.

Introduction24ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 - The IPv6 button is operational but the IPv4 button is disabled. You can configure

Virtual Private Networking Using IPSec and L2TP Connections240ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 requesting individual authentication i

Virtual Private Networking Using IPSec and L2TP Connections241 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. In the Extended Authentication sec

Virtual Private Networking Using IPSec and L2TP Connections242ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 user name and password information. Th

Virtual Private Networking Using IPSec and L2TP Connections243 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections244ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Assign IPv4 Addresses to Remote Users

Virtual Private Networking Using IPSec and L2TP Connections245 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure Mode Config on the VPN

Virtual Private Networking Using IPSec and L2TP Connections246ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Complete the settings as explained

Virtual Private Networking Using IPSec and L2TP Connections247 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections248ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 162. 8. On the Add IKE Policy

Virtual Private Networking Using IPSec and L2TP Connections249 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 59. Add IKE Policy screen setti

Introduction25 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Requirements for Entering IP AddressesTo connect to the VPN firewall, your computer ne

Virtual Private Networking Using IPSec and L2TP Connections250ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 IKE SA ParametersNote: Generally, the

Virtual Private Networking Using IPSec and L2TP Connections251 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53089. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections252ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a comp

Virtual Private Networking Using IPSec and L2TP Connections253 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Change the name of the authenticat

Virtual Private Networking Using IPSec and L2TP Connections254ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections255 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53088. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections256ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 167. 3. Specify the settings

Virtual Private Networking Using IPSec and L2TP Connections257 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to use the new setting

Virtual Private Networking Using IPSec and L2TP Connections258ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Specify the following default life

Virtual Private Networking Using IPSec and L2TP Connections259 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 171. 3. From the client compu

2622. IPv4 and IPv6 Internet and WAN SettingsThis chapter explains how to configure the IPv4 and IPv6 Internet and WAN settings. The chapter contain

Virtual Private Networking Using IPSec and L2TP Connections260ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 For DPD to function, the peer VPN devi

Virtual Private Networking Using IPSec and L2TP Connections261 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Enter the settings as explained in

Virtual Private Networking Using IPSec and L2TP Connections262ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 173. 4. In the IKE SA Paramet

Virtual Private Networking Using IPSec and L2TP Connections263 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Specify the IP version for which y

Virtual Private Networking Using IPSec and L2TP Connections264ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To enable the PPTP server and config

Virtual Private Networking Using IPSec and L2TP Connections265 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The List of PPTP Active Users table li

Virtual Private Networking Using IPSec and L2TP Connections266ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 177. 2. Enter the settings as

Virtual Private Networking Using IPSec and L2TP Connections267 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The List of L2TP Active Users table li

26866. Virtual Private Networking Using SSL ConnectionsThe VPN firewall provides a hardware-based SSL VPN solution designed specifically to provide

Virtual Private Networking Using SSL Connections269 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The SSL VPN client provides a point-to-point (PPP

IPv4 and IPv6 Internet and WAN Settings27 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Tasks to Set Up IPv4 Internet Connections to Your ISPs Com

Virtual Private Networking Using SSL Connections270ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Because you need to assign a group when creating

Virtual Private Networking Using SSL Connections271 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308You can define individual layouts for the SSL VPN

Virtual Private Networking Using SSL Connections272ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Portal URL:- Portal URL (IPv4). The IPv4 URL at

Virtual Private Networking Using SSL Connections273 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Complete the settings as explained in the fol

Virtual Private Networking Using SSL Connections274ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your settings. The new po

Virtual Private Networking Using SSL Connections275 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308access policies. When you create a group, you nee

Virtual Private Networking Using SSL Connections276ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the Add New Application for Port Forwardin

Virtual Private Networking Using SSL Connections277 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To add servers and host names for client name r

Virtual Private Networking Using SSL Connections278ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Select whether you want to enable full-tunnel o

Virtual Private Networking Using SSL Connections279 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 184. SSL VPN Client screen for IPv63. Co

IPv4 and IPv6 Internet and WAN Settings28ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Configure the IPv6 tunnels. Enable 6to4 tunnels and con

Virtual Private Networking Using SSL Connections280ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. VPN tunnel

Virtual Private Networking Using SSL Connections281 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308If VPN tunnel clients are already connected, disc

Virtual Private Networking Using SSL Connections282ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 185. 2. In the Add New Resource section

Virtual Private Networking Using SSL Connections283 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6, this screen is identical to the screen for

Virtual Private Networking Using SSL Connections284ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your settings. The new co

Virtual Private Networking Using SSL Connections285 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Assuming that no conflicting user or group polici

Virtual Private Networking Using SSL Connections286ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click the Display action button. The List of

Virtual Private Networking Using SSL Connections287 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308.Figure 189. Add SSL VPN Policy screen for IPv64

Virtual Private Networking Using SSL Connections288ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Apply Policy to? (continued)IP Address Policy Nam

Virtual Private Networking Using SSL Connections289 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings. The policy

IPv4 and IPv6 Internet and WAN Settings29 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note the following about NAT:• The VPN firewall uses NAT to

Virtual Private Networking Using SSL Connections290ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Access the New SSL Portal Login ScreenAll screens

Virtual Private Networking Using SSL Connections291 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 192. 4. Enter a user name and password t

Virtual Private Networking Using SSL Connections292ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 194. The User Portal screen displays a si

Virtual Private Networking Using SSL Connections293 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 195. The active user’s name, group, and IP

29477. Manage Users, Authentication, and VPN CertificatesThis chapter describes how to manage users, authentication, and security certificates for I

Manage Users, Authentication, and VPN Certificates295 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Except in the case of IPSec VPN users, when you

Manage Users, Authentication, and VPN Certificates296ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Authentication Domains, Groups, and U

Manage Users, Authentication, and VPN Certificates297 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The List of Domains table displays the domains

Manage Users, Authentication, and VPN Certificates298ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Authentication Type (continued)Note: If you se

Manage Users, Authentication, and VPN Certificates299 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The doma

3ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 202-10536-02 1.0 July 2011 Added new features that are documented in the following sections:• Confi

IPv4 and IPv6 Internet and WAN Settings30ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the NAT (Network Address Translation) section of the

Manage Users, Authentication, and VPN Certificates300ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Edit Domains To edit a domain:1. Select Users

Manage Users, Authentication, and VPN Certificates301 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Create Groups To create a VPN group:1. Select

Manage Users, Authentication, and VPN Certificates302ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Complete the settings as explained in the f

Manage Users, Authentication, and VPN Certificates303 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure User AccountsWhen you create a user a

Manage Users, Authentication, and VPN Certificates304ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 201. The List of Users table displays t

Manage Users, Authentication, and VPN Certificates305 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the foll

Manage Users, Authentication, and VPN Certificates306ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Set User Login PoliciesYou can restrict the abi

Manage Users, Authentication, and VPN Certificates307 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Login Restrictions Based on IPv4 Addr

Manage Users, Authentication, and VPN Certificates308ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. In the Add Defined Addresses section of the

Manage Users, Authentication, and VPN Certificates309 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 205. 5. In the Defined Addresses Statu

IPv4 and IPv6 Internet and WAN Settings31 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308You can set the failure detection method for each WAN inter

Manage Users, Authentication, and VPN Certificates310ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete one or more IPv6 addresses:1. In t

Manage Users, Authentication, and VPN Certificates311 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53086. In the Add Defined Browser section of the s

Manage Users, Authentication, and VPN Certificates312ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To modify user settings, including passwords:

Manage Users, Authentication, and VPN Certificates313 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.Manage Di

Manage Users, Authentication, and VPN Certificates314ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 both the IPSec VPN certificate repository and t

Manage Users, Authentication, and VPN Certificates315 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Self Certificate Requests table. Contains the

Manage Users, Authentication, and VPN Certificates316ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the Upload Trusted Certificates section

Manage Users, Authentication, and VPN Certificates317 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN firewall. The CSR is a file that contains i

Manage Users, Authentication, and VPN Certificates318ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click the Generate table button. A new SCR

Manage Users, Authentication, and VPN Certificates319 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53086. Submit your SCR to a CA:a. Connect to the w

IPv4 and IPv6 Internet and WAN Settings32ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • If the autodetect process senses a connection method that

Manage Users, Authentication, and VPN Certificates320ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage the VPN Certificate Revocation ListA Cer

32188. Network and System ManagementThis chapter describes the tools for managing the network traffic to optimize its performance and the system man

Network and System Management322ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 In practice, the WAN-side bandwidth capacity is much lower when DSL

Network and System Management323 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following section summarizes the various criteria that you can a

Network and System Management324ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 For information about how to define bandwidth profiles, see Create B

Network and System Management325 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308ON the LAN WAN screen, if you have not defined any rules, only the d

Network and System Management326ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 addresses to groups. For more information, see Create IP Groups on p

Network and System Management327 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Exposed HostsSpecifying an exposed host allows you to set up a compu

Network and System Management328ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 method for allocating and limiting traffic, thus allocating LAN user

Network and System Management329 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 213. 2. In the Action column of the List of Users table, cl

IPv4 and IPv6 Internet and WAN Settings33 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 13. The Connection Status screen should show a vali

Network and System Management330ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click Apply to save your settings.7. Repeat Step 1 through Step

Network and System Management331 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308misuse it in many ways, NETGEAR highly recommends that you change th

Network and System Management332ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 216. Remote Management screen for IPv63. Enter the settings

Network and System Management333 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WARNING:If you are remotely connected to the VPN firewall and you se

Network and System Management334ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: If you are using a Dynamic DNS service such as TZO, you can id

Network and System Management335 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure the SNMP settings:1. Select Administration > SNMP

Network and System Management336ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 2. To specify a new SNMP configuration, in the Create New SNMP Conf

Network and System Management337 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete one or more SNMP configurations:1. On the SNMP screen (

Network and System Management338ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your changes. To configure the SNMP system

Network and System Management339 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Manage the Configuration FileThe configuration settings of the VPN f

IPv4 and IPv6 Internet and WAN Settings34ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The IPv4 WAN Settings table displays the following fields:•

Network and System Management340ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Back Up SettingsThe backup feature saves all VPN firewall settings t

Network and System Management341 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WARNING:Once you start restoring settings, do not interrupt the proc

Network and System Management342ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Upgrade the FirmwareYou can install a different version of the VPN f

Network and System Management343 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Select the Firmware and Reboot the VPN FirewallAfter you have upgrad

Network and System Management344ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To set time, date, and NTP servers:1. Select Administration >

Network and System Management345 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Select NTP Mode In all three NTP modes, the VPN firewall functions b

Network and System Management346ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.Note: If you select the defau

34799. Monitor System Access and PerformanceThis chapter describes the system-monitoring features of the VPN firewall. You can be alerted to importa

Monitor System Access and Performance348ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 223. 2. Enter the settings for the WAN1 interface a

Monitor System Access and Performance349 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.4. If you want to ena

IPv4 and IPv6 Internet and WAN Settings35 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 16. 6. If your connection is PPTP or PPPoE, your I

Monitor System Access and Performance350ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 screen displays the traffic meter’s start and end dates. If

Monitor System Access and Performance351 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click the LAN Traffic Meter tab. The LAN Traffic Meter s

Monitor System Access and Performance352ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click Apply to save your settings. The new account is ad

Monitor System Access and Performance353 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 228. To edit a LAN traffic meter account:1. In the

Monitor System Access and Performance354ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 229.

Monitor System Access and Performance355 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as explained in the following table:T

Monitor System Access and Performance356ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable E-mail LogsDo you want logs to be emailed to you?Sele

Monitor System Access and Performance357 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.Note: Enabling routin

Monitor System Access and Performance358ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 230. You can refresh the logs, clear the logs, or se

Monitor System Access and Performance359 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308How to Send Syslogs over a VPN Tunnel between Sites To send

IPv4 and IPv6 Internet and WAN Settings36ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 7. In the Internet (IP) Address section of the screen (see

Monitor System Access and Performance360ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. In the Traffic Selector section of the screen, make the

Monitor System Access and Performance361 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308View Status Screens• View the System Status• View the VPN Co

Monitor System Access and Performance362ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Router Status Screen To view the Router Status screen:Selec

Monitor System Access and Performance363 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN (VLAN) IPv4 InformationFor each of the four LAN ports, t

Monitor System Access and Performance364ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Router Statistics Screen To view the Router Statistics scre

Monitor System Access and Performance365 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Detailed Status ScreenTo view the Detailed Status screen, se

Monitor System Access and Performance366ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The following table explains the fields of the Detailed Stat

Monitor System Access and Performance367 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ IPv6 ConfigurationIPv6 Address The IPv6 address and pref

Monitor System Access and Performance368ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 VLAN Status ScreenThe VLAN Status screen displays informatio

Monitor System Access and Performance369 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following table explains the fields of the VLAN Status s

IPv4 and IPv6 Internet and WAN Settings37 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53088. In the Domain Name Server (DNS) Servers section of the

Monitor System Access and Performance370ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The IPv6 Tunnel Status table shows the following fields:• Tu

Monitor System Access and Performance371 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 238. The active user’s user name, group, and IP addre

Monitor System Access and Performance372ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 240. The List of PPTP Active Users table lists each a

Monitor System Access and Performance373 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To display the SSL VPN log:Select Monitoring > VPN Logs

Monitor System Access and Performance374ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 244. The Port Triggering Status screen displays the

Monitor System Access and Performance375 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 245. 2. In the Action column, click the Status butt

Monitor System Access and Performance376ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Click Disconnect to disconnect the connection; click Connect

Monitor System Access and Performance377 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 248. The type of connection determines the informati

Monitor System Access and Performance378ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 View the Attached Devices To view the attached devices on t

Monitor System Access and Performance379 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: If the VPN firewall is rebooted, the data in the Know

IPv4 and IPv6 Internet and WAN Settings38ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 9. Click Apply to save your changes.10. Click Test to eval

Monitor System Access and Performance380ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Diagnostics Utilities• Send a Ping Packet• Trace a Route• Lo

Monitor System Access and Performance381 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 252. The various tasks that you can perform on the D

Monitor System Access and Performance382ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To send a traceroute:1. On the Diagnostics screen for IPv

Monitor System Access and Performance383 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 253. 2. From the Select Network drop-down list, sel

3841010. TroubleshootingThis chapter provides troubleshooting tips and information for the VPN firewall. After each problem description, instruction

Troubleshooting385 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The VPN firewall’s diagnostic tools are explained in Diagnostics Utilities

Troubleshooting386ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  If all LEDs are still on more than several minutes minute after power-up, do the

Troubleshooting387 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Make sure that you are using the SSL https://address login rather than the http:

Troubleshooting388ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Troubleshoot the ISP ConnectionIf your VPN firewall is unable to access the Intern

Troubleshooting389 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308assigned domain name or workgroup name in the Domain Name field, and you might hav

IPv4 and IPv6 Internet and WAN Settings39 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Load Balancing or Auto-RolloverThe VPN firewall c

Troubleshooting390ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 - Windows Server 2008 R2, all versions- Windows Server 2003, all versions- Windows

Troubleshooting391 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308c. Click or double-click View status of this connection. The Local Area Connectio

Troubleshooting392ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 f. Make sure that an IPv6 address shows. The previous figure does not show an IPv

Troubleshooting393 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Path from Your Computer to a Remote DeviceAfter verifying that the LAN pa

Troubleshooting394ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 257. b. In the Backup / Restore Settings section of the screen, click the

Troubleshooting395 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Address Problems with Date and TimeThe System Date & Time screen displays the

396AA. Default Settings and Technical SpecificationsThis appendix provides the default settings and the physical and technical specifications of the

Default Settings and Technical Specifications397ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WAN settingsWAN IPv4 mode (all WAN interfaces) NATWAN

Default Settings and Technical Specifications398ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ DHCP IPv4 starting address 176.16.2.100DMZ DHCP I

Default Settings and Technical Specifications399ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Session limits DisabledTCP time-out 1200 secondsUDP t

4ContentsChapter 1 IntroductionWhat Is the ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308? . .11Key Features and Capabilities . . . . . . . . . .

IPv4 and IPv6 Internet and WAN Settings40ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Protocol binding addresses two issues:• Segregation of

Default Settings and Technical Specifications400ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Authentication method Pre-shared KeyKey group DH-Grou

Default Settings and Technical Specifications401ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308RADIUS settingsPrimary RADIUS server Disabled and non

Default Settings and Technical Specifications402ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Physical and Technical SpecificationsThe following ta

Default Settings and Technical Specifications403ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the IPSec VPN specification

404BB. Network Planning for Multiple WAN Ports (IPv4 Only)This appendix describes the factors to consider when planning a network using a firewall t

Network Planning for Multiple WAN Ports (IPv4 Only)405 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Protocol binding.- For auto-rollover mode, p

Network Planning for Multiple WAN Ports (IPv4 Only)406ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Cabling and Computer Hardware RequirementsFor

Network Planning for Multiple WAN Ports (IPv4 Only)407 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308After you have located your Internet configura

Network Planning for Multiple WAN Ports (IPv4 Only)408ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Overview of the Planning ProcessThe areas that

Network Planning for Multiple WAN Ports (IPv4 Only)409 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Features such as multiple exposed hosts are no

IPv4 and IPv6 Internet and WAN Settings41 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308connection to the Internet could be made on the WAN3 interf

Network Planning for Multiple WAN Ports (IPv4 Only)410ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 261. Inbound Traffic to a Dual WAN Port

Network Planning for Multiple WAN Ports (IPv4 Only)411 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 263. Virtual Private Networks• VPN Road

Network Planning for Multiple WAN Ports (IPv4 Only)412ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 • Dual WAN ports in auto-rollover mode. A gate

Network Planning for Multiple WAN Ports (IPv4 Only)413 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Road Warrior: Single-Gateway WAN Port (Ref

Network Planning for Multiple WAN Ports (IPv4 Only)414ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 268. The purpose of the FQDN in this ca

Network Planning for Multiple WAN Ports (IPv4 Only)415 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Gateway-to-GatewayThe following situations

Network Planning for Multiple WAN Ports (IPv4 Only)416ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 271. The IP addresses of the gateway WA

Network Planning for Multiple WAN Ports (IPv4 Only)417 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 273. The IP addresses of the gateway WA

Network Planning for Multiple WAN Ports (IPv4 Only)418ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The IP address of the gateway WAN port can be

Network Planning for Multiple WAN Ports (IPv4 Only)419 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Telecommuter: Dual-Gateway WAN Ports for L

IPv4 and IPv6 Internet and WAN Settings42ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 22. 4. Configure the protocol binding settings as

420CC. System Logs and Error MessagesThis appendix provides examples and explanations of system logs and error message. When applicable, a recommend

System Logs and Error Messages421ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308System Log Messages• NTP• Login/Logout• System Startup• Reboot• Fire

System Logs and Error Messages422ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Login/LogoutThis section describes logs generated by the administrat

System Logs and Error Messages423ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308RebootThis section describes the log message generated during system

System Logs and Error Messages424ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308ICMP Redirect LogsMulticast/Broadcast LogsWAN StatusThis section des

System Logs and Error Messages425ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Auto-RolloverWhen the WAN mode is configured for auto-rollover, the

System Logs and Error Messages426ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308PPP LogsThis section describes the WAN PPP connection logs. The PPP

System Logs and Error Messages427ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• PPTP Idle Timeout LogsExplanation Message 1: PPPoE connection star

System Logs and Error Messages428ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• PPP Authentication LogsResolved DNS NamesThis section describes th

System Logs and Error Messages429ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 121. System logs: IPSec VPN tunnel, tunnel establishment Mess

IPv4 and IPv6 Internet and WAN Settings43 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings. The protocol binding

System Logs and Error Messages430ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 122. System logs: IPSec VPN tunnel, SA lifetime (150 sec in p

System Logs and Error Messages431ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 123. System logs: IPSec VPN tunnel, SA lifetime (150 sec in p

System Logs and Error Messages432ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 125. System logs: IPSec VPN tunnel, Dead Peer Detection and

System Logs and Error Messages433ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308SSL VPN LogsThis section describes the log messages that are generat

System Logs and Error Messages434ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Traffic Meter LogsRouting Logs• LAN to WAN Logs• LAN to DMZ Logs• DM

System Logs and Error Messages435ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN to WAN LogsLAN to DMZ LogsDMZ to WAN LogsWAN to LAN LogsTable 13

System Logs and Error Messages436ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ to LAN LogsWAN to DMZ LogsOther Event Logs• Session Limit Logs•

System Logs and Error Messages437ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Source MAC Filter LogsBandwidth Limit LogsDHCP LogsThis section expl

System Logs and Error Messages438ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Table 142. DHCP logs Message 1 Message 2 Message 3 Message 4 Messag

439DD. Two-Factor AuthenticationThis appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID soluti

IPv4 and IPv6 Internet and WAN Settings44ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure the Auto-Rollover Mode and Failure Detection Meth

Two-Factor Authentication440ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308• Quick to deploy and manage. The WiKID solution integrates seamlessly wi

Two-Factor Authentication441ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Here is an example of how WiKID works: To use WiKID (for end users):1.

Two-Factor Authentication442ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Proceed to the 2 Factor Authentication login screen, and enter the on

443EE. Notification of Compliance (Wired)NETGEAR Wired ProductsRegulatory Compliance InformationThis section includes user requirements for operatin

Notification of Compliance (Wired)444ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308FCC Radio Frequency Interference Warnings & InstructionsThis

Notification of Compliance (Wired)445ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Additional CopyrightsAES Copyright (c) 2001, Dr. Brian Gladman,

Notification of Compliance (Wired)446ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights rese

447IndexNumerics10BASE-T, 100BASE-T, and 1000BASE-T speeds 703322.org 48–516to4 tunnelsconfiguring globally 63DMZ, configuring for 121LAN, configuring

448ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Bbacking up configuration file 340bandwidth allocation, WAN traffic 72–76bandwidth capacity 321ban

449ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308firewall rules 132group, users 300idle time-out periodsgroups 302L2TP server 266PPTP server 264use

IPv4 and IPv6 Internet and WAN Settings45 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Load Balancing Settings section of the screen, c

450ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Domain Name Server. See DNS.domain name, PPTP and PPPoE connections 35domains for authentication 2

451ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Hhardwarefront panel ports 17rear panel components 19requirements 406Help button (web management i

452ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308resources, configuring 283static or permanent 32, 37subnet mask, default 85subnet mask, DMZ port 1

453ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308bandwidth capacity 321default port MAC addresses 366default settings 398groups, assigning and mana

454ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308metricstatic IPv4 routes 124static IPv6 routes 129MIAS (Microsoft Internet Authentication Service)

455ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308WiKIDpass-through, multicast 168passwordschanging 311, 328default 22restoring 393Perfect Forward S

456ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308LAN advertisements 107prefixes, IPv66to4 tunnel 63DMZ advertisements 121ISATAP tunnel 65LAN advert

457ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6 (IPv4-only and IPv4/IPv6) 52routing tableadding static IPv4 routes 122adding static IPv6 rout

458ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308stateless and stateful IPv6 addresses, autoconfiguration 54, 100, 115Stateless IP/ICMP Translation

459ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308UUDP (User Datagram Protocol) 193UDP flood, blocking 167UDP time-out 170unicast packets, IPv6DMZ,

IPv4 and IPv6 Internet and WAN Settings46ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The default time to roll over after the primary WAN

460ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308pre-shared keyclient-to-gateway tunnel 208gateway-to-gateway tunnel 200, 204IKE policy settings 23

IPv4 and IPv6 Internet and WAN Settings47 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308After you have configured secondary WAN addresses, these ad

IPv4 and IPv6 Internet and WAN Settings48ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 24. The List of Secondary WAN addresses table displ

IPv4 and IPv6 Internet and WAN Settings49 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308domain, and restores DNS requests for the resulting fully q

5ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure a Static IPv6 Internet Connection. . . . . . . . . . . . . . . . . . . . . .57Configure a

IPv4 and IPv6 Internet and WAN Settings50ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 25. 3. Click the Information option arrow in the u

IPv4 and IPv6 Internet and WAN Settings51 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Configure the DDNS service settings as explained in the

IPv4 and IPv6 Internet and WAN Settings52ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: You can configure only one WAN interface for IPv6. T

IPv4 and IPv6 Internet and WAN Settings53 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308These are the options:• IPv4-only mode. The VPN firewall co

IPv4 and IPv6 Internet and WAN Settings54ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:Changing the IP routing mode causes the VPN firewal

IPv4 and IPv6 Internet and WAN Settings55 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308The IPv6 WAN Settings table displays the following fields:•

IPv4 and IPv6 Internet and WAN Settings56ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. As an optional step: If you have selected the Stateless

IPv4 and IPv6 Internet and WAN Settings57 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Configure a Static IPv6 Internet ConnectionTo configure a s

IPv4 and IPv6 Internet and WAN Settings58ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 32. 4. In the Internet Address section of the scre

IPv4 and IPv6 Internet and WAN Settings59 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53086. Click Apply to save your changes.7. Verify the connect

6ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Order of Precedence for Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Config

IPv4 and IPv6 Internet and WAN Settings60ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure a PPPoE IPv6 Internet ConnectionTo configure a PP

IPv4 and IPv6 Internet and WAN Settings61 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 35. 4. In the Internet Address section of the scre

IPv4 and IPv6 Internet and WAN Settings62ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click Apply to save your changes.7. Verify the connect

IPv4 and IPv6 Internet and WAN Settings63 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: If your ISP requires MAC authentication and another

IPv4 and IPv6 Internet and WAN Settings64ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 36. 2. Select the Enable Automatic Tunneling check

IPv4 and IPv6 Internet and WAN Settings65 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure an ISATAP tunnel:1. Select Network Configur

IPv4 and IPv6 Internet and WAN Settings66ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit an ISATAP tunnel:1. On the ISATAP Tunnels screen

IPv4 and IPv6 Internet and WAN Settings67 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308SIIT functions with IPv4-translated addresses, which are ad

IPv4 and IPv6 Internet and WAN Settings68ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To configure advanced WAN options:1. Select Network Conf

IPv4 and IPv6 Internet and WAN Settings69 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Click the Advanced option arrow in the upper right of t

7ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308User Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241RADIUS

IPv4 and IPv6 Internet and WAN Settings70ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 SpeedIn most cases, the VPN firewall can automatically dete

IPv4 and IPv6 Internet and WAN Settings71 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your changes.WARNING:Depending on t

IPv4 and IPv6 Internet and WAN Settings72ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 If you want to configure the advanced settings for an addit

IPv4 and IPv6 Internet and WAN Settings73 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 44. 2. To enable QoS, select the Yes radio button.

IPv4 and IPv6 Internet and WAN Settings74ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 45. 3. Enter the settings as explained in the foll

IPv4 and IPv6 Internet and WAN Settings75 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Congestion Priority From the drop-down list, select the pri

IPv4 and IPv6 Internet and WAN Settings76ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The profile is added

IPv4 and IPv6 Internet and WAN Settings77 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The profile is added

IPv4 and IPv6 Internet and WAN Settings78ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit a QoS profile:1. In the List of QoS Profiles tab

7933. LAN ConfigurationThis chapter describes how to configure the LAN features of your VPN firewall. The chapter contains the following sections:•

8ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Certificates Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314Ma

LAN Configuration80ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 a single VLAN, they can share resources and bandwidth as if they were connected t

LAN Configuration81 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308packets. Untagged packets that enter these LAN ports are assigned to the default

LAN Configuration82ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 For each VLAN profile, the following fields display in the VLAN Profiles table: •

LAN Configuration83 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308DHCP RelayDHCP relay options allow you to make the VPN firewall a DHCP relay agen

LAN Configuration84ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 48. 2. Click the Add table button under the VLAN Profiles table. The Add

LAN Configuration85 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as explained in the following table: Table 15. Add VLAN P

LAN Configuration86ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable DHCP Server Select the Enable DHCP Server radio button to enable the VPN f

LAN Configuration87 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.Note: Once you have completed the LAN setu

LAN Configuration88ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit a VLAN profile:1. On the LAN Setup screen for IPv4 (see Figure 48 on p

LAN Configuration89 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 50. 3. From the MAC Address for VLANs drop-down list, select Unique. (Th

9ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308When You Enter a URL or IP Address, a Time-Out Error Occurs . . . . . .387Troubleshoot the ISP Conne

LAN Configuration90ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 The following is an example of correctly configured IPv4 addresses:• WAN IP addre

LAN Configuration91 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 To edit a secondary LAN IP address:1. On the LAN Multi-homing screen for IPv4

LAN Configuration92ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 These are some advantages of the network database:• Generally, you do not need to

LAN Configuration93 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 52. The Known PCs and Devices table lists the entries in the network datab

LAN Configuration94ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Add Computers or Devices to the Network Database To add computers or devices man

LAN Configuration95 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Edit Computers or Devices in the Network Database To edit computers or devices m

LAN Configuration96ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit the name of one of the eight available groups:1. Select Network Config

LAN Configuration97 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The reserved address is not assigned until the next time the computer or d

LAN Configuration98ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 DHCPv6 Server OptionsThe IPv6 clients in the LAN can autoconfigure their own IPv6

LAN Configuration99 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308Stateful DHCPv6 ServerThe IPv6 clients in the LAN obtain an interface IP address,