Netgear SRX5308 Specifications Page 164
- Page / 357
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Virtual Private Networking Using IPSec Connections
164
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Authentication Method Select one of the following radio buttons to specify the authentication method:
• Pre-shared key. A secret that is shared between the VPN firewall and the
remote endpoint.
• RSA-Signature. Uses the active self certificate that you uploaded on the
Certificates screen (see Manage Self-Signed Certificates on page 237). The
pre-shared key is masked out when you select the RSA-Signature option.
Pre-shared key A key with a minimum length of 8 characters no more than 49
characters. Do not use a double quote (“) in the key.
Diffie-Hellman (DH)
Group
The DH Group sets the strength of the algorithm in bits. The higher the group, the
more secure the exchange. From the drop-down list, select one of the following
three strengths:
• Group 1 (768 bit).
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit).
Note: Ensure that the DH Group is configured identically on both sides.
SA-Lifetime (sec) The period in seconds for which the IKE SA is valid. When the period times out,
rekeying occurs. The default is 28800 seconds (8 hours).
Enable Dead Peer
Detection
Note: See also
Configure Keep-alives
and Dead Peer
Detection on
page 191.
Select a radio button to specify whether or not Dead Peer Detection (DPD) is
enabled:
• Yes. This feature is enabled. When the VPN firewall detects an IKE connection
failure, it deletes the IPSec and IKE SA and forces a reestablishment of the
connection. You need to specify the detection period in the Detection Period
field and the maximum number of times that the VPN firewall attempts to
reconnect in the Reconnect after failure count field.
• No. This feature is disabled. This is the default setting.
Detection Period The period in seconds between consecutive
DPD R-U-THERE messages, which are sent only when the
IPSec traffic is idle. The default is 10 seconds.
Reconnect after
failure count
The maximum number of DPD failures before the VPN
firewall tears down the connection and then attempts to
reconnect to the peer. The default is 3 failures.
Extended Authentication
XAUTH Configuration
Note: For more
information about
XAUTH and its
authentication modes,
see Configure XAUTH
for VPN Clients on
page 173.
Select one of the following radio buttons to specify whether or not Extended
Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify
user account information:
• None. XAUTH is disabled. This the default setting.
• Edge Device. The VPN firewall functions as a VPN concentrator on which one
or more gateway tunnels terminate. The authentication modes that are available
for this configuration are User Database, RADIUS PAP, or RADIUS CHAP.
• IPSec Host. The VPN firewall functions as a VPN client of the remote gateway.
In this configuration the VPN firewall is authenticated by a remote gateway with
a user name and password combination.
Table 38. Add IKE Policy screen settings (continued)
Setting Description
- ProSafe Gigabit Quad WAN 1
- SSL VPN Firewall SRX5308 1
- Technical Support 2
- Trademarks 2
- Statement of Conditions 2
- Revision History 2
- Contents 3
- Chapter 3 LAN Configuration 4
- Chapter 4 Firewall Protection 4
- Key Features and Capabilities 10
- Introduction 11
- Security Features 12
- Extensive Protocol Support 12
- Maintenance and Support 13
- Package Contents 14
- Hardware Features 14
- Figure 1 15
- Table 1. LED descriptions 15
- Rear Panel 16
- Figure 3 17
- Using the Rack-Mounting Kit 18
- Internet 19
- Log In to the VPN Firewall 20
- Figure 5 21
- Figure 6 22
- Figure 9 24
- Figure 10 25
- Figure 11 26
- Figure 12 27
- Figure 13 28
- Figure 14 29
- Figure 15 30
- Figure 16 31
- Table 5. DNS server settings 31
- Configure the WAN Mode 32
- Configure Classical Routing 33
- Configure Auto-Rollover Mode 34
- Figure 18 35
- Configure Load Balancing 37
- Figure 20 38
- Figure 21 39
- To edit a protocol binding: 40
- Configure Dynamic DNS 42
- To configure DDNS: 43
- Figure 23 44
- Figure 24 45
- Configure WAN QoS Profiles 46
- Figure 25 47
- Figure 26 48
- Figure 27 50
- To edit a QoS profile: 51
- To delete a QoS profile: 51
- Figure 28 52
- What to Do Next 54
- LAN Configuration 55
- Port-Based VLANs 56
- Figure 29 57
- VLAN DHCP Options 58
- Configure a VLAN Profile 59
- Figure 31 60
- To edit a VLAN profile: 64
- Figure 32 65
- Figure 33 66
- Manage the Network Database 68
- Figure 35 70
- Figure 36 71
- Set Up Address Reservation 72
- Figure 37 73
- Manage Routing 75
- Configure Static Routes 76
- Figure 40 78
- Static Route Example 80
- Administrator Tips 82
- Services-Based Rules 83
- Order of Precedence for Rules 90
- Set LAN WAN Rules 91
- Figure 42 92
- Figure 43 93
- Figure 44 94
- Set DMZ WAN Rules 95
- Figure 46 96
- Figure 47 97
- Set LAN DMZ Rules 98
- Figure 49 99
- Figure 50 100
- Inbound Rules Examples 101
- Figure 52 102
- Figure 53 103
- Firewall Protection 104
- Outbound Rules Example 105
- Attack Checks 106
- Figure 56 107
- Set Session Limits 109
- To enable ALG for SIP: 111
- Figure 58 111
- Add Customized Services 112
- To edit a service: 113
- Figure 60 113
- Create IP Groups 114
- Figure 62 115
- To edit an IP group: 115
- To delete an IP group: 115
- To create a QoS profile: 116
- Figure 63 117
- Figure 64 117
- Create Bandwidth Profiles 118
- Figure 65 119
- Figure 66 120
- To set a schedule: 121
- Figure 67 122
- Content Filtering 123
- Figure 68 125
- Enable Source MAC Filtering 126
- Figure 69 127
- Set Up IP/MAC Bindings 128
- Figure 70 129
- Configure Port Triggering 130
- Figure 71 131
- Figure 72 132
- Figure 73 133
- Virtual Private Networking 134
- Using IPSec Connections 134
- Configurations 136
- Figure 77 137
- Figure 78 138
- Figure 79 139
- Figure 80 140
- Figure 81 140
- Figure 82 141
- Figure 83 143
- Figure 84 144
- Figure 85 145
- Figure 86 145
- Figure 87 146
- Figure 88 146
- Figure 89 148
- Figure 90 149
- Figure 91 149
- Figure 92 150
- Figure 93 151
- Figure 94 153
- Figure 95 154
- Information 155
- Figure 97 156
- Figure 98 156
- Figure 99 156
- Figure 100 156
- Figure 101 157
- Figure 102 157
- To view the IPSec VPN logs: 158
- Logs screen in view.: 158
- Manage IPSec VPN Policies 159
- IKE Policies Screen 160
- Figure 105 161
- Configure VPN Policies 165
- VPN Policies Screen 166
- To manually add a VPN policy: 168
- Figure 106 on page 166) 168
- To edit a VPN policy: 172
- User Database Configuration 174
- RADIUS Client Configuration 174
- Figure 108 175
- Mode Config Operation 176
- Figure 109 177
- Figure 110 178
- Figure 111 180
- Operation 183
- Figure 112 184
- Figure 114 185
- Figure 113 185
- Figure 115 186
- Figure 116 188
- Figure 117 189
- Figure 118 190
- Figure 119 190
- Figure 120 191
- Configure Keep-alives 192
- Configure Dead Peer Detection 193
- Figure 123 195
- Using SSL Connections 196
- Create the Portal Layout 198
- Figure 124 199
- Figure 125 200
- To edit a portal layout: 201
- Add Servers and Port Numbers 202
- Figure 126 203
- Add a New Host Name 204
- Configure the SSL VPN Client 205
- Figure 127 206
- VPN tunnel clients 207
- Setting Description 207
- Add New Network Resources 208
- To edit a resource: 209
- Figure 129 209
- View Policies 211
- Add a Policy 212
- Figure 131 213
- To edit an SSL VPN policy: 216
- Figure 132 217
- Figure 133 217
- Figure 134 218
- To view the SSL VPN Logs: 218
- Figure 135 218
- Certificates 219
- To create a domain: 220
- Figure 136 221
- Figure 137 221
- Edit Domains 223
- Create and Delete Groups 224
- Figure 138 225
- Edit Groups 226
- Configure User Accounts 227
- Figure 141 228
- Set User Login Policies 229
- Figure 143 230
- Figure 144 232
- To modify user settings: 233
- Figure 145 233
- Manage Digital Certificates 234
- Certificates Screen 235
- Manage CA Certificates 236
- Figure 147 237
- Figure 149 239
- To delete one or more SCRs: 240
- To delete one or more CRLs: 241
- Network and System Management 242
- Features That Reduce Traffic 243
- Source MAC Filtering 245
- Port Triggering 246
- DMZ Port 247
- Exposed Hosts 247
- VPN Tunnels 247
- Assign QoS Profiles 247
- System Management 248
- Figure 151 249
- Figure 152 249
- Figure 153 251
- Manage the SNMP Configuration 254
- Figure 155 255
- Manage the Configuration File 256
- Back Up Settings 257
- Restore Settings 258
- Figure 158 260
- Monitoring System Access and 263
- Performance 263
- Figure 159 264
- Enable the LAN Traffic Meter 266
- Figure 161 267
- Figure 162 267
- Figure 163 269
- Figure 164 270
- View Status and Log Screens 274
- View the Router Status Screen 275
- Figure 166 276
- Figure 167 277
- View the VLAN Status 280
- Figure 168 281
- Figure 169 282
- Figure 170 282
- View the VPN Logs 283
- To view the SSL VPN log: 284
- Figure 174 285
- Figure 175 286
- View Attached Devices 287
- View the DHCP Log 288
- Use the Diagnostics Utilities 289
- Look Up a DNS Address 290
- Display the Routing Table 290
- Reboot the VPN Firewall 291
- Capture Packets 291
- Figure 180 292
- Basic Functioning 294
- LAN or WAN Port LEDs Not On 295
- Problems with Date and Time 300
- Specifications 302
- Inbound Traffic 311
- Figure 185 312
- Figure 186 312
- Virtual Private Networks 313
- Figure 188. f 314
- Figure 189 314
- Figure 190 315
- Figure 191 315
- VPN Gateway-to-Gateway 316
- Figure 194 317
- Figure 195 317
- Figure 196 318
- Figure 197 318
- Figure 198 319
- Figure 199 320
- Figure 200 320
- Figure 201 321
- Table 81. Log message terms 322
- System Log Messages 323
- Login/Logout 324
- System Startup 324
- Firewall Restart 325
- IPSec Restart 325
- WAN Status 326
- Auto-Rollover 327
- PPP Logs 328
- • PPTP Idle Timeout Logs 329
- Resolved DNS Names 330
- VPN Log Messages 330
- SSL VPN Logs 335
- Routing Logs 336
- LAN to DMZ Logs 337
- DMZ to WAN Logs 337
- WAN to LAN Logs 337
- DMZ to LAN Logs 337
- Other Event Logs 338
- DHCP Logs 339
- Two-Factor Authentication 341
- Figure 202 343
- Figure 203 343
- Figure 204 344
- Notification of Compliance 345
- Numerics 347
© 2020, manymanuals.com. All rights reserved. | 0.152 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals