Netgear orporated 08200084 Users Manual
ProSafe Wireless-N VPN Firewall
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed
and operated with a minimum distance of 20 centimeters between the radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1) This device may not cause harmful interference, and
2) This device must accept any interference received, including interference that may cause undesired operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from all persons and must not be co-
located or operating in conjunction with any other antenna or transmitter.
SRXN3205 Reference Manual
© 2008 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR and the NETGEAR logo are registered trademarks and ProSafe is a trademark of NETGEAR, Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product
names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency
Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference
to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to
try to correct the interference by one or more of the following measures:
. • Reorient or relocate the receiving antenna.
. • Increase the separation between the equipment and receiver.
. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
. • Consult the dealer or an experienced radio/TV technician for help.
1.0, July 2008
EU Regulatory Compliance Statement
The ProSafe Wireless-N VPN Firewall is compliant with the following EU Council Directives: 89/336/EEC and LVD
73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950-1.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das ProSafe Wireless-N VPN Firewall gemäß der im BMPT- AmtsblVfg 243/1991 und
Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. T e stsender)
kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the ProSafe Wireless-N VPN Firewall has been suppressed in accordance with the conditions
set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test
transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes
in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.
Additional Copyrights
AES Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
All rights reserved.
TERMS
Redistribution and use in source and binary forms, with or without modification, are permitted
subject to the following conditions:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The copyright holder's name must not be used to endorse or promote any products
derived from this software without his specific prior written permission.
This software is provided 'as is' with no express or implied warranties of correctness or fitness
for purpose.
ii
1.0, July 2008
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions * are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the
following acknowledgment: “This product includes software developed by the OpenSSL
Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or
promote products derived from this software without prior written permission. For written
permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL"
appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This
product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this
software or this function. License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data Security, Inc. MD5 MessageDigest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of
this software or the suitability of this software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this documentation and/or
software.
1.0, July 2008
iii
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any
documentation, advertising materials, and other materials related to such distribution and use
acknowledge that the software was developed by Carnegie Mellon University. The name of
the University may not be used to endor s e or promote products derived from th i s software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Zlib zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.4, March 11th,
2002. Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler.
This software is provided 'as-is', without any express or implied warranty. In no event will the
authors be held liable for any damages arising from the use of this software. Permission is
granted to anyone to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote
the original software. If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented
as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly: jloup@gzip.org; Mark Adler: madler@alu mni.caltech.edu
The data format used by the zlib library is described by RFCs (Request for Comments) 1950
to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
and rfc1952.txt (gzip format)
(zlib format), rfc1951.txt (deflate format)
Product and Publication Details
Model Number: SRXN3205
Publication Date: July 2008
Product Family: VPN Firewall
Product Name: ProSafe Wireless-N VPN Firewall
Home or Business Product: Business
Language: English
Publication Part Number: 202-10416-01
Publication Version Number 1.0
iv
1.0, July 2008
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Contents
About This Manual
Conventions, Formats, and Scope ..................................................................................xiii
How to Use This Manual ..................................................................................................xiv
How to Print this Manual ..................................................................................................xiv
Revision History ..................... ... .......................................... .......................................... ...xv
Chapter 1
Introduction
Key Features ..................................................................................................................1-1
Dual WAN Ports for Increased Reliability or Outbound Load Balancing ..................1-2
Advanced VPN Support for Both IPsec and SSL .....................................................1-2
A Powerful, True Firewall with Content Filtering ......................................................1-3
Autosensing Ethernet Connections with Auto Uplink ...............................................1-3
Extensive Protocol Support ......................................................................................1-4
Easy Installation and Management ................................................................................1-4
Maintenance and Support ........................................ .... ... ... ... .... ... ... ... .... ... ... ... ... .... ........1-5
Package Contents ..........................................................................................................1-5
Front Panel Features ......................................................................................................1-6
Rear Panel Features ......................................................................................................1-7
Default IP Address, Login Name, and Password Location . ............................................ 1-8
Qualified Web Browsers .................................................................................................1-8
Chapter 2
Connecting the FVS336G to the Internet
Understanding the Connection Steps .............................................................................2-1
Logging into the VPN Firewall Router ....................................... ... ... ... .... ... ... ... ... .... ... ..... 2-2
Navigating the Menus .....................................................................................................2-4
Configuring the Internet Connections ............................................................................. 2-4
Automatically Detecting and Connecting ......................................... ........................2-4
Manually Configuring the Internet Connection ... .... ... ... ... .........................................2-8
Contents vii
v1.0, October 2007
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Configuring the WAN Mode (Required for Dual WAN) .... ... ....................................... ...2-11
Network Address Translation .................................................................................2-12
Classical Routing ...................................................................................................2-12
Configuring Auto-Rollover Mode ............................................................................2-13
Configuring Load Balancing ...................................................................................2-15
Configuring Dynamic DNS (Optional) ...........................................................................2-17
Configuring the Advanced WAN Options (Optional) ............................................... ...... 2-19
Additional WAN Related Configuration ..................................................................2-21
Chapter 3
LAN Configuration
Using the VPN Firewall as a DHCP server ................... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ..... 3-1
Configuring the LAN Setup Options ...............................................................................3-2
Managing Groups and Hosts (LAN Groups) ...................................................................3-5
Viewing the LAN Groups Database .........................................................................3-6
Changing Group Names in the LAN Groups Database ...........................................3-7
Configuring DHCP Address Reservation ........................................................................3-8
Configuring Multi Home LAN IP Addresses ....................................................................3-9
Configuring Static Routes .............................................................................................3-10
Configuring Static Routes .......................................................................................3-10
Configuring Routing Information Protocol (RIP) .................... .... ... ... ... .... ... ... ... ... .... ... ...3-12
Chapter 4
Firewall Protection and Content Filtering
About Firewall Protection and Content Filtering .............................................................4-1
Using Rules to Block or Allow Specific Kinds of Traffic ..................................................4-2
Services-Based Rules ........................................ .... ... ... ... .........................................4-2
Order of Precedence for Rules ................................................................................4-7
Setting the Default Outbound Policy ................................... ... ... ... .... ... ... ... ... .... ... ... ..4-7
Creating a LAN WAN Outbound Services Rule .......................................................4-8
Creating a LAN WAN Inbound Services Rule ..........................................................4-9
Attack Checks .............................. ... ... .... ... ... ... ... .... ...................................... .... ... ...4-10
Inbound Rules Examples .......................................................................................4-12
Outbound Rules Example ......................................... ... ... .... ... ... ... ..........................4-16
Adding Customized Services .................................................................................4-16
Setting Quality of Service (QoS) Priorities ............................................................. 4-18
Setting a Schedule to Block or Allow Specific Traffic ................................. ... ... ... .... ......4-18
viii Contents
v1.0, October 2007
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Setting Block Sites (Content Filtering) ...................................................................4-19
Enabling Source MAC Filtering ....................................................................................4-22
Port Triggering ............................. .... ... ... ... .... .......................................... ......................4-23
E-Mail Notifications of Event Logs and Alerts ......................................... ......................4-25
Administrator Tips .........................................................................................................4-25
Chapter 5
Virtual Private Networking Using IPsec
Considerations for Dual WAN Port Systems ..................................................................5-1
Configuring an IPsec VPN Connection using the VPN Wizard ......................................5-3
Creating a VPN Tunnel to a Gateway ......................................................................5-4
Creating a VPN Tunnel Connection to a VPN Client ... ... .... .....................................5-7
Managing VPN Tunnel Policies ................................................. ... ... ... .... ... ... ... ... .... ... ...5-12
About IKE ...............................................................................................................5-12
Managing IKE Policies .................................... .......................................... ... .... ... ...5-12
About the IKE Policy Table .....................................................................................5-13
VPN Policy ................................... ... ... .... ... ... ....................................... ... ... ... .... ... ...5-13
VPN Tunnel Connection Status ..............................................................................5-15
Creating a VPN Client Connection: VPN Client to FVS336G .......................... ....... ... ...5-15
Configuring the FVS336G ......................................................................................5-16
Configuring the VPN Client ....................................... ... ... .... ... ... .............................5-16
Testing the Connection ...........................................................................................5-18
Manually Assigning IP Addresses to Remote Users (ModeConfig) ................... .... ... ...5-18
Mode Config Operation ...... .......................................... ..........................................5-18
Configuring the VPN Firewall .......... .......................................... ... .... ... ... ... ... .... ... ...5-19
Configuring the ProSafe VPN Client for ModeConfig .......................................... ...5-22
Extended Authentication (XAUTH) Configuration ............................ ................... ..........5-24
Configuring XAUTH for VPN Clients ......................................................................5-24
User Database Configuration .... ... ... ... .... .......................................... ... ... ... .............5-26
RADIUS Client Configuration .................................................................................5-26
Chapter 6
Virtual Private Networking
Using SSL Connections
Understanding the Portal Options ...................................................................................6-1
Planning for SSL VPN ....................................................................................................6-2
Creating the Portal Layout ..............................................................................................6-3
Contents ix
v1.0, October 2007
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Configuring Domains, Groups, and Users ......................................................................6-7
Configuring Applications for Port Forwarding .................................................. ... .... ... ... ..6-7
Adding Servers ................................... .... ... ... ............................................................6-8
Adding A New Host Name ........ ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ...............................6-9
Configuring the SSL VPN Client ...................................................................................6-10
Configuring the Client IP Address Range .......... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ...6-11
Adding Routes for VPN Tunnel Clients ........ ... ... .......................................... .... ... ...6-12
Replacing and Deleting Client Routes ...................................................................6-12
Using Network Resource Objects to Simplify Policies ..................................................6-13
Adding New Network Resources ..........................................................................6-13
Configuring User, Group, and Global Policies ..............................................................6-15
Viewing Policies .....................................................................................................6-16
Adding a Policy ..... ... .... ... ... ....................................... ... ... .... ... ... ... .... ......................6-17
Chapter 7
Managing Users, Authentication, and Certificates
Adding Authentication Domains, Groups, and Users .....................................................7-1
Creating a Domain .................................... ... ... ... .... ... ... ... .... ... ... ...............................7-1
Creating a Group .................................... ... ... ... ... .......................................... ............7-3
Creating a New User Account ... .......................................... ... ... ... .... ........................7-4
Setting User Login Policies ....................................... ... ... .... .....................................7-6
Managing Certificates ................................................................ .....................................7-8
Viewing and Loading CA Certificates .......................................................................7-9
Viewing Active Self Certificates ..............................................................................7-10
Obtaining a Self Certificate from a Certificate Authority ............................ ... .... ... ...7-11
Managing your Certificate Revocation List (CRL) .. ... ... ..........................................7-14
Chapter 8
Router and Network Management
Performance Management ................................................. ... .... ... ... ...............................8-1
Bandwidth Capacity ........................................ .........................................................8-1
Features That Reduce Traffic ...................................................................................8-2
Features That Increase Traffic .................................................................................8-5
Using QoS to Shift the Traffic Mix ............................................................................8-8
Tools for Traffic Management .......................................... .........................................8-8
Changing Passwords and Administrator Settings .............. ... .... ... ... ... .... ... ... ..................8-8
Enabling Remote Management Access .......................................................................8-10
x Contents
v1.0, October 2007
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Using an SNMP Manager .............................................................................................8-12
Settings Backup and Firmware Upgrade ......................................................................8-14
Configuring Date and Time Service ..............................................................................8-16
Chapter 9
Monitoring System Performance
Enabling the Traffic Meter ...............................................................................................9-1
Activating Notification of Events and Alerts ....................................................................9-4
Viewing Firewall Logs .....................................................................................................9-6
Viewing Router Configuration and System Status ..................... ... ... ... .... ... ... ... ... .... ... ... ..9-7
Monitoring the Status of WAN Ports ...............................................................................9-9
Monitoring Attached Devices ........................................................................................9-10
Reviewing the DHCP Log .............................................................................................9-12
Monitoring Active Users ................... ... ... ... .... ... ... ... ... .... .......................................... ... ...9-12
Viewing Port Triggering Status .....................................................................................9-13
Monitoring VPN Tunnel Connection Status ........... ... .... ... ... ... .... ... ... .............................9-14
Reviewing the VPN Logs ..............................................................................................9-15
Chapter 10
Troubleshooting
Basic Functions ............................................................................................................10-1
Power LED Not On .................................................................................................10-2
LEDs Never Turn Off ..............................................................................................10-2
LAN or WAN Port LEDs Not On .............................................................................10-2
Troubleshooting the Web Configuration Interface ........................................................10-3
Troubleshooting the ISP Connection ............................................................................10-4
Troubleshooting a TCP/IP Network Using a Ping Utility ...............................................10-5
Testing the LAN Path to Your VPN Firewall ...........................................................10-5
Testing the Path from Your PC to a Remote Device ..............................................10-6
Restoring the Default Configuration and Password ............ ... .... ... ... ... .... ... ... ... ... .... ... ...10-7
Problems with Date and Time .......................................................................................10-7
Diagnostics Functions ..................................................................................................10-8
Contents xi
v1.0, October 2007
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Appendix A
Default Settings and Technical Specifications
Appendix B
Related Documents
Appendix C
Network Planning for Dual WAN Ports
What You Will Need to Do Before You Begin ................................................................C-1
Cabling and Computer Hardware Requirements .................................................... C-3
Computer Network Configuration Requirements ................................................ ... . C-3
Internet Configuration Requirements ...................................................................... C-4
Where Do I Get the Internet Configuration Parameters? ........................................ C-4
Internet Connection Information Form .................................................................... C-5
Overview of the Planning Process ................................................................................. C-6
Inbound Traffic ........................................................................................................ C-6
Virtual Private Networks (VPNs) .............................................................................C-6
The Roll-over Case for Firewalls With Dual WAN Ports ..........................................C-7
The Load Balancing Case for Firewalls With Dual WAN Ports ............................... C-7
Inbound Traffic ...............................................................................................................C-8
Inbound Traffic to Single WAN Port (Reference Case) ........................................... C-8
Inbound Traffic to Dual WAN Port Systems ............................................................C-8
Virtual Private Networks (VPNs) .................................................................................. C-10
VPN Road Warrior (Client-to-Gateway) ................................................................ C-11
VPN Gateway-to-Gateway ........... ...... .... ... ............................................................ C-14
VPN Telecommuter (Client-to-Gateway Through a NAT Router) .......................... C-17
Index
xii Contents
v1.0, October 2007
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
About This Manual
The NETGEAR® ProSafe™ Wireless-N VPN Firewall Reference Manual describes how to
configure and troubleshoot a ProSafe Wireless-N VPN Firewall. The informatio n in this manual is
intended for readers with intermediate computer and networking skills.
Conventions, Formats, and Scope
The conventions, formats, and scope of this manual are described in the following paragraphs:
• Typographical Conventions. This manual uses the following typographical conventions:
Italic Emphasis, books, CDs, file and server names, extensions
Bold User input, IP addresses, GUI screen text
Fixed Command prompt, CLI text, code
italic URL links
• Formats. This manual uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Tip: This format is used to highlight a procedure that will save time or resources.
Warning: Ignoring this type of note may result in a malfunction or damage to the
equipment.
v1.0, July 2008
xi
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Danger: This is a safety warning. Failure to take heed of this notice may result in
personal injury or death.
• Scope. This manual is written for the router according to these specifications:
Product Version ProSafe Wireless-N VPN Firewall
Manual Publication Date July 2008
For more information about network, Internet, firewall, and VPN technologies, see the links to the
NETGEAR website in Appendix B, “Related Documents.”.
Note: Product updates are available on the NETGEAR, Inc. website at
http://kbserver.netgear.com/products/SRXN3205.asp.
How to Use This Manual
The HTML version of this manual includes the following:
• Buttons, and , for browsing forwards or backwards through the manual one page
at a time
• A button that displays the table of contents and an button. Double-click on a
link in the table of contents or index to navigate directly to where the topic is described in the
manual.
• A button to access the full NETGEAR, Inc. online knowledge base for the product
model.
• Links to PDF versions of the full manual and individual chapters.
How to Print this Manual
To print this manual, you can choose one of the following options, according to your needs.
• Printing a Page from HTML. Each page in the HTML version of the manual is dedicated to
a major topic. Select File > Print from the browser menu to print the page contents.
xii
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in
order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at
http://www.adobe.com.
– Printing a PDF Chapter. Use the PDF of This Chapter link at the top left of any page.
• Click the PDF of This Chapter link at the top left of any page in the chapter you want
to print. The PDF version of the chapter you were viewing opens in a browser
window.
• Click the print icon in the upper left of your browser window.
– Printing a PDF version of the Complete Manual. Use the Complete PDF Manual link
at the top left of any page.
• Click the Complete PDF Manual link at the top left of any page in the manual. The
PDF version of the complete manual opens in a browser window.
• Click the print icon in the upper left of your browser window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can
save paper and printer ink by selecting this feature.
Revision History
Part Number
202-10416-01 1.0 July 2008 First publication
Version
Number
Date Description
v1.0, July 2008
xiii
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
xiv
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Chapter 1
Introduction
The SRXN3205 ProSafe Wireless-N VPN Firewall connects your wired local area network (LAN)
and your wireless LAN clients to the Internet (Wide Area Network) through an external broadband
access device such as a cable modem or DSL modem. As a complete security solution, the
SRXN3205 incorporates a powerful and flexible firewall to safeguard your networks, while
providing advanced IPsec and SSL VPN technologies for secure wired and wireless connections.
The ProSafe Wireless-N VPN Firewall is the basic building block of a wireless LAN
infrastructure. It provides connectivity between Ethernet wired networks and radio-equipped
wireless notebook systems, desktop systems, print servers, and other devices.
The SRXN3205 provides wireless connectivity to multiple wireless network devices within a fixed
range or area of coverage—interacting with a wireless network interface card (NIC) via an
antenna. Typically, an individual in-building access point provides a maximum connectivity area
of about a 500 foot radius. Consequently, the ProSafe Wireless-N VPN Firewall can support a
small group of users in a range of several hundred feet. Most access points can handle between 10
to 30 users simultaneously.
The ProSafe Wireless-N VPN Firewall acts as a bridge between the wired LAN and wireless
clients. Connecting multiple VPN firewalls via a wired Ethernet backbone can further lengthen the
wireless network coverage. As a mobile computing device moves out of the range of one access
point, it moves into the range of another. As a result, wireless clients can freely roam from one
Access Point to another and still maintain seamless connection to the network.
The auto-sensing capability of the ProSafe Wireless-N VPN Firewall allows packet transmission at
up to 300 Mbps, or at reduced speeds to compensate for distance or electromagnetic interference.
The Gigabit Ethernet LAN ports and WAN port ensure extremely high data transfer speeds.
The SRXN3205 is a plug-and-play device that can be installed and configured within minutes.
This chapter contains the following sections:
• “Key Firewall Features”
• “Wireless Networking Features”
• “Maintenance and Support”
• “Package Contents”
Introduction 1-1
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• “Front Panel Features”
• “Rear Panel Features”
• “Default IP Address, Login Name, and Password Location”
• “Qualified Web Browsers”
Key Firewall Features
The VPN firewall portion provides the following key features:
• A single 10/100/1000 Mbps Gigabit Ethernet WAN port for your Internet connection.
• Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data
transfer between local network resources and all of the wireless clients.
• Advanced IPsec and SSL VPN support
• Advanced stateful packet inspection (SPI) firewall with multi-NAT support
• Easy, web-based setup for installation and management
• Front panel LEDs for easy monitoring of status and activity
• Flash memory for firmware upgrade
• AC-DC power adapter for low current draw
A Powerful, True Firewall with Content Filtering
Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet
inspection (SPI) to defend against hacker attacks. Its firewall features include:
• Automatically detects and thwarts denial of service (DoS) attacks such as Ping of Death and
SYN Flood.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Prevents objectionable content from reaching your PCs. You can control access to Internet
content by screening for Web services, Web addresses, and keywords within Web addresses.
You can configure the firewall to log and report attempts to access objectionable Internet sites.
• Permits scheduling of firewall policies by day and time.
1-2 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• Logs security events such as blocked incoming traffic, port scans, attacks, and administrator
logins. You can configure the firewall to email the log to you at specified intervals. You can
also configure the firewall to send immediate alert messages to your email address or email
pager whenever a significant event occurs.
Autosensing Ethernet Connections with Auto Uplink
With its internal 5-port 10/100/1000 Mbps switch and 10/100/1000 W AN port, the SRXN3205 can
connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet network, or a
1000 Mbps Gigabit Ethernet network. The five LAN and WAN interfaces are autosensing and
capable of full-duplex or half-duplex operation.
TM
The SRXN3205 incorporates Auto Uplink
technology. Each Ethernet port will automatically
sense whether the Ethernet cable plugged into the port should have a “normal” connection such as
to a PC or an “uplink” connection such as to a switch or hub. That port will then configure itself to
the correct configuration. This feature eliminates the need to worry about crossover cables, as
Auto Uplink will accommodate either type of cable to make the right connection.
Extensive Protocol Support
The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and
Routing Information Protocol
Configuration Requirements” on page C-4.
(RIP). For further information about TCP/IP, refer to “Internet
• IP Address Sharing by NAT. The VPN firewall allows many networked PCs to share an
Internet account using only a single IP address, which may be statically or dynamically
assigned by your Internet service provider (ISP). This technique, known as NAT, allows the
use of an inexpensive single-user ISP account.
• Automatic Configuration of (Wired & Wireless) PCs by DHCP. The VPN firewall
dynamically assigns network configuration information, including IP, gateway, and domain
name server (DNS) addresses, to PCs on the LAN and Wireless LAN using the Dynamic Host
Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your
local network.
• DNS Proxy. When DHCP is enabled and no DNS addresses are specified, the firewall
provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS
addresses from the ISP during connection setup and forwards DNS requests from the LAN.
• PPP over Ethernet (PPPoE). PPPoE is a protocol for connecting remote hosts to the Internet
over a DSL connection by simulating a dial-up connection. This feature eliminates the need to
run a login program such as EnterNet or WinPOET on your PC.
• Quality of Service (QoS) support for traffic prioritization.
Introduction 1-3
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Advanced VPN Support for Both IPsec and SSL
The VPN firewall supports IPsec and SSL virtual private network (VPN) connections.
• IPsec VPN delivers full network access between a central office and branch offices, or
between a central office and telecommuters. Remote access by telecommuters requires the
installation of VPN client software on the remote computer.
– IPsec VPN with broad protocol support for secure connection to other IPsec gateways and
clients.
– Bundled with the single-user license of the NETGEAR ProSafe VPN Client software
(VPN01L)
– Supports up to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently
with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with 3 SSL VPN
sessions). The total number of concurrent tunnels and sessions is not to exceed eight.
• SSL VPN provides remote access for mobile users to selected corporate resources without
requiring a pre-installed VPN client on their computers.
– Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce
transactions, to provide client-free access with customizable user portals and support for a
wide variety of user repositories.
– Browser based, platform-independent, remote access through a number of popular
browsers, such as Microsoft Internet Explorer or Apple Safari.
– Provides granular access to corporate resources based upon user type or group
membership.
– Supports up to 5 (max) SSL VPN sessions (alternately, 4 SSL VPN sessions concurrently
with 4 IPsec VPN tunnels, or 3 SSL VPN sessions concurrently with 5 IPsec VPN
tunnels).
Wireless Networking Features
• Dual Band Selection. The SRXN3205 allows you to configure one of two bands; choose
between the 2.4 GHz band or the 5 GHz band.
1-4 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
The choice of band is reflected in protocol standard supported, as well as the administration
screens displayed to you. For example, if you choose to enable the 2.4 GHz band, only
802.11b/g/n protocols are supported. In addition, in the administration screens, the
configuration options for 802.11a/n protocols are greyed out. On the other hand, if you enable
the 5 GHz band, the 802.11 a/n protocols are support and the 802.11b/g/n protocol support is
disabled. In this case, the configuration options for 802.11b/g/n protocols are greyed out.
• Multiple operating modes:
– Wireless Access Point. Operates as a standard 802.11a/b/g/n access point.
– Point-to-Point Bridge. In this mode, the SRXN3205 only communicates with another
bridge-mode wireless station or access point. Network authentication should be used to
protect this communication.
– Point-to-Multi-Point Bridge. Select this only if this SRXN3205 is the “Master” for a
group of bridge-mode wireless stations. The other bridge-mode wireless stations send all
traffic to this “Master”, and do not communicate directly with each other. Network
Authentication should be used to protect this traffic.
– Wireless Repeater. In this mode, SRXN3205 does not function as an access point. It
communicates with only repeater-mode, point-to-point-bridge-mode, and point-to-multipoint-bridge-mode wireless stations. Network authentication should be used to protect this
communication.
• Hotspot Settings. You can allow all HTTP (TCP, port 80) requests to be captured and
redirected to the URL you specify.
• Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded easily,
using only your Web browser, and can be also upgraded remotely. In addition to using Web
browser to do so, command-line interface can also be used.
• Rogue AP Detection. The Rogue AP filtering feature ensures that unknown APs ae not given
access to any part of the LAN.
• Access Control. The Access Control MAC address filtering feature can ensure that only
trusted wireless stations can use the SRXN3205 to gain access to your LAN.
• Security Profiles. When using multiple BSSIDs, you can configure unique security settings
(encryption, SSID, etc.) for each BSSID.
• Hidden Mode. The SSID is not broadcast, assuring only clients configured with the correct
SSID can connect.
• Secure Telnet Command Line Interface. The Telnet command line interface enables direct
access over the serial port and easy scripting of the configuration of multiple SRXN3205
across an extensive network via the Ethernet interface. An SSH client is required.
Introduction 1-5
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• Configuration Backup. Configuration settings can be backed up to a file and restored.
• Secure and Economical Operation. Adjustable power output allows more secure or
economical operation.
• Power over Ethernet. Power can be supplied to the SRXN3205 over the Ethernet port from
any 802.3af compliant mid-span or end-span source. Please refer to the Appendix for a list of
compliant Netgear PoE switches. ?????
• Autosensing Ethernet Connection with
Mbps IEEE 802.3 Ethernet networks.
• LED Indicators. Power, test, LAN speed, LAN activity, and wireless activity for each radio
mode are easily identified.
• Wireless Multimedia (WMM) Support. WMM is a subset of the 802.11e standard. WMM
allows wireless traffic to have a range of priorities, depending on the kind of data. Timedependent information, like video or audio, has a higher priority than normal traffic. For
WMM to function correctly, Wireless clients must also support WMM.
• Quality of Service (QoS) Support. You can configure parameters that affect traffic flowing
from the security router to the client station and traffic flowing from the client station to the
security router. The QoS feature allows you to prioritize traffic, such as voice and video
traffic, so that packets do not get dropped.
• VLAN Security Profiles. Each Security Profile is automatically allocated a VLAN ID as each
Security Profile is modified.
Auto Uplink Interface. Connects to 10/100/1000
Easy Installation and Management
You can install, configure, and operate the ProSafe Wireless-N VPN Firewall within minutes after
connecting it to the network. The following features simplify installation and management tasks:
• Browser-Based Management. Browser-based configuration allows you to easily configure
your VPN firewall and Wireless access from almost any type of personal computer, such as
Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help
documentation is built into the browser-based Web Management Interface.
• Auto Detection of ISP. The VPN firewall automatically senses the type of Internet
connection, asking you only for the information required for your type of ISP account.
1-6 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• VPN Wizard. The VPN firewall includes the NETGEAR VPN Wizard to easily configure
IPsec VPN tunnels according to the recommendations of the Virtual Private Network
Consortium (VPNC) to ensure the IPsec VPN tunnels are interoperable with other VPNCcompliant VPN firewalls and clients.
• SNMP. The VPN firewall supports the Simple Network Management Protocol (SNMP) to let
you monitor and manage log resources from an SNMP-compliant system manager. The SNMP
system configuration lets you change the system variables for MIB2.
• Diagnostic Functions. The VPN firewall incorporates built-in diagnostic functions such as
Ping, Trace Route, DNS lookup, and remote reboot.
• Remote Management. The firewall allows you to login to the Web Management Interface
from a remote location on the Internet. For security, you can limit remote management access
to a specified remote IP address or range of addresses.
• Visual monitoring. The VPN firewall’s front panel LEDs provide an easy way to monitor its
status and activity.
Maintenance and Support
NETGEAR offers the following features to help you maximize your use of the VPN firewall:
• Flash memory for firmware upgrade.
• Free technical support seven days a week, 24 hours a day, according to the terms identified in
the Warranty and Support information card provided with your product.
Compatible and Related NETGEAR Products
For a list of compatible products from other manufacturers, see the Wireless Ethernet
Compatibility Alliance Web site (WECA, see http://www.wi-fi.net).
The following NETGEAR products work with the VPN firewall:
• FS108P - ProSafe 8 Port 10/100 Switch with 4 Port PoE
• FS116P ProSafe 16 Port 10/100 Desktop Switch with 8 Port PoE
• FS726TP - ProSafe 24 Port 10/100 Smart Switch with 2 Gigabit Ports and 12 Port PoE
• FS728TP - ProSafe 24+4 10/100 Smart Switch with full PoE
• FS752TPS - ProSafe 48 Port 10/100 Stackable Smart Switch with 4 Gigabit Ports and 24 Port
PoE
• FSM7328PS - ProSafe 24-port 10/100 L3 Managed Stackable Switch with 24 PoE Ports
Introduction 1-7
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• FSM7352PS - ProSafe 48 Port 10/100 L3 Managed Stackable Switch with 4 Gigabit Ports and
48 Port PoE
• GS724TP - ProSafe 24-Port GE PoE Smart Switch
• GS748TP - ProSafe 48-Port GE PoE Smart Switch
• WNDA3100 - RangeMax Dual Band Wireless-N USB 2.0 Adapter
• WN121T RangeMax NEXT Wireless-N USB 2.0 Adapter
• WN111 - RangeMax Next Wireless-N USB Adapter
• WN511B RangeMax NEXT Wireless-N Notebook Adapter
• WN311B RangeMax NEXT Wireless-N PCI Adapter
• WAG511 ProSafe 108 Mbps Dual Band PC Card
• WAG311 ProSafe 108 Mbps Dual Band PCI Card
• WG311T 802.11g 108 Mbps Wireless PCI Card
• WG511T 802.11g 108 Mbps Wireless CardBus Adapter
• WG511 802.11g 54 Mbps Wi reless CardBus Adapter
• WG111 801.11g 54 Mbps Wireless USB Adapter
• WPN111 - RangeMax Wireless USB 2.0 Adapter
System Requirements
Before installing the SRXN3205, ensure your system meets the following requirements:
• A 10/100/1000 Mbps Local Area Network device such as a hub or switch
• The Category 5 UTP straight through Ethernet cable with RJ-45 connector included in the
package, or one like it
• A 100-240 V, 50-60 Hz AC power source
• A Web browser for configuration, such as, Microsoft Internet Explorer 5.0 or above, or
Mozilla 3.0 or above
• At least one computer to act as the host PC with the TCP/IP protocol installed.
• At least one computer to act as the wireless client with the TCP/IP protocol and a
802.11a/b/g/n or 802.11a/b/g/n-compliant wireless device installed, such as, a NETGEAR
WG511 Wireless Adapter.
Package Contents
The product package should contain the following items:
1-8 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
41 2 3
Power
Test
n/a 5 GHz
n/g 2.4 GHz
Factory Defaults
SRXN3205
LAN
WAN
Green=1000M
Amber=100MOff=10M
On=Link
Blink=ACT
Left LED
Right LED
1
2
3
4
56 7
89
9
8
• ProSafe Wireless-N VPN Firewall
• Rubber feet (4) with adhesive backing
• One AC-DC power adpater (12V, 1.5A) with cord (approximately 6 ft, or 183 cm)
• Three dual-band antennas (SMA connectors): 2 dipole (long); 1 patch (square)
• One Straight through Category 5 (Cat5) Ethernet cable.
• Installation Guide, SRXN3205 ProSafe Wireless-N VPN Firewall .
• Resource CD, including:
– Application Notes and other helpful information.
– ProSafe VPN Client Software – one user license.
• Warranty and Support Information Card.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the firewall for repair.
Front Panel Features
The ProSafe Wireless-N VPN Firewall front panel shown below includes two groups of RJ-45
connectors and a column of status indicator light-emitting diodes (LEDs), including Power, Test,
and Band lights:
Figure 1-1New Photo
The column of status indicator light-emitting diodes (LEDs) on the left and the RJ-45 LEDs are
described in Table 1-1., “LED Descriptions”.
Introduction 1-9
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
1. Factory Defaults button. (5)
Using a sharp object, press and hold this button for about ten seconds until the front panel
TEST light flashes to reset the VPN firewall to factory default settings. All configuration
settings will be lost and the default password will be restored.
2. LAN Ethernet ports. (6)
Four switched N-way automatic speed negotiating, Auto MDI/MDIX, Gigabit Ethernet ports
with RJ-45 connectors.
3. WAN Ethernet port. (7)
One independent N-way automatic speed negotiating, Auto MDI/MDIX, Gigabit Ethernet port
with a RJ-45 connector.
The function of each LED is described in the following table:
Table 1-1. LED Descriptions
Item LED Activity Description
1PWR
(Power)
2 TEST On (Amber)
3 n/a 5 GHz Wireless LAN 802.11n/a Link Activity Indicator (5 GHz)
4 n/g 2.4 GHz Wireless LAN 802.b/g/n Link Activity Indicator (2.4 GHz) (Default)
6 LAN Ports
7 WAN Port
8 LINK/ACT
(Link and
Activity)
9 SPEED On (Green)
On (Green)
Off
Blinking
(Amber)
Off
Off Indicates WLAN 802.11n/a (5GHz) mode is disabled.
Blink (Green) Indicates Wireless data traffic in 5GHz modes.
Off Indicates WLAN 802.11b/g/n (2.4 GHz) mode is disabled.
Blink (Green) Indicates Wireless data traffic in 2.4 GHz modes
On (Green)
Blinking (Green)
Off
On (Amber)
Off
Power is supplied to the VPN firewall.
Power is not supplied to the VPN firewall.
Test mode: The system is initializing (On) or the initialization has
failed (Blinking).
Writing to Flash memory (during upgrading or resetting to defaults).
The system has booted successfully.
The WAN/LAN port has detected a link with a connected Ethernet
device.
Data is being transmitted or received by the WAN/LAN port.
The WAN/LAN port has no link.
The WAN/LAN port is operating at 1,000 Mbps.
The WAN/LAN port is operating at 100 Mbps.
The WAN/LAN port is operating at 10 Mbps.
1-10 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
1
1
1
2
Rear Panel Features
The rear panel of the ProSafe Wireless-N VPN Firewall includes three SMA dual-band an tenna
connectors (2 dipole (long); 1 patch (square) and AC-DC power adapter jack.
Figure 1-2 New Photo
The SRXN3205 rear panel functions are described below:
1. Left, Middle, and Right Detachable (SMA) Antennas (1)
The SRXN3205 provides three SMA connectors for the detachable antennas (two dipole and
one patch). For the best performance, attach the patch antenna to the middle connector and
attach the dipole antennas to the two connectors on both corners. The three antennas can be
positioned horizontally or vertically for the best coverage.
2. DC Power Jack (2)
This jack connects to the SRXN3205 12V 1.5A AC-DC power adapter.
Introduction 1-11
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
IP Address
User Name
Password
Default IP Address, Login Name, and Password Location
Check the label on the bottom of the SRXN3205’s enclosure if you need a reminder of the
following factory default information:
Figure 1-3New Drawing
Qualified Web Browsers
To configure the ProSafe Wireless-N VPN Firewall, an administrator must use Internet Explorer
5.1 or higher, Apple Safari 1.2 or higher, or Mozilla Firefox l.x Web browser with JavaScript,
cookies, and SSL enabled.
Although these web browsers are qualified for use with the VPN firewall’s Web Management
Interface for configuring the VPN firewall, SSL VPN users should choose a browser that supports
JavaScript, Java, cookies, SSL, and ActiveX to take advantage of the full suite of applications.
Note that Java is only required for the SSL VPN portal, not the Web Management Interface.
1-12 Introduction
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Chapter 2
Connecting to the Internet (WAN)
The initial Internet configuration of the SRXN3205 ProSafe Wireless-N VPN Firewall is described
in this chapter.
This chapter contains the following sections:
• “Understanding the Connection Steps”
• “Logging into the VPN Firewall”
• “Navigating the Menus”
• “Configuring the Internet Connection (WAN)”
• “Configuring Dynamic DNS (Optional)”
• “Configuring the Advanced WAN Options (Optional)”
Understanding the Connection S teps
Typically, six steps are required to complete the basic Internet connection of your firewall.
1. Connect the firewall physically to your network. Connect the cables and restart your
network according to the instructions in the installation guide. See the Installation Guide,
SRXN3205 ProSafe Wireless-N VPN Firewall for complete steps. A PDF of the Installation
Guide is on the NETGEAR web site at: http://kbserver.netgear.com.
2. Log in to the VPN Firewall. After logging in, you are ready to set up and configure your
firewall. You can also change your password and enable remote management at this time. See
“Logging into the VPN Firewall” on page 2-2.
3. Configure the Internet connections to your ISP(s). During this phase, you will connect to
your ISPs. You can also program the WAN traffic meters at this time if desired. See
“Configuring the Internet Connection (WAN)” on page 2-4.
4. Configure dynamic DNS on the WAN port (optional). Configure your fully qualified
domain names during this phase (if required). See “Configuring Dynamic DNS (Optional)” on
page 2-12.
Connecting to the Internet (WAN) 2-1
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5. Configure the WAN options (optional). Optionally, you can enable the WAN port to respond
to a ping, and you can change the factory default MTU size and port speed. However, these are
advanced features and changing them is not usually required. See “Configuring the Advanced
WAN Options (Optional)” on page 2-14.
Each of these tasks is detailed separately in this chapter. The configuration of firewall, VPN, and
Wireless features are described in later chapters.
Logging into the VPN Firewall
To connect to the VPN firewall, your computer needs to be configured to obtain an IP address
automatically from the VPN firewall by DHCP. For instructions on how to configure your
computer for DHCP, refer to the link in Appendix B, “Related Documents.
To connect and log in to the firewall follow these steps:
1. Start any of the qualified browsers, as detailed in “Qualified Web Browsers” on page 1-12.
2. Enter https://192.168.1.1 in the address field.
The Manager login features appear in the browser.
Figure 2-1 OK
3. In the User field, type admin in lower case.
Use all lower case letters since both login fields are case sensitive.
4. In the Password field, type password in lower case.
5. Click Login.
2-2 Connectin g to the Internet (WAN)
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
The Web Configuration Manager appears, displaying the Router Status menu as the default.
Figure 2-2 new screen shot
Navigating the Menus
The Web Configuration Manager menus are organized in a layered structure of main categories
and submenus:
• Main menu. The horizontal orange bar near the top of the page is the main menu, containing
the primary configuration categories. Clicking on a primary category changes the contents of
the submenu bar.
Connecting to the Internet (WAN) 2-3
v1.0, July 2008
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
• Submenu. The horizontal grey bar immediately below the main menu is the submenu,
containing subcategories of the currently selected primary category.
• Tab. Immediately below the submenu bar, at the top of the menu active window, are one or
more tabs, further subdividing the currently selected subcategory if necessary.
• Option arrow . To the right of the tabs on some menus are one or more blue dots with an arrow
in the center . Clicking an option arrow brings up either a popup window or an advanced op tion
menu.
Tip: In the instructions in this guide, we may refer to a menu using the notation
primary > subcategory, such as Network Configuration > WAN Settings. In
this example, Network Configuration is the selected primary category (in the
main menu) and WAN Settings is the selected subcategory (in the submenu).
You can now proceed to the first configuration task, configuring the firewall’s Internet
connections.
Configuring the Internet Connection (WAN)
To set up your firewall for secure Internet connections, you configure the WAN port. The Web
Configuration Manager offers two connection configuration options:
• Automatic detection and configuration of the network connection.
• Manual configuration of the network connection.
Each option is detailed in the following sections.
Automatically Detecting and Connecting
To automatically configure the WAN port for connection to the Internet:
1. Select Network Configuration > WAN Settings from the menu/submenu.
The WAN tabs appear on screen with the WAN ISP Settings tab in view.
2-4 Connectin g to the Internet (WAN)
v1.0, July 2008
Loading...