ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-2OK 3. In the Portal Layout and Theme Name section of the menu, configure the following entries: a. Enter a descriptive name for the portal layout in the Portal Layout Name field. This name will be part of the path of the SSL VPN portal URL. Note: Custom portals are accessed at a different URL than the default portal. For example, if your SSL VPN portal is hosted at https://vpn.company.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual on login page checkbox to show the banner title and banner message text on the Login screen as shown below Figure 7-3Need new screenshot As shown in the figure, the banner title text is displayed in the orange header bar. The banner message text is displayed in the grey header bar. d. Check the Enable HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The web cache cleaner will prompt the user to delete all temporary Internet files, cookies and browser history when the user logs out or closes the web browser window. The ActiveX web cache control will be ignored by web browsers that don't support ActiveX. 4. In the SSL VPN Portal Pages to Display section, check the checkboxes for the portal pages you wish users to access.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Adding Servers To configure Port Forwarding, you must define the internal host machines (servers) and TCP applications available to remote users. To add servers, follow these steps: 1. Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab. The Port Forwarding screen display. Figure 7-4OK 2. In the Add New Application for Port Forwarding section, enter the IP address of an internal server or host computer. 3.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 7-1. Port Forwarding Applications/TCP Port Numbers (continued) TCP Application Port Number POP3 (receive mail) 110 NTP (network time protocol) 123 Citrix 1494 Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 a. Users can specify the port number together with the host name or IP address. 4. Click Add.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Remote users can now securely access network applications once they have logged into the SSL VPN portal and launched Port Forwarding. Configuring the SSL VPN Client The SSL VPN Client within the SRXN3205 will assign IP addresses to remote VPN tunnel clients. Because the VPN tunnel connection is a point-to-point connection, you can assign IP addresses from the corporate subnet to the remote VPN tunnel clients.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the Client IP Address Range Determine the address range to be assigned to VPN tunnel clients, then define the address range. To configure the client IP address range: 1. Select VPN > SSL VPN from the main/submenu, and then select the SSL VPN Client tab. The SSL VPN Client screen displays. Figure 7-5OK 2. Select Enable Full Tunnel Support unless you want split tunneling. 3.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual VPN tunnel clients are now able to connect to the firewall and receive a virtual IP address in the client address range. Adding Routes for VPN Tunnel Clients The VPN Tunnel Clients assume that the following networks are located across the VPN over the SSL tunnel: • The subnet containing the client IP address (PPP interface), as determined by the class of the address (Class A, B, or C). • Subnets specified in the Configured Client Routes table.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Using Network Resource Objects to Simplify Policies Network resources are groups of IP addresses, IP address ranges, and services. By defining resource objects, you can more quickly create and configure network policies. You will not need to redefine the same set of IP addresses or address ranges when configuring the same access policies for multiple users.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The “Operation succeeded” message appears at the top of the tab, and the newly-added resource name appears on the List of Resources table. 5. Adjacent to the new resource, click the Edit button. The Add Resource Addresses screen displays. Figure 7-7OK 6. From the Object Type pull-down menu, select either IP Address or IP Network: • If you selected IP Address, enter an IP address or fully qualified domain name in the IP Address/Name field.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual services. A specific hierarchy is invoked over which policies take precedence. The firewall policy hierarchy is defined as: 1. User Policies take precedence over all Group Policies. 2. Group Policies take precedence over all Global Policies. 3. If two or more user, group, or global policies are configured, the most specific policy takes precedence.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Viewing Policies To view the existing policies, follow these steps: 1. Select VPN > SSL VPN from the main/submenu, and then select the Policies tab. The Policies screen will display. Figure 7-8OK 2. Make your selection from the following Query options: • Click Global to view all global policies. • Click Group to view group policies, and choose the relevant group’s name from the pulldown menu.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 1. Select VPN > SSL VPN from the main/submenu, and select the Policies tab. The Policies screen displays. Figure 7-9OK 2. Make your selection from the following Query options: • Click Global if this new policy is to exclude all users and groups. • Click Group if this new policy is to be limited to a selected group. Open the pull-down menu and choose the relevant group’s name.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-10 If a needed network resource has not been defined, you can add it before proceeding with this new policy. See “Adding New Network Resources ” on page 7-13. • If you choose IP Address, you’ll need to enter a descriptive Policy Name, the specific IP Address, then choose the Service and relevant Permission from the pull-down menus.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 7-12 • If you choose All Addresses, you’ll need to enter a descriptive Policy Name, then choose the Service and relevant Permission from the pull-down menus. Figure 7-13 5. When you are finished making your selections, click Apply. The Policies screen reappears. Your policy goes into effect immediately and is added to the policies in the List of SSL VPN Policies table on this screen.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 7-20 Virtual Private Networking Using SSL v1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 8 Managing Users, Authentication, and Certificates This chapter contains the following sections: • “Adding Authentication Domains, Groups, and Users” • “Managing Certificates” Adding Authentication Domains, Groups, and Users You must create name and password accounts for all users who will connect to the firewall. This includes administrators and SSL VPN clients.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-1OK 2. Click Add. The Add Domain screen displays. Figure 8-2OK 3. Configure the following fields: a. Enter a descriptive name for the domain in the Domain Name field. b. Select the Authentication Type. 8-2 Managing Users, Authentication, and Certificates v1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The required fields are activated in varying combinations according to your selection of Authentication Type: Authentication Type Required Authentication Information Fields Local User Database None Radius-PAP Authentication Server, Authentication Secret Radius-CHAP Authentication Server, Authentication Secret Radius-MSCHAP Authentication Server, Authentication Secret Radius-MSCHAPv2 Authentication Server, Authentication Secret NT Domain
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-3OK 2. Configure the new group settings in the Add New Group section of the menu: a. Name. Enter a descriptive name for the group. b. Domain. Select the appropriate domain (only for Administrator or SSL VPN User). c. Timeout. For an Administrator, this is the period at which an idle user will be automatically logged out of the Web Configuration Manager 3. Click Add.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual . Figure 8-4Ok 2. Click Add and the Add User tab screen displays. Figure 8-5Ok 3. Configure the following fields: a. User Name. Enter a unique identifier, using any alphanumeric characters. b. User Type. Select either Administrator, SSL VPN User, or IPsec VPN User. c. Select Group. Select from a list of configured groups. The user will be associated with the domain that is associated with that group. d. Password/Confirm Password.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual e. Idle Timeout. For an Administrator, this is the period at which an idle user will be automatically logged out of the Web Configuration Manager. 4. Click Apply to save and apply your entries. The new user appears in the List of Users. Setting User Login Policies You can restrict the ability of defined users to log into the Web Configuration Manager.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in based on IP address: 1. Select the by Source IP Address tab and the by Source IP Address screen displays. Figure 8-7ok 2. In the Defined Addresses Status section, select: • the Deny Login from Defined Addresses to deny logging in from the IP addresses that you will specify • the Allow Login only from Defined Addresses to allow logging in from the IP addresses that you will specify. 3. Click Apply. 4.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To restrict logging in based on the user’s browser: 1. Select the by Client Browser tab. The by Client Browser screen will display. Figure 8-8ok 2. In the Defined Browsers Status section, select: • the Deny Login from Defined Browsers to deny logging in from browsers that you will specify. • the Allow Login only from Defined Browsers to allow logging in from browsers that you will specify. 3.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing Certificates The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A certificate that authenticates a server, for example, is a file that contains: • A public encryption key to be used by clients for encrypting messages to the server. • Information identifying the operator of the server.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual To view the VPN Certificates: Select VPN > Certificates from the main/sub-menu and the Certificates screen displays. The top section of the Certificates screen displays the Trusted Certificates (CA Certificates). Figure 8-9Maybe OK?? When you obtain a self certificate from a CA, you will also receive the CA certificate. In addition, many CAs make their certificates available on their websites. To load a CA certificate into your firewall: 1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For each self certificate, the following data is listed: • Name. The name you used to identify this certificate. • Subject Name. This is the name that other organizations will see as the holder (owner) of this certificate. This should be your registered business name or official company name. Generally, all of your certificates should have the same value in the Subject field. • Serial Number. This is a serial number maintained by the CA.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-11OK 3. Complete the Optional fields, if desired, with the following information: • IP Address – If you have a fixed IP address, you may enter it here. Otherwise, you should leave this field blank. • Domain Name – If you have an Internet domain name, you can enter it here. Otherwise, you should leave this field blank. • E-mail Address – Enter the e-mail address of a technical contact in your organization. 4. Click Generate.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 5. In the Self Certificate Requests table, click View under the Action column to view the request. Figure 8-13OK 6. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CERTIFICATE REQUEST---” to “---END CERTIFICATE REQUEST---”. 7. Submit your certificate request to a CA: a. Connect to the website of the CA. b. Start the Self Certificate request procedure. c.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 9. Return to the Certificates screen and locate the Self Certificate Requests section.. Figure 8-14need new screenshot 10. Select the checkbox next to the certificate request, then click Browse and locate the certificate file on your PC. 11. Click Upload. The certificate file will be uploaded to this device and will appear in the Active Self Certificates list.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 8-15OK The CRL table lists your active CAs and their critical release dates: • CA Identify – The official name of the CA which issued this CRL. • Last Update – The date when this CRL was released. • Next Update – The date when the next CRL will be released. 2. Click Browse and locate the CRL file you previously downloaded from a CA. 3. Click Upload.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 8-16 Managing Users, Authentication, and Certificates v1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 9 Firewall and Network Management This chapter describes how to use the network management features of your ProSafe Wireless-N VPN Firewall. These features can be found by clicking on the appropriate heading in the Main Menu of the browser interface. The ProSafe Wireless-N VPN Firewall offers many tools for managing the network traffic to optimize its performance.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • WAN side: 1000 Mbps (one WAN port at 1000 Mbps) In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are used to connect to the Internet. As a result and depending on the traffic being carried, the WAN side of the firewall will be the limiting factor to throughput for most installations.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – • Groups. The rule is applied to a Group (see “Managing Groups and Hosts (LAN Groups)” on page 3-5 to assign PCs to a Group using the LAN Groups Database). WAN Users. These settings determine which Internet locations are covered by the rule, based on the IP address. – Any. The rule applies to all Internet IP address. – Single address. The rule applies to a single Internet IP address. – Address range.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See “Managing Groups and Hosts (LAN Groups)” on page 3-5 for the procedure on how to use this feature. Schedule If you have set firewall rules on the Rules screen, you can configure three different schedules (for example, schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule is configured, it affects all Rules that use this schedule. You specify the days of the week and time of day for each schedule.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual See “Enabling Source MAC Filtering (Address Filter)” on page 5-24 for the procedure on how to use this feature. Features that Increase Traffic Features that tend to increase WAN-side loading are as follows: • Port forwarding • Port triggering • Exposed hosts • VPN tunnels Port Forwarding The firewall always blocks DoS (Denial of Service) attacks.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Enable DNS Proxy. Allows the firewall to handle DNS queries from the LAN. • Enable Stealth Mode. Prevents the firewall from responding to incoming requests for unsupported services. As you define your firewall rules, you can further refine the application according to the following criteria: • LAN Users. These settings determine which computers on your network are affected by this rule. Select the desired IP Address in this field.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • The remote system receives the PCs request and responds using the different port numbers that you have now opened. • This firewall matches the response to the previous request and forwards the response to the PC. Without port triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Tools for Traffic Management The ProSafe Wireless-N VPN Firewall includes several tools that can be used to monitor the traffic conditions of the firewall and control who has access to the Internet and the types of traffic each individual is allowed to have. See “Monitoring System Performance” on page 11-1 for a discussion of the tools.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The Edit User screen is displayed, with the current settings for Administrator displayed in the Select User Type pull-down menu. Figure 9-2OK 3. Select the Check to Edit Password checkbox. The password fields become active. 4. Enter the old password, then enter the new password twice. 5. (Optional) To change the idle timeout for an administrator login session, enter a new number of minutes in the Idle Timeout field. 6.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Enabling Remote Management Access Using the Remote Management page, you can allow an administrator on the Internet to configure, upgrade, and check the status of your firewall. You must be logged in locally to enable remote management (see “Logging into the Security Router” on page 2-2). Note: Be sure to change the default configuration password of the firewall to a very secure password.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual https://172.16.0.123 The firewall’s remote login URL is https:// or https://.. Note: To maintain security, the SRXN3205 will reject a login that uses http://address rather than the SSL https://address. Note: The first time you remotely connect to the SRXN3205 with a browser via SSL, you may get a warning message regarding the SSL certificate. If you are using a Windows computer with Internet Explorer 5.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Port. The trap port of the configuration. • Community. The trap community string of the configuration. To create a new SNMP configuration entry: 1. Select Administration > SNMP from the main/submenu and the SNMP screen displays. . Figure 9-4OK 2. Configure the following fields in the Create New SNMP Configuration Entry section: • Enter the IP Address of the SNMP manager in the IP Address field and the Subnet Mask in the Subnet Mask field.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The SNMP System Info link, located in the upper right of the screen, opens the SNMP SysConfiguration screen. This screen displays the VPN firewall identification information available to the SNMP manager: System Contact, System Location, and System name. You can edit these values.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. Click Backup to save a copy of your current settings. • If your browser isn’t set up to save downloaded files automatically, locate where you want to save the file, specify file name, and click Save. • If you have your browser set up to save downloaded files automatically, the file will be saved to your browser’s download location on the hard disk. Warning: Once you start restoring settings or erasing the firewall, do NOT interrupt the process.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 2. From the Product Selection pull-down menu, choose the SRXN3205. Select the software version and follow the To Install steps to download your software. After downloading an upgrade file, you may need to unzip (uncompress) it before upgrading the firewall. If release notes are included in the download, read them before continuing. To upgrade the router software: 1. Select Administration > Settings Backup and Firmware Upgrade from the main/submenu.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 9-6Need new screen shot 2. From the Date/Time pull-down menu, choose the Local Time Zone. This is required for scheduling work correctly. The VPN firewall includes a real-time clock (RTC), which it uses for scheduling. 3. If supported in your region, click Automatically Adjust for Daylight Savings Time. 4. Select an NTP Server option: • Use Default NTP Servers. The RTC is updated regularly by contacting a Netgear NTP server on the Internet.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 11 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Wireless-N Security Router. You can be alerted to important events such as {{WAN port rollover}}, WAN traffic limits reached, and login failures and attacks. You can also view status information about the firewall, WAN port, LAN ports, and VPN tunnels.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-1Need New Screenshot 2. Enable the traffic meter by clicking the Yes radio box under Do you want to enable Traffic Metering on WAN? The traffic meter will record the volume of Internet traffic passing through the WAN. Select the following options: • No Limit. Any specified restrictions will not be applied when traffic limit is reached. • Download only.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Note: Both incoming and outgoing traffic are included in the limit • Increase this month limit by. Temporarily increase the Traffic Limit if you have reached the monthly limit, but need to continue accessing the Internet. Select the checkbox and enter the desired increase. (The checkbox will automatically be cleared when saved so that the increase is only applied once.) • This month limit. Displays the limit for the current month. 3.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Activating Notification of Events and Alerts The Firewall Logs can be configured to log and then e-mail denial of access, general attack information, and other information to a specified e-mail address.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-2Need new screenshot more option in this one 7. To respond to IDENT protocol messages, check the Respond to Identd from SMTP Server radio box. The Ident Protocol is a weak scheme to verify the sender of e-mail (a common daemon program for providing the ident service is identd). Monitoring System Performance 11-5 v1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 8. Enter a Schedule for sending the logs. From the Unit pull-down menu, choose: Never, Hourly, Daily, or Weekly. Then set the Day and Time fields that correspond to your selection. 9. You can configure the firewall to send system logs to an external PC that is running a syslog logging program. Click Yes to enable SysLogs and send messages to the syslog server, then: a. Enter your SysLog Server IP address b.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Log entries are described in Table 11-1. Table 11-1. Firewall Logs Field Descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry. Source port and interface The service port number of the initiating device, and whether it originated from the LAN or WAN.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-3Need New screenshot The following information is displayed: Item Description System Name This is the Account Name that you entered in the Basic Settings page. Firmware Version This is the current software the router is using. This will change if you upgrade your router. 11-8 Monitoring System Performance v1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Item Description LAN Port Displays the current settings for MAC address, IP address, DHCP role and IP Subnet Mask that you set in the LAN IP Setup page. DHCP can be either Server or None. WAN Configuration Indicates whether the WAN Mode is Single, Dual, or Rollover, and whether the WAN State is UP or DOWN. It also is displayed if: • NAT is Enabled or Disabled. • Connection Type: DHCP enabled or disabled.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual . Figure 11-4Need new screenshot Monitoring Attached Devices The LAN Groups screen contains a table of all IP devices that the security router has discovered on the local network. To view the LAN Groups screen: 1. Select Network Configuration from the main menu and LAN Settings in the submenu. 2. Then select the LAN Groups tab and the LAN Groups screen displays. 3.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-5OK The Known PCs and Devices table lists all current entries in the LAN Groups database. For each PC or device, the following data is displayed Table 11-2. Known PCs and Devices options Item Description Name The name of the PC or device. Sometimes, this can not be determined, and will be listed as Unknown. In this case, you can edit the entry to add a meaningful name. IP Address The current IP address.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Reviewing the DHCP Log To review the most recent entries in the DHCP log: 1. Select Network Configuration > LAN Setup from the main/submenu, and then click the LAN Setup tab. The LAN Setup screen displays. Figure 11-6OK 2. Click the DHCP Log link to the right of the tabs. The DHCP Log appears in a popup window. Figure 11-7OK 3. To view the most recent entries, click refresh. To delete all the existing log entries, click clear log.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Monitoring Active Users The Active Users menu screen displays a list of administrators and SSL VPN users currently logged into the device. To display the list of active users: 1. Select Monitoring > Active Users from the main/submenu. The Active Users screen is displayed. Figure 11-8Need new screenshot The active user’s username, group, and IP address are listed in the table with a timestamp indicating the time and date that the user logged in. 2.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Figure 11-9OK 2. When the Port Triggering screen is displayed, click the Status link to the right of the tab to display the Port Triggering Status. Figure 11-10OK The status window displays the following information: Item Description Rule The name of the port triggering rule associated with this entry. LAN IP Address The IP address of the PC currently using this rule. Open Ports The Incoming ports which are associated the this rule.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Monitoring VPN Tunnel Connection Status To review the status of current VPN tunnels: 1. Select VPN > Connection Status from the main/submenu, and then select the IPsec VPN Connection Status tab. The IPsec Connection Status screen displays. Figure 11-11OK The Active IPsec SAs table lists each active connection with the following information. Item Description Policy Name The name of the VPN policy associated with this SA.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual The active SSL VPN user’s username, group, and IP address are listed in the table with a timestamp indicating the time and date that the user connected. 3. You can disconnect an active SSL VPN user by clicking Disconnect to the right of the user’s list entry. Reviewing the VPN Logs The VPN Logs screen gives log details for recent VPN activity. 1. Select Monitoring > VPN Logs from the main/submenu, and select the IPsec VPN Logs tab.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Chapter 12 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe Wireless-N VPN Firewall. After each problem description, instructions are provided to help you diagnose and solve the problem.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Power LED Not On If the Power and other LEDs are off when your VPN firewall is turned on: • Verify the power adapter cord is properly connected to your VPN firewall and the power adapter is properly connected to a functioning power outlet. • Verify you are using the 12VDC, 1.5A power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Check the Ethernet connection between the PC and the firewall as described in the previous section. • Ensure your PC’s IP address is on the same subnet as the firewall. If you are using the recommended addressing scheme, your PC’s address should be in the range of 192.168.1.2 to 192.168.1.254. Note: If your PC’s IP address is shown as 169.254.x.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Troubleshooting the ISP Connection If your firewall is unable to access the Internet, you should first determine whether the firewall is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your firewall must request an IP address from the ISP. You can determine whether the request was successful using the Web Configuration Manager. To check the WAN IP address: 1.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual – Configure your firewall to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring the Internet Connection” on page 2-7. If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: • Your PC may not recognize any DNS server addresses. A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • • Wrong physical connections – Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or WAN Port LEDs Not On” on page 12-2. – Check that the corresponding Link LEDs are on for your network interface card and for the hub ports (if any) that are connected to your workstation and firewall.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall’s administration password to password and the IP address to 192.168.1.1. You can erase the current configuration and restore factory defaults in two ways: • Use the Erase function of the VPN firewall (see “Settings Backup and Firmware Upgrade” on page 9-13).
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Diagnostics Functions You can perform diagnostics such as pinging an IP address, performing a DNS lookup, displaying the routing table, rebooting the VPN firewall, and capturing packets. 1. Select Monitoring > Diagnostics from the main/submenu. The Diagnostics screen displays. 2. View the selections available in the Diagnostic screen and browse the descriptions listed in Table 12-1., “Diagnostics”.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Table 12-1. Diagnostics Item Description Ping or trace an IP address Ping – Used to send a ping packet request to a specified IP address—most often, to test a connection. If the request times out (no reply is received), it usually means that the destination is unreachable. However, some network devices can be configured not to respond to a ping.
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 12-10 Troubleshooting v1.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual Appendix A Default Settings and Technical Specifications You can use the reset button located on the rear panel to reset all settings to their factory defaults. This is called a hard reset. • To perform a hard reset, press and hold the reset button for approximately 10 seconds (until the TEST LED blinks rapidly). Your device will return to the factory configuration settings shown in Table A-1 below.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual Table A-1.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual Table A-2.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual A-4 Default Settings and Technical Specifications v1.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP Addressing: http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.
ProSafe Wireless-N Security Router SRXN3205 Reference Manual B-2 Related Documents v1.
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Index B backup and restore settings 8-14 bandwidth capacity 8-1 LAN side 8-1 Load balancing mode 8-2 Rollover mode 8-2 WAN side 8-2 A access remote management 8-10 Banner Message 6-5 Banner Title 6-5 ActiveX web cache control 6-6 BigPond Cable 2-6, 2-8 Internet connection 2-10 Add LAN WAN Inbound Service 4-9 Add LAN WAN Outbound Service 4-8 Block Sites Content Filtering 4-19 reducing traffic 8-4 Add Mode Config Record s
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Content Filtering 4-1 about 4-19 Block Sites 4-19 enabling 4-20 firewall protection, about 4-1 content filtering 1-3, 4-1 crossover cable 1-4, 10-2 CSR 7-11 customized service adding 4-2, 4-17 editing 4-17 enable 3-4 lease time 3-4 diagnostics DNS lookup 10-8 packet capture 10-8 ping 10-8 rebooting 10-8 routing table 10-8 Diagnostics screen 10-8 Diffie-Hellman Group IKE Policy 5-13 Disable DHCP Server 3-1 D Date setting 8-16 t
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Load Balancing, configuration of 2-15 load balancing, inbound traffic C-9 network planning C-1 Dynamic DNS configuration of 2-17 Firewall Logs emailing of 4-25, 9-4 viewing 9-6 Firewall Logs & E-mail screen 4-25, 9-4 Dynamic DNS Configuration screen 2-17, 2-18 Firewall Protection Content Filtering, about 4-1 Dynamic DNS. See DDNS firewall protection 4-1 DynDNS.
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual ModeConfig, configuring with 5-21 XAUTH, adding to 5-25 IPsec Host XAUTH, with ModeConfig 5-22 Inbound Rules default definition 4-2 field descriptions 4-5 order of precedence 4-7 Port Forwarding 4-2, 4-4 rules for use 4-4 IPsec host 5-24 inbound rules 4-4 example 4-14 Keep Connected Idle TImeout 2-9 Idle Timeout 2-9 Inbound Service Rule modifying 4-9 Inbound Services field descriptions 4-5 inbound traffic C-6, C-8 dual WAN
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual LEDs explanation of 1-6 troubleshooting 10-2 Load Balancing bandwidth capacity 8-2 configuration of 2-15 definition of 2-12 use with DDNS 2-17 view protocol bindings 2-16 logging in default login 2-2 login policy restrict by browser 7-8 restrict by IP address 7-7 restrict by port 7-6 N NAS Identifier 5-27 NAT configuring 2-12 firewall, use with 4-1 multi-NAT 4-14 one-to-one mapping 2-12 one-to-one mapping example 4-14 Network A
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual P package contents 1-5 packet capture 10-9 passwords and login timeout changing 8-8 passwords,restoring 10-7 performance management 8-1, 9-1 Ping troubleshooting TCP/IP 10-5 ping 10-9 Ping On Internet Ports 4-10 Ping to an IP address Auto-Rollover 2-13 PPTP 2-6, 2-8, 4-11 protocol binding 2-15 protocol numbers assigned 4-16 protocols Routing Information Protocol 1-4 Q QoS about 4-18 priority definitions 4-18 shifting traffic
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Return E-mail Address 9-4 self certificate request 7-11 RFC 1349 4-18 Send To E-mail Address 9-4 RFC1700 protocol numbers 4-16 Service Add Protocol Binding 2-16 RIP about 3-12 advertising static routes 3-11 configuring parameters 3-12 feature 1-4 versions of 3-13 service 4-16 RIP Configuration menu 3-12 Rollover mode bandwidth capacity 8-2 router upgrade software 8-16 router administration tips on 4-25 Router Status 2-13
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual SSL VPN Client description 6-2 SSL VPN Logs 9-16 traffic increasing 8-5 reducing 8-2 Starting IP Address DHCP Address Pool 3-4 traffic management 8-8 Stateful Packet Inspection firewall, use with 4-1 troubleshooting 10-1 browsers 10-3 configuration settings, using sniffer 10-3 defaults 10-3 ISP connection 10-4 NTP 10-7 testing your setup 10-6 Web configuration 10-3 stateful packet inspection. See SPI.
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual configuring PC, example 5-16 VPN Wizard example 5-16 VPN firewall connecting 2-1 VPN Logs screen 9-15 VPN passthrough 4-11, 8-6 VPN Policies screen 5-5, 5-9 WAN Port 1 status 2-7 WAN Ports monitoring status 9-9 WAN ports status of 2-13 WAN Security Check about 4-10 VPN Policy Auto 5-13 field definitions 5-14 Manual 5-13 WAN side bandwidth capacity 8-2 VPN Tunnel addresses Dual WAN Port systems 5-2 WAN1 ISP Settings manual s
