Waters Network Systems ProSwitch-Quad Series Dokumentacja

350 East Plumeria DriveSan Jose, CA 95134USAApril 2013202-10536-05ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Reference Manual

10ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308LAN to DMZ Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

LAN Configuration100ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 56. 2. Modify the settings as described in Table 17 on page 98.3. Clic

LAN Configuration101 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 57. 3. Select the radio button next to the group name that you want to c

LAN Configuration102ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The saved binding is also displayed on the IP/MAC Binding screen (see Figu

LAN Configuration103 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DHCPv6 Server OptionsThe IPv6 clients in the LAN can autoconfigure their own IPv

LAN Configuration104ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Stateful DHCPv6 ServerThe IPv6 clients in the LAN obtain an interface IP address

LAN Configuration105 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Enter the settings as described in the following table. The IPv6 address pool

LAN Configuration106ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your changes.IPv6 LAN Address PoolsIf you configure a sta

LAN Configuration107 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 59. 2. Enter the settings as described in the following table:3. Click A

LAN Configuration108ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Delegation table to enable the DHCPv6 server to assign these prefixes to its IPv

LAN Configuration109 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for th

1111. IntroductionThis chapter provides an overview of the features and capabilities of the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 and ex

LAN Configuration110ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To configure the Router Advertisement Daemon for the LAN:1. Select Network Con

LAN Configuration111 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your changes.Advertisement Prefixes for the LANYou need t

LAN Configuration112ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 62. 2. Enter the settings as described in the following table:3. Click A

LAN Configuration113 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings. To delete one or more advertisement prefi

LAN Configuration114ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. In the Add Secondary LAN IP Address section of the screen, enter the followin

LAN Configuration115 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308By default, the DMZ port and both inbound and outbound DMZ traffic are disabled.

LAN Configuration116ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 64. 2. Enter the settings as described in the following table: Table 23.

LAN Configuration117 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DHCP for DMZ Connected ComputersDisable DHCP Server If another device on your ne

LAN Configuration118ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.DMZ Port for IPv6 TrafficThe DMZ Setup (IPv

LAN Configuration119 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308For the DMZ, there are two DHCPv6 server options:• Stateless DHCPv6 server. The

Introduction12ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 What Is the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308?The ProSAFE Gigabit Quad

LAN Configuration120ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as described in the following table: Table 24. DMZ Setup

LAN Configuration121 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.IPv6 DMZ Address PoolsIf you configure a st

LAN Configuration122ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Enter the settings as described in the following table:3. Click Apply to save

LAN Configuration123 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Hosts and routers in the LAN use NDP to determine the link-layer addresses and r

LAN Configuration124ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 67. 4. Enter the settings as described in the following table:Table 27.

LAN Configuration125 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your changes.Advertisement Prefixes for the DMZYou need t

LAN Configuration126ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 68. 2. Enter the settings as described in the following table:3. Click A

LAN Configuration127 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings. To delete one or more advertisement prefi

LAN Configuration128ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Click the Add table button under the Static Routes table. The Add Static Rout

LAN Configuration129 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308displays. This screen is identical to the Add Static Route screen (see the previ

Introduction13 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The VPN firewall provides the following key features and capabilities:• Four 10/100/10

LAN Configuration130ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Enter the settings as described in the following table: Table 30. RIP Config

LAN Configuration131 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.IPv4 Static Route ExampleIn this example, w

LAN Configuration132ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage Static IPv6 RoutingNETGEAR’s implementation of IPv6 does not support RIP

LAN Configuration133 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Enter the settings as described in the following table: 5. Click Apply to sav

13444. Firewall ProtectionThis chapter describes how to use the firewall features of the VPN firewall to protect your network. The chapter contains

Firewall Protection135 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308About Firewall ProtectionA firewall protects one network (the trusted network,

Firewall Protection136ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Overview of Rules to Block or Allow Specific Kinds of Traffic• Outbound Rules

Firewall Protection137 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Bandwidth profiles. After you have a configured a bandwidth profile (see Cre

Firewall Protection138ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Select Schedule The time schedule (that is, Schedule1, Schedule2, or Schedule

Firewall Protection139 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308QoS Profile or QoS PriorityThe priority assigned to IP packets of this service

Introduction14ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Advanced VPN Support for Both IPSec and SSLThe VPN firewall supports IPSec and SSL vir

Firewall Protection140ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Inbound Rules (Port Forwarding)If you have enabled Network Address Translation

Firewall Protection141 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: When the Block TCP Flood and Block UDP Flood check boxes are selected on

Firewall Protection142ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Send to LAN Server The LAN server address determines which computer on your ne

Firewall Protection143 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308WAN Users The settings that determine which Internet locations are covered by

Firewall Protection144ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Some residential broadband ISP accounts do not allow you to run any serv

Firewall Protection145 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308For any traffic attempting to pass through the firewall, the packet informatio

Firewall Protection146ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To change an existing outbound or inbound service rule, in the Action column t

Firewall Protection147 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To enable, disable, or delete one or more IPv4 or IPv6 rules:1. Select the c

Firewall Protection148ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 77. 2. Enter the settings as described in Table 33 on page 137. In a

Firewall Protection149 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 78. 3. Enter the settings as described in Table 33 on page 137. In a

Introduction15 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Security FeaturesThe VPN firewall is equipped with several features designed to mainta

Firewall Protection150ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 IPv4 LAN WAN Inbound Service Rules To create an IPv4 LAN WAN inbound rule:1.

Firewall Protection151 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following configurations are optional:• Translate to Port Number• QoS Prof

Firewall Protection152ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure DMZ WAN Rules• Create DMZ WAN Outbound Service Rules• Create LAN WAN

Firewall Protection153 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308To change an existing outbound or inbound service rule, in the Action column t

Firewall Protection154ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To enable, disable, or delete one or more IPv4 or IPv6 rules:1. Select the c

Firewall Protection155 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in Table 33 on page 137. In addition to s

Firewall Protection156ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Unless your selection from the Action drop-down list is BLOCK always, you also

Firewall Protection157 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in Table 34 on page 141. In addition to s

Firewall Protection158ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Unless your selection from the Action drop-down list is BLOCK always, you also

Firewall Protection159 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308To change an existing outbound or inbound service rule, in the Action column t

Introduction16ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • DNS proxy. When DHCP is enabled and no DNS addresses are specified, the VPN firewall

Firewall Protection160ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Click one of the following table buttons:• Enable. Enables the rule or rule

Firewall Protection161 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Unless your selection from the Action drop-down list is BLOCK always, you also

Firewall Protection162ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create LAN DMZ Inbound Service RulesThe Inbound Services table lists all exist

Firewall Protection163 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6 LAN DMZ Inbound Service Rules To create an IPv6 LAN DMZ inbound rule:1.

Firewall Protection164ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Examples of Firewall Rules• Examples of Inbound Firewall Rules• Examples of Ou

Firewall Protection165 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 94. IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT Ma

Firewall Protection166ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: If you arrange with your ISP to have more than one public IP address for

Firewall Protection167 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308this address on the WAN2 Secondary Addresses screen (see Configure Secondary W

Firewall Protection168ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:For security, NETGEAR strongly recommends that you avoid creating an e

Firewall Protection169 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 98. IPv6 DMZ WAN Outbound Rule: Allow a Group of DMZ User to Access an

Introduction17 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Maintenance and SupportNETGEAR offers the following features to help you maximize your

Firewall Protection170ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Other Firewall Features• Attack Checks• Set Limits for IPv4 Sessions

Firewall Protection171 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in the following table:Table 35. Attack Ch

Firewall Protection172ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.IPv6 Attack Checks To enable IPv6 attack

Firewall Protection173 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Set Limits for IPv4 SessionsThe session limits feature allows you to specify t

Firewall Protection174ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.Configure Multicast Pass-Through for IPv4

Firewall Protection175 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 103. 2. In the Multicast Pass through section of the screen, select th

Firewall Protection176ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To delete one or more multicast source addresses:1. In the Alternate Network

Firewall Protection177 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• QoS profiles and priorities. A Quality of Service (QoS) profile defines the

Firewall Protection178ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 105. 2. In the Add Customer Service section of the screen, enter the s

Firewall Protection179 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 106. 2. Modify the settings that you wish to change (see the previous

Introduction18ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The front panel also contains three groups of status indicator light-emitting diodes (

Firewall Protection180ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the Add New Custom IP Group section of the screen, do the following:• In

Firewall Protection181 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete an IP group:1. In the Custom IP Groups table, select the check box

Firewall Protection182ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 109. 2. Under the List of Bandwidth Profiles table, click the Add tabl

Firewall Protection183 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The new bandwidth profile is added to th

Firewall Protection184ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create Quality of Service Profiles for IPv4 Firewall RulesA Quality of Service

Firewall Protection185 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 112. 3. Enter the settings as described in the following table.4. Clic

Firewall Protection186ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit a QoS profile:1. In the List of QoS Profiles table, click the Edit t

Firewall Protection187 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Several types of blocking are available:• Web component blocking. You can bloc

Firewall Protection188ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • If the keyword “.com” is specified, only websites with other domain suffixes

Firewall Protection189 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. In the Web Components section of the screen, select the components that you

Introduction19 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Rear PanelThe rear panel of the VPN firewall includes a console port, a Factory Defaul

Firewall Protection190ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To set a schedule:1. Select Security > Services > Schedule 1. The Sche

Firewall Protection191 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: For additional ways of restricting outbound traffic, see Outbound Rules

Firewall Protection192ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:If you select Permit and Block the rest from the drop-down list but do

Firewall Protection193 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Host 2 has changed its MAC address to 00:01:02:03:04:09. The packet has an I

Firewall Protection194ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. In the IP/MAC Bindings sections of the screen, enter the settings as descri

Firewall Protection195 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click the Set Interval button. Wait for the confirmation that the operation

Firewall Protection196ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click the Add table button. The new IP/MAC rule is added to the IP/MAC Bind

Firewall Protection197 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Port TriggeringPort triggering allows some applications running on a

Firewall Protection198ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 120. 2. In the Add Port Triggering Rule section, enter the settings as

Firewall Protection199 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To remove one or more port triggering rules from the table:1. Select the che

2ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 SupportThank you for selecting NETGEAR products. After installing your device, locate the serial nu

Introduction20ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • Factory Defaults Reset button. Using a sharp object, press and hold this button for

Firewall Protection200ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The UPnP Portmap Table in the lower part of the screen shows the IP addresses

20155. Virtual Private Networking Using IPSec and L2TP ConnectionsThis chapter describes how to use the IP security (IPSec) virtual private networ

Virtual Private Networking Using IPSec and L2TP Connections202ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Considerations for Dual WAN Port Syste

Virtual Private Networking Using IPSec and L2TP Connections203 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following table summarizes the WAN

Virtual Private Networking Using IPSec and L2TP Connections204ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create an IPv4 Gateway-to-Gateway VPN

Virtual Private Networking Using IPSec and L2TP Connections205 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308To view the wizard default settings, c

Virtual Private Networking Using IPSec and L2TP Connections206ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: To ensure that tunnels stay activ

Virtual Private Networking Using IPSec and L2TP Connections207 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 128. 4. Configure a VPN policy

Virtual Private Networking Using IPSec and L2TP Connections208ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create an IPv6 Gateway-to-Gateway VPN

Virtual Private Networking Using IPSec and L2TP Connections209 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308To view the wizard default settings, c

Introduction21 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Use the Rack-Mounting KitUse the mounting kit for the VPN firewall to install the appl

Virtual Private Networking Using IPSec and L2TP Connections210ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: To ensure that tunnels stay activ

Virtual Private Networking Using IPSec and L2TP Connections211 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 133. 5. Configure a VPN policy

Virtual Private Networking Using IPSec and L2TP Connections212ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create an IPv4 Client-to-Gateway VPN T

Virtual Private Networking Using IPSec and L2TP Connections213 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 136. To display the wizard def

Virtual Private Networking Using IPSec and L2TP Connections214ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections215 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 137. Note: When you are using

Virtual Private Networking Using IPSec and L2TP Connections216ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a compu

Virtual Private Networking Using IPSec and L2TP Connections217 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 139. 3. Select the A router or

Virtual Private Networking Using IPSec and L2TP Connections218ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 141. 6. This screen is a summa

Virtual Private Networking Using IPSec and L2TP Connections219 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308c. Specify the settings that are descr

Introduction22ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: The VPN firewall factory default IP address is 192.168.1.1. If you change the IP

Virtual Private Networking Using IPSec and L2TP Connections220ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 143. b. Specify the default li

Virtual Private Networking Using IPSec and L2TP Connections221 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure the Authentication Settings

Virtual Private Networking Using IPSec and L2TP Connections222ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: This is the name for the authen

Virtual Private Networking Using IPSec and L2TP Connections223 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections224ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 8. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections225 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 148. 3. Specify the settings t

Virtual Private Networking Using IPSec and L2TP Connections226ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections227 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Connection and View Connectio

Virtual Private Networking Using IPSec and L2TP Connections228ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 151. • Use the system-tray ico

Virtual Private Networking Using IPSec and L2TP Connections229 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308NETGEAR VPN Client Status and Log Info

Introduction23 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Login. The web management interface displays, showing the Router Status scree

Virtual Private Networking Using IPSec and L2TP Connections230ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The Active IPSec SA(s) table lists eac

Virtual Private Networking Using IPSec and L2TP Connections231 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Manage IPSec VPN Policies• Manage IKE

Virtual Private Networking Using IPSec and L2TP Connections232ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 158. Each policy contains the d

Virtual Private Networking Using IPSec and L2TP Connections233 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: You cannot delete or edit an IKE

Virtual Private Networking Using IPSec and L2TP Connections234ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Complete the settings as described

Virtual Private Networking Using IPSec and L2TP Connections235 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Identifier From the drop-down list, se

Virtual Private Networking Using IPSec and L2TP Connections236ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Authentication Method Select one of th

Virtual Private Networking Using IPSec and L2TP Connections237 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections238ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your changes. T

Virtual Private Networking Using IPSec and L2TP Connections239 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 160. Each policy contains the d

Introduction24ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The web management interface menu consists of the following components:• 1st level: Ma

Virtual Private Networking Using IPSec and L2TP Connections240ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 For information about how to add or ed

Virtual Private Networking Using IPSec and L2TP Connections241 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 162. Add New VPN Policy screen

Virtual Private Networking Using IPSec and L2TP Connections242ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Policy Type From the drop-down list, s

Virtual Private Networking Using IPSec and L2TP Connections243 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Traffic SelectionLocal IP From the dro

Virtual Private Networking Using IPSec and L2TP Connections244ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Key-Out The encryption key for the out

Virtual Private Networking Using IPSec and L2TP Connections245 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections246ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 requesting individual authentication i

Virtual Private Networking Using IPSec and L2TP Connections247 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. In the Extended Authentication sect

Virtual Private Networking Using IPSec and L2TP Connections248ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 name and password information. The gat

Virtual Private Networking Using IPSec and L2TP Connections249 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.N

Introduction25 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308When a screen includes a table, table buttons display to let you configure the table e

Virtual Private Networking Using IPSec and L2TP Connections250ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Assign IPv4 Addresses to Remote Users

Virtual Private Networking Using IPSec and L2TP Connections251 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To configure Mode Config on the VPN

Virtual Private Networking Using IPSec and L2TP Connections252ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Complete the settings as described

Virtual Private Networking Using IPSec and L2TP Connections253 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections254ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 166. 8. On the Add IKE Policy

Virtual Private Networking Using IPSec and L2TP Connections255 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Table 60. Add IKE Policy screen setti

Virtual Private Networking Using IPSec and L2TP Connections256ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 IKE SA ParametersNote: Generally, the

Virtual Private Networking Using IPSec and L2TP Connections257 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53089. Click Apply to save your settings.

Virtual Private Networking Using IPSec and L2TP Connections258ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Perform these tasks from a compu

Virtual Private Networking Using IPSec and L2TP Connections259 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Change the name of the authenticati

2622. IPv4 and IPv6 Internet and WAN SettingsThis chapter explains how to configure the IPv4 and IPv6 Internet and WAN settings. The chapter contain

Virtual Private Networking Using IPSec and L2TP Connections260ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections261 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53088. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections262ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 171. 3. Specify the settings t

Virtual Private Networking Using IPSec and L2TP Connections263 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to use the new settings

Virtual Private Networking Using IPSec and L2TP Connections264ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Specify the following default lifet

Virtual Private Networking Using IPSec and L2TP Connections265 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Verify that the VPN firewall issued

Virtual Private Networking Using IPSec and L2TP Connections266ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 keep-alive and Dead Peer Detection (DP

Virtual Private Networking Using IPSec and L2TP Connections267 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Enter the settings as described in

Virtual Private Networking Using IPSec and L2TP Connections268ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 177. 4. In the IKE SA Paramete

Virtual Private Networking Using IPSec and L2TP Connections269 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Specify the IP version for which yo

IPv4 and IPv6 Internet and WAN Settings27 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Internet and WAN Configuration Tasks• Roadmap to Setting Up

Virtual Private Networking Using IPSec and L2TP Connections270ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To enable the PPTP server and config

Virtual Private Networking Using IPSec and L2TP Connections271 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.V

Virtual Private Networking Using IPSec and L2TP Connections272ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure the L2TP ServerAs an alterna

Virtual Private Networking Using IPSec and L2TP Connections273 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in

Virtual Private Networking Using IPSec and L2TP Connections274ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 L2TP IP The IP address that is assigne

27566. Virtual Private Networking Using SSL ConnectionsThe VPN firewall provides a hardware-based SSL VPN solution designed specifically to provide

Virtual Private Networking Using SSL Connections276ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 SSL VPN Portal OptionsThe VPN firewall’s SSL VPN

Virtual Private Networking Using SSL Connections277 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308resources to which the users are granted access.

Virtual Private Networking Using SSL Connections278ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 You apply portal layouts by selecting one from th

Virtual Private Networking Using SSL Connections279 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The List of Layouts table displays the following

IPv4 and IPv6 Internet and WAN Settings28ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. (Optional) Configure Dynamic DNS on the WAN interfaces.

Virtual Private Networking Using SSL Connections280ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Complete the settings as described in the foll

Virtual Private Networking Using SSL Connections281 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings. The new por

Virtual Private Networking Using SSL Connections282ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 For information about how to configure domains, g

Virtual Private Networking Using SSL Connections283 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. In the Add New Application for Port Forwarding

Virtual Private Networking Using SSL Connections284ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To add servers and host names for client name r

Virtual Private Networking Using SSL Connections285 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Select whether you want to enable full-tunnel o

Virtual Private Networking Using SSL Connections286ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 188. SSL VPN Client screen for IPv63. Com

Virtual Private Networking Using SSL Connections287 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. VPN tunnel

Virtual Private Networking Using SSL Connections288ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 If VPN tunnel clients are already connected, disc

Virtual Private Networking Using SSL Connections289 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 189. 2. In the Add New Resource section o

IPv4 and IPv6 Internet and WAN Settings29 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53086. (Optional) Configure the WAN options. If necessary, chan

Virtual Private Networking Using SSL Connections290ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 190. 4. Complete the settings as describe

Virtual Private Networking Using SSL Connections291 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your settings. The new con

Virtual Private Networking Using SSL Connections292ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 includes the following addresses: 10.0.0.5–10.0.0

Virtual Private Networking Using SSL Connections293 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Make your selection from the following Query o

Virtual Private Networking Using SSL Connections294ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 .Figure 193. Add SSL VPN Policy screen for IPv64

Virtual Private Networking Using SSL Connections295 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Apply Policy to? (continued)Network ResourcePolic

Virtual Private Networking Using SSL Connections296ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your settings. The policy

Virtual Private Networking Using SSL Connections297 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete one or more SSL VPN policies:1. On th

Virtual Private Networking Using SSL Connections298ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. In the Portal URL field of the List of Layouts

Virtual Private Networking Using SSL Connections299 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 198. The User Portal screen displays a si

3ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 202-10536-03 1.0 November 2011 Incorporated nontechnical edits only (there are no feature changes).

IPv4 and IPv6 Internet and WAN Settings30ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • If your ISP has provided you with multiple public IP addr

Virtual Private Networking Using SSL Connections300ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 199. The active user’s name, group, and IP

30177. Manage Users, Authentication, and VPN CertificatesThis chapter describes how to manage users, authentication, and security certificates for

Manage Users, Authentication, and VPN Certificates302ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The VPN Firewall’s Authentication Process and O

Manage Users, Authentication, and VPN Certificates303 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Authentication Domains, Groups, and U

Manage Users, Authentication, and VPN Certificates304ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Create Domains To create a domain:1. Select Us

Manage Users, Authentication, and VPN Certificates305 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 202. 3. Complete the settings as descri

Manage Users, Authentication, and VPN Certificates306ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The domai

Manage Users, Authentication, and VPN Certificates307 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: A combination of local and external authe

Manage Users, Authentication, and VPN Certificates308ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 IMPORTANT:When you create a domain on the Domai

Manage Users, Authentication, and VPN Certificates309 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: When you create a domain on the Domains

IPv4 and IPv6 Internet and WAN Settings31 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings. These settings apply

Manage Users, Authentication, and VPN Certificates310ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Edit GroupsFor groups that were automatically c

Manage Users, Authentication, and VPN Certificates311 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Guest user. A user who can only view the VPN

Manage Users, Authentication, and VPN Certificates312ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 206. 3. Enter the settings as described

Manage Users, Authentication, and VPN Certificates313 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete one or more user accounts:1. In the

Manage Users, Authentication, and VPN Certificates314ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: For security reasons, the Deny Login from

Manage Users, Authentication, and VPN Certificates315 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53086. In the Add Defined Addresses section of the

Manage Users, Authentication, and VPN Certificates316ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 209. 5. In the Defined Addresses Status

Manage Users, Authentication, and VPN Certificates317 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To delete one or more IPv6 addresses:1. In th

Manage Users, Authentication, and VPN Certificates318ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • Firefox. Mozilla Firefox.• Mozilla. Other Moz

Manage Users, Authentication, and VPN Certificates319 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 211. 3. Change the settings as describe

IPv4 and IPv6 Internet and WAN Settings32ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 12. 3. Click the Auto Detect button at the bottom o

Manage Users, Authentication, and VPN Certificates320ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage Digital Certificates for VPN Connections

Manage Users, Authentication, and VPN Certificates321 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Because a commercial CA takes steps to verify t

Manage Users, Authentication, and VPN Certificates322ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage VPN CA Certificates To view and upload

Manage Users, Authentication, and VPN Certificates323 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Manage VPN Self-Signed CertificatesInstead of o

Manage Users, Authentication, and VPN Certificates324ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 214. Certificates, screen 2 of 32. In t

Manage Users, Authentication, and VPN Certificates325 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click the Generate table button. A new SCR i

Manage Users, Authentication, and VPN Certificates326ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 9. Select the check box next to the self-signed

Manage Users, Authentication, and VPN Certificates327 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 216. Certificates, screen 3 of 3The Cer

32888. Network and System ManagementThis chapter describes the tools for managing the network traffic to optimize its performance and the system man

Network and System Management329 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Performance Management• Bandwidth Capacity• Features That Reduce Tra

IPv4 and IPv6 Internet and WAN Settings33 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• If the autodetect process does not find a connection, you

Network and System Management330ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Features That Reduce TrafficYou can adjust the following features of

Network and System Management331 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• LAN users (or DMZ users). You can specify which computers on your

Network and System Management332ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 In order to reduce traffic, the VPN firewall provides the following

Network and System Management333 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Each rule lets you specify the desired action for the connections co

Network and System Management334ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 - Address range. The rule applies to a range of Internet IP addresse

Network and System Management335 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN, L2TP, and PPTP TunnelsThe VPN firewall supports site-to-site IP

Network and System Management336ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Monitoring Tools for Traffic ManagementThe VPN firewall includes sev

Network and System Management337 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 217. 2. In the Action column of the List of Users table, cli

Network and System Management338ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click Apply to save your settings.7. Repeat Step 1 through Step

Network and System Management339 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308continuing (see Change Passwords and Administrator and Guest Setting

IPv4 and IPv6 Internet and WAN Settings34ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 13. The Connection Status screen should show a vali

Network and System Management340ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 220. Remote Management screen for IPv63. Enter the settings

Network and System Management341 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308WARNING:If you are remotely connected to the VPN firewall and you se

Network and System Management342ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Tip: If you are using a Dynamic DNS service such as TZO, you can ide

Network and System Management343 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 221. The SNMPv3 Users table includes the default SNMPv3 user

Network and System Management344ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. To specify a new SNMP configuration, in the Create New SNMP Confi

Network and System Management345 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 222. 2. Modify the settings as described in the previous tab

Network and System Management346ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your changes. To configure the SNMP system i

Network and System Management347 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in the following table:3. Click A

Network and System Management348ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 225. Back Up SettingsThe backup feature saves all VPN firewal

Network and System Management349 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Restore SettingsWARNING:Restore only settings that were backed up fr

IPv4 and IPv6 Internet and WAN Settings35 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The IPv4 WAN Settings table displays the following fields:•

Network and System Management350ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:When you press the hardware factory default Reset button or

Network and System Management351 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The newly installed firmware is the active firmware. The previously

Network and System Management352ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Select Monitoring. The Router Status screen displays, showing the

Network and System Management353 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Resolve IPv6 address for serversSelect this check box to force the u

Network and System Management354ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.Note: If you select the default

35599. Monitor System Access and PerformanceThis chapter describes the system-monitoring features of the VPN firewall. You can be alerted to importa

Monitor System Access and Performance356ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure and Enable the WAN Traffic MeterIf your ISP charge

Monitor System Access and Performance357 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Table 88. WAN1 Traffic Meter screen settings Setting Descri

Monitor System Access and Performance358ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 3. Click Apply to save your settings.4. If you want to enabl

Monitor System Access and Performance359 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure and Enable the LAN Traffic MeterIf your ISP charge

IPv4 and IPv6 Internet and WAN Settings36ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 16. 6. If your connection is PPTP or PPPoE, your IS

Monitor System Access and Performance360ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • Traffic (MB). The traffic usage in MB.• State. The state t

Monitor System Access and Performance361 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53086. Click Apply to save your settings. The new account is add

Monitor System Access and Performance362ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure Logging, Alerts, and Event NotificationsYou can co

Monitor System Access and Performance363 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Enter the settings as described in the following table:Ta

Monitor System Access and Performance364ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Enable E-mail LogsDo you want logs to be emailed to you?Sele

Monitor System Access and Performance365 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53083. Click Apply to save your settings.Note: Enabling routing

Monitor System Access and Performance366ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 234. You can refresh the logs, clear the logs, or se

Monitor System Access and Performance367 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308How to Send Syslogs over a VPN Tunnel between Sites To send

Monitor System Access and Performance368ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. In the Traffic Selector section of the screen, make the f

Monitor System Access and Performance369 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308View Status Screens• View the System Status• View the VPN Co

IPv4 and IPv6 Internet and WAN Settings37 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53087. In the Internet (IP) Address section of the screen (see

Monitor System Access and Performance370ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 236. The following table explains the fields of the R

Monitor System Access and Performance371 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Router Statistics Screen To view the Router Statistics scre

Monitor System Access and Performance372ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 237. The following table explains the fields of the

Monitor System Access and Performance373 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 238.

Monitor System Access and Performance374ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The following table explains the fields of the Detailed Stat

Monitor System Access and Performance375 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ IPv6 ConfigurationIPv6 Address The IPv6 address and pref

Monitor System Access and Performance376ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 VLAN Status ScreenThe VLAN Status screen displays informatio

Monitor System Access and Performance377 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following table explains the fields of the VLAN Status s

Monitor System Access and Performance378ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 View the VPN Connection Status, L2TP Users, and PPTP UsersTh

Monitor System Access and Performance379 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The active user’s user name, group, and IP address are liste

IPv4 and IPv6 Internet and WAN Settings38ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 8. In the Domain Name Server (DNS) Servers section of the s

Monitor System Access and Performance380ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The List of PPTP Active Users table lists each active connec

Monitor System Access and Performance381 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 246. View the Port Triggering Status To view the sta

Monitor System Access and Performance382ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 248. The Port Triggering Status screen displays the

Monitor System Access and Performance383 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 249. 2. In the Action column, click the Status butto

Monitor System Access and Performance384ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Click Disconnect to disconnect the connection; click Connect

Monitor System Access and Performance385 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 252. The type of connection determines the informati

Monitor System Access and Performance386ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 View the Attached Devices To view the attached devices on t

Monitor System Access and Performance387 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: If the VPN firewall is rebooted, the data in the Known

Monitor System Access and Performance388ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Diagnostics Utilities• Send a Ping Packet• Trace a Route• Lo

Monitor System Access and Performance389 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• IPv6. Select the IPv6 radio button. The Diagnostics screen

IPv4 and IPv6 Internet and WAN Settings39 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53089. Click Apply to save your changes.10. Click Test to evalu

Monitor System Access and Performance390ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Trace a RouteA traceroute lists all routers between the sour

Monitor System Access and Performance391 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Capture Packets in Real TimeCapturing packets can assist NET

3921010. TroubleshootingThis chapter provides troubleshooting tips and information for the VPN firewall. After each problem description, instruction

Troubleshooting393 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The VPN firewall’s diagnostic tools are described in Diagnostics Utilities o

Troubleshooting394ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  If all LEDs are still on more than several minutes minute after power-up, do the

Troubleshooting395 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Make sure that you are using the SSL https://address login rather than the http:

Troubleshooting396ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Troubleshoot the ISP ConnectionIf your VPN firewall is unable to access the Intern

Troubleshooting397 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308have to enter additional information. For more information, see Manually Configure

Troubleshooting398ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 - Windows Server 2003, all versions- Windows Server 2003 R2, all versions- Linux a

Troubleshooting399 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308c. Click or double-click View status of this connection. The Local Area Connection

4ContentsChapter 1 IntroductionWhat Is the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308? .12Key Features and Capabilities . . . . . . . . . . .

IPv4 and IPv6 Internet and WAN Settings40ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: If your ISP requires MAC authentication and another M

Troubleshooting400ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 f. Make sure that an IPv6 address shows. The previous figure does not show an IPv6

Troubleshooting401 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Test the Path from Your Computer to a Remote DeviceAfter verifying that the LAN pa

Troubleshooting402ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 261. b. In the Backup / Restore Settings section of the screen, click the

Troubleshooting403 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Address Problems with Date and TimeThe System Date & Time screen displays the

404AA. Default Settings and Technical SpecificationsThis appendix provides the default settings and the physical and technical specifications of the

Default Settings and Technical Specifications405ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Factory Default SettingsYou can use the factory defau

Default Settings and Technical Specifications406ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308IPv4 LAN, DMZ, and routing settingsLAN IPv4 address f

Default Settings and Technical Specifications407ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Firewall and security settingsInbound LAN WAN rules (

Default Settings and Technical Specifications408ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308QoS priorities (for IPv6 firewall rules) Normal-Servi

Default Settings and Technical Specifications409ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN IPsec Wizard: IKE policy settings for IPv4 gatewa

IPv4 and IPv6 Internet and WAN Settings41 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Load Balancing Mode and Optional Protocol Binding

Default Settings and Technical Specifications410ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Physical and Technical SpecificationsThe following ta

Default Settings and Technical Specifications411ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the IPSec VPN specification

Default Settings and Technical Specifications412ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following table shows the SSL VPN specifications

413BB. Network Planning for Multiple WAN PortsThis appendix describes the factors to consider when planning a network using a firewall that has more

Network Planning for Multiple WAN Ports414ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308What to Consider Before You Begin• Cabling and Computer Har

Network Planning for Multiple WAN Ports415ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 262. b. Contact a Dynamic DNS service, and register

Network Planning for Multiple WAN Ports416ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Internet Configuration RequirementsDepending on how your IS

Network Planning for Multiple WAN Ports417ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Internet Connection InformationPrint this page with the Int

Network Planning for Multiple WAN Ports418ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Overview of the Planning ProcessThe areas that require plan

Network Planning for Multiple WAN Ports419ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Features such as multiple exposed hosts are not supported i

IPv4 and IPv6 Internet and WAN Settings42ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 b. From the corresponding drop-down list on the right, sele

Network Planning for Multiple WAN Ports420ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 265. Inbound Traffic to a Dual WAN Port SystemThe IP

Network Planning for Multiple WAN Ports421ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 267. Virtual Private Networks• VPN Road Warrior (Cli

Network Planning for Multiple WAN Ports422ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308always changes. Therefore, the use of an FQDN is always req

Network Planning for Multiple WAN Ports423ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Road Warrior: Single-Gateway WAN Port (Reference Case)I

Network Planning for Multiple WAN Ports424ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 272. The purpose of the FQDN in this case is to togg

Network Planning for Multiple WAN Ports425ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Gateway-to-GatewayThe following situations exemplify th

Network Planning for Multiple WAN Ports426ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 275. The IP addresses of the gateway WAN ports can b

Network Planning for Multiple WAN Ports427ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 277. The IP addresses of the gateway WAN ports can b

Network Planning for Multiple WAN Ports428ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The IP address of the gateway WAN port can be either fixed

Network Planning for Multiple WAN Ports429ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Telecommuter: Dual-Gateway WAN Ports for Load Balancing

IPv4 and IPv6 Internet and WAN Settings43 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• Destination Network. The Internet locations (based on the

430CC. System Logs and Error MessagesThis appendix provides examples and explanations of system logs and error message. When applicable, a recommend

System Logs and Error Messages431ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Log Message TermsThis appendix uses the following log message terms.

System Logs and Error Messages432ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308This section describes log messages that belong to one of the follow

System Logs and Error Messages433ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308System StartupThis section describes the log message generated durin

System Logs and Error Messages434ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308IPSec RestartThis section describes logs that are generated when IPS

System Logs and Error Messages435ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Multicast/Broadcast LogsWAN StatusThis section describes the logs ge

System Logs and Error Messages436ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308This section describes the logs generated when the WAN mode is set t

System Logs and Error Messages437ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• PPPoE Idle Timeout Logs• PPTP Idle Timeout LogsTable 118. System

System Logs and Error Messages438ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• PPP Authentication LogsResolved DNS NamesThis section describes th

System Logs and Error Messages439ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VPN Log MessagesThis section explains logs that are generated by IPS

IPv4 and IPv6 Internet and WAN Settings44ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Click Apply to save your settings. The protocol binding

System Logs and Error Messages440ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Messages 22 and 23 Messages 24 and 25 2000 Jan 1 04:13:40 [SRX530

System Logs and Error Messages441ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Explanation Message 1: Informational exchange for deleting the pay

System Logs and Error Messages442ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Explanation Message 1–4: After receiving a request for phase 1 nego

System Logs and Error Messages443ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308SSL VPN LogsThis section describes the log messages that are generat

System Logs and Error Messages444ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Traffic Meter LogsRouting Logs• LAN to WAN Logs• LAN to DMZ Logs• DM

System Logs and Error Messages445ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308LAN to WAN LogsLAN to DMZ LogsDMZ to WAN LogsWAN to LAN LogsTable 13

System Logs and Error Messages446ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ to LAN LogsWAN to DMZ LogsOther Event Logs• Session Limit Logs•

System Logs and Error Messages447ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Source MAC Filter LogsBandwidth Limit LogsDHCP LogsThis section expl

System Logs and Error Messages448ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Table 143. DHCP logs Message 1 Message 2 Message 3 Message 4 Messag

449DD. Two-Factor AuthenticationThis appendix provides an overview of two-factor authentication, and an example of how to implement the WiKID soluti

IPv4 and IPv6 Internet and WAN Settings45 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure the Auto-Rollover Mode and Failure Detection Meth

Two-Factor Authentication450ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Why Do I Need Two-Factor Authentication?• What Are the Benefits of Two-Fa

Two-Factor Authentication451ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308This appendix focuses on and discusses only the first two factors, someth

Two-Factor Authentication452ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. A one-time passcode (something the user has) is generated.Figure 283.

453EE. Notification of ComplianceNETGEAR wired productsRegulatory Compliance InformationThis section includes user requirements for operating this p

Notification of Compliance454ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308FCC Radio Frequency Interference Warnings & InstructionsThis equipme

455IndexNumerics10BASE-T, 100BASE-T, and 1000BASE-T speeds 743322.org 49–526to4 tunnelsconfiguring globally 64DMZ, configuring for 126LAN, configuring

456ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6configuring 69described 68VPN IPSec 202, 206, 214autosensing port speed 74Bbacking up configur

457ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DMZ portIPv4 address and subnet mask 116IPv6 address and prefix length 120settings 115domain, user

458ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308SSL VPN settings 286server IPv6 addressesbroadband settings 59, 63DMZ settings 121LAN settings 106

459ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308global addresses, IPv6 65global IPv6 tunnelsDMZ, configuring for 126LAN, configuring for 112group

IPv4 and IPv6 Internet and WAN Settings46ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. In the Load Balancing Settings section of the screen, co

460ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308DHCP, address pool 117DMZ port 116DNS servers 39, 91, 117dynamically assigned 38errors 25ISATAP tu

461ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308JJava, blocking 187Kkeep-alives, VPN tunnels 242, 266keyword blocking 187kit, rack-mounting 21know

462ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308management default settings 410maximum transmission unit (MTU)default 73IPv6 DMZ packets 125IPv6 L

463ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308IPv6DMZ-to-WAN rules 155LAN-to-DMZ rules 161LAN-to-WAN rules 148order of precedence 144overview 13

464ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308PPPoE (PPP over Ethernet)described 16IPv4 settings 33, 37IPv6 settings 62PPTP (Point-to-Point Tunn

465ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308remote users, assigning addresses (Mode Config) 250requirements, hardware 415reserved IPv4 address

466ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308SPI (stateful packet inspection) 14, 135split tunnel, SSL VPN 285spoofing MAC addresses 397SSL cer

467ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308rate-limiting 75reducing 330–332volume by protocol 358volume, limitingLAN 360WAN 357Transmission C

468ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308FQDNs 202–203, 421FQDNs, configuring endpoints 206, 210, 213, 235gateway-to-gatewayauto-rollover 4

469ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308LAN WAN outbound rules, configuring 147, 330locking yourself outconfiguring an exposed host 167dis

IPv4 and IPv6 Internet and WAN Settings47 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The default time to roll over after the primary WAN i

IPv4 and IPv6 Internet and WAN Settings48ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 After you have configured secondary WAN addresses, these ad

IPv4 and IPv6 Internet and WAN Settings49 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 25. The List of Secondary WAN addresses table displ

5ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure a Static IPv6 Internet Connection. . . . . . . . . . . . . . . . . . . . . .58Configure a

IPv4 and IPv6 Internet and WAN Settings50ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 After you have configured your account information on the V

IPv4 and IPv6 Internet and WAN Settings51 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 26. 3. Click the Information option arrow in the up

IPv4 and IPv6 Internet and WAN Settings52ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 5. Configure the DDNS service settings as described in the

IPv4 and IPv6 Internet and WAN Settings53 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: You can configure only one WAN interface for IPv6. Th

IPv4 and IPv6 Internet and WAN Settings54ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 These are the options:• IPv4-only mode. The VPN firewall co

IPv4 and IPv6 Internet and WAN Settings55 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308WARNING:Changing the IP routing mode causes the VPN firewal

IPv4 and IPv6 Internet and WAN Settings56ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The IPv6 WAN Settings table displays the following fields:•

IPv4 and IPv6 Internet and WAN Settings57 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53086. As an optional step: If you have selected the Stateless

IPv4 and IPv6 Internet and WAN Settings58ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Configure a Static IPv6 Internet ConnectionTo configure a s

IPv4 and IPv6 Internet and WAN Settings59 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 33. 4. In the Internet Address section of the scree

6ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Inbound Rules (Port Forwarding) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Order o

IPv4 and IPv6 Internet and WAN Settings60ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 6. Click Apply to save your changes.7. Verify the connectio

IPv4 and IPv6 Internet and WAN Settings61 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure a PPPoE IPv6 Internet ConnectionTo configure a PP

IPv4 and IPv6 Internet and WAN Settings62ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 36. 4. In the Internet Address section of the scree

IPv4 and IPv6 Internet and WAN Settings63 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53086. Click Apply to save your changes.7. Verify the connectio

IPv4 and IPv6 Internet and WAN Settings64ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: If your ISP requires MAC authentication and another M

IPv4 and IPv6 Internet and WAN Settings65 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 37. 2. Select the Enable Automatic Tunneling check

IPv4 and IPv6 Internet and WAN Settings66ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To configure an ISATAP tunnel:1. Select Network Configura

IPv4 and IPv6 Internet and WAN Settings67 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To edit an ISATAP tunnel:1. On the ISATAP Tunnels screen,

IPv4 and IPv6 Internet and WAN Settings68ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 a.b.c.d for part of the IPv6 address so that the IPv4-trans

IPv4 and IPv6 Internet and WAN Settings69 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308To use a redundant ISP link for backup purposes, ensure tha

7ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Configure Extended Authentication (XAUTH) . . . . . . . . . . . . . . . . . . . . .245Configure XAU

IPv4 and IPv6 Internet and WAN Settings70ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Note: Ensure that the backup WAN interface is configured be

IPv4 and IPv6 Internet and WAN Settings71 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: The default time to roll over after the primary WAN i

IPv4 and IPv6 Internet and WAN Settings72ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 45. 3. Click the Advanced option arrow in the upper

IPv4 and IPv6 Internet and WAN Settings73 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 46. 4. Enter the settings as described in the follo

IPv4 and IPv6 Internet and WAN Settings74ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 SpeedIn most cases, the VPN firewall can automatically dete

IPv4 and IPv6 Internet and WAN Settings75 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53085. Click Apply to save your changes.Failure Detection Metho

IPv4 and IPv6 Internet and WAN Settings76ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 WARNING:Depending on the changes that you made, when you cl

IPv4 and IPv6 Internet and WAN Settings77 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Note: To configure and apply QoS profiles successfully, fam

IPv4 and IPv6 Internet and WAN Settings78ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 • Hosts. The IP address, IP addresses, or group to which th

IPv4 and IPv6 Internet and WAN Settings79 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Diffserv QoS Match Enter a DSCP value in the range of 0 thr

8ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Change Passwords and Other User Settings. . . . . . . . . . . . . . . . . . . .318Manage Digital Cer

IPv4 and IPv6 Internet and WAN Settings80ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings. The profile is added

IPv4 and IPv6 Internet and WAN Settings81 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53084. Click Apply to save your settings. The profile is added

IPv4 and IPv6 Internet and WAN Settings82ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308  To edit a QoS profile:1. In the List of QoS Profiles tabl

8333. LAN ConfigurationThis chapter describes how to configure the LAN features of your VPN firewall. The chapter contains the following sections:•

LAN Configuration84ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Manage IPv4 Virtual LANs and DHCP Options• Port-Based VLANs • Assign and Manage V

LAN Configuration85 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Port-Based VLANsThe VPN firewall supports port-based VLANs. Port-based VLANs help

LAN Configuration86ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Assign and Manage VLAN Profiles To assign VLAN profiles to the LAN ports and man

LAN Configuration87 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308VLAN DHCP OptionsFor each VLAN, you need to specify the Dynamic Host Configuratio

LAN Configuration88ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 firewall’s LAN IP address). When the DNS proxy option is disabled for a VLAN, all

LAN Configuration89 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Figure 52. 3. Enter the settings as described in the following table: Table 16.

9ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308LAN or WAN Port LEDs Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394Troublesho

LAN Configuration90ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Port MembershipPort 1, Port 2, Port 3, Port 4 / DMZSelect one, several, or all po

LAN Configuration91 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308Enable DHCP Server Select the Enable DHCP Server radio button to enable the VPN f

LAN Configuration92ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 4. Click Apply to save your settings.Note: Once you have completed the LAN setup,

LAN Configuration93 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 To edit a VLAN profile:1. On the LAN Setup screen for IPv4 (see Figure 51 on p

LAN Configuration94ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Figure 53. 3. From the MAC Address for VLANs drop-down list, select Unique. (The

LAN Configuration95 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308The following is an example of correctly configured IPv4 addresses:• WAN IP addre

LAN Configuration96ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 2. Modify the IP address or subnet mask, or both.3. Click Apply to save your sett

LAN Configuration97 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308• There is no need to reserve an IP address for a computer in the DHCP server. Al

LAN Configuration98ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 The Known PCs and Devices table lists the entries in the network database. For ea

LAN Configuration99 ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX53082. Click the Add table button to add the computer or device to the Known PCs and