1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 56
Page 276 / 414 Scroll up to view Page 271 - 275
Virtual Private Networking Using SSL Connections
276
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
5.
Click
Apply
to save your settings. The new configuration is added to the Defined Resource
Addresses table.
To delete a configuration from the Defined Resource Addresses table, click the
Delete
table
button to the right of the configuration that you want to delete.
Configure User, Group, and Global Policies
You can define and apply user, group, and global policies to predefined network resource
objects, IP addresses, address ranges, or all IP addresses, and to different SSL VPN
services. A specific hierarchy is invoked over which policies take precedence. The wireless
VPN firewall policy hierarchy is defined as follows:
User policies take precedence over group policies.
Group policies take precedence over global policies.
If two or more user, group, or global policies are configured, the
most specific
policy takes
precedence.
For example, a policy that is configured for a single IP address takes precedence over a
policy that is configured for a range of addresses. And a policy that applies to a range of IP
addresses takes precedence over a policy that is applied to all IP addresses. If two or more
Object Type
From the drop-down list, select one of the following options:
IP Address
. The object is an IPv4 or IPv6 address. You need to enter the IP
address or the FQDN in the IP Address / Name field.
IP Network
. The object is an IPv4 or IPv6 network. You need to enter the
network IP and the network mask length (for IPv4) or prefix length (for IPv6)
in the Mask Length field.
IP Address / Name
Applicable only when you select IP Address as the object
type. Enter the IP address or FQDN for the location that is
permitted to use this resource.
Network Address
Applicable only when you select IP Network as the object
type. Enter the network IP address for the locations that
are permitted to use this resource. You also need to enter
the mask length (IPv4 only) or prefix length (IPv6 only):
IPv4 screen only:
Mask Length
Enter the network mask (0–31) for the locations that are
permitted to use this resource.
IPv6 screen only:
Prefix Length
Enter the prefix length for the locations that are permitted
to use this resource.
Port Range / Port Number
A port or a range of ports (0–65535) to apply the policy to. The policy is applied
to all TCP and UDP traffic that passes on those ports. Leave the fields blank to
apply the policy to all traffic.
Table 68.
Resources screen settings to edit a resource (continued)
Setting
Description
Page 277 / 414
Virtual Private Networking Using SSL Connections
277
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
IP address ranges are configured, then the smallest address range takes precedence. Host
names are treated the same as individual IP addresses.
Network resources are prioritized just like other address ranges. However, the prioritization is
based on the individual address or address range, not the entire network resource.
For example, assume the following global policy configuration:
Policy 1. A Deny rule has been configured to block all services to the IP address range
10.0.0.0–10.0.0.255.
Policy 2. A Deny rule has been configured to block FTP access to 10.0.1.2–10.0.1.10.
Policy 3. A Permit rule has been configured to allow FTP access to the predefined
network resource with the name FTP Servers. The FTP Servers network resource
includes the following addresses: 10.0.0.5–10.0.0.20 and the FQDN ftp.
company
.com,
which resolves to 10.0.1.3.
Assuming that no conflicting user or group policies have been configured, if a user attempted
to access FTP servers at the following addresses, the actions listed would occur:
10.0.0.1. The user would be blocked by Policy 1.
10.0.1.5. The user would be blocked by Policy 2.
10.0.0.10. The user would be granted access by Policy 3. The IP address range
10.0.0.5–10.0.0.20 is more specific than the IP address range that is defined in Policy 1.
ftp.
company
.com. The user would be granted access by Policy 3. A single host name is
more specific than the IP address range that is configured in Policy 2.
Note:
The user would not be able to access ftp.
company
.com using its IP
address 10.0.1.3. The wireless VPN firewall’s policy engine does not
perform reverse DNS lookups.
View Policies
To view the existing SSL VPN policies:
1.
Select
VPN > SSL VPN
. The SSL VPN submenu tabs display, with the Policies screen
in view. (The following figure shows some examples.)
Page 278 / 414
Virtual Private Networking Using SSL Connections
278
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 168.
2.
Make your selection from the following Query options:
To view all global policies, select the
Global
radio button.
To view group policies, select the
Group
radio button, and then select the relevant
group’s name from the drop-down list.
To view user policies, select the
User
radio button, and then select the relevant user’s
name from the drop-down list.
3.
Click the
Display
action button. The List of SSL VPN Policies table displays the list for your
selected Query option.
Add an IPv4 or IPv6 SSL VPN Policy
To add an SSL VPN policy:
1.
Select
VPN > SSL VPN
. The SSL VPN submenu tabs display, with the Policies screen
in view (see the previous figure).
2.
Under the List of SSL VPN Policies table, click the
Add
table button. The Add SSL VPN
Policy screen displays the IPv4 settings (see the next screen).
3.
Specify the IP version for which you want to add an SSL VPN policy:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step 4
.
Page 279 / 414
Virtual Private Networking Using SSL Connections
279
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
.
Figure 169.
Add SSL VPN Policy screen for IPv4
IPv6
. Select the
IPv6
radio button. The Add SSL VPN Policy screen displays the IPv6
settings:
.
Figure 170.
Add SSL VPN Policy screen for IPv6
Page 280 / 414
Virtual Private Networking Using SSL Connections
280
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
4.
Complete the settings as explained in the following table:
Table 69.
Add SSL VPN Policy screen settings
Setting
Description
Policy For
Select one of the following radio buttons to specify the type of SSL VPN policy:
Global
. The new policy is global and includes all groups and users.
Group
.
The new policy needs to be limited to a single group. From the drop-down list, select a group
name. For information about how to create groups, see
Configure Groups
on page 293.
User
. The new policy needs to be limited to a single user. From the drop-down list, select a user name.
For information about how to create user accounts, see
Configure User Accounts
on page 296.
Add SSL VPN Policies
Apply
Policy to?
Select one of the following radio buttons to specify how the policy is applied. When you select
a radio button, the fields and drop-down lists that apply to your selection (see explanations
later in this table) unmask onscreen.
Network Resource
. The policy is applied to a network resource that you have defined on
the Resources screen (see
Use Network Resource Objects to Simplify Policies
on
page 273).
IP Address
. The policy is applied to a single IP address.
IP Network
. The policy is applied to a network address.
All Addresses
. The policy is applied to all addresses.
Network
Resource
Policy Name
A descriptive name of the SSL VPN policy for identification and
management purposes.
Defined
Resources
From the drop-down list, select a network resource that you
have defined on the Resources screen (see
Use Network
Resource Objects to Simplify Policies
on page 273).
Permission
From the drop-down list, select
Permit
or
Deny
to specify
whether the policy permits or denies access.
IP Address
Policy Name
A descriptive name of the SSL VPN policy for identification and
management purposes.
IP Address
The IPv4 or IPv6 address to which the SSL VPN policy is
applied.
Port Range /
Port Number
A port (fill in the Begin field) or a range of ports (fill in the Begin
and End fields) to which the SSL VPN policy is applied. Ports
can be 0 through 65535. The policy is applied to all TCP and
UDP traffic that passes on those ports. Leave the fields blank to
apply the policy to all traffic.
Service
From the drop-down list, select the service to which the SSL
VPN policy is applied:
VPN Tunnel
. The policy is applied only to a VPN tunnel.
Port Forwarding
. The policy is applied only to port
forwarding.
All
. The policy is applied both to a VPN tunnel and to port
forwarding.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top