1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 63
Page 311 / 414 Scroll up to view Page 306 - 310
Manage Users, Authentication, and VPN Certificates
311
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
Click the
Generate
table button. A new SCR is created and added to the Self Certificate
Requests table.
4.
In the Self Certificate Requests table, click the
View
table button in the Action
column to
view the new SCR. The Certificate Request Data screen displays:
Figure 190.
Hash Algorithm
From the drop-down list, select one of the following hash algorithms:
MD5
. A 128-bit (16-byte) message digest, slightly faster than SHA-1.
SHA-1
. A 160-bit (20-byte) message digest, slightly stronger than MD5.
Signature Algorithm
Although this seems to be a drop-down list, the only possible selection is RSA. In
other words, RSA is the default to generate a CSR.
Signature Key Length
From the drop-down list, select one of the following signature key lengths in bits:
• 512
• 1024
• 2048
Note:
Larger key sizes might improve security, but might also decrease
performance.
Optional Fields
IP Address
Enter your fixed (static) IP address. If your IP address is
dynamic, leave this field blank.
Domain Name
Enter your Internet domain name, or leave this field blank.
E-mail Address
Enter the email address of a technical contact in your
company.
Table 77.
Generate self-signed certificate request settings (continued)
Setting
Description
Page 312 / 414
Manage Users, Authentication, and VPN Certificates
312
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
5.
Copy the contents of the Data to supply to CA text field into a text file, including all of the
data contained from “-----BEGIN CERTIFICATE REQUEST-----” to “-----END CERTIFICATE
REQUEST-----.”
6.
Submit your SCR to a CA:
a.
Connect to the website of the CA.
b.
Start the SCR procedure.
c.
When prompted for the requested data, copy the data from your saved text file
(including “-----BEGIN CERTIFICATE REQUEST-----” and “-----END CERTIFICATE
REQUEST-----”).
d.
Submit the CA form. If no problems ensue, the digital certificate is issued by the CA.
7.
Download the digital certificate file from the CA, and store it on your computer.
8.
Return to the Certificates screen (see
Figure 189
on page 310) and locate the Self
Certificate Requests section.
9.
Select the check box next to the self-signed certificate request.
10.
Click the
Browse
button and navigate to the digital certificate file from the CA that you just
stored on your computer.
11.
Click the
Upload
table button. If the verification process on the wireless VPN firewall
approves the digital certificate for validity and purpose, the digital certificate is added to the
Active Self Certificates table.
To delete one or more SCRs:
1.
In the Self Certificate Requests table, select the check box to the left of each SCR that
you want to delete, or click the
Select All
table button to select all SCRs.
2.
Click the
Delete
table button.
View and Manage Self-Signed Certificates
The Active Self Certificates table on the Certificates screen (see
Figure 189
on page 310)
shows the digital certificates issued to you by a CA and available for use. For each
self-signed certificate, the table lists the following information:
Name
. The name that you used to identify this digital certificate.
Subject Name
. The name that you used for your company and that other organizations
see as the holder (owner) of the certificate.
Serial Number
. This is a serial number maintained by the CA. It is used to identify the
digital certificate with the CA.
Issuer Name
. The name of the CA that issued the digital certificate.
Expiry Time
. The date on which the digital certificate expires. You should renew the
digital certificate before it expires.
To delete one or more self-signed certificates:
1.
In the Active Self Certificates table, select the check box to the left of each self-signed
certificate that you want to delete, or click the
Select All
table button to select all
self-signed certificates.
Page 313 / 414
Manage Users, Authentication, and VPN Certificates
313
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
2.
Click the
Delete
table button.
Manage the VPN Certificate Revocation List
A Certificate Revocation List (CRL) file shows digital certificates that have been revoked and
are no longer valid. Each CA issues its own CRLs. It is important that you keep your CRLs
up-to-date. You should obtain the CRL for each CA regularly.
To view the currently loaded CRLs and upload a new CRL:
1.
Select
VPN > Certificates
. The Certificates screen displays. The following figure shows
the bottom section of the screen with the Certificate Revocation Lists (CRL) table.
(There is one example certificate in the table.)
Figure 191.
Certificates, screen 3 of 3
The Certificate Revocation Lists (CRL) table lists the active CAs and their critical release
dates:
CA Identity
. The official name of the CA that issued the CRL.
Last Update
.
The date when the CRL was released.
Next Update
.
The date when the next CRL will be released.
2.
In the Upload CRL section, click the
Browse
button and navigate to the CLR file that you
previously downloaded from a CA.
3.
Click the
Upload
table button. If the verification process on the wireless VPN firewall
approves the CRL, the CRL is added to the Certificate Revocation Lists (CRL) table.
Note:
If the table already contains a CRL from the same CA, the old CRL
is deleted when you upload the new CRL.
To delete one or more CRLs:
1.
In the Certificate Revocation Lists (CRL) table, select the check box to the left of each
CRL that you want to delete, or click the
Select All
table button to select all CRLs.
2.
Click the
Delete
table button.
Page 314 / 414
314
9
9.
Network and System Management
This chapter describes the tools for managing the network traffic to optimize its performance and
the system management features of the wireless VPN firewall. This chapter contains the
following sections:
Performance Management
System Management
Performance Management
Performance management consists of controlling the traffic through the wireless VPN firewall
so that the necessary traffic gets through when there is a bottleneck. You can either reduce
unnecessary traffic or reschedule some traffic to low-peak times to prevent bottlenecks from
occurring in the first place. The wireless VPN firewall has the necessary features and tools to
help the network manager accomplish these goals.
Bandwidth Capacity
The maximum bandwidth capacity of the wireless VPN firewall in each direction is as follows:
LAN side. 8000 Mbps (eight LAN ports at 1000 Mbps each).
WAN side. 1000 Mbps (one active WAN port at 1000 Mbps).
In practice, the WAN-side bandwidth capacity is much lower when DSL or cable modems are
used to connect to the Internet: The typical traffic rate is 1.5 Mbps. As a result, and
depending on the traffic that is being carried, the WAN side of the wireless VPN firewall is the
limiting factor for the data rate for most installations.
Features That Reduce Traffic
You can adjust the following features of the wireless VPN firewall in such a way that the
traffic load on the WAN side decreases:
LAN WAN outbound rules (also referred to as service blocking)
DMZ WAN outbound rules (also referred to as service blocking)
Page 315 / 414
Network and System Management
315
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Content filtering
Source MAC filtering
LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service Blocking)
You can control specific outbound traffic (from LAN to WAN and from the DMZ to WAN). The
LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for outbound
traffic. If you have not defined any rules, only the default rule is listed. The default rule allows
all outgoing traffic. Any outbound rule that you create restricts outgoing traffic and therefore
decreases the traffic load on the WAN side.
WARNING:
This feature is for advanced administrators. Incorrect
configuration might cause serious problems.
Each rule lets you specify the desired action for the connections that are covered by the rule:
BLOCK always
BLOCK by schedule, otherwise allow
ALLOW always
ALLOW by schedule, otherwise block
The following section summarizes the various criteria that you can apply to outbound rules in
order to reduce traffic. For more information about outbound rules, see
Outbound Rules
(Service Blocking)
on page 127. For detailed procedures on how to configure outbound rules,
see
Configure LAN WAN Rules
on page 135 and
Configure DMZ WAN Rules
on page 142.
When you define outbound firewall rules, you can further refine their application according to
the following criteria:
Services
. You can specify the services or applications to be covered by an outbound
rule. If the desired service or application does not display in the list, you need to define it
using the Services screen (see
Outbound Rules (Service Blocking)
on page 127 and
Add
Customized Services
on page 168).
LAN users
.
You can specify which computers on your network are affected by an
outbound rule. There are several options:
-
Any
.
The rule applies to all computers and devices on your LAN.
-
Single address
.
The rule applies to the address of a particular computer.
-
Address range
. The rule applies to a range of addresses.
-
Groups
.
The rule applies to a group of computers. (You can configure groups for LAN
WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs and
Devices table is an automatically maintained list of all known computers and network
devices and is generally referred to as the network database, which is described in
Manage the Network Database
on page 65. Computers and network devices are
entered into the network database by various methods, which are described in
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
on page 64.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top