1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv2
    5. /
  5. 23
Page 111 / 203 Scroll up to view Page 106 - 110
Chapter 6:
Virtual Private Networking Using SSL
|
111
New Template Style Guide Reference Manual
takes precedence over a policy applied to all IP addresses. If two or more IP address ranges
are configured, then the smallest address range takes precedence. Hostnames are treated
the same as individual IP addresses.
Network resources are prioritized just like other address ranges. However, the prioritization is
based on the individual address or address range, not the entire network resource.
For example, let’s assume the following global policy configuration:
Policy 1: A Deny rule has been configured to block all services to the IP address range
10.0.0.0 – 10.0.0.255.
Policy 2: A Deny rule has been configured to block FTP access to 10.0.1.2 – 10.0.1.10.
Policy 3: A Permit rule has been configured to allow FTP access to the predefined
network resource, FTP Servers. The FTP Servers network resource includes the
following addresses: 10.0.0.5 – 10.0.0.20 and ftp.company.com, which resolves to
10.0.1.3.
Assuming that no conflicting user or group policies have been configured, if a user attempted
to access:
An FTP server at 10.0.0.1, the user would be blocked by Policy 1.
An FTP server at 10.0.1.5, the user would be blocked by Policy 2.
An FTP server at 10.0.0.10, the user would be granted access by Policy 3. The IP
address range 10.0.0.5 - 10.0.0.20 is more specific than the IP address range defined in
Policy 1.
An FTP server at ftp.company.com, the user would be granted access by Policy 3. A
single host name is more specific than the IP address range configured in Policy 2.
Note:
The user would not be able to access ftp.company.com using its IP
address 10.0.1.3. The <Product Name> policy engine does not
perform reverse DNS lookups.
Page 112 / 203
112
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
Viewing SSL VPN Policies
To view the existing SSL VPN policies:
1.
Select VPN > SSL VPN from the menu, and then select the
Policies
tab.
2.
Make your selection from the following Query options:
Click
Global
to view all global policies.
Click
Group
to view group policies, and choose the relevant group’s name from the
drop-down list.
Click
User
to view group policies, and choose the relevant user’s name from the
drop-down list.
3.
Click the
Display
button. The
List of SSL VPN Policies
table displays the list for your
selected Query option.
Note:
Global policies are displayed in the
List of SSL VPN Policies
table.
Policies that apply only to groups or users are displayed in the
Related Policies Table
but not in the
List of SSL VPN Policies
table.
Page 113 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
113
New Template Style Guide Reference Manual
Adding an SSL VPN Policy
To add an SSL VPN Policy:
1.
Select VPN > SSL VPN from the menu, and select the
Policies
tab. The Policies screen
is displayed.
2.
Make your selection from the following Query options:
Click
Global
if this new policy is to exclude all users and groups.
Click
Group
if this new policy is to be limited to a selected group.
Open the drop-down list and choose the relevant group’s name.
Click
User
if this new policy is to be limited to a selected user.
Open the drop-down list and choose the individual user’s name.
Note:
You should have already created the needed groups or users as
described in
“Adding Authentication Domains, Groups, and Users”
on page 116.
3.
Click
Add
. The Add Policies screen appears (see
through ).
4.
In the
Add SSL VPN Policies
section of the screen, review the Apply Policy To options
and click one.
Depending upon your selection, specific options to the right are activated or inactivated
as noted in the following:
Page 114 / 203
114
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
If you choose
Network Resource
, you will need to enter a descriptive Policy Name,
then choose a
Defined Resource
and relevant
Permission
(PERMIT or DENY) from
the pull-down lists.
If a needed network resource has not been defined, you can add it before proceeding
with this new policy. See
“Adding New Network Resources ”
on page 109.
If you choose
IP Address
, you will need to enter a descriptive
Policy Name
, the
specific
IP Address
, then choose the
Service
and relevant
Permission
from the
drop-down lists.
If you choose
IP Network
, you will need to enter a descriptive
Policy Name
,
IP
Address
,
Subnet Mask
, then choose the
Service
and relevant
Permission
from the
drop-down lists.
Page 115 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
115
New Template Style Guide Reference Manual
If you choose
All Addresses
, you will need to enter a descriptive
Policy Name
, then
choose the
Service
and relevant
Permission
from the drop-down lists.
5.
When you are finished making your selections, click
Apply
.
The Policies screen
reappears.
Your policy goes into effect immediately and is added to the policies in the
List of SSL VPN
Policies
table on this screen.
Note:
In addition to configuring SSL VPN user policies, be sure that
HTTPS remote management is enabled. Otherwise, all SSL VPN
user connections will be disabled. See
“Enabling Remote
Management Access”
on page 139.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top