1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 21
Page 101 / 203 Scroll up to view Page 96 - 100
Chapter 6:
Virtual Private Networking Using SSL
|
101
New Template Style Guide Reference Manual
5.
For port forwarding, declare the servers and services.
Create a list of servers and services that can be made available through user, group, or
global policies. You can also associate fully qualified domain names with these servers.
The <Product Name> will resolve the names to the servers using the list you have
created.
6.
For VPN tunnel service, configure the virtual network adapter.
In the VPN tunnel option, the <Product Name> creates a virtual network adapter on the
remote PC that will function as if it were on the local network. Configure the portal’s SSL
VPN Client to define a pool of local IP addresses to be issued to remote clients, as well
as DNS addresses. Declare static routes or grant full access to the local network, subject
to additional policies.
7.
For simplifying policies, define network resource objects.
Network resource objects are groups of IP addresses, IP address ranges, and services.
By defining resource objects, you can more quickly create and configure network policies.
8.
Configure the policies.
Policies determine access to network resources and addresses for individual users,
groups, or everyone.
Creating the Portal Layout
The Portal Layouts screen allows you to create a custom page that remote users will see
when they log into the portal. Because the page is completely customizable, it provides an
ideal way to communicate remote access instructions, support information, technical contact
info, or VPN-related news updates to remote users. The page is also well-suited as a starting
page for restricted users; if mobile users or business partners are only permitted to access a
few resources, the page you create will present only the resources relevant to these users.
Portal Layouts are applied by selecting from available portal layouts in the configuration of a
Domain. When you have completed your Portal Layout, you can apply the Portal Layout to
one or more authentication domains (see
“Creating a Domain”
on page 117 to apply a Portal
Layout to a Domain). You can also make the new portal the default portal for the SSL VPN
gateway by selecting the default radio button adjacent to the portal layout name.
Note:
The default portal address is
https://<
IP_Address
>/portal/SSL-VPN
.
The domain
geardomain
is attached to the SSL-VPN portal.
The <Product Name> administrator may define individual layouts for the SSL VPN portal.
The layout configuration includes the menu layout, theme, portal pages to display, and web
cache control options. The default portal layout is the SSL-VPN portal. You can add
additional portal layouts. You can also make any portal the default portal for the SSL
Page 102 / 203
102
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
<Product Name> by clicking the default button in the Action column of the
List of Layouts
table, to the right of the desired portal layout.
To create a new Portal Layout:
1.
Select VPN > SSL VPN from the menu, and then select the
Portal Layouts
tab.
2.
Click
Add
. The Add Portal Layout screen is displayed.
3.
In the
Portal Layout and Theme Name
section of the screen, configure these entries:
a.
Enter a descriptive name for the portal layout in the Portal Layout Name field. This
name will be part of the path of the SSL VPN portal URL.
Note:
Custom portals are accessed at a different URL than the default
portal. For example, if your SSL VPN portal is hosted at
,
and you created a portal layout named
“sales”, then users will be able to access the sub-site at
.
Page 103 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
103
New Template Style Guide Reference Manual
Only alphanumeric characters, hyphen (-), and underscore (_) are accepted for the
Portal Layout Name. If you enter other types of characters or spaces, the layout name
will be truncated before the first non-alphanumeric character. Note that unlike most
other URLs, this name is case sensitive.
b.
In the
Portal Site Title
field, enter a title that will appear at the top of the user’s web
browser window.
c.
To display a banner message to users before they log in to the portal, enter the
banner title text in the
Banner Title
field. Also enter the banner message text in the
Banner Message
text area. Enter a plain text message or include HTML and
JavaScript tags. The maximum length of the login page message is 4096 characters.
Select the
Display banner message on login page
checkbox to show the banner
title and banner message text on the Login screen:
As shown in the previous figure, the banner title text is displayed in the orange header
bar. The banner message text is displayed in the grey header bar.
d.
Check the
Enable HTTP meta tags for cache control
checkbox to apply HTTP
meta tag cache control directives to this Portal Layout. Cache control directives
include:
<meta http-equiv=”pragma” content=”no-cache”>
<meta http-equiv=”cache-control” content=”no-cache”>
<meta http-equiv=”cache-control” content=”must-revalidate”>
These directives help prevent clients browsers from caching SSL VPN portal pages
and other web content.
Page 104 / 203
104
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
Note:
NETGEAR strongly recommends enabling HTTP meta tags for
security reasons and to prevent out-of-date web pages, themes, and
data being stored in a user’s web browser cache.
e.
Check the “
ActiveX web cache cleaner
checkbox to load an ActiveX cache control
when users log in to the SSL VPN portal.
The web cache cleaner will prompt the user to delete all temporary Internet files,
cookies and browser history when the user logs out or closes the web browser
window. The ActiveX web cache control will be ignored by web browsers that don't
support ActiveX.
4.
In the
SSL VPN Portal Pages to Display
section, check the checkboxes for the portal
pages you wish users to access. Any pages that are not selected will not be visible from
the portal navigation menu. Your choices are:
VPN Tunnel. Provides full network connectivity.
Port Forwarding. Provides access to specific defined network services.
5.
Click
Apply
to confirm your settings.
The “Operation Successful” message appears at the top of the tab. Your new layout
appears in the
List of Layouts
table.
Configuring Domains, Groups, and Users
Remote users connecting to the SSL <Product Name> must be authenticated before being
allowed to access the network. The login window presented to the user requires three items:
a User Name, a Password, and a Domain selection. The Domain determines the
authentication method to be used and the portal layout that will be presented.
You must create name and password accounts for your SSL VPN users. When you create a
user account, you must specify a group. Groups are used to simplify the application of access
policies. When you create a group, you must specify a domain. Therefore, you should create
any needed domains first, then groups, then user accounts.
To configure Domains, Groups, and Users, see
“Adding Authentication Domains, Groups,
and Users”
on page 116.
Configuring Applications for Port Forwarding
Port Forwarding provides access to specific defined network services. To define these
services, you must specify the internal addresses and TCP applications (port numbers) that
will be intercepted by the Port Forwarding client on the user’s PC. The client will reroute this
traffic to the <Product Name>.
Page 105 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
105
New Template Style Guide Reference Manual
Adding Servers
To configure Port Forwarding, you must define the internal host machines (servers) and TCP
applications available to remote users. To add servers, follow these steps:
1.
Select VPN > SSL VPN from the menu, and then select the
Port Forwarding
tab.
2.
In the
Add New Application for Port Forwarding
section of the screen, enter the IP
address of an internal server or host computer.
3.
In the
TCP Port
field, enter the TCP port number of the application to be tunneled.
lists
many commonly used TCP applications and port numbers.
Table 6-7.
Port Forwarding Applications/TCP Port Numbers
TCP Application
Port Number
FTP Data (usually not needed)
20
FTP Control Protocol
21
SSH
22
1
1 You can specify the port number and the host name or IP address.
Telnet
23
a
SMTP (send mail)
25
HTTP (web)
80
POP3 (receive mail)
110
NTP (network time protocol)
123
Citrix
1494
Terminal Services
3389
VNC (virtual network computing)
5900 or 5800

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top