1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 17
Page 81 / 469 Scroll up to view Page 76 - 80
IPv4 and IPv6 Internet and WAN Settings
81
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings. The profile is added to the List of QoS Profiles table on
the QoS screen.
Service
From the drop-down list, select a service or application to be covered by this
profile. If the service or application does not appear in the list, you need to
define it using the Services screen (see
Add Customized Services
on
page
177).
Direction
From the drop-down list, select the direction to which the priority queue is
applied:
Outbound Traffic
. The priority queue is applied to outbound traffic only.
Inbound Traffic
. The priority queue is applied to inbound traffic only.
Diffserv QoS Match
Enter a DSCP value in the range of 0 through 63. Packets are classified against
this value. Leave this field blank to disable packet matching.
Priority
From the drop-down list, select the priority queue that determines the allocation
of bandwidth:
Low
. All services that are assigned a low-priority queue share 10 percent
of interface bandwidth.
High
. All services that are assigned a high-priority queue share 60 percent
of interface bandwidth.
Note:
By default, all services are assigned the medium-priority queue in which
they share 30 percent of the interface bandwidth.
Hosts
These settings do not apply to a priority profile.
Start IP
End IP
Select Group
Bandwidth Allocation
Outbound Minimum
Bandwidth
Outbound Maximum
Bandwidth
Inbound Minimum
Bandwidth
Inbound Maximum
Bandwidth
Diffserv QoS Remark
Enter a DSCP value in the range of 0 through 63. Packets are marked with this
value. Leave this field blank to disable packet marking.
Table 15.
Add QoS screen settings for a priority profile (continued)
Setting
Description
Page 82 / 469
IPv4 and IPv6 Internet and WAN Settings
82
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To edit a QoS profile:
1.
In the List of QoS Profiles table, click the
Edit
table button to the right of the profile that
you want to edit. The Edit QoS screen displays. This screen shows the same fields as the
Add QoS screen (see the previous two figures).
2.
Modify the settings as described in the previous two tables.
3.
Click
Apply
to save your settings.
To delete a QoS profile:
1.
In the List of QoS Profiles table, select the check box to the left of the QoS profile that
you want to delete, or click the
Select All
table button to select all profiles.
2.
Click the
Delete
table button.
Additional WAN-Related Configuration Tasks
If you want the ability to manage the VPN firewall remotely, enable remote management (see
Configure Remote Management Access
on page
338). If you enable remote management,
NETGEAR strongly recommends that you change your password (see
Change Passwords
and Administrator and Guest Settings
on page
336).
As an option, you can also set up the traffic meter for each WAN interface (see
Configure and
Enable the WAN Traffic Meter
on page
356).
Verify the Connection
Test the VPN firewall before deploying it in a live production environment. Verify that network
traffic can pass through the VPN firewall:
Ping an Internet URL.
Ping the IP address of a device on either side of the VPN firewall.
What to Do Next
You have completed setting up the WAN connection for the VPN firewall. The following
chapters and sections describe important tasks that you need to address before you deploy
the VPN firewall in your network:
Chapter 3, LAN Configuration
Configure Authentication Domains, Groups, and Users
on page
303
Manage Digital Certificates for VPN Connections
on page
320
Use the IPSec VPN Wizard for Client and Gateway Configurations
on page
203
Chapter 6, Virtual Private Networking Using SSL
Connections
Page 83 / 469
83
3
3.
LAN Configuration
This chapter describes how to configure the LAN features of your VPN firewall. The chapter
contains the following sections:
Manage IPv4 Virtual LANs and DHCP Options
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
Manage the IPv6 LAN
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic
Manage Static IPv4 Routing
Manage Static IPv6 Routing
Page 84 / 469
LAN Configuration
84
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Manage IPv4 Virtual LANs and DHCP Options
Port-Based VLANs
Assign and Manage VLAN Profiles
VLAN DHCP Options
Configure a VLAN Profile
Configure VLAN MAC Addresses and LAN Advanced Settings
A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges,
or switches in the same physical segment or segments connect all end node devices.
Endpoints can communicate with each other without the need for a router. Routers connect
LANs together, routing the traffic to the appropriate port.
A virtual LAN (VLAN) is a local area network with a definition that maps workstations on some
basis other than geographic location (for example, by department, type of user, or primary
application). To enable traffic to flow between VLANs, traffic needs to go through a router, as
if the VLANs were on two separate LANs.
A VLAN is a group of computers, servers, and other network resources that behave as if they
were connected to a single network segment—even though they might not be. For example,
all marketing personnel might be spread throughout a building. Yet if they are all assigned to
a single VLAN, they can share resources and bandwidth as if they were connected to the
same segment. The resources of other departments can be invisible to the marketing VLAN
members, accessible to all, or accessible only to specified individuals, depending on how the
IT manager has set up the VLANs.
VLANs have a number of advantages:
It is easy to set up network segmentation. Users who communicate most frequently with
each other can be grouped into common VLANs, regardless of physical location. Each
group’s traffic is contained largely within the VLAN, reducing extraneous traffic and
improving the efficiency of the whole network.
They are easy to manage. The addition of nodes, as well as moves and other changes,
can be dealt with quickly and conveniently from a management interface rather than from
the wiring closet.
They provide increased performance. VLANs free up bandwidth by limiting node-to-node
and broadcast traffic throughout the network.
They ensure enhanced network security. VLANs create virtual boundaries that can be
crossed only through a router. So standard, router-based security measures can be used
to restrict access to each VLAN.
Page 85 / 469
LAN Configuration
85
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Port-Based VLANs
The VPN firewall supports port-based VLANs. Port-based VLANs help to confine broadcast
traffic to the LAN ports. Even though a LAN port can be a member of more than one VLAN,
the port can have only one VLAN ID as its port VLAN identifier (PVID). By default, all four
LAN ports of the VPN firewall are assigned to the default VLAN, or VLAN 1. Therefore, by
default, all four LAN ports have the default PVID 1. However, you can assign another PVID to
a LAN port by selecting a VLAN profile from the drop-down list on the LAN Setup screen.
After you have created a VLAN profile and assigned one or more ports to the profile, you
need to enable the profile to activate it.
The VPN firewall’s default VLAN cannot be deleted. All untagged traffic is routed through the
default VLAN (VLAN1), which you need to assign to at least one LAN port.
Note the following about VLANs and PVIDs:
One physical port is assigned to at least one VLAN.
One physical port can be assigned to multiple VLANs.
When one port is assigned to multiple VLANs, the port is used as a trunk port to connect
to another switch or router.
When a port receives an untagged packet, this packet is forwarded to a VLAN based on
the PVID.
When a port receives a tagged packet, this packet is forwarded to a VLAN based on the
ID that is extracted from the tagged packet.
When you create a VLAN profile, assign LAN ports to the VLAN, and enable the VLAN, the
LAN ports that are members of the VLAN can send and receive both tagged and untagged
packets. Untagged packets that enter these LAN ports are assigned to the default PVID 1;
packets that leave these LAN ports with the same default PVID 1 are untagged. All other
packets are tagged according to the VLAN ID that you assigned to the VLAN when you
created the VLAN profile.
This is a typical scenario for a configuration with an IP phone that has two Ethernet ports, one
of which is connected to the VPN firewall, the other one to another device:
Packets coming from the IP phone to the VPN firewall LAN port are tagged. Packets passing
through the IP phone from the connected device to the VPN firewall LAN port are untagged.
When you assign the VPN firewall LAN port to a VLAN, packets entering and leaving the port
are tagged with the VLAN ID. However, untagged packets entering the VPN firewall LAN port
are forwarded to the default VLAN with PVID 1; packets that leave the LAN port with the
same default PVID 1 are untagged.
Note:
The configuration of the DHCP options for the default VLAN is
described in
Configure the IPv4 Internet Connection and WAN
Settings
on page
29. For information about how to add and edit a
VLAN profile, including its DHCP options, see
Configure a VLAN
Profile
on page
88.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top