11

1

1.

Introduction

This chapter provides an overview of the features and capabilities of the ProSAFE Gigabit Quad

WAN SSL VPN Firewall SRX5308 and explains how to log in to the device and use its web

management interface. The chapter contains the following sections:

•

What Is the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308?

•

Key Features and Capabilities

•

Package Contents

•

Hardware Features

•

Choose a Location for the VPN Firewall

•

Log In to the VPN Firewall

•

Web Management Interface Menu Layout

•

Requirements for Entering IP Addresses

Note:

For more information about the topics covered in this manual, visit

the support website at

.

Note:

Firmware updates with new features and bug fixes are made

available from time to time on

downloadcenter.netgear.com

. Some

products can regularly check the site and download new firmware,

or you can check for and download new firmware manually. If the

features or behavior of your product do not match what is described

in this guide, you might need to update your firmware.

Introduction

12

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

What Is the ProSAFE Gigabit Quad WAN SSL VPN

Firewall SRX5308?

The ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308, hereafter referred to as the

VPN firewall, connects your local area network (LAN) to the Internet through up to four

external broadband access devices such as cable or DSL modems or satellite or wireless

Internet dishes. Four wide area network (WAN) ports allow you to increase effective data rate

to the Internet by utilizing all WAN ports to carry session traffic or to maintain backup

connections in case of failure of your primary Internet connection.

The VPN firewall routes both IPv4 and IPv6 traffic. A powerful, flexible firewall protects your

IPv4 and IPv6 networks from denial of service (DoS) attacks, unwanted traffic, and traffic with

objectionable content. IPv6 traffic is supported through 6to4 and Intra-Site Automatic Tunnel

Addressing Protocol (ISATAP) tunnels.

The VPN firewall is a security solution that protects your network from attacks and intrusions.

For example, the VPN firewall provides support for stateful packet inspection (SPI), denial of

service (DoS) attack protection, and multi-NAT support. The VPN firewall supports multiple

web content filtering options, plus browsing activity reporting and instant alerts—both through

email. Network administrators can establish restricted access policies based on time of day,

website addresses, and address keywords.

The VPN firewall provides advanced IPSec and SSL VPN technologies for secure and simple

remote connections. The use of Gigabit Ethernet LAN and WAN ports ensures high data

transfer speeds.

The VPN firewall is a plug-and-play device that can be installed and configured within

minutes.

Key Features and Capabilities

•

Quad-WAN Ports for Increased Reliability and Load Balancing

•

Advanced VPN Support for Both IPSec and SSL

•

A Powerful, True Firewall with Content Filtering

•

Security Features

•

Autosensing Ethernet Connections with Auto Uplink

•

Extensive Protocol Support

•

Easy Installation and Management

•

Maintenance and Support

Introduction

13

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

The VPN firewall provides the following key features and capabilities:

•

Four 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing and failover

protection of your Internet connection, providing increased data rate and increased

system reliability.

•

Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for fast data transfer

between local network resources and support for up to 200,000 internal or external

connections.

•

Both IPv4 and IPv6 support

•

Advanced IPSec VPN and SSL VPN support with support for up to 125 concurrent IPSec

VPN tunnels and up to 50 concurrent SSL VPN tunnels.

•

Bundled with a single-user license of the NETGEAR ProSafe VPN Client software

(VPN01L).

•

L2TP tunnel and PPTP tunnel support

•

Advanced stateful packet inspection (SPI) firewall with multi-NAT support.

•

Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and

multimedia.

•

Extensive protocol support.

•

One console port for local management.

•

SNMP support with SNMPv1, SNMPv2c, and SNMPv3, and management optimized for

the NETGEAR ProSafe Network Management Software (NMS200) over a LAN

connection.

•

Front panel LEDs for easy monitoring of status and activity.

•

Flash memory for firmware upgrade.

•

Internal universal switching power supply.

•

Rack-mounting kit for 1U rackmounting.

Quad-WAN Ports for Increased Reliability and Load

Balancing

The VPN firewall provides four broadband WAN ports. These WAN ports allow you to

connect additional broadband Internet lines that can be configured to:

•

Load-balance outbound traffic between up to four lines for maximum bandwidth

efficiency.

•

Provide backup and rollover if one line is inoperable, ensuring that you are never

disconnected.

See

Appendix B, Network Planning for Multiple WAN Ports

for the planning factors to

consider when implementing the following capabilities with multiple WAN port gateways:

•

Single or multiple exposed hosts.

•

Virtual private networks (VPNs).

Introduction

14

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Advanced VPN Support for Both IPSec and SSL

The VPN firewall supports IPSec and SSL virtual private network (VPN) connections:

•

IPSec VPN delivers full network access between a central office and branch offices, or

between a central office and telecommuters. Remote access by telecommuters requires

the installation of VPN client software on the remote computer.

-

IPSec VPN with broad protocol support for secure connection to other IPSec

gateways and clients.

-

Up to 125 simultaneous IPSec VPN connections.

-

Bundled with a 30-day trial license for the ProSafe VPN Client software (VPN01L).

•

SSL VPN provides remote access for mobile users to selected corporate resources

without requiring a preinstalled VPN client on their computers.

-

Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for

e-commerce transactions, to provide client-free access with customizable user portals

and support for a wide variety of user repositories.

-

Up to 50 simultaneous SSL VPN connections.

-

Allows browser-based, platform-independent remote access through a number of

popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple

Safari.

-

Provides granular access to corporate resources based on user type or group

membership.

A Powerful, True Firewall with Content Filtering

Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection

(SPI) to defend against hacker attacks. Its firewall features have the following capabilities:

•

DoS protection

. Automatically detects and thwarts denial of service (DoS) attacks such

as Ping of Death and SYN flood.

•

Secure firewall

. Blocks unwanted traffic from the Internet to your LAN.

•

Content filtering

. Prevents objectionable content from reaching your computers. You

can control access to Internet content by screening for web services, web addresses, and

keywords within web addresses.

•

Schedule policies

. Permits scheduling of firewall policies by day and time.

•

Logs security incidents

. Logs security events such as logins and secure logins. You can

configure the firewall to email the log to you at specified intervals. You can also configure

the VPN firewall to send immediate alert messages to your email address or email pager

when a significant event occurs.

Introduction

15

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Security Features

The VPN firewall is equipped with several features designed to maintain security:

•

Computers hidden by NAT

. NAT opens a temporary path to the Internet for requests

originating from the local network. Requests originating from outside the LAN are

discarded, preventing users outside the LAN from finding and directly accessing the

computers on the LAN.

•

Port forwarding with NAT

.

Although NAT prevents Internet locations from directly

accessing the computers on the LAN, the VPN firewall allows you to direct incoming

traffic to specific computers based on the service port number of the incoming request.

•

DMZ port

. Incoming traffic from the Internet is usually discarded by the VPN firewall

unless the traffic is a response to one of your local computers or a service for which you

have configured an inbound rule. Instead of discarding this traffic, you can use the

dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your

network.

Autosensing Ethernet Connections with Auto Uplink

With its internal four-port 10/100/1000 Mbps switch and four 10/100/1000 WAN ports, the

VPN firewall can connect to a 10-Mbps standard Ethernet network, a 100-Mbps Fast

Ethernet network, a 1000-Mbps Gigabit Ethernet network, or a combination of these

networks. All LAN and WAN interfaces are autosensing and capable of full-duplex or

half-duplex operation.

The VPN firewall incorporates Auto Uplink

TM

technology. Each Ethernet port automatically

senses whether the Ethernet cable plugged into the port should have a normal connection

such as to a computer or an uplink connection such as to a switch or hub. That port then

configures itself correctly. This feature eliminates the need for you to think about crossover

cables, as Auto Uplink accommodates either type of cable to make the right connection.

Extensive Protocol Support

The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and

Routing Information Protocol (RIP). The VPN firewall provides the following protocol support:

•

IP address sharing by NAT

. The VPN firewall allows many networked computers to

share an Internet account using only a single IP address, which might be statically or

dynamically assigned by your Internet service provider (ISP). This technique, known as

Network Address Translation (NAT), allows the use of an inexpensive single-user ISP

account.

•

Automatic configuration of attached computers by DHCP

. The VPN firewall

dynamically assigns network configuration information, including IP, gateway, and

Domain Name Server (DNS) addresses, to attached computers on the LAN using the

Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies

configuration of computers on your local network.