Page 11 / 469 Scroll up to view Page 6 - 10
11
1
1.
Introduction
This chapter provides an overview of the features and capabilities of the ProSAFE Gigabit Quad
WAN SSL VPN Firewall SRX5308 and explains how to log in to the device and use its web
management interface. The chapter contains the following sections:
What Is the ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308?
Key Features and Capabilities
Package Contents
Hardware Features
Choose a Location for the VPN Firewall
Log In to the VPN Firewall
Web Management Interface Menu Layout
Requirements for Entering IP Addresses
Note:
For more information about the topics covered in this manual, visit
the support website at
.
Note:
Firmware updates with new features and bug fixes are made
available from time to time on
downloadcenter.netgear.com
. Some
products can regularly check the site and download new firmware,
or you can check for and download new firmware manually. If the
features or behavior of your product do not match what is described
in this guide, you might need to update your firmware.
Page 12 / 469
Introduction
12
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
What Is the ProSAFE Gigabit Quad WAN SSL VPN
Firewall SRX5308?
The ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308, hereafter referred to as the
VPN firewall, connects your local area network (LAN) to the Internet through up to four
external broadband access devices such as cable or DSL modems or satellite or wireless
Internet dishes. Four wide area network (WAN) ports allow you to increase effective data rate
to the Internet by utilizing all WAN ports to carry session traffic or to maintain backup
connections in case of failure of your primary Internet connection.
The VPN firewall routes both IPv4 and IPv6 traffic. A powerful, flexible firewall protects your
IPv4 and IPv6 networks from denial of service (DoS) attacks, unwanted traffic, and traffic with
objectionable content. IPv6 traffic is supported through 6to4 and Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) tunnels.
The VPN firewall is a security solution that protects your network from attacks and intrusions.
For example, the VPN firewall provides support for stateful packet inspection (SPI), denial of
service (DoS) attack protection, and multi-NAT support. The VPN firewall supports multiple
web content filtering options, plus browsing activity reporting and instant alerts—both through
email. Network administrators can establish restricted access policies based on time of day,
website addresses, and address keywords.
The VPN firewall provides advanced IPSec and SSL VPN technologies for secure and simple
remote connections. The use of Gigabit Ethernet LAN and WAN ports ensures high data
transfer speeds.
The VPN firewall is a plug-and-play device that can be installed and configured within
minutes.
Key Features and Capabilities
Quad-WAN Ports for Increased Reliability and Load Balancing
Advanced VPN Support for Both IPSec and SSL
A Powerful, True Firewall with Content Filtering
Security Features
Autosensing Ethernet Connections with Auto Uplink
Extensive Protocol Support
Easy Installation and Management
Maintenance and Support
Page 13 / 469
Introduction
13
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
The VPN firewall provides the following key features and capabilities:
Four 10/100/1000 Mbps Gigabit Ethernet WAN ports for load balancing and failover
protection of your Internet connection, providing increased data rate and increased
system reliability.
Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for fast data transfer
between local network resources and support for up to 200,000 internal or external
connections.
Both IPv4 and IPv6 support
Advanced IPSec VPN and SSL VPN support with support for up to 125 concurrent IPSec
VPN tunnels and up to 50 concurrent SSL VPN tunnels.
Bundled with a single-user license of the NETGEAR ProSafe VPN Client software
(VPN01L).
L2TP tunnel and PPTP tunnel support
Advanced stateful packet inspection (SPI) firewall with multi-NAT support.
Quality of Service (QoS) and SIP 2.0 support for traffic prioritization, voice, and
multimedia.
Extensive protocol support.
One console port for local management.
SNMP support with SNMPv1, SNMPv2c, and SNMPv3, and management optimized for
the NETGEAR ProSafe Network Management Software (NMS200) over a LAN
connection.
Front panel LEDs for easy monitoring of status and activity.
Flash memory for firmware upgrade.
Internal universal switching power supply.
Rack-mounting kit for 1U rackmounting.
Quad-WAN Ports for Increased Reliability and Load
Balancing
The VPN firewall provides four broadband WAN ports. These WAN ports allow you to
connect additional broadband Internet lines that can be configured to:
Load-balance outbound traffic between up to four lines for maximum bandwidth
efficiency.
Provide backup and rollover if one line is inoperable, ensuring that you are never
disconnected.
See
Appendix B, Network Planning for Multiple WAN Ports
for the planning factors to
consider when implementing the following capabilities with multiple WAN port gateways:
Single or multiple exposed hosts.
Virtual private networks (VPNs).
Page 14 / 469
Introduction
14
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Advanced VPN Support for Both IPSec and SSL
The VPN firewall supports IPSec and SSL virtual private network (VPN) connections:
IPSec VPN delivers full network access between a central office and branch offices, or
between a central office and telecommuters. Remote access by telecommuters requires
the installation of VPN client software on the remote computer.
-
IPSec VPN with broad protocol support for secure connection to other IPSec
gateways and clients.
-
Up to 125 simultaneous IPSec VPN connections.
-
Bundled with a 30-day trial license for the ProSafe VPN Client software (VPN01L).
SSL VPN provides remote access for mobile users to selected corporate resources
without requiring a preinstalled VPN client on their computers.
-
Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for
e-commerce transactions, to provide client-free access with customizable user portals
and support for a wide variety of user repositories.
-
Up to 50 simultaneous SSL VPN connections.
-
Allows browser-based, platform-independent remote access through a number of
popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple
Safari.
-
Provides granular access to corporate resources based on user type or group
membership.
A Powerful, True Firewall with Content Filtering
Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection
(SPI) to defend against hacker attacks. Its firewall features have the following capabilities:
DoS protection
. Automatically detects and thwarts denial of service (DoS) attacks such
as Ping of Death and SYN flood.
Secure firewall
. Blocks unwanted traffic from the Internet to your LAN.
Content filtering
. Prevents objectionable content from reaching your computers. You
can control access to Internet content by screening for web services, web addresses, and
keywords within web addresses.
Schedule policies
. Permits scheduling of firewall policies by day and time.
Logs security incidents
. Logs security events such as logins and secure logins. You can
configure the firewall to email the log to you at specified intervals. You can also configure
the VPN firewall to send immediate alert messages to your email address or email pager
when a significant event occurs.
Page 15 / 469
Introduction
15
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Security Features
The VPN firewall is equipped with several features designed to maintain security:
Computers hidden by NAT
. NAT opens a temporary path to the Internet for requests
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
Port forwarding with NAT
.
Although NAT prevents Internet locations from directly
accessing the computers on the LAN, the VPN firewall allows you to direct incoming
traffic to specific computers based on the service port number of the incoming request.
DMZ port
. Incoming traffic from the Internet is usually discarded by the VPN firewall
unless the traffic is a response to one of your local computers or a service for which you
have configured an inbound rule. Instead of discarding this traffic, you can use the
dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your
network.
Autosensing Ethernet Connections with Auto Uplink
With its internal four-port 10/100/1000 Mbps switch and four 10/100/1000 WAN ports, the
VPN firewall can connect to a 10-Mbps standard Ethernet network, a 100-Mbps Fast
Ethernet network, a 1000-Mbps Gigabit Ethernet network, or a combination of these
networks. All LAN and WAN interfaces are autosensing and capable of full-duplex or
half-duplex operation.
The VPN firewall incorporates Auto Uplink
TM
technology. Each Ethernet port automatically
senses whether the Ethernet cable plugged into the port should have a normal connection
such as to a computer or an uplink connection such as to a switch or hub. That port then
configures itself correctly. This feature eliminates the need for you to think about crossover
cables, as Auto Uplink accommodates either type of cable to make the right connection.
Extensive Protocol Support
The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and
Routing Information Protocol (RIP). The VPN firewall provides the following protocol support:
IP address sharing by NAT
. The VPN firewall allows many networked computers to
share an Internet account using only a single IP address, which might be statically or
dynamically assigned by your Internet service provider (ISP). This technique, known as
Network Address Translation (NAT), allows the use of an inexpensive single-user ISP
account.
Automatic configuration of attached computers by DHCP
. The VPN firewall
dynamically assigns network configuration information, including IP, gateway, and
Domain Name Server (DNS) addresses, to attached computers on the LAN using the
Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies
configuration of computers on your local network.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top