Introduction

16

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

•

DNS proxy

. When DHCP is enabled and no DNS addresses are specified, the VPN

firewall provides its own address as a DNS server to the attached computers. The firewall

obtains actual DNS addresses from the ISP during connection setup and forwards DNS

requests from the LAN.

•

PPP over Ethernet (PPPoE)

. PPPoE is a protocol for connecting remote hosts to the

Internet over a DSL connection by simulating a dial-up connection.

•

Quality of Service (QoS)

. The VPN firewall supports QoS, including traffic prioritization

and traffic classification with Type of Service (ToS) and Differentiated Services Code

Point (DSCP) marking.

•

Layer 2 Tunneling Protocol (L2TP)

. A tunneling protocol that is used to support virtual

private networks (VPNs).

•

Point to Point Tunneling Protocol (PPTP)

.

Another tunneling protocol that is used to

support VPNs.

Easy Installation and Management

You can install, configure, and operate the VPN firewall within minutes after connecting it to

the network. The following features simplify installation and management tasks:

•

Browser-based management

. Browser-based configuration allows you to easily

configure the VPN firewall from almost any type of operating system, such as Windows,

Macintosh, or Linux. Online help documentation is built into the browser-based web

management interface.

•

Auto-detection of ISP

. The VPN firewall automatically senses the type of Internet

connection, asking you only for the information required for your type of ISP account.

•

IPSec VPN Wizard

. The VPN firewall includes the NETGEAR IPSec VPN Wizard so you

can easily configure IPSec VPN tunnels according to the recommendations of the Virtual

Private Network Consortium (VPNC). This ensures that the IPSec VPN tunnels are

interoperable with other VPNC-compliant VPN routers and clients.

•

SNMP

. The VPN firewall supports the Simple Network Management Protocol (SNMP) to

let you monitor and manage log resources from an SNMP-compliant system manager.

The SNMP system configuration lets you change the system variables for MIB2.

•

Diagnostic functions

. The VPN firewall incorporates built-in diagnostic functions such

as ping, traceroute, DNS lookup, and remote reboot.

•

Remote management

. The VPN firewall allows you to log in to the web management

interface from a remote location on the Internet. For security, you can limit remote

management access to a specified remote IP address or range of addresses.

•

Visual monitoring

. The VPN firewall’s front panel LEDs provide an easy way to monitor

its status and activity.

Introduction

17

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Maintenance and Support

NETGEAR offers the following features to help you maximize your use of the VPN firewall:

•

Flash memory for firmware upgrades.

•

Technical support seven days a week, 24 hours a day. Information about support is

available on the NETGEAR website at

.

Package Contents

The VPN firewall product package contains the following items:

•

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

•

One AC power cable

•

One Category 5 (Cat 5) Ethernet cable

•

One rack-mounting kit

•

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308 Installation Guide

•

Resource CD

, including:

-

Application Notes and other helpful information

-

ProSafe VPN Client software (VPN01L)

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep

the carton, including the original packing materials, in case you need to return the product for

repair.

Hardware Features

•

Front Panel

•

Rear Panel

•

Bottom Panel with Product Label

The front panel ports and LEDs, rear panel ports, and bottom label of the VPN firewall are

described in the following sections.

Front Panel

Viewed from left to right, the VPN firewall front panel contains the following ports (see the

following figure).

•

LAN Ethernet ports. Four switched N-way automatic speed negotiating, Auto MDI/MDIX,

Gigabit Ethernet ports with RJ-45 connectors

•

WAN Ethernet ports. Four independent N-way automatic speed negotiating, Auto

MDI/MDIX, Gigabit Ethernet ports with RJ-45 connectors

Introduction

18

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

The front panel also contains three groups of status indicator light-emitting diodes (LEDs),

including Power and Test LEDs, LAN LEDs, and WAN LEDs, all of which are described in the

following table.

Figure 1.

Table 1.

LED descriptions

LED

Activity

Description

Power

On (green)

Power is supplied to the VPN firewall.

Off

Power is not supplied to the VPN firewall.

Test

On (amber) during

startup.

Test mode: The VPN firewall is initializing. After approximately 2

minutes,

when the VPN firewall has completed its initialization, the Test LED goes

off.

On (amber) during

any other time

The initialization has failed, or a hardware failure has occurred.

Blinking (amber)

The VPN firewall is writing to flash memory (during upgrading or resetting

to defaults).

Off

The system has booted successfully.

LAN Ports

Left LED

On (green)

The LAN port has detected a link with a connected Ethernet device.

Blinking (green)

The LAN port receives or transmits data.

Off

The LAN port has no link.

Right LED

On (green)

The LAN port operates at 1000 Mbps.

On (amber)

The LAN port operates at 100 Mbps.

Off

The LAN port operates at 10 Mbps.

Power LED

Test LED

Left LAN LEDs

Right LAN LEDs

DMZ LED

Left WAN LEDs

Right WAN LEDs

Internet

Introduction

19

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Rear Panel

The rear panel of the VPN firewall includes a console port, a Factory Defaults Reset button, a

cable lock receptacle, an AC power connection, and a power switch.

Figure 2.

Viewed from left to right, the rear panel contains the following components:

•

Cable security lock receptacle.

•

Console port. Port for connecting to an optional console terminal. The port has a DB9

male connector. The default baud rate is 115200 K. The pinouts are (2) Tx, (3) Rx, (5) and

(7) Gnd. For information about accessing the command-line interface (CLI) using the

console port, see

Use the Command-Line Interface

on page

342.

DMZ LED

On (green)

Port 4 operates as a dedicated hardware DMZ port.

Off

Port 4 operates as a normal LAN port.

WAN Ports

Left LED

On (green)

The WAN port has a valid connection with a device that provides an

Internet connection.

Blinking (green)

The WAN port receives or transmits data.

Off

The WAN port has no physical link, that is, no Ethernet cable is plugged

into the VPN firewall.

Right LED

On (green)

The WAN port operates at 1000 Mbps.

On (amber)

The WAN port operates at 100 Mbps.

Off

The WAN port operates at 10 Mbps.

Internet LED

On (green)

The WAN port has a valid Internet connection.

Off

The WAN port is either not enabled or has no link to the Internet.

Table 1.

LED descriptions (continued)

LED

Activity

Description

Security lock

receptacle

Console port

Factory Defaults

AC power

receptacle

Power

switch

Reset button

Introduction

20

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

•

Factory Defaults Reset button. Using a sharp object, press and hold this button for about

8

seconds until the front panel Test LED flashes to reset the VPN firewall to factory

default settings. All configuration settings are lost, and the default password is restored.

•

AC power receptacle. Universal AC input (100–240 VAC, 50–60 Hz).

•

A power on/off switch.

Bottom Panel with Product Label

The product label on the bottom of the VPN firewall’s enclosure displays factory default

settings, regulatory compliance, and other information.

Figure 3.

Choose a Location for the VPN Firewall

The VPN firewall is suitable for use in an office environment where it can be freestanding (on

its runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can

rack-mount the VPN firewall in a wiring closet or equipment room.

Consider the following when deciding where to position the VPN firewall:

•

The unit is accessible, and cables can be connected easily.

•

Cabling is away from sources of electrical noise. These include lift shafts, microwave

ovens, and air-conditioning units.

•

Water or moisture cannot enter the case of the unit.

•

Airflow around the unit and through the vents in the side of the case is not restricted.

Provide a minimum of 25 mm or 1-inch clearance.

•

The air is as free of dust as possible.

•

Temperature operating limits are not likely to be exceeded. Install the unit in a clean,

air-conditioned environment. For information about the recommended operating

temperatures for the VPN firewall, see

Appendix A, Default Settings and Technical

Specifications

.