1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 59
Page 291 / 469 Scroll up to view Page 286 - 290
Virtual Private Networking Using SSL
Connections
291
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
5.
Click
Apply
to save your settings. The new configuration is added to the Defined Resource
Addresses table.
To delete a configuration from the Defined Resource Addresses table, click the
Delete
table
button to the right of the configuration that you want to delete.
Configure User, Group, and Global Policies
View Policies
Add an IPv4 or IPv6 SSL VPN Policy
You can define and apply user, group, and global policies to predefined network resource
objects, IP addresses, address ranges, or all IP addresses, and to different SSL VPN
services. A specific hierarchy is invoked over which policies take precedence. The VPN
firewall policy hierarchy is defined as follows:
User policies take precedence over group policies.
Group policies take precedence over global policies.
If two or more user, group, or global policies are configured, the
most specific
policy takes
precedence.
For example, a policy that is configured for a single IP address takes precedence over a
policy that is configured for a range of addresses. And a policy that applies to a range of IP
addresses takes precedence over a policy that is applied to all IP addresses. If two or more
IP address ranges are configured, the smallest address range takes precedence. Host
names are treated the same as individual IP addresses.
Network resources are prioritized just like other address ranges. However, the prioritization is
based on the individual address or address range, not the entire network resource.
For example, assume the following global policy configuration:
Policy 1. A Deny rule has been configured to block all services to the IP address range
10.0.0.0–10.0.0.255.
Policy 2. A Deny rule has been configured to block FTP access to 10.0.1.2–10.0.1.10.
Policy 3. A Permit rule has been configured to allow FTP access to the predefined
network resource with the name FTP Servers. The FTP Servers network resource
Object Type
(continued)
IPv4 screen only:
Mask Length
Enter the network mask (0–31) for the locations that are
permitted to use this resource.
IPv6 screen only:
Prefix Length
Enter the prefix length for the locations that are permitted
to use this resource.
Port Range / Port Number
A port or a range of ports (0–65535) to apply the policy to. The policy is applied
to all TCP and UDP traffic that passes on those ports. Leave the fields blank to
apply the policy to all traffic.
Table 73.
Resources screen settings to edit a resource (continued)
Setting
Description
Page 292 / 469
Virtual Private Networking Using SSL
Connections
292
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
includes the following addresses: 10.0.0.5–10.0.0.20 and the FQDN ftp.
company
.com,
which resolves to 10.0.1.3.
Assuming that no conflicting user or group policies have been configured, if a user attempted
to access FTP servers at the following addresses, the actions listed would occur:
10.0.0.1. The user would be blocked by Policy 1.
10.0.1.5. The user would be blocked by Policy 2.
10.0.0.10. The user would be granted access by Policy 3. The IP address range
10.0.0.5–10.0.0.20 is more specific than the IP address range that is defined in Policy 1.
ftp.
company
.com. The user would be granted access by Policy 3. A single host name is
more specific than the IP address range that is configured in Policy 2.
Note:
The user would not be able to access ftp.
company
.com using its IP
address 10.0.1.3. The VPN firewall’s policy engine does not perform
reverse DNS lookups.
View Policies
To view the existing SSL VPN policies:
1.
Select
VPN > SSL VPN
. The SSL VPN submenu tabs display, with the Policies screen
in view. (The following figure shows some examples.)
Figure 191.
Page 293 / 469
Virtual Private Networking Using SSL
Connections
293
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
Make your selection from the following Query options:
To view all global policies, select the
Global
radio button.
To view group policies, select the
Group
radio button, and select the relevant group’s
name from the drop-down list.
To view user policies, select the
User
radio button, and select the relevant user’s
name from the drop-down list.
3.
Click the
Display
action button. The List of SSL VPN Policies table displays the list for your
selected Query option.
Add an IPv4 or IPv6 SSL VPN Policy
To add an SSL VPN policy:
1.
Select
VPN > SSL VPN
. The SSL VPN submenu tabs display, with the Policies screen
in view (see the previous figure).
2.
Under the List of SSL VPN Policies table, click the
Add
table button. The Add SSL VPN
Policy screen displays the IPv4 settings (see the next figure).
3.
Specify the IP version for which you want to add an SSL VPN policy:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step
4
.
.
Figure 192.
Add SSL VPN Policy screen for IPv4
IPv6
. Select the
IPv6
radio button. The Add SSL VPN Policy screen displays the IPv6
settings:
Page 294 / 469
Virtual Private Networking Using SSL
Connections
294
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
.
Figure 193.
Add SSL VPN Policy screen for IPv6
4.
Complete the settings as described in the following table:
Table 74.
Add SSL VPN Policy screen settings
Setting
Description
Policy For
Select one of the following radio buttons to specify the type of SSL VPN policy:
Global
. The new policy is global and includes all groups and users.
Group
.
The new policy needs to be limited to a single group. From the drop-down list, select a group
name. For information about how to create groups, see
Configure Groups
on page
307.
User
. The new policy needs to be limited to a single user. From the drop-down list, select a user name.
For information about how to create user accounts, see
Configure User Accounts
on page
310.
Add SSL VPN Policies
Apply
Policy to?
Select one of the following radio buttons to specify how the policy is applied. When you select
a radio button, the fields and drop-down lists that apply to your selection (see explanations
later in this table) unmask onscreen.
Network Resource
. The policy is applied to a network resource that you have defined on
the Resources screen (see
Use Network Resource Objects to Simplify Policies
on
page
288).
IP Address
. The policy is applied to a single IP address.
IP Network
. The policy is applied to a network address.
All Addresses
. The policy is applied to all addresses.
Page 295 / 469
Virtual Private Networking Using SSL
Connections
295
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Apply
Policy to?
(continued)
Network
Resource
Policy Name
A descriptive name of the SSL VPN policy for identification and
management purposes.
Defined
Resources
From the drop-down list, select a network resource that you
have defined on the Resources screen (see
Use Network
Resource Objects to Simplify Policies
on page
288).
Permission
From the drop-down list, select
Permit
or
Deny
to specify
whether the policy permits or denies access.
IP Address
Policy Name
A descriptive name of the SSL VPN policy for identification and
management purposes.
IP Address
The IPv4 or IPv6 address to which the SSL VPN policy is
applied.
Port Range /
Port Number
A port (fill in the Begin field) or a range of ports (fill in the Begin
and End fields) to which the SSL VPN policy is applied. Ports
can be 0 through 65535. The policy is applied to all TCP and
UDP traffic that passes on those ports. Leave the fields blank to
apply the policy to all traffic.
Service
From the drop-down list, select the service to which the SSL
VPN policy is applied:
VPN Tunnel
. The policy is applied only to a VPN tunnel.
Port Forwarding
. The policy is applied only to port
forwarding.
All
. The policy is applied both to a VPN tunnel and to port
forwarding.
Permission
From the drop-down list, select
Permit
or
Deny
to specify
whether the policy permits or denies access.
IP Network
Policy Name
A descriptive name of the SSL VPN policy for identification and
management purposes.
IP Address
The network IPv4 or IPv6 network address to which the SSL
VPN policy is applied.
IPv4 screen
only
Subnet
Mask
The IPv4 network subnet mask to which the SSL
VPN policy is applied.
IPv6 screen
only
IPv6 Prefix
Length
The IPv6 prefix length that apples to the network
to which the SSL VPN policy is applied.
Port Range /
Port Number
A port (fill in the Begin field) or a range of ports (fill in the Begin
and End fields) to which the SSL VPN policy is applied. Ports
can be 0 through 65535. The policy is applied to all TCP and
UDP traffic that passes on those ports. Leave the fields blank to
apply the policy to all traffic.
Table 74.
Add SSL VPN Policy screen settings (continued)
Setting
Description

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top