1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 63
Page 311 / 469 Scroll up to view Page 306 - 310
Manage Users, Authentication, and VPN
Certificates
311
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Guest user
. A user who can only view the VPN firewall configuration (that is, read-only
access).
IPSec VPN user
. A user who can make an IPSec VPN connection only through a
NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled (see
Configure Extended Authentication (XAUTH)
on page
245).
L2TP user
. A user who can connect over an L2TP connection to an L2TP client that is
located behind the VPN firewall.
PPTP user
. A user who can connect over a PPTP connection to a PPTP client that is
located behind the VPN firewall.
To create a user account:
1.
Select
Users > Users
. The Users screen displays. (The following figure shows the VPN
firewall’s default users—admin and guest—and, as an example, several other users in
the List of Users table.)
Figure 205.
The List of Users table displays the users and has the following fields:
Check box
.
Allows you to select the user in the table.
Name
. The name of the user. If the user name is appended by an asterisk, the user is
a default user that is preconfigured on the VPN firewall and cannot be deleted.
Group
. The group to which the user is assigned.
Type
. The type of access credentials that are assigned to the user.
Authentication Domain
. The authentication domain to which the user is assigned.
Action
. The Edit table button, which provides access to the Edit User screen; the
Policies table button, which provides access to the policy screens.
2.
Under the List of Users table, click the
Add
table button. The Add Users screen displays:
Page 312 / 469
Manage Users, Authentication, and VPN
Certificates
312
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 206.
3.
Enter the settings as described in the following table:
4.
Click
Apply
to save your settings. The user is added to the List of Users table.
Table 78.
Add Users screen settings
Setting
Description
User Name
A descriptive (alphanumeric) name of the user for identification and management
purposes.
User Type
From the drop-down list, select one of the predefined user types that determines the
access credentials:
SSL VPN User
. A user who can log in only to the SSL VPN portal.
Administrator
. A user who has full access and the capacity to change the VPN
firewall configuration (that is, read/write access).
Guest (readonly)
. A user who can only view the VPN firewall configuration (that
is, read-only access).
IPSEC VPN User
. A user who can make an IPSec VPN connection only through
a NETGEAR ProSafe VPN Client, and only when the XAUTH feature is enabled
(see
Configure Extended Authentication (XAUTH)
on page
245).
L2TP User
. A user who can connect over an L2TP connection to an L2TP client
that is located behind the VPN firewall.
PPTP User
. A user who can connect over a PPTP connection to a PPTP client
that is located behind the VPN firewall.
Select Group
The drop-down list shows the groups that are listed on the Group screen. From the
drop-down list, select the group to which the user is assigned. For information about
how to configure groups, see
Configure Groups
on page
307.
Note:
The user is assigned to the domain that is associated with the selected group.
Password
The password that the user needs to enter to gain access to the VPN firewall.
Confirm Password
This field needs to be identical to the password that you entered in the Password field.
Idle Timeout
The period after which an idle user is automatically logged out of the web management
interface. The default idle time-out period is 5 minutes.
Page 313 / 469
Manage Users, Authentication, and VPN
Certificates
313
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To delete one or more user accounts:
1.
In the List of Users table, select the check box to the left of each user account that you
want to delete, or click the
Select All
table button to select all accounts. You cannot
delete a default user account.
2.
Click the
Delete
table button.
Note:
You cannot delete the default admin or guest user.
Set User Login Policies
You can restrict the ability of defined users to log in to the VPN firewall’s web management
interface. You can also require or prohibit logging in from certain IP addresses or from
particular browsers. This section consists of the following subsections:
Configure Login Policies
Configure Login Restrictions Based on IPv4 Addresses
Configure Login Restrictions Based on IPv6 Addresses
Configure Login Restrictions Based on Web Browser
Configure Login Policies
To configure user login policies:
1.
Select
Users > Users
. The Users screen displays (see
Figure
205
on page
311).
2.
In the Action column of the List of Users table, click the
Policies
table button for the user for
which you want to set login policies. The policies submenu tabs display, with the Login
Policies screen in view:
Figure 207.
3.
Make the following optional selections:
To prohibit the user from logging in to the VPN firewall, select the
Disable Login
check box.
To prohibit the user from logging in from the WAN interface, select the
Deny Login
from WAN Interface
check box. In this case, the user can log in only from the LAN
interface.
Page 314 / 469
Manage Users, Authentication, and VPN
Certificates
314
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
For security reasons, the Deny Login from WAN Interface check box
is selected by default for guests and administrators. The Disable
Login check box is disabled (masked out) for administrators.
4.
Click
Apply
to save your settings.
Configure Login Restrictions Based on IPv4 Addresses
To restrict logging in based on IPv4 addresses:
1.
Select
Users > Users
. The Users screen displays (see
Figure
205
on page
311).
2.
In the Action column of the List of Users table, click the
Policies
table button for the user for
which you want to set login policies. The policies submenu tabs display, with the Login
Policies screen in view.
3.
Click the
By Source IP Address
submenu tab.
In the upper right of the screen, the IPv4
radio button is selected by default. The By Source IP Address screen displays the IPv4
settings. (The following figure shows an IP address in the Defined Addresses table as an
example.)
Figure 208.
4.
In the Defined Addresses Status section of the screen, select one of the following radio
buttons:
Deny Login from Defined Addresses
. Deny logging in from the IP addresses in the
Defined Addresses table.
Allow Login only from Defined Addresses
. Allow logging in from the IP addresses
in the Defined Addresses table.
5.
Click
Apply
to save your settings.
Page 315 / 469
Manage Users, Authentication, and VPN
Certificates
315
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
6.
In the Add Defined Addresses section of the screen, add an address to the Defined
Addresses table by entering the settings as described in the following table:
7.
Click the
Add
table button. The address is added to the Defined Addresses table.
8.
Repeat
Step
6
and
Step
7
for any other addresses that you want to add to the Defined
Addresses table.
To delete one or more IPv4 addresses:
1.
In the Defined Addresses table, select the check box to the left of each address that you
want to delete, or click the
Select All
table button to select all addresses.
2.
Click the
Delete
table button.
Configure Login Restrictions Based on IPv6 Addresses
To restrict logging in based on IPv6 addresses:
1.
Select
Users > Users
. The Users screen displays (see
Figure
205
on page
311).
2.
In the Action column of the List of Users table, click the
Policies
table button for the user for
which you want to set login policies. The policies submenu tabs display, with the Login
Policies screen in view.
3.
Click the
By Source IP Address
submenu tab.
4.
In the upper right of the screen, select the
IPv6
radio button. The By Source IP Address
screen displays the IPv6 settings. (The following figure shows an IP address in the Defined
Addresses table as an example.)
Table 79.
Defined addresses settings for IPv4
Setting
Description
Source Address Type
Select the type of address from the drop-down list:
IP Address
. A single IPv4 address.
IP Network
. A subnet of IPv4 addresses. You need to enter a netmask length
in the Mask Length field.
Network Address / IP
Address
Depending on your selection from the Source Address Type drop-down list, enter
the IP address or the network address.
Mask Length
For a network address, enter the netmask length (0–32).
Note:
By default, a single IPv4 address is assigned a netmask length of 32.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top