1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 66
Page 326 / 469 Scroll up to view Page 321 - 325
Manage Users, Authentication, and VPN
Certificates
326
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
9.
Select the check box next to the self-signed certificate request.
10.
Click the
Browse
button and navigate to the digital certificate file from the CA that you just
stored on your computer.
11.
Click the
Upload
table button. If the verification process on the VPN firewall approves the
digital certificate for validity and purpose, the digital certificate is added to the Active Self
Certificates table.
To delete one or more SCRs:
1.
In the Self Certificate Requests table, select the check box to the left of each SCR that
you want to delete, or click the
Select All
table button to select all SCRs.
2.
Click the
Delete
table button.
View and Manage Self-Signed Certificates
The Active Self Certificates table on the Certificates screen (see
Figure
214
on page
324)
shows the digital certificates issued to you by a CA and available for use. For each
self-signed certificate, the table lists the following information:
Name
. The name that you used to identify this digital certificate.
Subject Name
. The name that you used for your company and that other organizations
see as the holder (owner) of the certificate.
Serial Number
. This is a serial number maintained by the CA. It is used to identify the
digital certificate with the CA.
Issuer Name
. The name of the CA that issued the digital certificate.
Expiry Time
. The date on which the digital certificate expires. You should renew the
digital certificate before it expires.
To delete one or more self-signed certificates:
1.
In the Active Self Certificates table, select the check box to the left of each self-signed
certificate that you want to delete, or click the
Select All
table button to select all
self-signed certificates.
2.
Click the
Delete
table button.
Manage the VPN Certificate Revocation List
A Certificate Revocation List (CRL) file shows digital certificates that have been revoked and
are no longer valid. Each CA issues its own CRLs. It is important that you keep your CRLs
up-to-date. You should obtain the CRL for each CA regularly.
To view the loaded CRLs and upload a new CRL:
1.
Select
VPN > Certificates
. The Certificates screen displays. The following figure shows
the bottom section of the screen with the Certificate Revocation Lists (CRL) table.
(There is one example certificate in the table.)
Page 327 / 469
Manage Users, Authentication, and VPN
Certificates
327
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 216.
Certificates, screen 3 of 3
The Certificate Revocation Lists (CRL) table lists the active CAs and their critical release
dates:
CA Identity
. The official name of the CA that issued the CRL.
Last Update
.
The date when the CRL was released.
Next Update
.
The date when the next CRL will be released.
2.
In the Upload CRL section, click the
Browse
button and navigate to the CLR file that you
previously downloaded from a CA.
3.
Click the
Upload
table button. If the verification process on the VPN firewall approves the
CRL, the CRL is added to the Certificate Revocation Lists (CRL) table.
Note:
If the table already contains a CRL from the same CA, the old CRL
is deleted when you upload the new CRL.
To delete one or more CRLs:
1.
In the Certificate Revocation Lists (CRL) table, select the check box to the left of each
CRL that you want to delete, or click the
Select All
table button to select all CRLs.
2.
Click the
Delete
table button.
Page 328 / 469
328
8
8.
Network and System Management
This chapter describes the tools for managing the network traffic to optimize its performance and
the system management features of the VPN firewall. The chapter contains the following
sections:
Performance Management
System Management
Page 329 / 469
Network and System Management
329
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Performance Management
Bandwidth Capacity
Features That Reduce Traffic
Features That Increase Traffic
Use QoS and Bandwidth Assignment to Shift the Traffic Mix
Monitoring Tools for Traffic Management
Performance management consists of controlling the traffic through the VPN firewall so that
the necessary traffic gets through when there is a bottleneck. You can either reduce
unnecessary traffic or reschedule some traffic to low-peak times to prevent bottlenecks from
occurring in the first place. The VPN firewall has the necessary features and tools to help the
network manager accomplish these goals.
Bandwidth Capacity
The maximum bandwidth capacity of the VPN firewall in each direction is as follows:
LAN side. 4000 Mbps (four LAN ports at 1000 Mbps each)
WAN side
-
Load balancing mode. 4000 Mbps (four WAN ports at 1000
Mbps each)
-
Auto-rollover mode. 1000 Mbps (one active WAN port at 1000 Mbps)
-
Single WAN port mode. 1000 Mbps (one active WAN port at 1000 Mbps)
In practice, the WAN-side bandwidth capacity is much lower when DSL or cable modems are
used to connect to the Internet. At 1.5 Mbps, the WAN ports support the following traffic rates:
Load balancing mode. 6 Mbps (four WAN ports at 1.5 Mbps each)
Auto-rollover mode. 1.5 Mbps (one active WAN port at 1.5 Mbps)
Single WAN port mode. 1.5 Mbps (one active WAN port at 1.5 Mbps)
As a result, and depending on the traffic that is being carried, the WAN side of the VPN
firewall is the limiting factor to throughput for most installations.
Using four WAN ports in load balancing mode increases the bandwidth capacity of the WAN
side of the VPN firewall, but there is no backup if one of the WAN ports fails. When such a
failure occurs, the traffic that would have been sent on the failed WAN port is diverted to
another WAN port that is still working, thus increasing its load. However, there is one
exception: Traffic that is bound by protocol to the WAN port that failed is not diverted.
Page 330 / 469
Network and System Management
330
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Features That Reduce Traffic
You can adjust the following features of the VPN firewall in such a way that the traffic load on
the WAN side decreases:
LAN WAN outbound rules (also referred to as service blocking)
DMZ WAN outbound rules (also referred to as service blocking)
Content filtering
Source MAC filtering
LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service
Blocking)
You can control specific outbound traffic (from LAN to WAN and from the DMZ to WAN). The
LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for outbound
traffic. Any outbound rule that you create restricts outgoing traffic and therefore decreases
the traffic load on the WAN side.
On the LAN WAN screen, if you have not defined any rules, only the default rule is listed. The
default LAN WAN outbound rule allows all outgoing traffic.
WARNING:
Incorrect configuration of outbound firewall rules can cause
serious connection problems.
Each rule lets you specify the desired action for the connections that are covered by the rule:
BLOCK always
BLOCK by schedule, otherwise allow
ALLOW always
ALLOW by schedule, otherwise block
The following section summarizes the various criteria that you can apply to outbound rules in
order to reduce traffic. For more information about outbound rules, see
Outbound Rules
(Service Blocking)
on page
137. For detailed procedures on how to configure outbound rules,
see
Configure LAN WAN Rules
on page
145 and
Configure DMZ WAN Rules
on page
152.
When you define outbound firewall rules, you can further refine their application according to
the following criteria:
Services
. You can specify the services or applications to be covered by an outbound rule.
If the desired service or application does not display in the list, you need to define it using
the Services screen (see
Outbound Rules (Service Blocking)
on page
137 and
Add
Customized Services
on page
177).

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top