NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 336 / 469 Scroll up to view Page 331 - 335

Network and System Management

336

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Monitoring Tools for Traffic Management

The VPN firewall includes several tools that can be used to monitor the traffic conditions of

the firewall and content-filtering engine and to monitor the users’ access to the Internet and

the types of traffic that they are allowed to have. See

Chapter 9, Monitor System Access and

Performance

, for a description of these tools.

System Management

•

Change Passwords and Administrator and Guest Settings

•

Configure Remote Management Access

•

Use the Command-Line Interface

•

Use a Simple Network Management Protocol Manager

•

Manage the Configuration File

•

Upgrade the Firmware

•

Configure Date and Time Service

Change Passwords and Administrator and Guest Settings

The default administrator and default guest passwords for the web management interface are

both password. NETGEAR recommends that you change the password for the administrator

account to a more secure password, and that you configure a separate secure password for

the guest account.

Note:

For general information about user accounts, passwords, and login

settings, see

Configure User Accounts

on page

310 and

Set User

Login Policies

on page

313.



To modify the administrator and guest passwords and idle time-out settings:

1.

Select

Users > Users

. The Users screen displays. (The following figure shows the VPN

firewall’s default users—admin and guest—and, as an example, several other users in

the List of Users table.)

Page 337 / 469

Network and System Management

337

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 217.

2.

In the Action column of the List of Users table, click the

Edit

table button for the user with

the name admin. The Edit Users screen displays:

Figure 218.

You cannot modify the administrator user name, user type, or group assignment.

3.

Select the

Check to Edit Password

check box. The password fields become available.

4.

Enter the old password, enter the new password, and confirm the new password.

Note:

The most secure password should contain no dictionary words from

any language, and should be a mixture of letters (both uppercase

and lowercase), numbers, and symbols. Your password can be up to

32

characters.

5.

As an option, you can change the idle time-out for an administrator login session. Enter a

new number of minutes in the Idle Timeout field. (The default setting is 5 minutes.)

Page 338 / 469

Network and System Management

338

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

6.

Click

Apply

to save your settings.

7.

Repeat

Step

1

through

Step

6

for the user with the name guest.

Note:

After a factory defaults reset, the password and time-out value are

changed back to password and 5 minutes, respectively.

You can also change the administrator login policies:

•

Disable login. Deny login access.

Note:

You obviously do not want to deny login access to yourself if you are

logged in as an administrator.

•

Deny login access from a WAN interface. By default, the administrator cannot log in from

a WAN interface. You can change this setting to allow login access from a WAN interface.

•

Deny or allow login access from specific IP addresses. By default, the administrator can

log in from any IP address.

Note:

For enhanced security, restrict access to as few external IP

addresses as practical.

•

Deny or allow login access from specific browsers. By default, the administrator can log in

from any browser.

In general, these policy settings work well for an administrator. However, you can change the

administrator login policies as described in

Set User Login Policies

on page

313.

Configure Remote Management Access

An administrator can configure, upgrade, and check the status of the VPN firewall over the

Internet through a Secure Sockets Layer (SSL) VPN connection.

Note:

When remote management is enabled and administrative access

through a WAN interface is granted (see

Configure Login Policies

on

page

313), the VPN firewall’s web management interface is

accessible to anyone who knows its IP address and default

password. Because a malicious WAN user can reconfigure the VPN

firewall and misuse it in many ways, NETGEAR highly recommends

that you change the admin and guest default passwords before

Page 339 / 469

Network and System Management

339

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

continuing (see

Change Passwords and Administrator and Guest

Settings

on page

336).



To configure the VPN firewall for remote management:

1.

Select

Administration > Remote Management

. The Remote Management screen

displays the IPv4 settings (see the next figure).

2.

Specify the IP version for which you want to configure remote management:

•

IPv4

. In the upper right of the screen, the IPv4 radio button is already selected by

default. Go to

Step

3

.

Figure 219.

Remote Management screen for IPv4

•

IPv6

. Select the

IPv6

radio button. The Remote Management screen displays the

IPv6 settings:

Page 340 / 469

Network and System Management

340

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 220.

Remote Management screen for IPv6

3.

Enter the settings as described in the following table:

Table 83.

Remote Management screen settings for IPv4 and IPv6

Setting

Description

Secure HTTP Management

Allow Secure HTTP

Management?

To enable secure HTTP management, select the

Yes

radio button, which is the

default setting. To disable secure HTTP management, select the

No

radio button.

Note:

The selected setting applies to all WAN interfaces.

Specify the addresses through which access is allowed by selecting one of the

following radio buttons:

•

Everyone

. There are no IP address restrictions.

•

IP address range

. Only users who use devices in the specified IP address range

can securely manage over an HTTP connection. In the From fields, type the start

IP address of the range; in the To fields, type the end IP address of the range.

•

Only this PC

. Only a user who uses the device with the specified IP address can

securely manage over an HTTP connection. Type the IP address in the fields.

Port Number

Enter the port number through which access is allowed. The default

port number is 443.

Note:

The URL through which you can securely manage over an

HTTP connection displays below the Port Number field.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share