1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 69
Page 341 / 469 Scroll up to view Page 336 - 340
Network and System Management
341
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
WARNING:
If you are remotely connected to the VPN firewall and you select
the No radio button to disable secure HTTP management, you and
all other SSL VPN users are disconnected when you click Apply.
4.
Click
Apply
to save your changes.
About Remote Access
When remote management is enabled, you need to use an SSL connection to access the
VPN firewall from the Internet. You need to enter https:// (
not
http://) and type the VPN
firewall’s WAN IP address and port number in your browser. For example, if the VPN
firewall’s WAN IP address is 192.168.15.175 and the port number is 443, type the following in
your browser:
.
The VPN firewall’s remote login URL is:
https://<
IP_address
>:<
port_number
> or
https://<
FullyQualifiedDomainName
>:<
port_number
>
The IP address can be an IPv4 or IPv6 address.
Concerning security, note the following:
For enhanced security, restrict access to as few external IP addresses as practical. See
Set User Login Policies
on page
313 for instructions on restricting administrator access
by IP address.
To maintain security, the VPN firewall rejects a login that uses http://
address
rather than
the SSL https://
address
.
The first time that you remotely connect to the VPN firewall with a browser through an
SSL connection, you might get a warning message regarding the SSL certificate. If you
are using a Windows computer with Internet Explorer 7.0 or later, click
Yes
to accept the
certificate.
Telnet Management
Allow Telnet
Management?
To enable Telnet management, select the
Yes
radio button. To disable Telnet
management, select the
No
radio button, which is the default setting.
Specify the addresses through which access is allowed by selecting one of the
following radio buttons:
Everyone
. There are no IP address restrictions.
IP address range
. Only users who use devices in the specified IP address range
can manage over a Telnet connection. In the From fields, type the start IP
address of the range; in the To fields, type the end IP address of the range.
Only this PC
. Only a user who uses the device with the specified IP address can
manage over a Telnet connection. Type the IP address in the fields.
Table 83.
Remote Management screen settings for IPv4 and IPv6 (continued)
Setting
Description
Page 342 / 469
Network and System Management
342
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Tip:
If you are using a Dynamic DNS service such as TZO, you can identify
the WAN IP address of your VPN firewall by running
tracert
from the
Windows Run menu option. Trace the route to your registered FQDN.
For example, enter
tracert VPN firewall.mynetgear.net
, and
the WAN IP address that your ISP assigned to the VPN firewall is
displayed.
Use the Command-Line Interface
You can access the command-line interface (CLI) using the console port on the rear panel of
the VPN firewall (see
Rear Panel
on page
19).
You can access the CLI from a communications terminal when the VPN firewall is still set to
its factory defaults (or use your own settings if you have changed them).
To access the CLI:
1.
From your computer’s command-line prompt, enter the following command:
telnet
<ip address>
in which
ip address
is the IP address of the VPN firewall.
2.
Enter
admin
and
password
when prompted for the login and password information (or
enter
guest
and
password
to log in as a read-only guest).
3.
Enter
exit
to end the CLI session.
Any configuration changes made through the CLI are not preserved after a reboot or power
cycle unless you issue the CLI
save
command after making the changes.
Use a Simple Network Management Protocol Manager
Simple Network Management Protocol (SNMP) forms part of the Internet Protocol Suite as
defined by the Internet Engineering Task Force (IETF). SNMP is used in network
management systems such as the NETGEAR ProSafe Network Management Software
(NMS200) to monitor network-attached devices for conditions that warrant administrative
attention.
SNMP exposes management data in the form of variables on the managed systems, which
describe the system configuration. These variables can then be queried (and sometimes set)
by managing applications.
SNMP lets you monitor and manage the VPN firewall from an SNMP manager. It provides a
remote means to monitor and control network devices, and to manage configurations,
statistics collection, performance, and security. The VPN firewall supports SNMPv1,
SNMPv2c, and SNMPv3.
To configure the SNMP settings:
1.
Select
Administration > SNMP
. The SNMP screen displays. (The following figure
contains an example.)
Page 343 / 469
Network and System Management
343
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 221.
The SNMPv3 Users table includes the default SNMPv3 users that are preconfigured on
the VPN firewall. The SNMPv3 Users table shows the following columns:
Username
. The default user names (admin or guest).
Access Type
. Read-write user (RWUSER) or read-only user (ROUSER). By default,
the user Admin is an RWUSER and the user guest is an ROUSER.
Security Level
. The level of security that indicates whether security is disabled:
-
NoAuthNoPriv
. Both authentication and privacy are disabled.
-
AuthNoPriv
. Authentication is enabled but privacy is disabled.
-
AuthPriv
. Both authentication and privacy are enabled.
The SNMP Configuration table shows the following columns:
IP Address
. The IP address of the SNMP manager.
Subnet Mask
. The subnet mask of the SNMP manager.
Port
. The trap port number of the SNMP manager.
SNMP Version
. The SNMP version (v1, v2c, or v3).
Community
. The trap community string of the SNMP manager.
Page 344 / 469
Network and System Management
344
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
To specify a new SNMP configuration, in the Create New SNMP Configuration Entry section
of the screen, configure the settings as described in the following table:
3.
Click
Add
to add the new SNMP configuration to the SNMP Configuration table.
To edit an SNMP configuration:
1.
On the SNMP screen (see the previous figure), click the
Edit
button in the Action
column of the SNMP Configuration table for the SNMP configuration that you want to
modify. The Edit SNMP screen displays:
Table 84.
SNMP screen settings
Setting
Description
Access From WAN
Enable access from
WAN
To enable SNMP access by an SNMP manager through the WAN interface, select
the
Enable access from WAN
check box. By default, this check box is cleared and
access is disabled.
Create New SNMP Configuration Entry
IP Address
Enter the IP address of the new SNMP manager.
Subnet Mask
Enter the subnet mask of the new SNMP manager.
Note the following:
If you want to narrow down the number of devices that can access the VPN
firewall through the host IP address and receive traps, enter an IP address with
a subnet mask of 255.255.255.252.
If you want to allow a subnet to access the VPN firewall through the host IP
address and receive traps, enter an IP address with a subnet mask of
255.0.0.0. The traps are received at the IP address, but almost the entire
subnet has access through the community string.
Port
Enter the port number of the new SNMP manager. The default port number is 162.
SNMP Version
From the drop-down list, select the SNMP version:
v1
. SNMPv1.
v2c
. SNMPv2c.
v3
. SNMPv3.
Community
Enter the community string that allows the SNMP manager access to the MIB
objects of the VPN firewall for the purpose of reading only.
SNMP Trap Events
Select the check boxes to specify which SNMP trap events are sent to an SNMP manager:
WAN Connection Failure
. Sent when the WAN connection fails.
Firewall
. Sent when a new connection is initiated through addition of a custom firewall rule.
IPSec VPN
. Sent when an IPSec VPN tunnel is established or disconnected.
SSL VPN
. Sent when an SSL VPN tunnel is established or disconnected.
User Login
. Sent when a user logs in to the VPN firewall.
User Login Fail
. Sent when a user attempt to log in to the VPN firewall but fails to do so.
Wan Fail Over
. Sent when an auto-rollover occurs from one WAN interface to another.
Configuration Change
. Sent when the configuration of the VPN firewall changes.
Page 345 / 469
Network and System Management
345
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 222.
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more SNMP configurations:
1.
On the SNMP screen (see
Figure
221
on page
343), select the check box to the left of
each SNMP configuration that you want to delete, or click the
Select All
table button to
select all SNMP configurations.
2.
Click the
Delete
table button.
To edit the SNMPv3 default users:
1.
On the SNMP screen (see
Figure
221
on page
343), click the
Edit
button in the Action
column of the SNMPv3 User table for the SNMPv3 default user that you want to modify.
The Edit User screen displays:
Figure 223.
2.
Configure the settings as described in the following table:
Table 85.
Edit User screen settings for SNMPv3 users
Setting
Description
Username
The default user name (admin or guest) for information only.
Access Type
The default access type (RWUSER or ROUSER) for information only.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top