NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 366 / 469 Scroll up to view Page 361 - 365

Monitor System Access and Performance

366

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 234.

You can refresh the logs, clear the logs, or send the logs to an email address.



To view the DNS logs onscreen:

1.

Select

Monitoring > Firewall Logs & E-mail

. The Firewall Logs & E-mail screen

displays.

2.

Click the

DNS Logs

option arrow

in the upper right of the Firewall Logs & E-mail screen.

The DNS Logs screen displays:

Figure 235.

You can refresh the logs or clear the logs.

Page 367 / 469

Monitor System Access and Performance

367

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

How to Send Syslogs over a VPN Tunnel between Sites



To send syslogs from one site to another over a gateway-to-gateway VPN tunnel:

1.

At Site 1, set up a syslog server that is connected to Gateway 1.

2.

Set up a VPN tunnel between Gateway 1 at Site 1 and Gateway 2 at Site 2.

3.

Change the remote IP address in the VPN policy on Gateway 1 to the WAN IP address of

Gateway 2.

4.

Change the local IP address in the VPN policy on Gateway 2 to the WAN IP address of

Gateway 2.

5.

At Site 2, specify that Gateway 2 should send the syslogs to the syslog server at Site 1.

The following sections describe steps 2 through 4, using the topology that is described in the

following table:

Configure Gateway 1 at Site 1



To create a gateway-to-gateway VPN tunnel to Gateway 2, using the IPSec VPN wizard:

1.

Select

VPN > IPSec VPN > VPN Wizard

. The VPN Wizard screen displays.

2.

Configure a gateway-to-gateway VPN tunnel using the following information:

•

Connection name. Any name of your choice

•

Pre-shared key. Any key of your choice

•

Remote WAN IP address. 10.0.0.2

•

Local WAN IP address. 10.0.0.1

•

Remote LAN IP Address. 192.168.20.0

•

Remote LAN subnet mask. 255.255.255.0

3.

Click

Apply

to save the settings.



To change the remote IP address in the VPN policy:

1.

Select

VPN > IPSec VPN > VPN Policies

. The VPN Policy screen displays.

2.

Next to the policy name for the Gateway 1–to–Gateway 2 autopolicy, click

Edit

. The Edit

VPN Policy screen displays.

3.

In the General section of the screen, clear the

Enable NetBIOS

check box.

Type of Address

Gateway 1 at Site 1

Gateway 2 at Site 2

WAN IP address

10.0.0.1

10.0.0.2

LAN IP address

192.168.10.0

192.168.20.0

LAN subnet mask

255.255.255.0

LAN IP address syslog server

192.168.10.2

Not applicable

Page 368 / 469

Monitor System Access and Performance

368

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

4.

In the Traffic Selector section of the screen, make the following changes:

•

From the Remote IP drop-down list, select

Single

.

•

In the Start IP fields, type

10.0.0.2

, which is the WAN IP address of Gateway 2.

5.

Click

Apply

to save the settings.

Configure Gateway 2 at Site 2



To create a gateway-to-gateway VPN tunnel to Gateway 1, using the IPSec VPN wizard:

1.

Select

VPN > IPSec VPN > VPN Wizard

. The VPN Wizard screen displays.

2.

Configure a gateway-to-gateway VPN tunnel using the following information:

•

Connection name. Any name of your choice

•

Pre-shared key. The same key as you configured on Gateway 1

•

Remote WAN IP address. 10.0.0.1

•

Local WAN IP address. 10.0.0.2

•

Remote LAN IP Address. 192.168.10.0

•

Remote LAN subnet mask. 255.255.255.0

3.

Click

Apply

to save the settings.



To change the local IP address in the VPN policy:

1.

Select

VPN > IPSec VPN > VPN Policies

. The VPN Policy screen displays.

2.

Next to the policy name for the Gateway 2–to–Gateway 1 autopolicy, click

Edit

. The Edit

VPN Policy screen displays.

3.

In the General section of the screen, clear the

Enable NetBIOS

check box.

4.

In the Traffic Selector section of the screen, make the following changes:

•

From the Local IP drop-down list, select

Single

.

•

In the Start IP fields, type

10.0.0.2

, which is the WAN IP address of Gateway 2.

5.

Click

Apply

to save the settings.



To specify the syslog server that is connected to Gateway 1:

1.

Select

Monitoring > Firewall Logs & E-mail

. The Firewall Logs & E-mail screen

displays.

2.

Enable the syslog server and specify its IP address at Site 1. Enter

192.168.10.2

as the IP

address.

3.

Click

Apply

to save the settings.

Note:

The VPN tunnel should be established automatically, and the

syslogs should be sent to the syslog server at Site 1. You can use

the IPSec VPN Connection Status screen to verify the connection.

Page 369 / 469

Monitor System Access and Performance

369

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

View Status Screens

•

View the System Status

•

View the VPN Connection Status, L2TP Users, and PPTP Users

•

View the VPN Logs

•

View the Port Triggering Status

•

View the WAN Port Status

•

View the Attached Devices and the DHCP Log

View the System Status

When you start up the VPN firewall, the default screen that displays is the Router Status

screen.

The Router Status screen and Detailed Status screen provide real-time information about the

following important components of the VPN firewall:

•

Firmware version

•

Both IPv4 and IPv6 WAN and LAN port information

•

Interface statistics

•

VLAN status, including port memberships

The Tunnel Status screen provides real-time information about the IPv6 tunnels.

These status screens are described in the following sections:

•

Router Status Screen

•

Router Statistics Screen

•

Detailed Status Screen

•

VLAN Status Screen

•

Tunnel Status Screen

Router Status Screen



To view the Router Status screen:

Select

Monitoring > Router Status

. The Router Status screen displays:

Page 370 / 469

Monitor System Access and Performance

370

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 236.

The following table explains the fields of the Router Status screen:

Table 91.

Router Status screen information

Item

Description

System Info

System Name

The NETGEAR system name.

Firmware Version

The installed firmware version.

Secondary Firmware Version

The secondary software version. This version is for display only. (You cannot

configure or select this version.)

LAN (VLAN) IPv4 Information

For each of the four LAN ports, the screen shows the IPv4 LAN address and subnet mask. For more detailed

information, see

Table

93

on page

374.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share