Page 411 / 469 Scroll up to view Page 406 - 410
Default Settings and Technical Specifications
411
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
The following table shows the IPSec VPN specifications for the VPN firewall:
Environmental specifications
Operating temperatures
0º to 45º C
32º to 113º F
Storage temperatures
–20º to 70º C
–4º to 158º F
Operating humidity
90% maximum relative humidity, noncondensing
Storage humidity
95% maximum relative humidity, noncondensing
Electromagnetic emissions
Meets requirements of
FCC Class A
CE
WEEE
RoHS
Wired compliance
See
Appendix E, Notification of Compliance
.
Interface specifications
4 LAN, one of which is a configurable DMZ
interface
AutoSense 10/100/1000BASE-T, RJ-45
4 WAN
AutoSense 10/100/1000BASE-T, RJ-45
1 administrative console port
RS-232
Table 102.
VPN firewall IPSec VPN specifications
Setting
Specification
Network Management
Web-based configuration and status monitoring
Number of concurrent users supported
125
IPSec authentication algorithm
SHA-1, MD5
IPSec encryption algorithm
DES, 3DES, AES-128, AES-192, AES-256
IPSec key exchange
IKE, manual key, pre-shared key, X.509 certificate
IPSec authentication types
Local user database, RADIUS PAP, RADIUS CHAP
IPSec certificates supported
CA certificates, self-signed certificate
Table 101.
VPN firewall physical and technical specifications (continued)
Feature
Specification
Page 412 / 469
Default Settings and Technical Specifications
412
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
The following table shows the SSL VPN specifications for the VPN firewall:
Table 103.
VPN firewall SSL VPN specifications
Setting
Specification
Network Management
Web-based configuration and status monitoring
Number of concurrent users supported
50
SSL versions
SSLv3, TLS1.0
SSL encryption algorithm
DES, 3DES, ARC4, AES-128, AES-192, AES-256
SSL message integrity
MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1
SSL authentication types
Local user database, RADIUS-PAP, RADIUS-CHAP,
RADIUS-MSCHAP, RADIUS-MSCHAPv2, WiKID-PAP,
WiKID-CHAP, MIAS-PAP, MIAS-CHAP, NT domain, Active Directory,
LDAP
SSL certificates supported
CA certificates, self-signed certificate
Page 413 / 469
413
B
B.
Network Planning for Multiple WAN
Ports
This appendix describes the factors to consider when planning a network using a firewall that
has more than one WAN port.
This appendix contains the following sections:
What to Consider Before You Begin
Overview of the Planning Process
Inbound Traffic
Virtual Private Networks
Page 414 / 469
Network Planning for Multiple WAN Ports
414
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
What to Consider Before You Begin
Cabling and Computer Hardware Requirements
Computer Network Configuration Requirements
Internet Configuration Requirements
The VPN firewall is a powerful and versatile solution for your networking needs. To make the
configuration process easier and to understand all of the choices that are available to you,
consider the following before you begin:
1.
Plan your network.
a.
Determine whether you will use one or several WAN ports. For one WAN port, you
might need a fully qualified domain name either for convenience or to remotely
access a dynamic WAN IP address.
b.
If you intend to use several WAN ports, determine whether you will use them in
auto-rollover mode for increased system reliability or load balancing mode for
maximum bandwidth efficiency. See the topics in this appendix for more information.
Your decision has the following implications:
Fully qualified domain name (FQDN)
-
For auto-rollover mode, you need an FQDN to implement features such as
exposed hosts and virtual private networks.
-
For load balancing mode, you might still need an FQDN either for convenience
or to remotely access a dynamic WAN IP address.
Protocol binding.
-
For auto-rollover mode, protocol binding does not apply.
-
For load balancing mode, decide which protocols should be bound to a
specific WAN port.
-
You can also add your own service protocols to the list.
2.
Set up your accounts.
a.
Obtain active Internet services such as DSL broadband accounts, and locate the
Internet service provider (ISP) configuration information.
In this manual, the WAN side of the network is presumed to be provisioned as
shown in the following figure, with two ISPs connected to the VPN firewall through
separate physical facilities.
Each WAN port needs to be configured separately, whether you are using a
separate ISP for each WAN port or you are using the same ISP to route the traffic
of both WAN ports.
If your ISP charges by the volume of data traffic each month, consider enabling
the VPN firewall’s traffic meter to monitor or limit your traffic.
Page 415 / 469
Network Planning for Multiple WAN Ports
415
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 262.
b.
Contact a Dynamic DNS service, and register FQDNs for one or both WAN ports.
3.
Plan your network management approach.
The VPN firewall can be managed remotely, but you need to enable remote
management locally after each factory default reset.
NETGEAR strongly advises you to change the default management
password to a
strong password before enabling remote management.
if the factory default settings are not suitable for your installation, you can choose
various WAN options. These options include enabling a WAN port to respond to a
ping, and setting MTU size, port speed, and upload bandwidth.
4.
Prepare to physically connect the firewall to your cable or DSL modems and a computer.
Instructions for connecting the VPN firewall are in the
ProSafe Gigabit Quad WAN SSL VPN
Firewall SRX5308 Installation Guide
.
Cabling and Computer Hardware Requirements
For you to use the VPN firewall in your network, each computer needs to have an Ethernet
network interface card (NIC) installed and needs to be equipped with an Ethernet cable. If the
computer connects to your network at 100
Mbps or higher speeds, you need to use a
Category 5 (Cat 5) cable.
Computer Network Configuration Requirements
The VPN firewall integrates a web management interface. To access the configuration
screens on the VPN firewall, you need to use a Java-enabled web browser that supports
HTTP uploads, such as Microsoft Internet Explorer 6 or later, Mozilla Firefox 3 or later, or
Apple Safari 3 or later with JavaScript, cookies, and SSL enabled. Free browsers are readily
available for Windows, Macintosh, and UNIX/Linux.
For the initial connection to the Internet and configuration of the VPN firewall, you need to
connect a computer to the VPN firewall, and the computer needs to be configured to
automatically get its TCP/IP configuration from the VPN firewall through DHCP.
The DSL broadband access device needs to provide a standard Ethernet interface.
ISP 1
ISP 2
Internet
WAN port 1
WAN port 2
Customer premises
Physical facility 1
Physical facility 2
Route diversity
VPN
Firewall

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top