1.0, October 2008

vi

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

vii

v1.0, October 2008

Contents

About This Manual

Conventions, Formats, and Scope

..................................................................................

xiii

How to Use This Manual

..................................................................................................

xiv

How to Print this Manual

..................................................................................................

xiv

Revision History

...............................................................................................................

xv

Chapter 1

Introduction

Key Firewall Features

.....................................................................................................

1-1

A Powerful, True Firewall with Content Filtering

......................................................

1-2

Autosensing Ethernet Connections with Auto Uplink

...............................................

1-2

Extensive Protocol Support

......................................................................................

1-3

Advanced VPN Support for Both IPsec and SSL

.....................................................

1-3

Wireless Networking Features

........................................................................................

1-4

Easy Installation and Management

................................................................................

1-5

System Requirements

..............................................................................................

1-5

Package Contents

..........................................................................................................

1-6

Front Panel Features

......................................................................................................

1-6

Rear Panel Features

......................................................................................................

1-8

Default IP Address, Login Name, and Password Location

.............................................

1-9

Qualified Web Browsers

.................................................................................................

1-9

Chapter 2

Connecting to the Internet (WAN)

Understanding the Connection Steps

.............................................................................

2-1

Logging into the VPN Firewall

........................................................................................

2-2

Navigating the Menus

.....................................................................................................

2-3

Configuring the Internet Connection (WAN)

...................................................................

2-3

Automatically Detecting and Connecting

.................................................................

2-3

Manually Configuring the Internet Connection

.........................................................

2-6

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

viii

v1.0, October 2008

Configuring the WAN Mode

...................................................................................

2-10

Configuring Dynamic DNS

...........................................................................................

2-11

Configuring the Advanced WAN Options (Optional)

.....................................................

2-12

Additional WAN Related Configuration

..................................................................

2-14

Chapter 3

LAN Configuration

Configuring the LAN Setup Options

...............................................................................

3-1

Using the VPN Firewall as a DHCP Server

....................................................................

3-3

Configuring DHCP Address Reservation

........................................................................

3-4

Managing Groups and Hosts (LAN Groups)

...................................................................

3-4

Viewing the LAN Groups Database

.........................................................................

3-5

Adding Devices to the LAN Groups Database

.........................................................

3-6

Changing Group Names in the LAN Groups Database

...........................................

3-7

Configuring Multi Home LAN IP Addresses

....................................................................

3-8

Configuring Static Routes

.............................................................................................

3-10

Configuring Routing Information Protocol (RIP)

...........................................................

3-11

Chapter 4

Wireless Configuration

Wireless Equipment Placement and Range Guidelines

.................................................

4-2

Understanding SRXN3205 Wireless Security Options

...................................................

4-2

Basic Wireless Setup (No Security)

................................................................................

4-4

Completing Wireless Setup (No Security)

......................................................................

4-5

Configuring 802.11b/g/n Wireless Settings

..............................................................

4-5

Testing Wireless Connectivity (No Security)

............................................................

4-6

Wireless Security Types and Settings

............................................................................

4-8

SSID and WEP/WPA Settings Setup Form

..............................................................

4-9

Configuring WEP

....................................................................................................

4-11

Configuring WPA-PSK

...........................................................................................

4-12

Configuring WPA2-PSK

.........................................................................................

4-12

Configuring WPA-PSK and WPA2-PSK

.................................................................

4-13

Configuring WPA with RADIUS

..............................................................................

4-13

Verifying Wireless Connectivity (Security)

..............................................................

4-16

Deploying the firewall

.............................................................................................

4-16

Advanced Wireless Settings

.........................................................................................

4-17

Configuring Advanced Wireless Settings

...............................................................

4-17

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

ix

v1.0, October 2008

Restricting Wireless Access by MAC Address

.......................................................

4-18

Chapter 5

Firewall Security and Content Filtering

About Firewall Security and Content Filtering

................................................................

5-1

Using Rules & Services to Block or Allow Traffic

............................................................

5-2

Services-Based Rules

..............................................................................................

5-2

Viewing the Firewall Rules

....................................................................................

5-7

Order of Precedence for Rules

................................................................................

5-7

Setting the Outbound Policy

.....................................................................................

5-7

Creating a LAN WAN Outbound Services Rule

.......................................................

5-8

Creating a LAN WAN Inbound Services Rule

..........................................................

5-8

Attack Checks

........................................................................................................

5-10

Inbound Rules Examples

.......................................................................................

5-11

Outbound Rules Example

......................................................................................

5-14

Enabling Session Limits

.........................................................................................

5-14

Adding Customized Services

.................................................................................

5-15

Setting Quality of Service (QoS) Priorities

.............................................................

5-16

Setting Schedules to Block or Allow Traffic

..................................................................

5-17

Setting Block Sites (Content Filtering)

..........................................................................

5-18

Enabling Source MAC Filtering (Address Filter)

...........................................................

5-20

IP/MAC Binding Tab

...............................................................................................

5-21

Enabling Port Triggering

...............................................................................................

5-23

Bandwidth Profile

..........................................................................................................

5-24

UPnP (Universal Plug and Play)

...................................................................................

5-26

E-Mail Notifications of Event Logs and Alerts

...............................................................

5-27

Administrator Tips

.........................................................................................................

5-27

Chapter 6

Virtual Private Networking Using IPsec

Using the VPN Wizard for Client and Gateway Configurations

......................................

6-1

Creating Gateway to Gateway VPN Tunnels with the Wizard

........................................

6-2

Creating a Client to Gateway VPN Tunnel with the Wizard

............................................

6-4

Viewing or Modifying IKE and VPN Policy Settings

........................................................

6-5

Creating a VPN Client to SRXN3205 Connection

..........................................................

6-7

Configuring the SRXN3205

......................................................................................

6-7

Configuring the VPN Client

......................................................................................

6-8

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

x

v1.0, October 2008

Testing the Connection

...........................................................................................

6-11

Managing VPN Tunnel Policies

....................................................................................

6-11

About IKE

...............................................................................................................

6-12

Managing IKE Policies

...........................................................................................

6-12

About the IKE Policy Table

.....................................................................................

6-13

VPN Policy

.............................................................................................................

6-15

VPN Tunnel Connection Status

..............................................................................

6-16

Manually Assigning IP Addresses to Remote Users (ModeConfig)

.............................

6-17

Mode Config Operation

..........................................................................................

6-17

Configuring the VPN Firewall

.................................................................................

6-17

Configuring the ProSafe VPN Client for ModeConfig

.............................................

6-20

Extended Authentication (XAUTH) Configuration

.........................................................

6-22

Configuring XAUTH for VPN Clients

......................................................................

6-23

User Database Configuration

.................................................................................

6-24

RADIUS Client Configuration

.................................................................................

6-24

Chapter 7

Virtual Private Networking

Using SSL

Understanding the Portal Options

...................................................................................

7-1

Planning for SSL VPN

....................................................................................................

7-2

Creating the Portal Layout

..............................................................................................

7-3

Configuring Domains, Groups, and Users

......................................................................

7-7

Configuring Applications for Port Forwarding

.................................................................

7-7

Adding Servers

.........................................................................................................

7-7

Adding A New Host Name

.......................................................................................

7-9

Configuring the SSL VPN Client

.....................................................................................

7-9

Configuring the Client IP Address Range

..............................................................

7-11

Adding Routes for VPN Tunnel Clients

..................................................................

7-12

Replacing and Deleting Client Routes

...................................................................

7-12

Using Network Resource Objects to Simplify Policies

..................................................

7-13

Adding New Network Resources

..........................................................................

7-13

Configuring User, Group, and Global Policies

..............................................................

7-14

Viewing Policies

.....................................................................................................

7-15

Adding a Policy

......................................................................................................

7-16