1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 27
Page 131 / 218 Scroll up to view Page 126 - 130
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using SSL
7-3
v1.0, October 2008
When you define the SSL VPN policies that determine network resource access for your SSL
VPN users, you can define global policies, group policies, or individual policies. Because you
must assign an authentication domain when creating a group, the group is created after you
have created the domain.
4.
Create one or more SSL VPN user accounts.
Because you must assign a group when creating a SSL VPN user account, the user account is
created after you have created the group.
5.
For port forwarding, declare the servers and services.
Create a list of servers and services that can be made available through user, group, or global
policies. You can also associate fully qualified domain names with these servers. The firewall
will resolve the names to the servers using the list you have created.
6.
For VPN tunnel service, configure the virtual network adapter.
In the VPN tunnel option, the firewall creates a virtual network adapter on the remote PC that
will function as if it were on the local network. Configure the portal’s SSL VPN Client to
define a pool of local IP addresses to be issued to remote clients, as well as DNS addresses.
Declare static routes or grant full access to the local network, subject to additional policies.
7.
For simplifying policies, define network resource objects.
Network resource objects are groups of IP addresses, IP address ranges, and services. By
defining resource objects, you can more quickly create and configure network policies.
8.
Configure the policies.
Policies determine access to network resources and addresses for individual users, groups, or
everyone.
Creating the Portal Layout
The SSL VPN Portal Layouts menu allows you to create a custom page that remote users will see
when they log into the portal. Because the page is completely customizable, it provides an ideal
way to communicate remote access instructions, support information, technical contact info, or
VPN-related news updates to remote users. The page is also well-suited as a starting page for
restricted users; if mobile users or business partners are only permitted to access a few resources,
the page you create will present only the resources relevant to these users.
Page 132 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
7-4
Virtual Private Networking Using SSL
v1.0, October 2008
Portal Layouts are applied by selecting from available portal layouts in the configuration of a
Domain. When you have completed your Portal Layout, you can apply the Portal Layout to one or
more authentication domains (see XREF to apply a Portal Layout to a Domain). You can also
make the new portal the default portal for the SSL VPN gateway by selecting the default radio
button adjacent to the portal layout name.
The firewall administrator may define individual layouts for the SSL VPN portal. The layout
configuration includes the menu layout, theme, portal pages to display, and web cache control
options. The default portal layout is the SSL-VPN portal. You can add additional portal layouts.
You can also make any portal the default portal for the SSL firewall by clicking the default button
in the Action column of the List of Layouts, to the right of the desired portal layout.
To create a New Portal Layout:
1.
Select VPN > SSL VPN from the main/submenu, and then select the Portal Layouts tab. The
Portal Layouts screen displays.
2.
Click
Add
. The Add Portal Layout screen is displayed.
Note:
The default portal address is
https://<
IP_Address
>/portal/SSL-VPN
.
The domain
geardomain
is attached to the SSL-VPN portal.
Figure 7-1
Page 133 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using SSL
7-5
v1.0, October 2008
3.
In the
Portal Layout and Theme Name
section of the menu, configure the following entries:
a.
Enter a descriptive name for the portal layout in the
Portal Layout Name
field. This name
will be part of the path of the SSL VPN portal URL.
Only alphanumeric characters, hyphen (-), and underscore (_) are accepted for the Portal
Layout Name. If you enter other types of characters or spaces, the layout name will be
truncated before the first non-alphanumeric character. Note that unlike most other URLs,
this name is case sensitive.
b.
In the
Portal Site Title
field, enter a title that will appear at the top of the user’s web
browser window.
c.
To display a banner message to users before they log in to the portal, enter the banner title
text in the
Banner Title
field. Also enter the banner message text in the
Banner Message
text area. Enter a plain text message or include HTML and JavaScript tags. The maximum
length of the login page message is 4096 characters. Select the
Display banner message
Figure 7-2
Note:
Custom portals are accessed at a different URL than the default portal. For
example, if your SSL VPN portal is hosted at
,
and you created a portal layout named “sales”,
then users will be able to access the sub-site at
.
Page 134 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
7-6
Virtual Private Networking Using SSL
v1.0, October 2008
on login page
checkbox to show the banner title and banner message text on the Login
screen as shown below
As shown in the figure, the banner title text is displayed in the orange header bar. The
banner message text is displayed in the grey header bar.
d.
Check the
Enable HTTP meta tags for cache control
checkbox to apply HTTP meta tag
cache control directives to this Portal Layout. Cache control directives include:
<meta http-equiv=”pragma” content=”no-cache”>
<meta http-equiv=”cache-control” content=”no-cache”>
<meta http-equiv=”cache-control” content=”must-revalidate”>
These directives help prevent clients browsers from caching SSL VPN portal pages and
other web content.
e.
Check the “
ActiveX web cache cleaner
checkbox to load an ActiveX cache control when
users log in to the SSL VPN portal.
The web cache cleaner will prompt the user to delete all temporary Internet files, cookies
and browser history when the user logs out or closes the web browser window. The
ActiveX web cache control will be ignored by web browsers that don't support ActiveX.
Figure 7-3
Note:
NETGEAR strongly recommends enabling HTTP meta tags for security
reasons and to prevent out-of-date web pages, themes, and data being
stored in a user’s web browser cache.
Page 135 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using SSL
7-7
v1.0, October 2008
4.
In the
SSL VPN Portal Pages to Display
section, check the checkboxes for the portal pages
you wish users to access. Any pages that are not selected will not be visible from the portal
navigation menu. Your choices are:
VPN Tunnel. Provides full network connectivity.
Port Forwarding. Provides access to specific defined network services.
5.
Click
Apply
to confirm your settings.
The “Operation succeeded” message appears at the top of the tab. Your new layout appears in
the List of Layouts table.
Configuring Domains, Groups, and Users
Remote users connecting to the SSL firewall must be authenticated before being allowed to access
the network. The login window presented to the user requires three items: a User Name, a
Password, and a Domain selection. The Domain determines the authentication method to be used
and the portal layout that will be presented.
You must create name and password accounts for your SSL VPN users. When you create a user
account, you must specify a group. Groups are used to simplify the application of access policies.
When you create a group, you must specify a domain. Therefore, you should create any needed
domains first, then groups, then user accounts.
To configure Domains, Groups, and Users, see
“Adding Authentication Domains, Groups, and
Users” on page 8-1
.
Configuring Applications for Port Forwarding
Port Forwarding provides access to specific defined network services. To define these services,
you must specify the internal addresses and TCP applications (port numbers) that will be
intercepted by the Port Forwarding client on the user’s PC. The client will reroute this traffic to the
firewall.
Adding Servers
To configure Port Forwarding, you must define the internal host machines (servers) and TCP
applications available to remote users. To add servers, follow these steps:

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top