NETGEAR SRXN3205 Router Manual PDF (Setup & Configuration Guide)

Page 151 / 218 Scroll up to view Page 146 - 150

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Managing Users, Authentication, and Certificates

8-5

v1.0, October 2008

e.

Idle Timeout

. For an Administrator, this is the period at which an idle user will be

automatically logged out of the Web Configuration Manager.

4.

Click

Apply

to save and apply your entries. The new user appears in the

List of Users

.

Setting User Login Policies

You can restrict the ability of defined users to log into the Web Configuration Manager. You can

also require or prohibit logging in from certain IP addresses or using particular browsers.

To configure user login policies:

1.

In the

Action

column of the

List of Users

table, click

Policies

adjacent to the user policy you

want to configure. The Login Policies screen displays:

2.

To prohibit this user from logging in to the firewall, select the

Disable Login

checkbox.

3.

To prohibit this user from logging in from the WAN interface, select the

Deny Login from

WAN Interface

checkbox. In this case, the user can log in only from the LAN interface.

4.

Click

Apply

to save your settings.

Figure 8-6

Note:

For security reasons,

Deny Login from WAN Interface

is checked by default

for admin and guest.

Page 152 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

8-6

Managing Users, Authentication, and Certificates

v1.0, October 2008

To restrict logging in based on IP address:

1.

Select the

by Source IP Address

tab and the by Source IP Address screen displays.

2.

In the

Defined Addresses Status

section, select:

•

the

Deny Login from Defined Addresses

to deny logging in from the IP addresses that

you will specify

•

the

Allow Login only from Defined Addresses

to allow logging in from the IP addresses

that you will specify.

3.

Click

Apply.

4.

To specify a single IP address, select

IP Address

from the

Source Address Type

pull-down

menu and enter the IP address in the

Network Address/IP address

field.

5.

To specify a subnet of IP addresses, select

IP Network

from the

Source Address Type

pull-

down menu. Enter the network address and netmask length in the

Network Address/IP

address

field.

6.

Click

Add

to move the defined address to the

Defined Addresses

table.

7.

Repeat these steps to add additional addresses or subnets.

Figure 8-7

Page 153 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Managing Users, Authentication, and Certificates

8-7

v1.0, October 2008

To restrict logging in based on the user’s browser:

1.

Select the

by Client Browser

tab. The by Client Browser screen will display.

2.

In the

Defined Browsers Status

section, select:

•

the

Deny Login from Defined Browsers

to deny logging in from browsers that you will

specify.

•

the

Allow Login only from Defined Browsers

to allow logging in from browsers that you

will specify.

3.

From the

Add Defined Browser

selection, select a browser from the

Client Browser

pull-

down menu and click

Add

to move the defined browser to the

Defined Browsers

table.

4.

Repeat these steps to add additional browsers, then click

Apply

to save your changes.

Figure 8-8

Page 154 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

8-8

Managing Users, Authentication, and Certificates

v1.0, October 2008

Managing Certificates

The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be

authenticated by remote entities. A certificate that authenticates a server, for example, is a file that

contains:

•

A public encryption key to be used by clients for encrypting messages to the server.

•

Information identifying the operator of the server.

•

A digital signature confirming the identity of the operator of the server. Ideally, the signature is

from a trusted third party whose identity can be verified absolutely.

You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as

Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA

takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a

strong assurance of the server’s identity. A self-signed certificate will trigger a warning from most

browsers as it provides no protection against identity theft of the server.

Your firewall contains a self-signed certificate from NETGEAR. We recommend that you replace

this certificate prior to deploying the firewall in your network.

From the

VPN > Certificates

main menu/submenu, you can view the currently loaded certificates,

upload a new certificate and generate a Certificate Signing Request (CSR). Your firewall will

typically hold two types of certificates:

•

CA certificate. Each CA issues its own CA identity certificate in order to validate

communication with the CA and to verify the validity of certificates signed by the CA.

•

Self certificate. The certificate issued to you by a CA identifying your device.

Viewing and Loading CA Certificates

The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the

following data:

•

CA Identity (Subject Name)

. The organization or person to whom the certificate is issued.

•

Issuer Name

. The name of the CA that issued the certificate.

•

Expiry Time

. The date after which the certificate becomes invalid.

Page 155 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Managing Users, Authentication, and Certificates

8-9

v1.0, October 2008

To view the VPN Certificates:

Select

VPN > Certificates

from the main/sub-menu and the Certificates screen displays.

The top section of the Certificates screen displays the

Trusted Certificates (CA Certificates)

.

When you obtain a self certificate from a CA, you will also receive the CA certificate. In addition,

many CAs make their certificates available on their websites.

To load a CA certificate into your firewall:

1.

Store the CA certificate file on your computer.

2.

Under

Upload Trusted Certificates

in the Certificates menu, click Browse and locate the CA

certificate file.

3.

Click

Upload

. The CA Certificate will appear in the

Trusted Certificates (CA Certificates)

table

.

Viewing Active Self Certificates

The Active Self Certificates table in the Certificates screen shows the certificates issued to you by

a CA and available for use.

For each self certificate, the following data is listed:

•

Name

. The name you used to identify this certificate.

•

Subject Name

. This is the name that other organizations will see as the holder (owner) of this

certificate. This should be your registered business name or official company name. Generally,

all of your certificates should have the same value in the Subject field.

Figure 8-9

Figure 8-10

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share