ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

xvi

v1.0, October 2008

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Introduction

1-1

v1.0, October 2008

Chapter 1

Introduction

The SRXN3205 ProSafe Wireless-N VPN Firewall provides Internet connectivity to your local

Ethernet and wireless networks via a broadband cable or DSL modem. The SRXN3205 is a

complete security solution with a powerful and flexible firewall to safeguard your networks along

with advanced IPsec and SSL VPN technologies for secure wired and wireless connections.

Moreover, the ProSafe Wireless-N VPN Firewall supports wireless connections over the wider

range and more robust connections afforded by 802.11N and 802.11a wireless networks. The

SRXN3205 also supports wireless bridging.

The Gigabit Ethernet LAN ports and WAN port ensure extremely high data transfer speeds.

The SRXN3205 is a plug-and-play device that can be installed and configured within minutes.

This chapter contains the following sections:

•

“Key Firewall Features”

•

“Wireless Networking Features”

•

“System Requirements”

•

“Package Contents”

•

“Front Panel Features”

•

“Rear Panel Features”

•

“Default IP Address, Login Name, and Password Location”

•

“Qualified Web Browsers”

Key Firewall Features

The firewall portion provides the following key features:

•

A single 10/100/1000 Mbps Gigabit Ethernet WAN port for your Internet connection.

•

Built-in four-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data

transfer between local network resources and all of the wireless clients.

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

1-2

Introduction

v1.0, October 2008

•

Advanced IPsec and SSL VPN support

•

Advanced stateful packet inspection (SPI) firewall with multi-NAT support

•

Easy, web-based setup for installation and management

•

Front panel LEDs for easy monitoring of status and activity

•

Flash memory for firmware upgrade

•

AC-DC power adapter for low current draw

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT routers, the SRXN3205 is a true firewall, using stateful packet

inspection (SPI) to defend against hacker attacks. Its firewall features include:

•

Automatically detects and thwarts denial of service (DoS) attacks such as Ping of Death and

SYN Flood.

•

Blocks unwanted traffic from the Internet to your LAN.

•

Blocks access from your LAN to Internet locations or services that you specify as off-limits.

•

Prevents objectionable content from reaching your PCs. You can control access to Internet

content by screening for Web services, Web addresses, and keywords within Web addresses.

You can configure the firewall to log and report attempts to access objectionable Internet sites.

•

Permits scheduling of firewall policies by day and time.

•

Logs security events such as blocked incoming traffic, port scans, attacks, and administrator

logins. You can configure the firewall to email the log to you at specified intervals. You can

also configure the firewall to send immediate alert messages to your email address or email

pager whenever a significant event occurs.

Autosensing Ethernet Connections with Auto Uplink

With its internal 5-port 10/100/1000 Mbps switch and 10/100/1000 WAN port, the SRXN3205 can

connect to either a 10 Mbps standard Ethernet network, a 100 Mbps Fast Ethernet network, or a

1000 Mbps Gigabit Ethernet network. The five LAN and WAN interfaces are autosensing and

capable of full-duplex or half-duplex operation.

The SRXN3205 incorporates Auto Uplink

TM

technology. Each Ethernet port will automatically

sense whether the Ethernet cable plugged into the port should have a “normal” connection such as

to a PC or an “uplink” connection such as to a switch or hub. That port will then configure itself to

the correct configuration. This feature eliminates the need to worry about crossover cables, as

Auto Uplink will accommodate either type of cable to make the right connection.

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Introduction

1-3

v1.0, October 2008

Extensive Protocol Support

The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing

Information Protocol

(RIP). For further information about TCP/IP, refer to

“Internet Configuration

Requirements” on page C-4

.

•

IP Address Sharing by NAT

. The firewall allows many networked PCs to share an Internet

account using only a single IP address, which may be statically or dynamically assigned by

your Internet service provider (ISP). This technique, known as NAT, allows the use of an

inexpensive single-user ISP account.

•

Automatic Configuration of (Wired & Wireless) PCs by DHCP

. The firewall dynamically

assigns network configuration information, including IP, gateway, and domain name server

(DNS) addresses, to PCs on the LAN and Wireless LAN using the Dynamic Host

Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your

local network.

•

DNS Proxy

. When DHCP is enabled and no DNS addresses are specified, the firewall

provides its own address as a DNS server to the attached PCs. The firewall obtains actual DNS

addresses from the ISP during connection setup and forwards DNS requests from the LAN.

•

PPP over Ethernet (PPPoE)

. PPPoE is a protocol for connecting remote hosts to the Internet

over a DSL connection by simulating a dial-up connection. This feature eliminates the need to

run a login program such as EnterNet or WinPOET on your PC.

•

Quality of Service (QoS)

support for traffic prioritization.

Advanced VPN Support for Both IPsec and SSL

The firewall supports IPsec and SSL virtual private network (VPN) connections.

•

IPsec VPN delivers full network access between a central office and branch offices, or

between a central office and telecommuters. Remote access by telecommuters requires the

installation of VPN client software on the remote computer.

–

IPsec VPN with broad protocol support for secure connection to other IPsec gateways and

clients.

–

Bundled with the single-user license of the NETGEAR ProSafe VPN Client software

(VPN01L)

–

Supports up to 5 (max) IPsec VPN tunnels (alternately, 4 IPsec VPN tunnels concurrently

with 4 SSL VPN sessions, or 5 IPsec VPN tunnels concurrently with 3 SSL VPN

sessions). The total number of concurrent tunnels and sessions is not to exceed eight.

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

1-4

Introduction

v1.0, October 2008

•

SSL VPN provides remote access for mobile users to selected corporate resources without

requiring a pre-installed VPN client on their computers.

–

Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce

transactions, to provide client-free access with customizable user portals and support for a

wide variety of user repositories.

–

Browser based, platform-independent, remote access through a number of popular

browsers, such as Microsoft Internet Explorer or Apple Safari.

–

Provides granular access to corporate resources based upon user type or group

membership.

–

Supports up to 5 IPse VPN sessions and up to 5 SSL and VPN sessions.

Wireless Networking Features

•

Dual Band Selection.

The SRXN3205 allows you to configure the 802.11 wireless options for

the 2.4 GHz band or the 5 GHz bands.

•

Upgradeable Firmware.

Firmware is stored in a flash memory and can be upgraded easily,

using only your Web browser, and can be also upgraded remotely. In addition to using Web

browser to do so, command-line interface can also be used.

•

Access Control.

The Access Control MAC address filtering feature can ensure that only

trusted wireless stations can use the SRXN3205 to gain access to your LAN.

•

Hidden Mode.

The SSID is not broadcast, assuring only clients configured with the correct

SSID can connect.

•

Configuration Backup.

Configuration settings can be backed up to a file and restored.

•

Secure and Economical Operation.

Adjustable power output allows more secure or

economical operation.

•

Autosensing Ethernet Connection with

Auto Uplink

I

nterface.

Connects to 10/100/1000

Mbps IEEE 802.3 Ethernet networks.

•

LED Indicators.

Power, test, LAN speed, LAN activity, and wireless activity for each radio

mode are easily identified.