Netgear SSL312 - Manual - manualsarea.com

Page 2 - Technical Support; Trademarks

ii v2.0, May 2007 © 2007 by NETGEAR, Inc. All rights reserved. Technical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. To register your product, get product support or obtain product information and product documentation, go to ht...

Page 3 - EU Regulatory Compliance Statement

v2.0, May 2007 iii EU Regulatory Compliance Statement ProSafe SSL VPN Concentrator 25 is compliant with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950. Certificate of the Manufactur...

Page 4 - Product and Publication Details

v2.0, May 2007 iv Product and Publication Details Model Number: SSL312 Publication Date: May 2007 Product Family: Concentrator Product Name: ProSafe SSL VPN Concentrator 25 Home or Business Product: Business Language: English Publication Part Number: 202-10208-04 Publication Version Number: 2.0

Page 5 - Contents

v v2.0, May 2007 Contents About This Manual Conventions, Formats and Scope .................................................................................... ix Using This Manual ............................................................................................................. x Printin...

Page 9 - The; Conventions, Formats and Scope; Typographical Conventions.; This manual uses the following typographical conventions:

ix v2.0, May 2007 About This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to install and configure the SSL312. The information in this manual is intended for administrators who will configure the SSL312. You should have intermediate computer and Internet...

Page 10 - Appendix B, “Related Documents”; Using This Manual; Printing a Page in the HTML View

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual x About This Manual v2.0, May 2007 • Scope. This manual is written for the SSL VPN Concentrator according to these specifications: For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEA...

Page 11 - Print; Printing a Chapter; PDF of This Chapter; Printing the Full Manual; Complete PDF Manual

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual About This Manual xi v2.0, May 2007 Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents. • Printing a Chapter . Use the PDF of This Chapter li...

Page 12 - Revision History

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual xii About This Manual v2.0, May 2007 Revision History Version Date Description of Changes -01, v1.1 November 2006 • Restructured the contents so that common setup and configuration tasks are easier to find • Added new topics• Added a li...

Page 13 - “Web; About the ProSafe SSL VPN Concentrator 25; Supports 25 concurrent sessions.

1-1 v2.0, May 2007 Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes the minimum prerequisites for installation ( “Web Browser Requirements” on page 1-2 .), package contents ( “What’s in the Box” on page 1...

Page 14 - Web Browser Requirements; JavaScript

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-2 Introduction v2.0, May 2007 • Supports multiple user authentications, including local database, Microsoft Active Directory, LDAP, NT Domain and RADIUS. • Provides client-less access with customizable user portals and support for a w...

Page 15 - What’s in the Box; Resource CD; Hardware Description; Front Panel

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Introduction 1-3 v2.0, May 2007 End Users can use Microsoft Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for VPN tunnel, VNC, Network Places and Utilities). The browsers should also support JavaScr...

Page 16 - Back Panel

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1-4 Introduction v2.0, May 2007 1. LED Power Indicator: • Off – No power • On – Power is on. 2. LED Self test Indicator. • Self test – on while initializing. (~2 minutes) • Loading Software – blinking while uploading software • System f...

Page 17 - Steps for Deploying the SSL312; Chapter 2, “Installing

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Introduction 1-5 v2.0, May 2007 Steps for Deploying the SSL312 Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your network. • Installing the SSL312: choosing a network topology, configuring its IP add...

Page 19 - Choosing a Network Topology; Single Arm

2-1 v2.0, May 2007 Chapter 2 Installing the SSL312 This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The installation includes choosing a network topology, configuring the IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. Choosing a Ne...

Page 20 - Assign Ethernet Port 1 an IP address on your local network.; Routing; NETGEAR recommends single arm operation for most networks.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-2 Installing the SSL312 v2.0, May 2007 . Single arm mode has the advantage of being protected by your firewall. In later steps, you will use the following settings when configuring for single arm operation. • Assign Ethernet Port 1 an...

Page 21 - Assign Ethernet Port 1 a public IP address.; Initial Connection to the SSL VPN Concentrator

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Installing the SSL312 2-3 v2.0, May 2007 authorized for that user. The user’s subsequent requests for network services are decrypted by the SSL VPN Concentrator and relayed to the appropriate network servers on the corporate network. Ro...

Page 22 - Accessing the Management Interface; “Web Browser Requirements” on page 1-2

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-4 Installing the SSL312 v2.0, May 2007 1. Prepare a PC with an Ethernet adapter. If this PC is already part of your network, record its TCP/IP configuration settings so that you can restore them later. 2. Configure your PC with a stat...

Page 23 - When prompted, enter; admin; for the User Name and; password; for the Password, both in

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Installing the SSL312 2-5 v2.0, May 2007 2. A certificate security warning may appear. Click Yes or OK to continue. A login screen with User Name and Password dialog boxes displays. 3. When prompted, enter admin for the User Name and pa...

Page 24 - Configuring Basic Network Settings; Change the administrator password

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-6 Installing the SSL312 v2.0, May 2007 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into your existing network, you should configure the following basic settings: • Change the administrator password • C...

Page 26 - Installing the SSL VPN Concentrator; Turn on the power to the SSL VPN Concentrator.; Managing Certificates; Information identifying the operator of the server.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-8 Installing the SSL312 v2.0, May 2007 Installing the SSL VPN Concentrator You are now ready to physically install your SSL VPN Concentrator using the following steps: 1. Turn off the power to the SSL VPN Concentrator and connect it t...

Page 27 - Obtaining a Certificate from a Certificate Authority; screen

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Installing the SSL312 2-9 v2.0, May 2007 strong assurance of the server’s identity. A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your SSL VPN Conc...

Page 28 - file to a disk; Generating a Self-Signed Certificate; To generate a self-signed certificate file:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-10 Installing the SSL312 v2.0, May 2007 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 4. Click Apply. A file download screen will display...

Page 29 - Uploading and Enabling the New Certificate

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Installing the SSL312 2-11 v2.0, May 2007 2. In the Digital Certificate Management section, click New CSR/CRT. The Create CSR screen will display. 3. Fill out all of the fields with the appropriate information. This information will app...

Page 31 - Viewing and Deleting Certificates; To view details of currently available certificates:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Installing the SSL312 2-13 v2.0, May 2007 5. Enter the Certificate Password and click Enable. The SSL VPN Concentrator software will restart using the new certificate. Viewing and Deleting Certificates The Current Certificates table lis...

Page 32 - Steps for Further Configuration; The next steps in configuring the SSL VPN Concentrator are:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2-14 Installing the SSL312 v2.0, May 2007 Steps for Further Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains ( Chapter 3, “Authenticating Users” ). • Define user and group setting...

Page 33 - Authentication Domains

3-1 v2.0, May 2007 Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three items: a User Name, a Password, and a Domain selection. The Domain determines ...

Page 34 - Local User Database Authentication; To add a new authentication domain using the local user database:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-2 Authenticating Users v2.0, May 2007 All of the configured domains will be listed in the table in the Domains window. The domains are listed in the order in which they were created. By default, the geardomain authentication domain is...

Page 35 - RADIUS and NT Domain Authentication

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Authenticating Users 3-3 v2.0, May 2007 1. In the Domains menu, click Add Domain. An Add Domain window similar to the following displays. 2. From the Authentication Type pull-down menu, select Local User Database. 3. In the Domain Name ...

Page 36 - Configuring for RADIUS Domain Authentication; To create a domain with Radius authentication:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-4 Authenticating Users v2.0, May 2007 For example, if you create a RADIUS domain in the SSL VPN Concentrator called “Miami RADIUS server”, you can add users to groups that are members of the “Miami RADIUS server” domain. These user na...

Page 37 - Configuring for NT Domain Authentication

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Authenticating Users 3-5 v2.0, May 2007 6. From the Portal Layout Name drop-down menu, select the name of the layout. The default layout is SSL-VPN. You can define additional layouts in the Portal Layouts page. 7. Click Apply to update ...

Page 38 - LDAP Authentication

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-6 Authenticating Users v2.0, May 2007 2. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name selected by users when they authenticate to the SSL VPN portal. It may be the same valu...

Page 39 - To add an LDAP authentication domain, see; Sample LDAP Attributes; msNPAllowDialin=FALSE; LDAP Attribute Rules; If multiple attributes are defined for a group,

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Authenticating Users 3-7 v2.0, May 2007 For an LDAP group, you can define LDAP attributes. For example, you can specify that users in an LDAP group must be members of a certain group or organizational unit defined on the LDAP server. Or...

Page 40 - Sample LDAP Users and Attributes Settings; not; Querying an LDAP Server; demo

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-8 Authenticating Users v2.0, May 2007 Sample LDAP Users and Attributes Settings If you manually add a user to an LDAP group, then the user setting will take precedence over LDAP attributes. For example: An LDAP attribute objectClass=P...

Page 41 - Configuring for LDAP Authentication; Do not include quotes (

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Authenticating Users 3-9 v2.0, May 2007 Configuring for LDAP Authentication To configure LDAP authentication, click Add Domain. An Add Domain window displays. In the Add Domain window: 1. From the Authentication Type menu, select LDAP. ...

Page 42 - Active Directory Authentication; Configuring for Windows Active Directory Authentication; To configure Windows Active Directory authentication:; Users and Groups

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-10 Authenticating Users v2.0, May 2007 5. From the Portal Layout Name drop-down menu, select the name of the layout. The default layout is SSL-VPN. You can define additional layouts in the Portal Layouts page. 6. Click Apply to update...

Page 44 - Troubleshooting Active Directory Authentication; Date and Time; screen and check that the server’s time settings are also; Kerberos Authentication; To configure Kerberos authentication:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 3-12 Authenticating Users v2.0, May 2007 7. Check the Require CIFS bookmark to home directory radio box to automatically allow access to users of this domain and add the home directory path in the field provided. 8. Click Apply to updat...

Page 45 - Enter the Kerberos domain name in the Kerberos Domain field.; Apply; . Once the domain has been added, the domain will be added to the; Domains; Deleting a Domain; The SSL VPN Concentrator

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Authenticating Users 3-13 v2.0, May 2007 5. Enter the Kerberos domain name in the Kerberos Domain field. 6. Enter the name of the layout in the Portal Layout Name field. The default layout is SSL-VPN. (Additional layouts may be defined ...

Page 47 - Determine Your Requirements

4-1 v2.0, May 2007 Chapter 4 Setting Up User and Group Access Policies This chapter describes how to define users and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapter includes the following topics: • Determine Your Requirements • U...

Page 48 - “Using Network Resource Objects to Simplify Policies” on page 4-20; Users, Groups and Global Policies; User Policies take precedence over all Group Policies.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-2 Setting Up User and Group Access Policies v2.0, May 2007 • To create complex policies involving groups of host names, IP addresses or IP address ranges, you can define these groups as network objects using Network Resources as descr...

Page 49 - Global Policies; under the Access Administration menu in the left navigation pane.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-3 v2.0, May 2007 • An FTP server at 10.0.1.5, the user would be blocked by Policy 2. • An FTP server at 10.0.0.10, the user would be granted access by Policy 3. The IP address range 10.0.0.5 -...

Page 50 - Editing Global Policy Settings; To edit global settings:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-4 Setting Up User and Group Access Policies v2.0, May 2007 Editing Global Policy Settings To edit global settings: 1. In the Global Policies table, click the Edit Global Policies link. The Global Settings screen displays. 2. In the In...

Page 51 - Adding and Editing Global Policies; To define global access policies:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-5 v2.0, May 2007 Adding and Editing Global Policies To define global access policies: 1. In the Global Policies section, click Add Policy. An Add Policy window displays. 2. From the Apply Poli...

Page 52 - Defining and Editing Global Bookmarks; To define global bookmarks:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-6 Setting Up User and Group Access Policies v2.0, May 2007 4. From the Service pull-down menu, select the service type. If you are applying a policy to a network resource, the service type is defined in the network resource. 5. From t...

Page 53 - Groups Configuration; Adding a New Group; To create a new group:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-7 v2.0, May 2007 Groups Configuration When configuring Groups, remember that user policies take precedence over all group policies and group policies take precedence over all global policies, ...

Page 54 - In the Group Name field., enter a descriptive name for the group.; Editing Group Settings; To edit group settings:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-8 Setting Up User and Group Access Policies v2.0, May 2007 . 2. In the Group Name field., enter a descriptive name for the group. 3. In the Domain menu, select the appropriate domain. The domain will determine the authentication metho...

Page 55 - The maximum timeout setting is 2; Defining and Editing Group Policies

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-9 v2.0, May 2007 You can set the inactivity timeout at the user, group and global level. Set the timeout as 0 in the user and group configuration to use the global timeout setting. If multiple...

Page 56 - To define group access policies:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-10 Setting Up User and Group Access Policies v2.0, May 2007 addresses. If two policies apply to a single IP address, then a policy for a specific service (for example RDP) will take precedence over a policy that applies to all service...

Page 57 - In the; Service; Defining and Editing Group Bookmarks; To define group bookmarks:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-11 v2.0, May 2007 • If your policy applies to a specific host, enter the IP address of the local host machine in the IP Address field. • If your policy applies to a network, enter the network ...

Page 58 - In the Bookmark Name field, enter a descriptive name.; Deleting a Group

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-12 Setting Up User and Group Access Policies v2.0, May 2007 . 2. In the Bookmark Name field, enter a descriptive name. 3. In the Name or IP Address field, enter the domain name or the IP address of a host machine on the LAN. 4. From t...

Page 59 - You can also delete a group by clicking its Delete; Users Configuration; A group cannot be deleted if

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-13 v2.0, May 2007 2. In the Group Settings window, click Delete Group. The Users and Groups menu displays and the deleted group no longer appears in the list of defined groups. You can also de...

Page 60 - Adding a New User; To create a new user:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-14 Setting Up User and Group Access Policies v2.0, May 2007 Adding a New User To create a new user: 1. In the Users and Groups menu, click Add User. An Add User menu displays. 2. In the User Name field, enter the user name for the use...

Page 62 - Editing a User

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-16 Setting Up User and Group Access Policies v2.0, May 2007 Editing a User To edit a user: 1. In the Users table in the Users and Groups menu, click the name of the user. The User Settings menu displays as shown in Figure 4-14 . • The...

Page 63 - In the Confirm Password field, enter the new password again.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-17 v2.0, May 2007 . 2. To modify the user password, enter the new user password in the Password field. 3. In the Confirm Password field, enter the new password again. 4. Click Apply to update ...

Page 64 - Defining and Editing User Policies; To define user access policies:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-18 Setting Up User and Group Access Policies v2.0, May 2007 Defining and Editing User Policies To define user access policies: 1. On the Edit User Settings screen, click Add Policy. An Add Policy menu displays. 2. In the Apply Policy ...

Page 65 - Defining and Editing a User Bookmarks; To define user bookmarks:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-19 v2.0, May 2007 6. Click Apply to update the configuration. Once the configuration has been updated, the new policy appears in the Edit User Settings menu. The user policies will be displaye...

Page 66 - Deleting a User; Using Network Resource Objects to Simplify Policies; To define a network resource:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 4-20 Setting Up User and Group Access Policies v2.0, May 2007 Deleting a User To delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user is removed from the table in the Users and Groups menu, or ...

Page 67 - In the Resource Name field, enter a name for the Network Resource.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Setting Up User and Group Access Policies 4-21 v2.0, May 2007 2. Click Add Resource. An Add Network Resource menu similar to the following displays. 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Servi...

Page 71 - The SSL VPN; Portal Layouts; screen allows you to create a custom page that remote users will

5-1 v2.0, May 2007 Chapter 5 Configuring the Remote Access Web Portal This chapter explains how to create multiple Web portals for different users and how to customize the appearance of a portal. It describes: • Portal Layouts • Portal Options • Adding Portal Layouts • Adding Terminal Services Appli...

Page 72 - To view the Portal Layout screen:; Portal Options; If the default portal is changed; geardomain

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5-2 Configuring the Remote Access Web Portal v2.0, May 2007 To view the Portal Layout screen: Click Portal Layouts under the SSL VPN Portal menu on the left navigation pane. A window similar to the following will display. . Portal Optio...

Page 73 - “Configuring the SSL VPN Tunnel Client and Port Forwarding”; Adding Portal Layouts; To add a new portal layout:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-3 v2.0, May 2007 The configuration of the VPN Tunnel and Port Forwarding features are described in Chapter 6, “Configuring the SSL VPN Tunnel Client and Port Forwarding” . Adding Portal Layouts...

Page 74 - checkbox to show the banner title and banner message text on the

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5-4 Configuring the Remote Access Web Portal v2.0, May 2007 : b. In the Portal Site Title field, enter the title for the web browser window. c. To display a banner message to users before they log in to the portal, enter the banner titl...

Page 75 - SSL VPN Portal Pages to Display; create SSL VPN

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-5 v2.0, May 2007 d. Check the Enable HTTP meta tags for cache control checkbox to apply HTTP meta tag cache control directives to this Portal Layout. Cache control directives include: <meta ...

Page 76 - Adding Terminal Services Applications to the Portal; Application Description; gif

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5-6 Configuring the Remote Access Web Portal v2.0, May 2007 6. Click Apply to confirm your settings. Adding Terminal Services Applications to the Portal If you selected the option Applications page (in the SSL VPN Portal Pages to Displa...

Page 77 - Customizing the Banner; Browse

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-7 v2.0, May 2007 2. In the Application and Path field, enter the path and application name of the Terminal Services application. 3. From the Icon Image menu, select an image to appear on the Ap...

Page 78 - Duplicating and Editing Portal Layouts; To add a new Portal by editing an existing Portal layout:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5-8 Configuring the Remote Access Web Portal v2.0, May 2007 Duplicating and Editing Portal Layouts You can edit the features of an existing portal; for example, create a banner or banner message that displays at the top of the page; or ...

Page 79 - To modify the features of an existing portal:; Creating a Guide to Using the Portal

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-9 v2.0, May 2007 To modify the features of an existing portal: 1. Under the SSL VPN Portal menu on the left navigation pane, click Portal Layouts. The Portal Layouts screen displays. 2. In the ...

Page 81 - This chapter includes:; Two Approaches for VPN; Only supports TCP connections, not UDP or other IP protocols.

6-1 v2.0, May 2007 Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN Concentrator from a PC that allows ActiveX content, these two powerful featur...

Page 82 - SSL VPN Client Configuration; Some additional considerations:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6-2 Configuring the SSL VPN Tunnel Client and Port Forwarding v2.0, May 2007 • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate network. • Offers more f...

Page 83 - Adding IP Address Ranges

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the SSL VPN Tunnel Client and Port Forwarding 6-3 v2.0, May 2007 – Split tunnel – Sends only traffic destined for the internal network based on the specified client routes. All other traffic is sent to the internet. Split tu...

Page 84 - Adding Routes for VPN Tunnel Clients; Subnets specified in the Configured Client Routes table.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6-4 Configuring the SSL VPN Tunnel Client and Port Forwarding v2.0, May 2007 6. Restart the SSL VPN Concentrator software if any VPN Tunnel Clients are actively connected. Restarting will force the clients to obtain a new virtual IP add...

Page 85 - To add an SSL VPN Tunnel client route:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the SSL VPN Tunnel Client and Port Forwarding 6-5 v2.0, May 2007 If the assigned client IP address range is in a different subnet than the corporate network or if the corporate network has multiple subnets, you must define C...

Page 86 - To delete a VPN Tunnel Client Route:; Configuring Applications for Port Forwarding

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6-6 Configuring the SSL VPN Tunnel Client and Port Forwarding v2.0, May 2007 . To delete a VPN Tunnel Client Route: 1. In the Configured Client Routes table, click the Delete link adjacent to the client route. 2. Restart the SSL VPN Con...

Page 87 - To configure applications for Port Forwarding:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Configuring the SSL VPN Tunnel Client and Port Forwarding 6-7 v2.0, May 2007 To configure applications for Port Forwarding: 1. From the Access Administration menu in the left navigation pane, select the Port Forwarding option. The Port ...

Page 88 - Configuring Host Name Resolution; or

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 6-8 Configuring the SSL VPN Tunnel Client and Port Forwarding v2.0, May 2007 Configuring Host Name Resolution Once the server and port information has been configured, remote users will be able to access private network servers using Po...

Page 89 - Configuring Network Settings; Set the Ethernet Port 1 and Ethernet Port 2 addresses.; Sample SSL VPN Concentrator Configuration; Interface Ethernet Port 1 IP address:

7-1 v2.0, May 2007 Chapter 7 Additional System Configuration This chapter describes additional network and configuration management functions provided by the Web Management Interface. The additional functions include: • Configuring Network Settings • Setting Date and Time • System Configuration Util...

Page 90 - Network Interface and Default Gateway Configuration; To configure the Ethernet Port 1 and Ethernet Port 2 Interfaces:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-2 Additional System Configuration v2.0, May 2007 • Default gateway address (Firewall/Router address): 192.168.1.254 In the configuration shown in the diagram, the IP addresses of devices in the local network are configured in the 192....

Page 91 - NETGEAR recommends one port operation for most networks.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional System Configuration 7-3 v2.0, May 2007 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as the subnet mask configured on your network computer...

Page 92 - Click Apply to save your settings.; Static Route Configuration

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-4 Additional System Configuration v2.0, May 2007 5. Enter the subnet mask. The subnet mask specifies the network number portion of an IP address. The factory default is 255.255.255.0. 6. Click Apply to save your settings. From the Net...

Page 94 - Network Host Table Settings; Network

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-6 Additional System Configuration v2.0, May 2007 Network Host Table Settings For the convenience of users, you can configure the SSL VPN Concentrator to translate host names or fully qualified domain names (FQDNs) to IP addresses. Thi...

Page 95 - mycomputer; Configuring DNS Settings; The DNS server configuration is required

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional System Configuration 7-7 v2.0, May 2007 3. In the Host Name field, enter the host name or Fully Qualified Domain Name of the machine. For example, enter mycomputer or www.netgear.com . Do not enter names with spaces or other ...

Page 96 - In the Network menu, check the DNS Settings

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-8 Additional System Configuration v2.0, May 2007 1. In the Network menu, check the DNS Settings radio button. The Network menu displays the fields for entering the DNS Settings. 2. Enter the Hostname for the SSL VPN Concentrator. The ...

Page 97 - Setting Date and Time; To configure the SSL VPN Concentrator date and time settings:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional System Configuration 7-9 v2.0, May 2007 Setting Date and Time To configure the SSL VPN Concentrator date and time settings: 1. Under the System Configuration menu in the left navigation pane, click Date and Time. The SSL VPN ...

Page 98 - System Configuration Utilities

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-10 Additional System Configuration v2.0, May 2007 • If you selected Use default NTP servers, NETGEAR’s primary and secondary NTP servers for your time zone will appear. • If you selected Use custom NTP servers, enter an NTP server IP ...

Page 99 - Encrypting the Configuration File; To encrypt the configuration files:; Exporting and Saving a Backup Configuration File

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional System Configuration 7-11 v2.0, May 2007 Encrypting the Configuration File For security purposes, you can encrypt the configuration files. However, if the configuration files are encrypted, they cannot be edited or reviewed f...

Page 100 - Click Save to save the configuration file.; Importing a Configuration File; To import a saved configuration file:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-12 Additional System Configuration v2.0, May 2007 3. Choose the location to save the configuration file. The file is named CONF . ZIP by default, but it can be renamed. 4. Click Save to save the configuration file. Importing a Configu...

Page 101 - Erasing the Configuration and Restoring the Default Settings; “Initial Connection to the SSL VPN Concentrator” on page 2-3; Upgrading the SSL VPN Concentrator Firmware; . To install a new version of the SSL VPN Concentrator

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Additional System Configuration 7-13 v2.0, May 2007 Erasing the Configuration and Restoring the Default Settings Two methods are available for erasing the configuration and restoring the factory default settings. You can press and hold ...

Page 102 - In the Utilities menu, click Upgrade. A submenu will display.; Additional Notes on the Management Interface; Chapter 8, “Monitoring and Logging”

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 7-14 Additional System Configuration v2.0, May 2007 1. Download the new firmware from NETGEAR’s support site. If the file is a zip archive, extract it and save it to your PC. 2. In the Utilities menu, click Upgrade. A submenu will displ...

Page 103 - SSL VPN Concentrator Status; To view the SSL VPN Concentrator Status window:

8-1 v2.0, May 2007 Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: • SSL VPN Concentrator Status • Active Users • Event Log • Log Settings • Diagnostics SSL VPN Concentrator Status The Status...

Page 104 - The SSL VPN Concentrator software version

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 8-2 Monitoring and Logging v2.0, May 2007 From the Status page, you may view: • The SSL VPN Concentrator software version • The amount of RAM memory in kilo Bytes (kB) • The current memory usage in percent (%). • The current CPU usage i...

Page 105 - Active Users; To view the Active Users log file:

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Monitoring and Logging 8-3 v2.0, May 2007 Active Users The Active Users screen displays the active users and administrators logged into the SSL VPN portal. To view the Active Users log file: Click Active Users under the Monitoring menu ...

Page 106 - Event Log; “Log

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 8-4 Monitoring and Logging v2.0, May 2007 Event Log The SSL VPN Concentrator provides web based logging. It also provides the ability to send log messages to an external syslog server using the syslog protocol and to E-mail log files an...

Page 107 - Administrator login successful; Log Settings

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Monitoring and Logging 8-5 v2.0, May 2007 • User name. The User name field shows the authenticated name of the user or administrator that generated the log event. • Log message. The message field describes the event that occurred. Examp...

Page 108 - for syslog and alert

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 8-6 Monitoring and Logging v2.0, May 2007 so most standard firewall and networking reporting products can accept and interpret the SSL VPN Concentrator log files. The SSL VPN Concentrator syslog service transmits syslog messages to exte...

Page 109 - When Full; is selected, the event log will be e-mailed and then cleared when the; and; Time; You can manually clear the Event Logs by clicking

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Monitoring and Logging 8-7 v2.0, May 2007 3. If you have a backup or second syslog server, enter the IP address or domain name of the Secondary Syslog Server in the Secondary Syslog Server field. 4. In the E-mail Settings section: a. To...

Page 110 - Syslog Messages: Debug; to confirm your settings.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 8-8 Monitoring and Logging v2.0, May 2007 Log categories are organized from most to least critical. Once a category is selected, then all events equal to or more critical than the selected log category and will be logged. The default Lo...

Page 111 - Diagnostics; The following diagnostic functions are available:; Ping an IP Address; – Enter an IP address and click Trace to perform a traceroute to the; Perform a DNS Lookup; – Enter an Internet Name (FQDN) and click Lookup to resolve the; Restart the SSL VPN Concentrator; – Click Reboot to restart the SSL VPN Concentrator.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Monitoring and Logging 8-9 v2.0, May 2007 Diagnostics Basic network diagnostic tools are available in the Diagnostics menu. Under the Monitoring menu in the left navigation menu, click Diagnostics. The Diagnostics window displays. The f...

Page 113 - Appendix A; Factory Default Settings

Default Settings and Technical Specifications A-1 v2.0, May 2007 Appendix A Default Settings and Technical Specifications This appendix provides the factory default settings and technical specifications for the ProSafe SSL VPN Concentrator 25 SSL312. Factory Default Settings You can use the push but...

Page 114 - Technical Specifications

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual A-2 Default Settings and Technical Specifications v2.0, May 2007 Technical Specifications Concentrator Ethernet MAC Address See bottom label. Time Zone GMT Time Zone Adjusted for Daylight Saving Time Automatically enabled if DST availab...

Page 115 - Appendix B

Related Documents B-1 v2.0, May 2007 Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Template for creating an end-user guide http://documentation.netgear...

Page 117 - Numerics

Index-1 v2.0, May 2007 Index Numerics 10.0.0.1 Port 2 default 7-3 192.168.1.1 Port 1 default 7-2 A Active Directory 3-2 , 3-10 , 4-15 synchronizing 3-12 Windows server config 3-12 Active Users 8-2 , 8-3 ActiveX web cache control 5-5 Add Bookmark 4-6 user 4-19 Add Default Route 7-4 Add Domain 3-3 Add...

Netgear SSL312 - Manual

Table of Contents:

Summary

Other Netgear Models