NETGEAR SSL312 manual

202-10208-04 May 2007 v2.0 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual[...]

ii v2.0, May 2007 © 2007 by NETGEAR, Inc. All rights reserved. T echnical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. T o register your product, get product support or obtai n product information and product documentation, go to http://www .NETGEAR.com . If you do not have acc[...]

v2.0, May 2007 iii EU Regulatory Compliance S tatement ProSafe SSL VPN Concentrator 25 is compliant with the following EU Council Directives: 89/336/EEC and L VD 73/23/EEC. Compliance is verified by testing to the followin g standards: EN55022 Class B, EN55024 and EN60950. Certificate of the Manufacturer/Importer It is hereby certified that the Pro[...]

v2.0, Ma y 20 07 iv Product and Publication Det ails Model Number: SSL312 Publication Date: May 2007 Product Family: Concentrator Product Name: ProSafe SSL VPN Concentrator 25 Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10208-04 Publication V ersion Number: 2.0[...]

v v2.0, May 2007 Content s About This Manual Conventions, Formats and Scope ................... ................... .................... ................... ....... ix Using This Manual .............. ................... ................... ................. ................... ................... .. x Printing this Manual .........................[...]

vi v2.0, May 2007 S teps for Further Configuration ............. ... .... ................ ................ ................... ............. 2-14 Chapter 3 Authenticating Users Authentication Domains .. .... ... ... ... .... ... ... ... .... ... ................ ................... ................ ............ 3-1 Local User Database Au thenticat[...]

vii v2.0, May 2007 Editing a User ........ ................ .................... ................... .................... ................... ... 4-16 Defining and Editing User Policies ............ ... ................... ................. ................... ... 4-18 Defining and Editing a User Bookmarks ... ......... ................. ..........[...]

viii v2.0, May 2007 Erasing the Configuration a nd Restoring the Default Setti ngs .. ................... .......... 7-13 Upgrading the SSL VPN Concentrator Firmwar e .. ................ ................... ............. 7-13 Additional Notes on the Management Interf ac e ........... ................... ................... .......... 7-14 Chapter 8[...]

ix v2.0, May 2007 About This Manual The NETGEAR ® Pr osafe™ SSL VPN Concentrator 25 S SL312 Refer ence Manual describes how to install and configure the SSL312 . The information in this manual is intended for administrators who will configure the SSL312. Y ou should have intermediate computer and Internet skills. Conventions, Format s and Scope [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l x About This Manual v2.0, May 2007 • Scope. This manual is written for the S SL VP N Concentrator according to these specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B , “R elated Doc um[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual About This Manual xi v2.0, May 2007 Each page in the HTML version of the manu al is dedicated to a major topic. Use the Print button on the brows er toolbar to print the page contents. • Printing a Chapter . Use the PDF of This Chapter link at the top left of any page. – Click t[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l xii About This Manual v2.0, May 2007 Revision History Ve r s i o n Date Descripti on of Changes -01, v1.1 November 2006 • Restructu red the contents so that comm on setup and configuration tasks are easier to find • Added new topics • Added a link to a Microsoft Word template fo[...]

1-1 v2.0, May 2007 Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR ® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes the minimum prerequisites for installation ( “W eb Browser Requirements” on page 1-2 .), package conte nts ( “What’ s in the Box” on page 1-3 ), and a description of the fr[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-2 Introduction v2.0, May 2007 • Supports multiple user authenti cations, including local database , Microsoft Active Directory , LDAP , NT Domain and RADIUS. • Provides client-less access with customiz able us er portals and support for a wide variety of user repositories. Acces[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Introduction 1-3 v2.0, May 2007 End Users can use Microsoft Internet Explorer 5.1 or higher , Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for VPN tunnel, VNC, Network Pl aces and Utilities). The br owsers should also support JavaScript, Java, cookies, SSL and Activ eX to take[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-4 Introduction v2.0, May 2007 1. LED Power Indicator: • Of f – No power • On – Power is on. 2. LED Self test Indicator . • Self test – on while initializing. (~2 minutes) • Loading Software – bli nking while uploading software • System fault – on ( prolonged) Thi[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Introduction 1-5 v2.0, May 2007 S tep s for Deploying the SSL312 Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your network. • Installing the SSL312: choosing a network topolo g y , configuring its IP add ressing scheme, connecting the SSL312, [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-6 Introduction v2.0, May 2007[...]

2-1 v2.0, May 2007 Chapter 2 Inst alling the SSL312 This chapter describes how to install the Pr oSafe SSL VPN Concent rator 25 SSL312. The installation includes choosin g a network topology , configuring the IP addressing scheme, connecting the SSL312, and pro v isioning the SSL certificate. Choosing a Network T opology The physical connection o f[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-2 Installing the SSL312 v2.0, May 2007 . Single arm mode has the advantage of being protected by yo ur firewall. In later steps, you will use the following settin gs when configuring for single arm operation. • Assign Ethernet Port 1 an IP address on your local n etwo rk. • Disa[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-3 v2.0, May 2007 authorized for that user . The user ’ s subsequent reques ts for network services are decrypted by the SSL VPN Concentrator and rela yed to the approp riate network servers on the corporate network. Routing mode has the ad vantage of unload[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-4 Installing the SSL312 v2.0, May 2007 1. Prepare a PC with an Ethernet adapter. If this PC is already part of your n etwork, record its TCP/IP configuration settings so th at you can restore them later. 2. Configure your PC with a static IP address o f 192.168.1.10 and 255.2 55.255[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-5 v2.0, May 2007 2. A certificate security warning may appear . Click Y es or OK to continue. A login screen with User Name and Pa ssword dialog boxe s displays. 3. When prompted, en ter admin for the User Name and password for the Password, both in lower cas[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-6 Installing the SSL312 v2.0, May 2007 Configuring Basic Network Settings Before deploying the SSL VPN Concentrator into yo ur existing network, yo u should configure the following basic settings: • Change the administrator password • Configure DNS se rver IP addres s • Config[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-7 v2.0, May 2007 T o prepare for installation: 1. Change the administrator account password. a. On the left side of the browser window , select the Users and Groups link. b. In the Users table, click on admin. c. T ype your new Password and re-typ e to Confir[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-8 Installing the SSL312 v2.0, May 2007 Inst alling the SSL VPN Concentrator Y ou are now ready to physically install your SSL VPN Concentrator us ing the following steps: 1. T urn off the power to the SSL VPN Concentrat or and connect it to your network in your chosen topology . •[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-9 v2.0, May 2007 strong assurance of the server ’ s identity . A self-s igned certificate will trigger a warning from most browsers as it provides no protection ag ainst identity thef t of the server . Y our SSL VPN Concentrator contains a self-signed certi[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-10 Installing the SSL312 v2.0, May 2007 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 4. Click Apply . A file download screen will display . Click Save to save the CSR . ZIP file to a di[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-11 v2.0, May 2007 2. In the Digital Certificate Management section, click Ne w CSR/CR T . The Create CSR screen will display . 3. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-12 Installing the SSL312 v2.0, May 2007 4. Click the Enable link adjacent to the new cer tificate. The Enable Certificate screen displays Figure 2-7 Figure 2-8[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Installing the SSL312 2-13 v2.0, May 2007 5. Enter the Certificate Password and click Enab le. The SSL VPN Concentrator software will restart using the new certificate. V iewing and Deleting Certificates The Current Certificates table lists the valid S SL certificates. (The Certific[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-14 Installing the SSL312 v2.0, May 2007 S tep s for Furt her Configuration The next steps in configuring the SSL VPN Concentrator are: • Create authentication domains ( Chapter 3, “Authenticating Users” ). • Define user and group settings ( Chapter 4, “Setting Up User and [...]

3-1 v2.0, May 2007 Chapter 3 Authenticating Users Remote users conn ecting to the SSL VPN Concentrator mu st be authenticated before being allowed to access the network. The login window prese nted to the user requires three items: a User Name, a Password, and a Domain selection. The Do main determines the au thentication method to be used and the [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-2 Authentic ating Users v2.0, May 2007 All of the configured domains will be listed in the table in the Domains window . The domains are listed in the order in which they were created. By default, the geardomain authentication domain is already defined, using the SSL VPN Concentrato[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-3 v2.0, May 2007 1. In the Domains menu, click Add Domain. An Ad d Domain window similar to the following displays. 2. From the Authentication T ype pull-down menu, select Local User Database. 3. In the Domain Name field, enter a descriptive name for the authe[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-4 Authentic ating Users v2.0, May 2007 For example, if you create a RADIUS domain in the SSL VPN Concentrator called “Miami RADIUS server”, you can add users to groups th at are members of the “Miami RADIUS server” domain. These user names must match the names configured in [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-5 v2.0, May 2007 6. From the Portal Layout Name drop-down me nu, select the name of the layout. The default layout is SSL-VPN. Y ou can define additio nal layouts in the Po rtal Layouts page. 7. Click Apply to update the configuration. Once the domain has been[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-6 Authentic ating Users v2.0, May 2007 2. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name selecte d by users when they authenticate to the SSL VPN portal. It may be the same value as the NT Domain Name. 3. In the NT Server Ad[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-7 v2.0, May 2007 For an LDAP group, yo u can define LDAP attributes. For example, you can specify that users i n an LDAP group must be members of a certain gr oup or or ganizational unit defined on the LDAP server . Or you can specify a uniqu e LDAP distinguis[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-8 Authentic ating Users v2.0, May 2007 Sample LDAP Users and Attributes Settings If you manually add a user to an LDAP group, then the user setting will take precedence over LDAP attributes. For example: An LDAP attribute objectClass=Person is defined for group Group1 and an LDAP a [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-9 v2.0, May 2007 Configuring for LDAP Authentication T o configure LDAP authentication, click Add Do main. An Add Domain window displays. In the Add Domain window: 1. From the Authentication T ype menu, select LD AP . The Add D omain W i ndow displays the fiel[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-10 Authentic ating Users v2.0, May 2007 5. From the Portal Layout Name drop-down me nu, select the name of the layout. The default layout is SSL-VPN. Y ou can define additio nal layouts in the Po rtal Layouts page. 6. Click Apply to update the configuration. Once the domain has been[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-11 v2.0, May 2007 2. From the Authentication T ype menu, select Ac tive Directory . Fields for Active Directory configuration display: 3. In the Domain Name field, enter a descriptive name for the authentication domain. This is the domain name users will selec[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-12 Authentic ating Users v2.0, May 2007 7. Check the Require CIFS bookmark to home dire ct ory radio box to automatically allow access to users of this domain an d add the home direct ory path in the field provided. 8. Click Apply to update the configuration. Once the domain has bee[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Authenticating Users 3-13 v2.0, May 2007 5. Enter the Kerberos domain name in the Kerberos Domain field. 6. Enter the name of the layout in the Portal Lay out Name fi eld. Th e defau lt layout is S SL-VPN. (Additional layouts may be defined from the SSL VPN Portal > Port al Layou[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-14 Authentic ating Users v2.0, May 2007[...]

4-1 v2.0, May 2007 Chapter 4 Setting Up User and Group Access Policies This chapter describes how to define user s and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapte r includes the following topics: • Determine Y our Requirements • Users, Groups and Global Policies • Global[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-2 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 • T o create complex policies involving groups of ho st names, IP addresse s or IP address ranges, you can define th es e groups as network object s usin g Network Resources as desc ribed in “Using Network Resource Ob[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-3 v2.0, May 2007 • An FTP server at 10.0.1.5, the user would be blocked by Policy 2. • An FTP server at 10.0.0.10, the user would be granted access by Polic y 3. The IP address range 10.0.0.5 - 10.0.0.20 is more specific than the IP a[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-4 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 Editing Global Policy Settings T o edit global settings: 1. In the Global Policies table, click the Edit Gl obal P olicies link. The Global Settings screen displays. 2. In the Inactivity T imeout field, enter the number o[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-5 v2.0, May 2007 Adding and Editing Global Policies T o define global access polic i es: 1. In the Global Policies section, click Add Policy . An Add Policy window displays. 2. From the Apply Policy T o pull-down menu, selec t whether the[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-6 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 4. From the Service pull-down menu , select the service type. If you are applying a policy to a network resource, the service type is defined in the network resource. 5. From the S tatus pull-down menu, select PERMI T or [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-7 v2.0, May 2007 Group s Conf iguration When configuring Groups, remember that user policies take precedenc e over all group policies and group policies take precedence over all global po licies, regardless of th e policy definition. (A u[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-8 Setting Up User and Gr oup Acces s Policie s v2.0, May 2007 . 2. In the Group Name field., enter a descriptive name for the group. 3. In the Domain menu, select the appropriat e domain. The domain will determine the authentication method for the group. 4. Click Apply to update the[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-9 v2.0, May 2007 Y ou can set the inactivity timeout at the user , group and global leve l. Set the timeout as 0 in the user and group configuration to use the global timeout setting. If multiple timeout settings are configured, the user [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-10 Setting Up User and Grou p Acces s Policies v2.0, May 2007 addresses. If two policies apply to a single IP ad dress, then a policy for a specific servic e (for example RDP) will take precedence over a policy that applies to all services. T o define group access policies: 1. In th[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-11 v2.0, May 2007 • If your policy applies to a specific host, ente r the IP address of the local host machine in the IP Address field. • If your policy applies to a network, enter th e network address and subnet bit mask (0-32) in th[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-12 Setting Up User and Grou p Acces s Policies v2.0, May 2007 . 2. In the Bookmark Name field, enter a descriptive name. 3. In the Name or IP Address field, enter the domai n name or the IP address of a host machine on the LAN. 4. From the Service pull-down me nu, select the service[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-13 v2.0, May 2007 2. In the Group Settings window , click Delete Grou p. The Users and Groups menu displays and the deleted group no longer appears in th e list of defined groups. Y ou can also delete a group by clicking its Delete link. [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-14 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Adding a New User T o create a new user: 1. In the Users and Groups menu, click Ad d User . An A dd User menu displays. 2. In the User Name field, enter the user name for the user . This is the name the user will enter in[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-15 v2.0, May 2007 4. Click Apply . If the selected group is in a domain that uses ex terna l authentication, such as Active Directory , RADIUS, NT Domain or LDAP , then the Add Us er menu will close and the new user will be added to the U[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-16 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Editing a User T o edit a user: 1. In the Users table in the Users and Groups menu, clic k the name of the user . The User Settings menu displays as shown in Figure 4-14 . • The Edit User Settings section shows the U se[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-17 v2.0, May 2007 . 2. T o modify the user password, enter the new user pas sword in the Passw ord field. 3. In the Confirm Password field, enter the new password again. 4. Click Apply to update the configuration T o change the user inact[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-18 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Defining and Editing User Policies T o define user access policies : 1. On the Edit User Settings screen, click Add Policy . An Add Policy menu display s. 2. In the Apply Policy T o pull-down menu, select whether the poli[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-19 v2.0, May 2007 6. Click Apply to update the configuration. Once the configuration h as been updated, the new policy appears in the Edit User Setti ngs menu. The user policies will be displaye d i n the Edit Users Settings screen in the[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-20 Setting Up User and Grou p Acces s Policies v2.0, May 2007 Deleting a User T o delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user is removed from the table in the Users and Grou ps menu, or 2. Click the user name that you wish to remov[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-21 v2.0, May 2007 2. Click Add Resourc e. An Add Netw ork Resource menu similar to the following displays. 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Services pull-down menu, select the type of servi[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-22 Setting Up User and Grou p Acces s Policies v2.0, May 2007 . 2. From the Object T ype pull-down menu under Add Resource Addresses, select either IP Address or IP Network: • If you selected IP Address, en ter an IP address or fully qualified domain name in the IP Address/Name fi[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Setting Up User and Gr oup Access Policies 4-23 v2.0, May 2007 . T o delete a defined res ource, click Delete in the Defined Resource Addresses table adjacent to the resource you wish to delete. Figure 4-21 Note: Y ou may define up to 128 addresses or address ranges per Network Reso[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-24 Setting Up User and Grou p Acces s Policies v2.0, May 2007[...]

5-1 v2.0, May 2007 Chapter 5 Configuring the Remote Access W eb Port al This chapter explains how to cr eate multiple W eb portals for different users and how to customize the appearance of a portal. It describes: • Portal Layouts • Portal Options • Adding Portal Layouts • Adding T erminal Services Applications to the Portal • Customizing[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-2 Configuring th e Remote Acces s Web Portal v2.0, May 2007 T o view the Portal Layout screen: Click Portal Layouts under the S SL VPN Portal menu on the left navigation pan e. A window similar to the following will display . . Port al Options The SSL VPN Concentrator portal can pre[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-3 v2.0, May 2007 The configuration of the VPN T unnel and Po rt Forwarding features are described in Chapter 6, “Configuring the SSL VPN T unnel Client and Port Forwarding” . Adding Port al Layouts The SSL VPN Concentrator administrator[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-4 Configuring th e Remote Acces s Web Portal v2.0, May 2007 : b. In the Portal Site T itle field, ente r the title for the web browser window . c. T o display a banner message to users before th ey log in to the portal, enter the banner title text in the Banner T itle field. Also en[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-5 v2.0, May 2007 d. Check the Enable HTTP meta tags for cache control check box to apply HTTP meta tag cache control directives to this Portal Layout. Cache control directives include: <meta http-equiv=”pragma” content=”no- cache?[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-6 Configuring th e Remote Acces s Web Portal v2.0, May 2007 6. Click Apply to confirm your sett ings. Adding T erminal Services Applications to the Portal If you selected the option Applicati ons page (in the SSL VPN Portal Pages to Display section), then the Portal Layout screen wi[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-7 v2.0, May 2007 2. In the Application and Path field, enter the path and application name of the T erminal Services application. 3. From the Icon Image menu, select an imag e to appear on the Applica tion s page. 4. Click Add Application t[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-8 Configuring th e Remote Acces s Web Portal v2.0, May 2007 Duplicating and Editing Port al Layout s Y ou can edit the features of an existing portal; for example, create a banner or banner message that displays at the top of the page; or show or hide all applica ble bookmarks (user[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the Remote Access Web Portal 5-9 v2.0, May 2007 T o modify the features of an existing portal: 1. Under the SSL VPN Portal menu on the left navigation pan e, click Portal Layo uts. The Port al Layouts screen displays. 2. In the Layout Name column, click the portal you wa[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-10 Configur ing the Remote Access Web Portal v2.0, May 2007[...]

6-1 v2.0, May 2007 Chapter 6 Configuring the SSL VPN T unnel Client and Port Forwarding This chapter describes the confi guration for the SSL VPN T unnel C lient and for Port Forwarding. When a remote user accesses the SSL VPN Concentr ator from a PC that allows ActiveX content, these two powerful features can be activated. For each of these featur[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-2 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate network. • Offers more fin e grained management than VPN T unnel. Ad[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-3 v2.0, May 2007 – Split tunnel – Sends only traffic destined fo r the internal network based on the specified client routes. All other traf fic is sent to th e internet. Split tunnel allows you to manage your company [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-4 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 6. Restart the SSL VPN Concentrator software if any VPN T unnel Clients are actively connected. Restarting will force the client s to obtain a new virtual IP address. VPN T unnel Clients are now able to conn[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-5 v2.0, May 2007 If the assigned client IP address range is in a diff erent subnet than the corporate network or if the corporate network has multiple subnets, you must define Client Routes. T o add an SSL VPN T u nnel cli[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-6 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 . T o delete a VPN T u nnel Cl ient Route: 1. In the Configured Client Routes table, clic k the Delete link adjacent to the client route. 2. Restart the SSL VPN Concentrator software if VPN T unnel Clients a[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Configuring the SSL VPN T unnel Client and Port Forwarding 6-7 v2.0, May 2007 T o configure applications for Port Forwarding: 1. From the Access Administration me nu in the left navigation pane , select the Port Forwarding option. The Port Forward ing configuration screen disp lays.[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-8 Configuring the SSL VPN Tun nel Client and Port Forwarding v2.0, May 2007 Configuring Host Name Resolution Once the server and port informa tion has been configured, remote users will be able to access private network servers using Port Forwarding . As a convenience for users, the[...]

7-1 v2.0, May 2007 Chapter 7 Additional System Configuration This chapter describes additional network and configuration management functions provided by the W eb Management Interface. Th e additional functions include: • Configuring Network Settings • Setting Date and T ime • System Configuration Utilities • Additional Notes on the Managem[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-2 Additional Syst em Config uration v2.0, May 2007 • Default gateway address (F ir ewall/Router address): 192.168.1.2 54 In the configuration shown in th e diagram, the IP addresses of devices in the local network are configured in the 192.168 .1.0/24 subnet and the defa ult gatew[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-3 v2.0, May 2007 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as th e subnet mask configured on your network computers. The factory default is 255.2 55.25 5.0 (The[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-4 Additional Syst em Config uration v2.0, May 2007 5. Enter the subnet mask. The subnet mask spec ifies the network numb er portion of an IP address. The factory defau lt is 255.255.255.0. 6. Click Apply to save your settings. From the Network screen, you ca n define the default net[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-5 v2.0, May 2007 T o configure a static route: 1. In the Add Static Routes section, enter the destin ation network address of the static route in the Destination Network field. The destination netw ork address is an IP address in the remote network [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-6 Additional Syst em Config uration v2.0, May 2007 Network Host T able Setting s For the convenience of users, yo u can configur e the SSL VPN Concentrator to translate host names or fully qualified domain names (FQDNs) to IP addresses. This function is configured in the Host T able[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-7 v2.0, May 2007 3. In the Host Name field, enter the host name or Fully Qualified Domain Name of the machine. For example, enter mycomputer or www .netge ar .com . Do not enter names with spaces or other non-alphanumeric characters such as apostrop[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-8 Additional Syst em Config uration v2.0, May 2007 1. In the Network menu, check the DNS Settings radio butto n. The Network menu displays the fields for entering the DNS Settings. 2. Enter the Hostname for the SS L VPN Concentrator. The hostname identifies the SSL VPN Concentrator [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7-9 v2.0, May 2007 Setting Date and T ime T o configure the SSL VPN Concen trator date and time settings: 1. Under the System Configuration menu in the left navigation pane, click Date and T ime. The SSL VPN Concentrator uses the date and tim e settin[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-10 Additional System Con fig ur a tion v2.0, May 2007 • If you selected Use default NTP server s, NETGEAR’ s prima ry and secondary NTP servers for your time zone will appear . • If you selected Use custom NTP servers, ente r an NTP server IP address or fully-qualified domain [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7 -11 v2.0, May 2007 Encrypting the Configuration File For security purposes, you can encrypt the configura tion files. However , if the configuration files are encrypted, they cannot be edited or reviewed for troubleshooting purposes. T o encrypt the[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-12 Additional System Con fig ur a tion v2.0, May 2007 3. Choose the location to save the conf iguration file. The file is named CONF . ZIP by default, but it can be renamed. 4. Click Save to save the configuration file. Importing a Configuration File T o import a saved confi guratio[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Additional System Configuration 7 -13 v2.0, May 2007 Erasing the Configuration and Restoring the Default Settings T wo methods are available for eras ing the configuration and restor ing the factory default settings. Y ou can press and hold the front panel Factory Defaults pu sh but[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-14 Additional System Con fig ur a tion v2.0, May 2007 1. Download the new firmware from NETGEAR’ s support site. If the f ile is a zip archive, extract it and save it to your PC. 2. In the Utilities menu, click Upgrade. A submenu will display . 3. Click Browse to locate the save d[...]

8-1 v2.0, May 2007 Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: • SSL VPN Concentrator Status • Active Users • Event Log • Log Settings • Diagnostics SSL VPN Concentrator St atus The Status window shows important state and conf [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-2 Monitoring and Loggin g v2.0, May 2007 From the S tatus page, you may view: • The SSL VPN Concentrator software version • The amount of RAM memory in kilo Bytes (kB) • The current memory usage in percent (%). • The current CPU usage in percent (%). • The available flash [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-3 v2.0, May 2007 Active Users The Active Users screen displays the active users and administ rators logged into the SSL VPN portal. T o view the Active Users log file: Click Active Users under the Mon itoring menu in the left nav igation pane. The Active Use[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-4 Monitoring and Loggin g v2.0, May 2007 Event Log The SSL VPN Concentrator provides web based loggin g. It also provides the ability to send log messages to an external syslog serv er using the syslog protocol and to E-mail log files and alert messages to an E-mail address or pager[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-5 v2.0, May 2007 • User name. The User name field shows the auth enticated name of the user or administrator that generated the log event. • Log message. The message field des cribes the ev ent that occurred. Examples of log messages include Administr at[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-6 Monitoring and Loggin g v2.0, May 2007 so most standard firewall and networking repo rting products can accept and interpret the SSL VPN Concentrator log files. The SSL VPN Concentrat or syslog service transm its syslog messages to external syslog server(s) listening on UDP port 5[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-7 v2.0, May 2007 3. If you have a backup o r second syslog server, enter the IP address or domain name of the Secondary Syslog Server in the Secondary Syslog Server field. 4. In the E-mail Settings section: a. T o receive e-mail notificati on, enter your ful[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-8 Monitoring and Loggin g v2.0, May 2007 Log categories are organized from most to least critical. Once a category is selected, then all events equal to or more critica l than the selected log category and will be logged. The default Log and Alert levels are: • Syslog Messages: De[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Monitoring and Logging 8-9 v2.0, May 2007 Diagnostics Basic network diagnostic tools are a vailable in the Diagnostics menu. Unde r the Monitoring menu in the left navigati on menu, click Diagnostics. The Diagnost ics window displays. The following diagnostic functions are available[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-10 Monitori ng and Logg ing v2.0, May 2007[...]

Default Settings and Technical Specifications A-1 v2.0, May 2007 Appendix A Default Settings and T echnical S pecifications This appendix provides the factory default settings and techni cal specifications for the ProSafe SSL VPN Concentrator 25 SSL312. Factory Default Settings Y ou can use the push button located on the front of your device to res[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l A-2 Default Settings and Technical Specifications v2.0, May 2007 T echnical Specifications Concentra tor Ethernet MAC Address See bottom label. T ime Zone GMT T ime Zone Adjusted for Daylight Saving Ti m e Automatica lly enabled if DST available in area selected; otherwise disabled. C[...]

Related Documents B-1 v2.0, May 2007 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more complete understanding of the technolog ies used in your NETGE AR product. Document Link T emplate for creating an end-user guide http://documentation. netgear .com/ssl312/enu/ 202-10208-01/appnote.doc I[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l B-2 Related Documents v2.0, May 2007[...]

Index-1 v2.0, May 2007 Index Numerics 10.0.0.1 Port 2 default 7-3 192.168.1.1 Port 1 default 7-2 A Active Directory 3-2 , 3-10 , 4-15 synchronizing 3-12 W indows server config 3-12 Active Users 8-2 , 8-3 ActiveX web cache control 5-5 Add Bookmark 4-6 user 4-19 Add Default Route 7-4 Add Domain 3-3 Add Group 4-7 Add Policy user 4-18 Add User 4-14 App[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-2 v2.0, May 2007 console port A-2 crt.zip 2-11 CSR 2-9 csr.zip 2-10 D Date and Time setti ngs 7-9 default password 2-5 Settings A-1 user name 2-5 default authentic ati on 3-2 default domain name 2-5 , 3-2 Default Gateway Address 7-4 Defined Resource user 4-18 Deleteing a User 4-[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-3 v2.0, May 2007 group settings defining 2-14 Groups Add Name 4-8 configuring 4-7 Domain 4-8 editing 4-8 Inactivity T i meout 4-8 H Host Name resolution, configuring 6-8 Hostname 7-8 HTTP meta ta gs 5-5 https //10.0.0.1 2-4 //192.168.1.1 2-4 I Inactivity Ti meout 4-8 setting 4[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-4 v2.0, May 2007 Policy service type 4-6 policy hierarchy 4-2 Port 1 default login 2-4 port addresses 8-2 Port Forwarding 6-6 , 6-8 adding Configured Applications 6-7 configuring applications for 6-7 Port2 default 2-4 Portal add new 5-8 modify 5-9 Portal Layout Name 3-3 Portal L[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-5 v2.0, May 2007 U UDP port for syslog 8-6 User Bookmarks adding 4-19 editing 4-19 User Group define 4-14 User Name define 4-14 User Policies 4-2 adding 4-18 editing 4-18 user settings defining 2-14 Users editing 4-16 Utilities 7-10 V Video Network Computing 4-21 VPN Tunnel ad[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-6 v2.0, May 2007[...]