NETGEAR SSL312 manual

202-10208-01 August 2006 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual[...]

ii v1.0, August 2006 T echnical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. T o register your product, get product support or obtai n product information and product documentation, go to http://www .NETGEAR.com . If you do not have access to the W orld W ide W eb, you may regis[...]

v1.0, August 2006 iii RF Exposure W arning for North America, and Australia Wa r n i n g ! T o ensure compliance with FCC RF exp osure requirements , the antenna used for this devic e must be installed to provide a separation dist anc e of at least 20 cm (8 in) from all persons and must not be co-located or operating in conjunction with any other a[...]

v1.0, Augus t 2006 iv[...]

v v1.0, August 2006 Content s About This Manual Conventions, Formats and Scope ................ ................... ................... .................... .......... ix How to Use This Manual ................. ................... ................... ................. ................... ........ x How to Print this Manual ..... ..................[...]

vi v1.0, August 2006 Importing a Configuration File ......... ................ .................... ................ ................... .. 4-3 Erasing and Restoring the Default Settings .................... ....................... .................. 4-4 Upgrading the SSL VPN Concentrator Firmwar e ......... ....... ...... ....... ... ...... ......[...]

vii v1.0, August 2006 LDAP Attribute Rules ............ ................. ................... ................... .................... ...... 6-21 Sample LDAP Users and Attributes Settings ............ ... ... .... ... ................ ... ... .... ... ... 6-21 Querying an LDAP Server .. .................... ................... ................... [...]

viii v1.0, August 2006 Appendix B Related Document s Index[...]

ix v1.0, August 2006 About This Manual The NETGEAR ® Pr osafe™ SSL VPN Concentrator 25 S SL312 Refer ence Manual describes how to install, configure and troubl eshoot the ProSafe SSL VPN Concentrator 25. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Format s and Scope The conv[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l x v1.0, August 2006 • Scope. This manual is written for the S SL VP N Concentrator according to these specifications: For more information about networ k, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents” . How to U[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual xi v1.0, August 2006 Each page in the HTML version of the manu al is dedicated to a major topic. Use the Print button on the brows er toolbar to print the page contents. • Printing a Chapter . Use the PDF of This Chapter link at the top left of any page. – Click the PDF of This [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l xii v1.0, August 2006[...]

1-1 v1.0, August 2006 Chapter 1 Introduction This chapter describes some of the key features of the NETGEAR ® ProSafe™ SSL VPN Concentrator 25 SSL312. It also includes th e minimum prerequisites for installation and ( “W eb Browser Requirements” on page 1-2 .), package co ntents ( “Wh at’ s in the Box” on page 1-3 ), and a description [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-2 Introduction v1.0, August 2006 • Connects to the SSL VPN Concentrator throug h a number of popular browsers, such as Microsoft Internet Exp l orer or Apple Safari. • Supports 25 concurrent sessions. • Provides granul ar access to corporate resources based upon user type or g[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Introduction 1-3 v1.0, August 2006 T o configure the NETGEAR ProSafe SSL VPN Conc entrator 25, an administrator must use an Internet Explorer 6.5.1 or higher , Apple Safari 1.2 or higher , or Mozilla l.x web browser with JavaScript , cookies , and SSL-enabled . What’ s in the Box [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 1-4 Introduction v1.0, August 2006 1. LED Power Indicator: • Of f – No power • On – Power is on. 2. LED Self test Indicator . • Self test – on while initializing. (~2 minutes) • Loading Software – bli nking while uploading software • System fault – on ( prolonged) [...]

2-1 v1.0, August 2006 Chapter 2 Basic Inst allation and Configuration The initial administrative setup of the ProSafe SSL VPN Concentrator 25 must be performed using an Internet Explorer Browser 6.5.1 or higher , Appl e Safari 1.2 or higher , or Mozilla 1.x. End Users can use IE 6.5.1 or high er or Apple Safari 1.2 or higher . The browsers shou ld [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-2 Basic Installation and Configuration v1.0, August 2006 Configuring the ProSafe SSL VPN Concentrator 25 After the ProSafe SSL VPN Concentrator 25 software has been installed and the Static IP address configured, you may log into the SSL VPN Concen trator web management interface fr[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Basic Installation and Configura tion 2-3 v1.0, August 2006 5. Click Login to log in the SSL VPN Concentrator Management Interface. Once you have logged in, the fol lowing St a t u s screen will display . The navigation links under System Configuration, Access Administrati on, Monit[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-4 Basic Installation and Configuration v1.0, August 2006 •T h e Launch Portal option under SSL VPN Portal in the navigation menu opens an SSL VPN portal window for users. • In addition to the online help provided wi th each menu, you can access W eb Support by clicking the Knowl[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Basic Installation and Configura tion 2-5 v1.0, August 2006 VPN Concentrator 25” . (Complete installation instru ctions can be found in the Pr oSafe SSL VPN Concentrator 25 Installation Guide or “Installing the SSL VPN Concentrator ” on page 2-1 .) T o log in to the SSL VPN Co[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 2-6 Basic Installation and Configuration v1.0, August 2006[...]

3-1 v1.0, August 2006 Chapter 3 S t atus and Logging This chapter provides an overview of the SSL VPN Concentrator admini strative interface and describes the SSL VPN Concentrator status informa tion, logging, alerting and reporting features. These settings may be viewed in the S tatus and Logs section of the SSL VPN Concentrator administrator inte[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-2 Status and Logging v1.0, August 2006 The St a t u s window shows important state and config ur ation information. Be sure to check the St a t u s window for error messages and confirm th at SSL VPN Concentrator is configured properly . From the St a t u s p ag e, you may view: •[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Status and Logging 3-3 v1.0, August 2006 Event Log The SSL VPN Concentrator provides web based loggin g. It also provides the ability to send log messages to an external syslog serv er using the syslog protocol and to E-mail log files and alert messages to an E-mail address or pager[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-4 Status and Logging v1.0, August 2006 • User name . The User name field shows the authenticated name of the user or administrator that generated the log event. • Log message . The message field describes the event th at occurred. Examples of log message s include “ Administra[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Status and Logging 3-5 v1.0, August 2006 By default, 50 messages are displayed per page. If more than 50 events have been logged, then a Page number menu will be displayed at the top of the event log table. Select the desired page number from the Page menu to see archived log messag[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-6 Status and Logging v1.0, August 2006 Log Settings The SSL VPN Concentrator supports web-based logging, syslog logging and e-mail alert messages. In addition, the SSL VPN Co ncentrator may be configured to e-mail the event log file to the SSL VPN Concentrator administrator before t[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Status and Logging 3-7 v1.0, August 2006 2. In the SysLog Settings section, enter the IP address or full y qualified domain name of your syslog server in the Primary Syslog Server field. Leave this field blan k if you do not require syslog logging. 3. If you have a backup o r second[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 3-8 Status and Logging v1.0, August 2006 • Alerts: Error 6. Click Apply to confirm your settings.[...]

4-1 v1.0, August 2006 Chapter 4 General Settings This chapter provides instructions for saving and restoring the co nfiguration file, upgrading th e firmware and for managing SSL certificate f iles. It also covers restarting the SSL VPN Concentrator and configuring the time and date settings. Sections include: • Exporting and Saving a Backup Conf[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-2 General Settings v1.0, August 2006 Encrypting the Configuration File For security purposes, you can encrypt the configura tion files. However , if the configuration files are encrypted, they cannot be edited or reviewed for troubleshooting purposes. T o encrypt the configuration f[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual General Settings 4-3 v1.0, August 2006 3. Choose the location to save the conf iguration file. The file is na med “conf.zip” by default, bu t it can be renamed. 4. Click Save to save the configuration file. Importing a Configuration File T o import a saved confi guration file: 1[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-4 General Settings v1.0, August 2006 Erasing and Restoring the Default Settings T o erase your SSL VPN Concentrator configuratio n set tings and restore the initial configuration: 1. Click Erase . 2. A dialog box will prompt you to confirm the change. Click OK to restore the initial[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual General Settings 4-5 v1.0, August 2006 2. Click Br owse to locate the sa ved firmware file, ssl312-X.X .X.tar.gz , where X.X.X indicates the release version. 3. Select the file and then click Upload . 4. Once the file has been uploaded, restart the SSL VPN Concentrator server for th[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-6 General Settings v1.0, August 2006 2. Select your time zone from the Select Y our T ime Zone drop-down menu. 3. Select either the Use Network Time Pr otocol (NTP) radio box or the Set date and time manually radio box. If you selecte d the manual option, enter th e desired time (in[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual General Settings 4-7 v1.0, August 2006 If you enabled NTP , then the N TP time settings will overr ide the manually configured time settings. The NTP time settings will be determined by the NTP serv er and the time zone that is selected in the Select Y our Time Zone menu. Certificat[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-8 General Settings v1.0, August 2006 3. Fill out all of the fields with the appropriate information. 4. Check the Generate a Self-signed Certificate radio box to genera te a new CR T . If all information is entered correctly , a crt.zi p file will be creat ed. This file includes a s[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual General Settings 4-9 v1.0, August 2006 and a certificate key file named “ serv er.key ”. If the zipped file does not contain these two files, the zipped file will not be uploaded 8. Click Upload to save the file to the Cert Description table. Once the certificate has been upload[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-10 General Settings v1.0, August 2006 2. Click Enable . The SSL VPN Concentrator software will restart using the new certificate. In order to obtain a valid certificate from a widely accepted Certificate Auth ority such as V erisign or Thawte, you must generate a Certific ate Signin[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual General Settings 4-11 v1.0, August 2006 Y ou may also delete an expired or incorrect certificate. Delete the certificate by clicking Delete . Figure 4-1 1 Note: The Delete button will not be displayed if the SSL certificate is acti ve. T o delete a certificate, uplo ad and activate [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 4-12 General Settings v1.0, August 2006[...]

5-1 v1.0, August 2006 Chapter 5 Network Settings This chapter describes how to configure network and IP settings. These settings should be configured by a network administrator . The Network settings to be configured include: • Configuring Network Settings • Network Interface Configuration • Network Route Configuration • Network Host T able[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-2 Network Settings v1.0, August 2006 • Interface Ethernet Port 1 subnet mask: 255.255.255.0 (subnet: 19 2.168.1.0/24 ) • Default gateway address (F ir ewall/Router address): 192.168.1.2 In this configuration, the IP addresses of devices in the local network should be configured [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Network Settings 5-3 v1.0, August 2006 2. Enter the Ethernet Port 1 subnet mask that has been configured for your network. The subnet mask value should be the same value as th e subnet mask configured on your network computers. The factory default is 255.2 55.25 5.0 (The subnet mask[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-4 Network Settings v1.0, August 2006 6. Click Apply to save your settings. If the interface is configured to terminate SSL VPN connections, then restart the SSL VPN Concentrator software for the change to take effect. T o complete the IP settings configuration, al so configure SSL V[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Network Settings 5-5 v1.0, August 2006 T o configure a static route: 1. In the Add S tatic Routes section, enter the destination networ k address of the static route in the Destination Network field. The destination netw ork addres s is an IP address in the remote network subnet. 2.[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-6 Network Settings v1.0, August 2006 3. Enter the IP address of your router in the Gateway Address field. The gate way address should be in the same subnet as the et hernet-1 or ethernet-2 interface. For example, if the ethernet -1 interface address is “ 10.0.0.100 ” and the sub[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Network Settings 5-7 v1.0, August 2006 Once the new Host has been added, th e Host will be displayed in the Host T able. The Host Ta b l e displays a list of the configured ho st names and the corresponding IP addresses Configuring DNS Settings The DNS Settings window allows the Pro[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 5-8 Network Settings v1.0, August 2006 2. Enter the Hostname for the ProSafe SSL VPN Concentrator 25 device. The hostn a me is used to identify the SSL VPN Concentrator devi ce on the network. Use only letters and numbers for the hostname; do not enter non-ASCII charac ters such as sp[...]

6-1 v1.0, August 2006 Chapter 6 Group and User Access Policies This chapter describes how to define user s and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapte r includes the following topics: • Editing Global Policy Settings • Adding and Editing Global Policies • Defining an[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-2 Group and User Access Policies v1.0, August 2006 3. If two or more user , group or global policies are co nfigured, the most specific policy ta kes precedence . For example, a policy configured for a single IP address ta kes precedence over a policy c onfigured for a range of addr[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-3 v1.0, August 2006 Global Policies Y ou can view and configure the SSL VPN Concentrator Global Policies, Groups and Users by selecting Users and Groups under the Access Administration menu in the left navigation pane. Editing Global Policy Settings [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-4 Group and User Access Policies v1.0, August 2006 2. Enter the number of minutes of inactivity to allow in the Inactivity T imeout field. 3. Click Apply to save the configuration changes. The inactivity timeout can be set at the user , gr oup and g lobal level. If one or more timeo[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-5 v1.0, August 2006 2. From the Apply Policy T o pull-down menu, select whether the policy will be applied to a predefined network resource, an individual host, a network or all a ddresse s. 3. Enter a name for the policy in the Policy Name field. ?[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-6 Group and User Access Policies v1.0, August 2006 Defining and Editin g Global Bookmarks T o define global bookmarks: 1. Click Add Bookma rk in the Global Bookmarks section. An Add Bookmark window will be displaye d. When global bookmarks are de fined, all members will see th e def[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-7 v1.0, August 2006 SSL VPN Concentrator Groups are also defined from the Users and Groups screen. Select the Users and Groups option un der the Access and Administration menu in the left navigation pane. The User s and Groups screen will display Add[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-8 Group and User Access Policies v1.0, August 2006 . 2. Enter a descriptive name for the group in the Group Name field. 3. Select the appropriate domain in the Domain menu. The domain will determine the authentication method for the group. 4. Click Apply to update the configuration.[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-9 v1.0, August 2006 The inactivity timeout can be set at the user , group and global level. Set the timeout as 0 in the user and group configuration to use the global timeout setting. If multiple timeout settings are configured, the user timeout sett[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-10 Group and Us er Access Policies v1.0, August 2006 The most specific poli cy will take precedence over less specific policies. For example, a policy that applies to only one IP address will have priority over a policy that applies to a range of IP addresses. If there are two polic[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-11 v1.0, August 2006 • If your policy applies to a predefined netw ork resource, select the name of the resource from the Defined Resource pull-down menu. For inform ation abou t creating network resources, refer to Chapter 8, “Network Resources?[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-12 Group and Us er Access Policies v1.0, August 2006 . 2. Enter a descriptive name in the Bookmark Name field. 3. Enter the domain name or the IP address of a host machine on the LAN in the Name or IP Address field. 4. Select the service type from the drop-down Service menu. 5. If T[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-13 v1.0, August 2006 T o delete a group that is the defau lt group for an authentication domain: 1. Delete the corresponding domain (you cannot delete the group in the Gr oup Settings window). 2. If the group is not the default group for an auth enti[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-14 Group and Us er Access Policies v1.0, August 2006 Adding a New User T o create a new user: 1. Click Add Us er on the Users and Groups screen. An Add User window will display . 2. Enter the user name for the user in the User Name field. This will be the name the user will enter in[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-15 v1.0, August 2006 If the selected group is in a domain that uses internal databa se authen tication, such as the default “geardomain” domain, then the follo wi ng window will display : 5. Enter the user password in the Password field. 6. Re-en[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-16 Group and Us er Access Policies v1.0, August 2006 . 2. Enter the new user password in the Password field to modify the user password. 3. Enter the password again in the Confirm Password field. 4. Click Apply to update the configuration T o change the user inactivity timeout: 1. E[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-17 v1.0, August 2006 Defining and Editing User Policies T o define user access policies : 1. Click Add Policy on the Edit User Settings screen. An Add Policy window will display . 2. In the Apply Policy T o pull-down menu, select whether the policy w[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-18 Group and Us er Access Policies v1.0, August 2006 6. Click Apply to update the confi guration. Once the configuration has been upda ted, the new policy will be displayed in the Edit User Setting s window . The user policies will be displayed in the Edit Users Settings screen in t[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-19 v1.0, August 2006 Deleting a User T o delete a user: 1. Click the Delete link adjacent to the users name in the Users table. The user will be removed from the table in the Users and Groups window , or 2. Click the user name that you wish to remove[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-20 Group and Us er Access Policies v1.0, August 2006 LDAP Authentication Domain s for Group Policies and Bookmarks LDAP (Lightweight Directory Access Protocol) is a standa rd for querying and updating a directory . Since LDAP supports a multilevel hier archy (for example, groups or [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Group and User Access Policies 6-21 v1.0, August 2006 LDAP Attribute Rules • If multiple attributes are defined for a g roup, ALL attributes must be met by LDAP users. • If no attributes are defined, then any user auth orized by the LDAP serv er can be a member of the group. •[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 6-22 Group and Us er Access Policies v1.0, August 2006 Where: • 10.0.0.5 is the IP address of the LDAP or Active Directory server • “cn=demo,cn=users,dc=netgearnetwo rks,dc=net” is the distinguished name of an LDAP user • demo123 is the password for the user demo • “dc=n[...]

7-1 v1.0, August 2006 Chapter 7 Domains and Layout s This chapter explains how to define authenti cation domains, such as RADIUS, NT Domain, LDAP , and Active Directory configuration. It describes: • Authentication Domains • Local User Database Authentication • RADIUS Authentication • NT Domain Authentication • LDAP Authentication • Act[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-2 Domains and La yo ut s v1.0, August 2006 Additional domains may be created that require authentication to remote authentic ation servers. The SSL VPN Concentrator supports RADIUS ( P AP , CHAP , MSCHAP , and MSCHAPV2 ), LDAP , NT Domain, and Active Directory authentic ation in add[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-3 v1.0, August 2006 6. Click Apply to update the configuration. Once the domain has been added, the domain will be added to the table on the Domains screen RADIUS Authentication T o create a domain with Radius authentication: 1. Click Add Domain . An Add Domain[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-4 Domains and La yo ut s v1.0, August 2006 7. Check the Requir e client d igital certificates checkbox to force users to supply a valid digital certificate before granting access. The CNAME of the client certificate must match the user name that the user supplies to log in and the c[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-5 v1.0, August 2006 3. Enter the IP address or host and domain name of the server in the NT Server Address field. 4. Enter the NT authenti cation domain in the NT Domain Name field. This is the domain name configured on the Window s authentication server for ne[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-6 Domains and La yo ut s v1.0, August 2006 : 2. Enter a descriptive name for th e authentication domain in the Domain Name field. This is the domain name users will select in order to lo g into the SSL VPN portal. It can be the same value as the Server Address field. 3. Enter the IP[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-7 v1.0, August 2006 6. Check the Requir e client d igital certificates checkbox to force users to supply a valid digital certificate before granting access. The CNAME of the client certificate must match the user name that the user supplies to log in and the ce[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-8 Domains and La yo ut s v1.0, August 2006 3. Enter a descriptive name for th e authentication domain in the Domain Name field. This is the domain name users will select in order to lo g into the SSL VPN portal. It can be the same value as the Server Address field or the Active Dire[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-9 v1.0, August 2006 If your users are unable to connect via Active Directo ry , ve rify the following: 1. The time settings between the Active Directory server and the SSL VPN Concentrator must be synchronized. Kerberos authentication, used by Active Directory [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-10 Domains and Layo ut s v1.0, August 2006 . Adding Port al Layouts The SSL VPN Concentrator administrator may defi ne individual layouts for the SSL VPN portal. The layout configuration includ es the theme, menu layout, portal pages to dis play , portal application icons to display[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-11 v1.0, August 2006 : b. Enter the title for the we b browser window in the Portal Site Title field. c. If you wish to display a banner message to users before they log in to the portal, enter the banner title text in the Banner T itle field. Also enter the ba[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-12 Domains and Layo ut s v1.0, August 2006 e. Check the ActiveX web c ache cleaner radio box to load an Ac tiveX cache control when users log in to the SSL VPN portal. The web cache cleaner will prompt the user to delete all temporary Internet files, cookies and browser history when[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-13 v1.0, August 2006 T o add a T erminal Services Application: 1. Enter a description of the application in the Application Description field. This name will be shown beneath the application icon on the SSL VPN Portal Applications page. 2. Enter the path and ap[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-14 Domains and Layo ut s v1.0, August 2006 T o upload a banner image: 1. On the Portal Layo ut screen (see Figure 7-8 on page 7- 11 ), click Upl oad Banner . The Custom Banner screen will display . 2. Click Br owse to locate and upload a .gif file. If upload is successful, two new b[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Domains and Layouts 7-15 v1.0, August 2006 4. Click Apply . A new portal will be created with the same features as the existing portal and will be displayed in the Portal Layo uts table. T o modify the features of an existing portal: 1. Click Portal Layouts under the SSL VPN Portal [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 7-16 Domains and Layo ut s v1.0, August 2006 Advanced Port al Page Layout Specifications For most SSL VPN administrators, a plain text page message and a list of links to network resources will provide the prefect portal desktop page. But for the more advanced administrator that want [...]

8-1 v1.0, August 2006 Chapter 8 Network Resources This chapter explains how to define network resource groups. Network resources facilitate creating and updating access policies. Network Resources are groups of host names, IP addresses and IP address ranges . By defining resource objects, you can more quickly configure network policies. This i s be[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-2 Network Resources v1.0, August 2006 3. In the Resource Name field, enter a name for the Network Resource. 4. From the Services pull-down menu, select the type of service to which the Network Resource will apply . 5. Click Apply . The new Network Resource will display in the table [...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Network Resources 8-3 v1.0, August 2006 . 2. From the Object T ype pu ll-down menu unde r Add Resource Addr esses , select either IP Address or IP Netw or k : • If IP Address was selected, enter an IP address or fully qualified domain name in the IP Address/Name field. • If IP N[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 8-4 Network Resources v1.0, August 2006 T o delete a defined resource, click Delete in the Defined Resource Addresses table adjacent to the resource you wish to delete. T o create policies based on netw ork objects, see Chapter 6, “Group and User Access Policies” , for instruction[...]

9-1 v1.0, August 2006 Chapter 9 VPN T unnel Client This chapter describes the configuration for a VP N T unnel Client, an SSL VPN client that is deployed from the SSL VPN portal. It covers: • Adding IP Address Ranges • Adding Routes for VPN T unnel Clients Beyond what is defined in “Logging in to the Management Interface” on page 2-4 , the [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 9-2 VPN Tunnel Client v1.0, August 2006 • The VPN T unnel Client cannot conta ct a server on the corporate network if the VPN Tunnel Client's Ethernet interface shares the same IP address as the server or the SSL VPN Concentrator (i.e., if your laptop has a physical interface a[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual VPN Tunnel Client 9-3 v1.0, August 2006 . Adding Routes for VPN T unnel Client s The Add Rou tes for VP N T unnel Clients section allows you to define the addresses of devices on your local network. C l ie nt routes are only requir ed if the client address range is in a different su[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 9-4 VPN Tunnel Client v1.0, August 2006 – Addresses between 128.0.0.0 and 191.255.255.255 are Class B addresses; the VPN T unnel Client will as sume tha t all addresses with the same first two octets are located across the VPN tunnel. – Addresses between 192.0.0.0 and 223.255.255.[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual VPN Tunnel Client 9-5 v1.0, August 2006 . T o delete a VPN T u nnel Cl ient Route: 1. Click the Delete link adjacent to the client route in the Configur ed Client Routes table. 2. Restart the SSL VPN Concentrator software if VPN T unnel Clients are currently connected to the SSL VPN[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 9-6 VPN Tunnel Client v1.0, August 2006[...]

10-1 v1.0, August 2006 Chapter 10 Port Forwarding This chapter describes the configuration for Port Forwarding, a web-based SSL VP N client that installs transparently and then create s a virtual, en crypted tunnel to the remote network. Using Port Forwarding, mobile users can access mission-criti cal applicat ions suc h as email or mapped network [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 10-2 Port Forwarding v1.0, August 2006 2. In the Configur ed Ap plications for Port Forwarding section, enter the IP address of an internal server or host computer in the IP Addr e ss field. 3. Enter the TCP port number of the ap plication to be t unneled in the TCP Port field. Ta b l[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Port Forwar din g 10-3 v1.0, August 2006 Configuring Host Name Resolution Once all the server and port inform ation has been configured, remote users will be able to access private network servers using Port Forwarding. Si nce users will need to re member the complicated IP addresse[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l 10-4 Port Forwarding v1.0, August 2006[...]

Default Settings and Technical Specifications A-1 v1.0, August 2006 Appendix A Default Settings and T echnical Specifications This appendix provides the factory default settings and techni cal specifications for the ProSafe SSL VPN Concentrator 25. Factory Default Settings Y ou can use the reset button located on the front of your device to reset a[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l A-2 Default Settings and Technical Specifications v1.0, August 2006 T echnical Specifications Gateway Address 0.0.0.0 Concentra tor Ethernet MAC Address See bottom label. T ime Zone GMT T ime Zone Adjusted for Daylight Saving Ti m e Automatica lly enabled if DST available in area sele[...]

Related Documents B-1 v1.0, August 2006 Appendix B Related Document s This appendix provides links to reference documents you c an use to gain a more complete understanding of the technolog ies used in your NETGE AR product. Document Link Internet Networking and TCP/IP Addressing http://documentation.net gear .com/r efer en ce/enu/tcpip/index.htm W[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l B-2 Related Documents v1.0, August 2006[...]

Index-1 v1.0, August 2006 Index Numerics 10.0.0.1 Port 2 default 5-3 192.168.1.1 Port 1 default 5-2 A Active Directory 6-14 , 7-2 , 7-7 synchronizing 7-9 W indows server config 7-9 Active Users 3-2 , 3-5 ActiveX web cache control 7-12 Add Bookmark 6-6 user 6-18 Add Default Route 5-4 Add Domain 7-2 Add Group 6-7 Add Policy user 6-17 Add User 6-14 Ap[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-2 v1.0, August 2006 management, login warning 2-4 obtaining 4-10 viewin g current 4- 10 CHAP 7-3 Class A addresses 9-3 Class B addresses 9-4 Class C addresses 9-4 configuration files encrypting 4-1 , 4-2 exporting 4-1 , 4-2 importing 4-1 , 4-3 saving 4-2 configuration settings r[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-3 v1.0, August 2006 Global Policie s 6-1 adding 6-4 editing 6-4 table 6-5 Global Policy configuring 6-3 Group Bookmarks adding 6-11 editing 6-11 service type 6-12 Group Policies 6-1 adding 6-9 deleting 6-12 editing 6-9 Group Policies table 6-11 Group Policy Add 6-10 Add Bookma[...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-4 v1.0, August 2006 Network Address Translation 5-4 network configuration example 5-1 Network Host Table 5-6 mapping FQDNs 5-6 mapping host names 5-6 Network Interface configuring 5-2 network resource objects configuring 2-4 creating policies 8-4 Network Resources 8-1 editing 8-[...]

NETGEAR ProS afe SSL VPN Conce ntr ator 25 SSL312 Reference Manual Index-5 v1.0, August 2006 Self-signed Certificate 4-8 Send Event Logs 3-7 serial console port 1-4 DTE connection 1-4 port 1-4 service type users 6-17 software version checking 3-2 SSH 8-2 SSL-VPN Concentrator status of 3-1 start time and date 3-2 static IP address 2-1 Static Routes [...]

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manua l Index-6 v1.0, August 2006 WINS 9-1[...]